Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.01.2014, 14:47   #1
kluksch
 
Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit)) - Standard

Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))



Hallo,
erst einmal ein gesundes neues Jahr 2014.

Mein Problem: Ich hatte vor einigen Monaten DuckDuckGo als Suchmaschine genutzt und mir auch ein Suchtool installiert,welches DDG als bevorzugte Suchmaschine nutzt. Weil ich mit der Suchmaschine unzufrieden war, wollte ich sie nun gern entfernen. Leider geht das nicht so ohne Weiteres.Kann mir jemand beim Entfernen helfen?

Hier mal die geforderten Scan-Logs:
1. Defogger:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:46 on 01/01/2014 (De La Rose)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         
Das scheint nicht so funktioniert zu haben,wie es soll.

2.FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-12-2013
Ran by De La Rose (administrator) on SUCHTKASTEN on 01-01-2014 12:52:15
Running from C:\Users\De La Rose\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IObit) C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ASCSvc.exe
(IOBit) C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ASCAvSvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(D-Link Corp.) C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Pando Networks\Media Booster\PMB.exe
(Akamai Technologies, Inc.) C:\Users\De La Rose\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\De La Rose\AppData\Local\Akamai\netsession_win.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1681408 2009-09-21] (VIA)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1316248 2010-12-02] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2569616 2010-07-26] (CANON INC.)
HKLM\...\Run: [Philips Device Listener] - C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2011-03-03] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [D-Link D-Link Wireless N DWA-140] - C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe [1024000 2010-06-30] (D-Link Corp.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [2975640 2010-11-05] ()
HKCU\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner.exe [3591960 2013-05-24] (Piriform Ltd)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\De La Rose\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Advanced SystemCare 5] - C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ASCTray.exe [299392 2012-07-26] (IObit)
MountPoints2: {165729f7-38ff-11df-9392-00252204b807} - G:\autorun.exe
MountPoints2: {907382f9-3088-11e1-8920-00252204b807} - F:\setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8205ADD600CDCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKCU - (No Name) - {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} -  No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2967869
SearchScopes: HKCU - DefaultScope {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=BT5&o=15443&src=crm&q={searchTerms}&locale=de_DE
SearchScopes: HKCU - {6579BD32-B656-4E80-BAF7-6DCB4B33D008} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=380920&p={searchTerms}
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2967869
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FE8C4194-3102-4A3C-8FA3-F6EFA6D879F1}: [NameServer]192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130
FF Homepage: about:home
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @gametap.com/npdd,version=1.0 - B:\Downloader\Metaboli\npdd.dll (Metaboli)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\De La Rose\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Downloader Detector) - B:\Downloader\Metaboli\npdd.dll (Metaboli)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Facebook Plugin) - C:\Users\De La Rose\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [ofahndfepeaeelmhdkjiihmofnokhmik] - C:\Users\DELARO~1\AppData\Local\Temp\tbch.crx

========================== Services (Whitelisted) =================

R2 AdvancedSystemCareService5; C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ascsvc.exe [514432 2012-07-26] (IObit)
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ASCAntivirusSrv; C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ascavsvc.exe [906112 2012-08-23] (IOBit)
R2 D-Link Wireless N DWA-140_WPS; C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-06-03] ()

==================== Drivers (Whitelisted) ====================

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-04-09] ()
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [251728 2010-12-08] (AVG Technologies CZ, s.r.o.)
R2 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [353096 2012-03-15] (BitDefender)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-04-09] ()
R3 netr28u; C:\Windows\System32\DRIVERS\Dnetr28u.sys [855392 2010-05-05] (Ralink Technology Corp.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-10-23] (Duplex Secure Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [340624 2011-11-21] (BitDefender S.R.L.)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
S2 adfs; No ImagePath
S3 cpuz135; \??\C:\Users\DELARO~1\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-01 12:52 - 2014-01-01 12:55 - 00013417 _____ C:\Users\De La Rose\Desktop\FRST.txt
2014-01-01 12:51 - 2014-01-01 12:51 - 00000000 ____D C:\FRST
2014-01-01 12:50 - 2014-01-01 12:51 - 00003202 _____ C:\Windows\WindowsUpdate.log
2014-01-01 12:46 - 2014-01-01 12:46 - 00000642 _____ C:\Users\De La Rose\Desktop\defogger_disable.log
2014-01-01 12:46 - 2014-01-01 12:46 - 00000020 _____ C:\Users\De La Rose\defogger_reenable
2014-01-01 12:16 - 2014-01-01 12:16 - 01064333 _____ (Farbar) C:\Users\De La Rose\Desktop\FRST.exe
2014-01-01 12:04 - 2014-01-01 12:04 - 00377856 _____ C:\Users\De La Rose\Desktop\gmer_2.1.19163.exe
2014-01-01 12:01 - 2014-01-01 12:01 - 00050477 _____ C:\Users\De La Rose\Desktop\Defogger.exe
2013-12-12 07:56 - 2013-12-12 07:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 00:46 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 00:46 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 00:46 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 00:46 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 00:46 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 00:46 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 00:46 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 00:46 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 00:46 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 00:46 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 00:46 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 00:46 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 00:46 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 00:46 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 00:46 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 00:46 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 00:46 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 00:46 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 00:46 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 07:11 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 07:11 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 07:11 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 07:11 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 07:11 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 07:11 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 07:11 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 07:11 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 07:11 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-08 17:18 - 2013-12-08 17:18 - 00001240 _____ C:\Users\De La Rose\Desktop\Amazon Cloud Player.lnk
2013-12-08 17:18 - 2013-12-08 17:18 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2013-12-08 17:18 - 2013-12-08 17:18 - 00000000 ____D C:\Users\De La Rose\AppData\Local\Amazon Cloud Player
2013-12-08 17:17 - 2013-12-08 17:17 - 36117312 _____ (Amazon) C:\Users\De La Rose\Downloads\AmazonCloudPlayerInstaller_381.exe

==================== One Month Modified Files and Folders =======

2014-01-01 12:55 - 2014-01-01 12:52 - 00013417 _____ C:\Users\De La Rose\Desktop\FRST.txt
2014-01-01 12:55 - 2010-06-28 12:33 - 00000000 ____D C:\Users\De La Rose\AppData\Local\PMB Files
2014-01-01 12:53 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-01 12:53 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-01 12:52 - 2013-04-01 06:01 - 00000000 ____D C:\Users\postgres
2014-01-01 12:51 - 2014-01-01 12:51 - 00000000 ____D C:\FRST
2014-01-01 12:51 - 2014-01-01 12:50 - 00003202 _____ C:\Windows\WindowsUpdate.log
2014-01-01 12:50 - 2012-03-29 14:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-01 12:48 - 2012-07-16 09:39 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-01 12:48 - 2011-07-10 18:07 - 00000302 ____H C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
2014-01-01 12:48 - 2011-07-10 18:06 - 00000314 ___SH C:\Windows\Tasks\AUVU.job
2014-01-01 12:48 - 2010-12-09 10:09 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2014-01-01 12:48 - 2010-08-27 09:00 - 00000000 ____D C:\Program Files\Common Files\Akamai
2014-01-01 12:48 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-01 12:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing
2014-01-01 12:46 - 2014-01-01 12:46 - 00000642 _____ C:\Users\De La Rose\Desktop\defogger_disable.log
2014-01-01 12:46 - 2014-01-01 12:46 - 00000020 _____ C:\Users\De La Rose\defogger_reenable
2014-01-01 12:46 - 2010-03-26 17:00 - 00000000 ____D C:\Users\De La Rose
2014-01-01 12:21 - 2012-07-16 09:39 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-01 12:16 - 2014-01-01 12:16 - 01064333 _____ (Farbar) C:\Users\De La Rose\Desktop\FRST.exe
2014-01-01 12:04 - 2014-01-01 12:04 - 00377856 _____ C:\Users\De La Rose\Desktop\gmer_2.1.19163.exe
2014-01-01 12:01 - 2014-01-01 12:01 - 00050477 _____ C:\Users\De La Rose\Desktop\Defogger.exe
2013-12-31 18:50 - 2010-03-26 17:24 - 01501000 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-29 15:11 - 2010-10-12 13:40 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Winamp
2013-12-26 22:44 - 2013-11-03 08:54 - 00000000 ____D C:\ProgramData\HappyCloud
2013-12-26 22:41 - 2011-04-08 21:11 - 00000000 ____D C:\Users\De La Rose\AppData\Local\Electronic Arts
2013-12-26 22:41 - 2010-03-29 19:52 - 00000000 ____D C:\Program Files\Electronic Arts
2013-12-22 20:05 - 2011-09-14 18:51 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Canon
2013-12-18 09:52 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2013-12-17 15:41 - 2012-10-17 20:28 - 00000000 ____D C:\ProgramData\iobit
2013-12-12 11:31 - 2012-05-03 05:40 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-12 11:28 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-12-12 07:56 - 2013-12-12 07:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 06:28 - 2009-07-14 05:33 - 02215744 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 06:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-12 00:46 - 2013-07-19 23:42 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 00:45 - 2010-03-26 18:34 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-11 19:50 - 2012-03-29 14:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 19:50 - 2011-05-16 18:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 00:02 - 2010-03-27 11:54 - 00000000 ____D C:\Users\De La Rose\AppData\Local\PokerStars.EU
2013-12-08 17:18 - 2013-12-08 17:18 - 00001240 _____ C:\Users\De La Rose\Desktop\Amazon Cloud Player.lnk
2013-12-08 17:18 - 2013-12-08 17:18 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2013-12-08 17:18 - 2013-12-08 17:18 - 00000000 ____D C:\Users\De La Rose\AppData\Local\Amazon Cloud Player
2013-12-08 17:17 - 2013-12-08 17:17 - 36117312 _____ (Amazon) C:\Users\De La Rose\Downloads\AmazonCloudPlayerInstaller_381.exe
2013-12-05 21:27 - 2013-01-02 09:47 - 00000000 ____D C:\Program Files\PokerStars.EU
2013-12-05 20:27 - 2013-09-24 09:13 - 00002121 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-03 09:58 - 2009-07-14 05:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 00:58

==================== End Of Log ============================
         
--- --- ---


Hier erschien mitten im Scan folgende Meldung:
Windows-Sicherheitswarnung: Die Datei kann eventuell Schaden auf dem Computer anrichten. Der Zugriff auf die Datei wurde aus Sicherheitsgründen blockiert. Name: install.rdf
Nach Klick auf "ok" lief der Scan ohne weitere Unterbrechung weiter.

3.Addition

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-12-2013
Ran by De La Rose at 2014-01-01 12:55:25
Running from C:\Users\De La Rose\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Advanced SystemCare with Antivirus (Enabled - Out of date) {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

3D Pinball from Plus! for Windows 95 (Version:  - )
7-PDF Maker Version 1.2.0 (Build 119) (Version: 7-PDF Maker - Version 1.2.0 (Build 119) - 7-PDF, Germany - Thorsten Hodes)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 1.2.443 - Adobe Systems Incorporated)
Adobe AIR (Version: 1.5.2.8900 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (Version: 9 - Adobe Systems)
Adobe Media Encoder CS4 Exporter (Version: 1.0 - Adobe Systems Incorporated)
Adobe Media Encoder CS4 Importer (Version: 1.0 - Adobe Systems Incorporated)
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CS4 Third Party Content (Version: 4 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated)
Advanced SystemCare with Antivirus 2013 (Version: 5.6.4 - IObit)
Akamai NetSession Interface (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface Service (Version:  - )
Amazon Cloud Player (Version: 2.1.0.381 - Amazon Services LLC)
AMD DnD V1.0.20 (Version: 1.0.20 - AMD)
ANNO 1404 - Königsedition (Version: 1.02.0000 - Ubisoft)
ArmA2 Uninstall (Version:  - )
ATI Catalyst Install Manager (Version: 3.0.765.0 - ATI Technologies, Inc.)
Canon iP1600 (Version:  - )
Canon MG6100 series MP Drivers (Version:  - )
Canon MP Navigator EX 4.0 (Version:  - )
Canon My Printer (Version:  - )
Canon Solution Menu EX (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI)
Catalyst Control Center Core Implementation (Version: 2010.0302.2233.40412 - ATI)
Catalyst Control Center Graphics Full Existing (Version: 2010.0302.2233.40412 - ATI)
Catalyst Control Center Graphics Full New (Version: 2010.0302.2233.40412 - ATI)
Catalyst Control Center Graphics Light (Version: 2010.0302.2233.40412 - ATI)
Catalyst Control Center Graphics Previews Common (Version: 2010.0302.2233.40412 - ATI)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0302.2233.40412 - ATI)
Catalyst Control Center HydraVision Full (Version: 2010.0302.2233.40412 - ATI)
Catalyst Control Center InstallProxy (Version: 2010.0302.2233.40412 - ATI Technologies, Inc.)
Catan - Die erste Insel (Version:  - )
CCC Help English (Version: 2010.0302.2232.40412 - ATI)
ccc-core-static (Version: 2010.0302.2233.40412 - Ihr Firmenname)
ccc-utility (Version: 2010.0302.2233.40412 - ATI)
CCleaner (Version: 4.02 - Piriform)
CDBurnerXP (Version: 4.5.2.4214 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (Version: 1.70.4.2009 - Georgy Berdyshev)
Celestia 1.6.1 (Version:  - Shatters Software)
Command & Conquer(TM) Generäle (Version: 0.50.0000 - Electronic Arts)
Deluxe Pacman version 1.80 (Version: 1.80 - )
Diablo III (Version: 1.0.5.12811 - Blizzard Entertainment)
D-Link DWA-140 (Version:  - D-Link)
Downloader (Version:  - )
EA Download Manager (Version: 8.0.3.427 - Electronic Arts, Inc.)
EA Installer (Version: 2.2.0.62 - Electronic Arts, Inc.)
Easy TM Forever 3.0.3 (Version: 3.0.3 - NazguL)
ElsterFormular (Version: 13.0.0.8086k - Landesfinanzdirektion Thüringen)
Emsisoft HiJackFree 4.5 (Version: 4.5 - Emsi Software GmbH)
Fallout 3 (Version: 1.00.0000 - Bethesda Softworks)
GIMP 2.6.12 (Version: 2.6.12 - The GIMP Team)
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.)
Image Resizer Powertoy Clone for Windows (Version: 2.1.1 - Brice Lambson)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.)
Just Sudoku - Professional Edition 1.2 (Version:  - Sudoku-Puzzles.net)
Kyodai Mahjongg 2006 v1.42 (Version:  - Rene-Gilles Deberdt)
LG USB Modem Drivers (Version: 4.9.4 - LG Electronics)
Lucas Schach v. 7.01 (Version:  - )
ManiaPlanet (Version:  - Nadeo)
Mass Effect 2 (Version: 1.2.1604.0 - Electronic Arts)
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Nexus Mod Manager (Version: 0.19.0 - Black Tree Gaming)
Notepad++ (Version: 5.9.2 - )
NVIDIA PhysX (Version: 9.09.0814 - NVIDIA Corporation)
OpenOffice.org 3.2 (Version: 3.2.9483 - OpenOffice.org)
Pando Media Booster (Version: 2.3.4.8 - Pando Networks Inc.)
Path of Exile (Version: 0.10.0.22397 - Grinding Gear Games)
PDFBinder (Version: 1.0.0 - Malamute.dk)
Philips Songbird (Version: 5.4.1980 (1980) - Koninklijke Philips Electronics N.V.)
Platform (Version: 1.34 - VIA Technologies, Inc.)
PokerStars.eu (Version:  - PokerStars.eu)
Sid Meier's Alpha Centauri (Version:  - GOG.com)
Skype™ 5.10 (Version: 5.10.116 - Skype Technologies S.A.)
Steam (Version: 1.0.0.0 - Valve Corporation)
The Elder Scrolls V: Skyrim (Version:  - Bethesda Game Studios)
The Lord of the Rings FREE Trial  (Version: 1.00.0000 - ATI Technologies Inc.)
TmNationsForever Update 2010-03-15 (Version:  - Nadeo)
TmUnitedForever (Version:  - Nadeo)
Uninstall 1.0.0.1 (Version:  - )
VIA Plattform-Geräte-Manager (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 1.1.11 (Version: 1.1.11 - VideoLAN)
Winamp (Version: 5.581  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (Version:  - )
XP Codec Pack (Version:  - )

==================== Restore Points  =========================

29-11-2013 00:17:27 Windows Update
03-12-2013 20:39:02 Windows Update
10-12-2013 10:56:35 Windows Update
11-12-2013 23:44:41 Windows Update
17-12-2013 07:09:13 Windows Update
20-12-2013 08:16:50 Windows Update
24-12-2013 09:21:48 Windows Update
26-12-2013 21:40:29 Removed Dead Space™
27-12-2013 16:59:51 Windows Update
31-12-2013 08:05:50 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:04 - 2010-04-06 13:00 - 00001302 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {3A6AC493-B755-431E-A549-552DCA478B92} - System32\Tasks\{22116563-108C-42c0-A7CE-60161B75E508} => C:\Users\DELARO~1\AppData\Local\Temp\Imf.exe <==== ATTENTION
Task: {81B11624-C420-4C5C-AAB9-54BA4046F47C} - System32\Tasks\AUVU => Rundll32.exe "C:\Windows\system32\autoexeca.dll",IXTA
Task: {85681DCC-06DD-44A5-B7D1-46FFE606EFA1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-06] (Google Inc.)
Task: {8CD03DC8-30FD-4306-A6C7-4E38EBF4B013} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {A0271EEA-F805-4408-A498-3B29A287612A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {B8296209-12A1-4621-BFCD-428371C02AAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {CC148004-7562-47E4-A5F3-F6CD4F1BE33C} - System32\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A} => C:\Users\DELARO~1\AppData\Local\Temp\Imk.exe <==== ATTENTION
Task: {EDFB459E-C4FE-4912-A315-FD50CD53642B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-06] (Google Inc.)
Task: {F6285DF8-BAD0-4DA5-BA6A-413BA9577396} - System32\Tasks\{E2627983-ACB9-43DC-9294-0D4B41EA91DD} => C:\Program Files\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AUVU.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job => C:\Users\DELARO~1\AppData\Local\Temp\Imf.exe

==================== Loaded Modules (whitelisted) =============

2011-02-09 01:56 - 2011-02-09 01:56 - 00296448 _____ () B:\Programme\NppShell_04.dll
2012-10-17 20:28 - 2012-06-19 16:02 - 00139648 _____ () C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ASCv5ExtMenu.dll
2010-03-26 18:07 - 2009-05-07 16:50 - 00073728 ____R () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2010-03-26 18:07 - 2009-05-07 16:53 - 00106496 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2010-03-26 18:07 - 2008-02-14 13:57 - 00094208 ____R () C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll
2010-03-26 18:07 - 2009-09-02 09:28 - 47628288 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll
2013-08-06 20:00 - 2013-08-06 20:00 - 00315392 _____ () C:\Program Files\D-Link\DWA-140 revB\ANPDApi.dll
2013-08-06 19:59 - 2010-06-29 16:23 - 00299008 _____ () C:\Program Files\D-Link\DWA-140 revB\WlanApp.dll
2009-11-24 13:36 - 2009-11-24 13:36 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-03-26 18:21 - 2010-03-26 18:21 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: adfs
Description: adfs
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: adfs
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2013 09:45:34 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/31/2013 09:45:32 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (12/29/2013 07:00:10 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)"

Error: (12/28/2013 03:40:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/28/2013 03:40:02 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (12/27/2013 01:24:56 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/27/2013 01:24:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (12/26/2013 11:19:25 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/26/2013 11:19:24 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (12/24/2013 10:54:22 AM) (Source: pgAgent) (User: )
Description: Failed to query jobs table!


System errors:
=============
Error: (01/01/2014 00:48:32 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
Avgldx86

Error: (01/01/2014 00:48:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/01/2014 00:47:43 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (01/01/2014 11:33:24 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
Avgldx86

Error: (01/01/2014 11:33:12 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Function Discovery Resource Publication" wurde mit folgendem Fehler beendet: 
%%-2147014847

Error: (01/01/2014 11:33:12 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/01/2014 11:32:59 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (12/31/2013 06:47:31 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
Avgldx86

Error: (12/31/2013 06:47:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Function Discovery Resource Publication" wurde mit folgendem Fehler beendet: 
%%-2147014847

Error: (12/31/2013 06:47:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (12/31/2013 09:45:34 AM) (Source: SideBySide)(User: )
Description: Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"C:\Program Files\Adobe\Adobe Premiere Pro CS4\MPEGHDVExport.exe

Error: (12/31/2013 09:45:32 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (12/29/2013 07:00:10 PM) (Source: Windows Backup)(User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (12/28/2013 03:40:03 PM) (Source: SideBySide)(User: )
Description: Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"C:\Program Files\Adobe\Adobe Premiere Pro CS4\MPEGHDVExport.exe

Error: (12/28/2013 03:40:02 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (12/27/2013 01:24:56 PM) (Source: SideBySide)(User: )
Description: Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"C:\Program Files\Adobe\Adobe Premiere Pro CS4\MPEGHDVExport.exe

Error: (12/27/2013 01:24:55 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (12/26/2013 11:19:25 PM) (Source: SideBySide)(User: )
Description: Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"C:\Program Files\Adobe\Adobe Premiere Pro CS4\MPEGHDVExport.exe

Error: (12/26/2013 11:19:24 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (12/24/2013 10:54:22 AM) (Source: pgAgent)(User: )
Description: Failed to query jobs table!


==================== Memory info =========================== 

Percentage of memory in use: 31%
Total physical RAM: 3199.3 MB
Available physical RAM: 2203.52 MB
Total Pagefile: 6396.9 MB
Available Pagefile: 5318.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.42 MB

==================== Drives ================================

Drive b: (Daten) (Fixed) (Total:1397.26 GB) (Free:1053.19 GB) NTFS
Drive c: () (Fixed) (Total:149.04 GB) (Free:53.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Elements) (Fixed) (Total:465.76 GB) (Free:351.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: ACE22E9E)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 84A72D7B)
Partition 1: (Not Active) - (Size=-698723860480) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 001F3B94)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---


4.Gmer

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-01 13:09:26
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3160023AS rev.3.00 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\DELARO~1\AppData\Local\Temp\ffldyaow.sys


---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                            82E5AA15 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82E94212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  C:\Windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x91C36000, 0x37D761, 0xE8000020]
.text  C:\Windows\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0x989B5300, 0x3B6D8, 0xE8000020]
.text  C:\Windows\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xA301B300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text  C:\Program Files\Pando Networks\Media Booster\PMB.exe[3368] kernel32.dll!SetUnhandledExceptionFilter                764DF4EB 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x8D 0x87 0xB5 0x82 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x8E 0xE4 0x42 0x38 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x8A 0xDE 0xFB 0xCD ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x29 0xBB 0xDA 0xB7 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x8D 0x87 0xB5 0x82 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x8E 0xE4 0x42 0x38 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x8A 0xDE 0xFB 0xCD ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x29 0xBB 0xDA 0xB7 ...

---- EOF - GMER 2.1 ----
         
--- --- ---

Bevor ich das Thema eröffnet habe und nachdem alle Scans durchgeführt wurden, habe ich mir die Trial-Version von Kaspersky Antivirus 2014 runtergeladen und einen Quick-Scan durchgeführt.Dieser ergab keine Bedrohungen.
Vielleicht kann mir jemand weiterhelfen. Herzlichen Dank schon einmal für eine mögliche Lösung/Antwort.

Geändert von kluksch (01.01.2014 um 15:18 Uhr)

Alt 01.01.2014, 15:20   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit)) - Standard

Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))



hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 01.01.2014, 16:12   #3
kluksch
 
Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit)) - Standard

Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))



Hallo Schrauber,
danke für die prompte Antwort.

Hier mal die Ergebnisse:

1. Malwarebytes-Log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.01.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
De La Rose :: SUCHTKASTEN [Administrator]

01.01.2014 15:40:00
mbam-log-2014-01-01 (15-40-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 224446
Laufzeit: 8 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCU\SOFTWARE\5SK3BLHWHC (Trojan.FakeAlert.SA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\B7GGEY1ZRR (Trojan.FakeAlert.SA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
2.AdwCleaner

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.016 - Report created 01/01/2014 at 15:56:04
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : De La Rose - SUCHTKASTEN
# Running from : C:\Users\De La Rose\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Users\De La Rose\AppData\Local\Conduit
Folder Deleted : C:\Users\De La Rose\AppData\Local\PackageAware
Folder Deleted : C:\Users\De La Rose\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\De La Rose\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\De La Rose\AppData\Roaming\NCH Software
File Deleted : C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\11-suche.xml
File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2967869
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader28517_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader28517_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader45816_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader45816_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_kyodai-mahjongg_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_kyodai-mahjongg_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_picture-converter_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_picture-converter_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_videopad-video-editor_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_videopad-video-editor_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (de)

[ File : C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6556 octets] - [01/01/2014 15:53:36]
AdwCleaner[S0].txt - [6635 octets] - [01/01/2014 15:56:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6695 octets] ##########
         
--- --- ---

[/CODE]

3. JRT.txt

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Ultimate x86
Ran by De La Rose on 01.01.2014 at 16:00:50,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\De La Rose\AppData\Roaming\getrighttogo"



~~~ FireFox

Emptied folder: C:\Users\De La Rose\AppData\Roaming\mozilla\firefox\profiles\k2zwqodg.default-1379424446130\minidumps [34 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.01.2014 at 16:03:07,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
4.FRST (neu):


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-12-2013
Ran by De La Rose (administrator) on SUCHTKASTEN on 01-01-2014 16:05:16
Running from C:\Users\De La Rose\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IObit) C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ASCSvc.exe
(IOBit) C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ASCAvSvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
(D-Link Corp.) C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Pando Networks\Media Booster\PMB.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Akamai Technologies, Inc.) C:\Users\De La Rose\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\De La Rose\AppData\Local\Akamai\netsession_win.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1681408 2009-09-21] (VIA)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1316248 2010-12-02] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2569616 2010-07-26] (CANON INC.)
HKLM\...\Run: [Philips Device Listener] - C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2011-03-03] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [D-Link D-Link Wireless N DWA-140] - C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe [1024000 2010-06-30] (D-Link Corp.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [2975640 2010-11-05] ()
HKCU\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner.exe [3591960 2013-05-24] (Piriform Ltd)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\De La Rose\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Advanced SystemCare 5] - C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ASCTray.exe [299392 2012-07-26] (IObit)
MountPoints2: {165729f7-38ff-11df-9392-00252204b807} - G:\autorun.exe
MountPoints2: {907382f9-3088-11e1-8920-00252204b807} - F:\setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8205ADD600CDCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKCU - (No Name) - {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6579BD32-B656-4E80-BAF7-6DCB4B33D008} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=380920&p={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FE8C4194-3102-4A3C-8FA3-F6EFA6D879F1}: [NameServer]192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130
FF Homepage: about:home
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @gametap.com/npdd,version=1.0 - B:\Downloader\Metaboli\npdd.dll (Metaboli)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\De La Rose\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Downloader Detector) - B:\Downloader\Metaboli\npdd.dll (Metaboli)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Facebook Plugin) - C:\Users\De La Rose\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx
CHR HKLM\...\Chrome\Extension: [ofahndfepeaeelmhdkjiihmofnokhmik] - C:\Users\DELARO~1\AppData\Local\Temp\tbch.crx

========================== Services (Whitelisted) =================

R2 AdvancedSystemCareService5; C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ascsvc.exe [514432 2012-07-26] (IObit)
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ASCAntivirusSrv; C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ascavsvc.exe [906112 2012-08-23] (IOBit)
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-11-26] (Kaspersky Lab ZAO)
R2 D-Link Wireless N DWA-140_WPS; C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-06-03] ()

==================== Drivers (Whitelisted) ====================

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-04-09] ()
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [251728 2010-12-08] (AVG Technologies CZ, s.r.o.)
R2 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [353096 2012-03-15] (BitDefender)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-11-26] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [574560 2014-01-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-11-26] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-11-26] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-11-26] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-01-01] (Kaspersky Lab ZAO)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-04-09] ()
R3 netr28u; C:\Windows\System32\DRIVERS\Dnetr28u.sys [855392 2010-05-05] (Ralink Technology Corp.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-10-23] (Duplex Secure Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [340624 2011-11-21] (BitDefender S.R.L.)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
S2 adfs; No ImagePath
S3 cpuz135; \??\C:\Users\DELARO~1\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-01 16:03 - 2014-01-01 16:03 - 00000862 _____ C:\Users\De La Rose\Desktop\JRT.txt
2014-01-01 16:00 - 2014-01-01 16:00 - 00016617 _____ C:\Windows\WindowsUpdate.log
2014-01-01 16:00 - 2014-01-01 16:00 - 00000000 ____D C:\Windows\ERUNT
2014-01-01 15:59 - 2014-01-01 15:59 - 00006775 _____ C:\Users\De La Rose\Desktop\AdwCleaner[S0].txt
2014-01-01 15:53 - 2014-01-01 15:56 - 00000000 ____D C:\AdwCleaner
2014-01-01 15:36 - 2014-01-01 15:36 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-01 15:36 - 2014-01-01 15:36 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Malwarebytes
2014-01-01 15:36 - 2014-01-01 15:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-01 15:36 - 2014-01-01 15:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-01 15:36 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-01 15:34 - 2014-01-01 15:34 - 01036305 _____ (Thisisu) C:\Users\De La Rose\Desktop\JRT.exe
2014-01-01 15:33 - 2014-01-01 15:34 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\De La Rose\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-01 15:33 - 2014-01-01 15:33 - 01233962 _____ C:\Users\De La Rose\Desktop\adwcleaner.exe
2014-01-01 13:36 - 2014-01-01 13:36 - 00001059 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2014-01-01 13:35 - 2014-01-01 15:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-01 13:35 - 2014-01-01 14:13 - 00574560 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-01-01 13:35 - 2014-01-01 13:35 - 00000000 ____D C:\Windows\ELAMBKUP
2014-01-01 13:35 - 2014-01-01 13:35 - 00000000 ____D C:\Program Files\Kaspersky Lab
2014-01-01 13:35 - 2013-06-08 20:18 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-01-01 13:33 - 2014-01-01 13:33 - 00000000 ____D C:\Program Files\Microsoft.NET
2014-01-01 13:25 - 2014-01-01 13:27 - 221425472 _____ (Kaspersky Lab) C:\Users\De La Rose\Desktop\kav14.0.0.4651en_5447_trial.exe
2014-01-01 13:09 - 2014-01-01 13:09 - 00004309 _____ C:\Users\De La Rose\Desktop\Gmer.txt
2014-01-01 12:55 - 2014-01-01 12:55 - 00022450 _____ C:\Users\De La Rose\Desktop\Addition.txt
2014-01-01 12:52 - 2014-01-01 16:05 - 00015506 _____ C:\Users\De La Rose\Desktop\FRST.txt
2014-01-01 12:51 - 2014-01-01 12:51 - 00000000 ____D C:\FRST
2014-01-01 12:46 - 2014-01-01 12:46 - 00000642 _____ C:\Users\De La Rose\Desktop\defogger_disable.log
2014-01-01 12:46 - 2014-01-01 12:46 - 00000020 _____ C:\Users\De La Rose\defogger_reenable
2014-01-01 12:16 - 2014-01-01 12:16 - 01064333 _____ (Farbar) C:\Users\De La Rose\Desktop\FRST.exe
2014-01-01 12:04 - 2014-01-01 12:04 - 00377856 _____ C:\Users\De La Rose\Desktop\gmer_2.1.19163.exe
2014-01-01 12:01 - 2014-01-01 12:01 - 00050477 _____ C:\Users\De La Rose\Desktop\Defogger.exe
2013-12-12 07:56 - 2013-12-12 07:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 00:46 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 00:46 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 00:46 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 00:46 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 00:46 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 00:46 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 00:46 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 00:46 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 00:46 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 00:46 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 00:46 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 00:46 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 00:46 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 00:46 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 00:46 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 00:46 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 00:46 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 00:46 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 00:46 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 07:11 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 07:11 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 07:11 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 07:11 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 07:11 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 07:11 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 07:11 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 07:11 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 07:11 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-08 17:18 - 2013-12-08 17:18 - 00001240 _____ C:\Users\De La Rose\Desktop\Amazon Cloud Player.lnk
2013-12-08 17:18 - 2013-12-08 17:18 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2013-12-08 17:18 - 2013-12-08 17:18 - 00000000 ____D C:\Users\De La Rose\AppData\Local\Amazon Cloud Player
2013-12-08 17:17 - 2013-12-08 17:17 - 36117312 _____ (Amazon) C:\Users\De La Rose\Downloads\AmazonCloudPlayerInstaller_381.exe

==================== One Month Modified Files and Folders =======

2014-01-01 16:05 - 2014-01-01 12:52 - 00015506 _____ C:\Users\De La Rose\Desktop\FRST.txt
2014-01-01 16:05 - 2010-06-28 12:33 - 00000000 ____D C:\Users\De La Rose\AppData\Local\PMB Files
2014-01-01 16:03 - 2014-01-01 16:03 - 00000862 _____ C:\Users\De La Rose\Desktop\JRT.txt
2014-01-01 16:03 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-01 16:03 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-01 16:01 - 2014-01-01 16:00 - 00016617 _____ C:\Windows\WindowsUpdate.log
2014-01-01 16:01 - 2011-07-10 18:06 - 00000314 ___SH C:\Windows\Tasks\AUVU.job
2014-01-01 16:00 - 2014-01-01 16:00 - 00000000 ____D C:\Windows\ERUNT
2014-01-01 15:59 - 2014-01-01 15:59 - 00006775 _____ C:\Users\De La Rose\Desktop\AdwCleaner[S0].txt
2014-01-01 15:58 - 2014-01-01 13:35 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-01 15:58 - 2012-07-16 09:39 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-01 15:58 - 2010-12-09 10:09 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2014-01-01 15:58 - 2010-08-27 09:00 - 00000000 ____D C:\Program Files\Common Files\Akamai
2014-01-01 15:58 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-01 15:56 - 2014-01-01 15:53 - 00000000 ____D C:\AdwCleaner
2014-01-01 15:50 - 2012-03-29 14:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-01 15:36 - 2014-01-01 15:36 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-01 15:36 - 2014-01-01 15:36 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Malwarebytes
2014-01-01 15:36 - 2014-01-01 15:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-01 15:36 - 2014-01-01 15:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-01 15:34 - 2014-01-01 15:34 - 01036305 _____ (Thisisu) C:\Users\De La Rose\Desktop\JRT.exe
2014-01-01 15:34 - 2014-01-01 15:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\De La Rose\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-01 15:33 - 2014-01-01 15:33 - 01233962 _____ C:\Users\De La Rose\Desktop\adwcleaner.exe
2014-01-01 15:21 - 2012-07-16 09:39 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-01 14:13 - 2014-01-01 13:35 - 00574560 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-01-01 14:13 - 2013-06-06 17:38 - 00144992 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-01-01 13:40 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-01 13:36 - 2014-01-01 13:36 - 00001059 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2014-01-01 13:35 - 2014-01-01 13:35 - 00000000 ____D C:\Windows\ELAMBKUP
2014-01-01 13:35 - 2014-01-01 13:35 - 00000000 ____D C:\Program Files\Kaspersky Lab
2014-01-01 13:34 - 2010-03-26 17:24 - 01540144 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-01 13:33 - 2014-01-01 13:33 - 00000000 ____D C:\Program Files\Microsoft.NET
2014-01-01 13:27 - 2014-01-01 13:25 - 221425472 _____ (Kaspersky Lab) C:\Users\De La Rose\Desktop\kav14.0.0.4651en_5447_trial.exe
2014-01-01 13:11 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing
2014-01-01 13:09 - 2014-01-01 13:09 - 00004309 _____ C:\Users\De La Rose\Desktop\Gmer.txt
2014-01-01 12:55 - 2014-01-01 12:55 - 00022450 _____ C:\Users\De La Rose\Desktop\Addition.txt
2014-01-01 12:52 - 2013-04-01 06:01 - 00000000 ____D C:\Users\postgres
2014-01-01 12:51 - 2014-01-01 12:51 - 00000000 ____D C:\FRST
2014-01-01 12:46 - 2014-01-01 12:46 - 00000642 _____ C:\Users\De La Rose\Desktop\defogger_disable.log
2014-01-01 12:46 - 2014-01-01 12:46 - 00000020 _____ C:\Users\De La Rose\defogger_reenable
2014-01-01 12:46 - 2010-03-26 17:00 - 00000000 ____D C:\Users\De La Rose
2014-01-01 12:16 - 2014-01-01 12:16 - 01064333 _____ (Farbar) C:\Users\De La Rose\Desktop\FRST.exe
2014-01-01 12:04 - 2014-01-01 12:04 - 00377856 _____ C:\Users\De La Rose\Desktop\gmer_2.1.19163.exe
2014-01-01 12:01 - 2014-01-01 12:01 - 00050477 _____ C:\Users\De La Rose\Desktop\Defogger.exe
2013-12-29 15:11 - 2010-10-12 13:40 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Winamp
2013-12-26 22:44 - 2013-11-03 08:54 - 00000000 ____D C:\ProgramData\HappyCloud
2013-12-26 22:41 - 2011-04-08 21:11 - 00000000 ____D C:\Users\De La Rose\AppData\Local\Electronic Arts
2013-12-26 22:41 - 2010-03-29 19:52 - 00000000 ____D C:\Program Files\Electronic Arts
2013-12-22 20:05 - 2011-09-14 18:51 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Canon
2013-12-18 09:52 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2013-12-17 15:41 - 2012-10-17 20:28 - 00000000 ____D C:\ProgramData\iobit
2013-12-12 11:31 - 2012-05-03 05:40 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-12 11:28 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-12-12 07:56 - 2013-12-12 07:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 06:28 - 2009-07-14 05:33 - 02215744 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 06:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-12 00:46 - 2013-07-19 23:42 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 00:45 - 2010-03-26 18:34 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-11 19:50 - 2012-03-29 14:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 19:50 - 2011-05-16 18:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 00:02 - 2010-03-27 11:54 - 00000000 ____D C:\Users\De La Rose\AppData\Local\PokerStars.EU
2013-12-08 17:18 - 2013-12-08 17:18 - 00001240 _____ C:\Users\De La Rose\Desktop\Amazon Cloud Player.lnk
2013-12-08 17:18 - 2013-12-08 17:18 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2013-12-08 17:18 - 2013-12-08 17:18 - 00000000 ____D C:\Users\De La Rose\AppData\Local\Amazon Cloud Player
2013-12-08 17:17 - 2013-12-08 17:17 - 36117312 _____ (Amazon) C:\Users\De La Rose\Downloads\AmazonCloudPlayerInstaller_381.exe
2013-12-05 21:27 - 2013-01-02 09:47 - 00000000 ____D C:\Program Files\PokerStars.EU
2013-12-05 20:27 - 2013-09-24 09:13 - 00002121 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-03 09:58 - 2009-07-14 05:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\De La Rose\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 00:58

==================== End Of Log ============================
         
--- --- ---

--- --- ---


So, hoffe es hilft .
__________________

Alt 02.01.2014, 09:19   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit)) - Standard

Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.01.2014, 13:48   #5
kluksch
 
Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit)) - Standard

Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))



Hallo Schrauber,

erstmal vielen Dank. Ich beobachte schon positive Effekte. Nämlich: Mein I-Net war wirklich langsam, Seiten hatten nicht mehr richtig geladen. Musste immer erst den Browser mehrmals öffnen bis es dann irgendwann halbwegs funktionierte, was total nervig war. Das ist jetzt schon alles behoben

Leider hat mich die Seite gekickt und ich konnte die Logs, die schon in die Antwort eingefügt waren, nicht mehr posten. Die ESET-Log ist auch schon vom Rechner entfernt, da ich nach dem Scan und dem Einfügen hier das Programm mit allem Drum und Dran deinstalliert und den Papierkorb geleert habe. Es hatte aber keine Bedrohungen gefunden. Die beiden anderen Log-Files sind noch da.

1. Security-Check:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Anti-Virus                 
Advanced SystemCare with Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 CCleaner     
 Java 7 Update 45  
 Adobe Flash Player 9 Flash Player out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 	11.9.900.170  
 Adobe Reader XI  
 Mozilla Firefox (26.0) 
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 IObit Advanced SystemCare with Antivirus 2013 ascsvc.exe  
 IObit Advanced SystemCare with Antivirus 2013 ascavsvc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
2.FRST:



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-12-2013
Ran by De La Rose (administrator) on SUCHTKASTEN on 02-01-2014 12:37:02
Running from C:\Users\De La Rose\Desktop\PC-Analyseprogs
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IObit) C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ASCSvc.exe
(IOBit) C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ASCAvSvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
(D-Link Corp.) C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Akamai Technologies, Inc.) C:\Users\De La Rose\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Akamai Technologies, Inc.) C:\Users\De La Rose\AppData\Local\Akamai\netsession_win.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1681408 2009-09-21] (VIA)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1316248 2010-12-02] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2569616 2010-07-26] (CANON INC.)
HKLM\...\Run: [Philips Device Listener] - C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2011-03-03] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [D-Link D-Link Wireless N DWA-140] - C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe [1024000 2010-06-30] (D-Link Corp.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [2975640 2010-11-05] ()
HKCU\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner.exe [3591960 2013-05-24] (Piriform Ltd)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\De La Rose\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Advanced SystemCare 5] - C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ASCTray.exe [299392 2012-07-26] (IObit)
MountPoints2: {165729f7-38ff-11df-9392-00252204b807} - G:\autorun.exe
MountPoints2: {907382f9-3088-11e1-8920-00252204b807} - F:\setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8205ADD600CDCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKCU - (No Name) - {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6579BD32-B656-4E80-BAF7-6DCB4B33D008} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=380920&p={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FE8C4194-3102-4A3C-8FA3-F6EFA6D879F1}: [NameServer]192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130
FF Homepage: about:home
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @gametap.com/npdd,version=1.0 - B:\Downloader\Metaboli\npdd.dll (Metaboli)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\De La Rose\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Downloader Detector) - B:\Downloader\Metaboli\npdd.dll (Metaboli)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Facebook Plugin) - C:\Users\De La Rose\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx
CHR HKLM\...\Chrome\Extension: [ofahndfepeaeelmhdkjiihmofnokhmik] - C:\Users\DELARO~1\AppData\Local\Temp\tbch.crx

========================== Services (Whitelisted) =================

R2 AdvancedSystemCareService5; C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ascsvc.exe [514432 2012-07-26] (IObit)
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ASCAntivirusSrv; C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ascavsvc.exe [906112 2012-08-23] (IOBit)
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-11-26] (Kaspersky Lab ZAO)
R2 D-Link Wireless N DWA-140_WPS; C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-06-03] ()

==================== Drivers (Whitelisted) ====================

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-04-09] ()
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [251728 2010-12-08] (AVG Technologies CZ, s.r.o.)
R2 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [353096 2012-03-15] (BitDefender)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-11-26] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [574560 2014-01-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-11-26] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-11-26] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-11-26] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-01-01] (Kaspersky Lab ZAO)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-04-09] ()
R3 netr28u; C:\Windows\System32\DRIVERS\Dnetr28u.sys [855392 2010-05-05] (Ralink Technology Corp.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-10-23] (Duplex Secure Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [340624 2011-11-21] (BitDefender S.R.L.)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
S2 adfs; No ImagePath
S3 cpuz135; \??\C:\Users\DELARO~1\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-02 12:32 - 2014-01-02 12:32 - 00000224 _____ C:\Windows\setupact.log
2014-01-02 12:32 - 2014-01-02 12:32 - 00000000 _____ C:\Windows\setuperr.log
2014-01-02 10:55 - 2014-01-02 10:55 - 02347384 _____ (ESET) C:\Users\De La Rose\Downloads\esetsmartinstaller_enu.exe
2014-01-02 10:55 - 2014-01-02 10:55 - 00891200 _____ C:\Users\De La Rose\Desktop\SecurityCheck.exe
2014-01-02 00:50 - 2014-01-02 12:37 - 00000000 ____D C:\Users\De La Rose\Desktop\PC-Analyseprogs
2014-01-02 00:49 - 2014-01-02 00:50 - 00000000 ____D C:\Users\De La Rose\Desktop\Log-Files
2014-01-01 16:00 - 2014-01-02 12:25 - 00103465 ____N C:\Windows\WindowsUpdate.log
2014-01-01 16:00 - 2014-01-01 16:00 - 00000000 ____D C:\Windows\ERUNT
2014-01-01 15:53 - 2014-01-01 15:56 - 00000000 ____D C:\AdwCleaner
2014-01-01 15:36 - 2014-01-01 15:36 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Malwarebytes
2014-01-01 15:36 - 2014-01-01 15:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-01 15:36 - 2014-01-01 15:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-01 15:36 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-01 13:36 - 2014-01-01 13:36 - 00001059 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2014-01-01 13:35 - 2014-01-02 10:51 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-01 13:35 - 2014-01-01 14:13 - 00574560 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-01-01 13:35 - 2014-01-01 13:35 - 00000000 ____D C:\Windows\ELAMBKUP
2014-01-01 13:35 - 2014-01-01 13:35 - 00000000 ____D C:\Program Files\Kaspersky Lab
2014-01-01 13:35 - 2013-06-08 20:18 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-01-01 13:33 - 2014-01-01 13:33 - 00000000 ____D C:\Program Files\Microsoft.NET
2014-01-01 13:25 - 2014-01-01 13:27 - 221425472 _____ (Kaspersky Lab) C:\Users\De La Rose\Desktop\kav14.0.0.4651en_5447_trial.exe
2014-01-01 12:51 - 2014-01-01 12:51 - 00000000 ____D C:\FRST
2014-01-01 12:46 - 2014-01-01 12:46 - 00000020 _____ C:\Users\De La Rose\defogger_reenable
2013-12-12 07:56 - 2013-12-12 07:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 00:46 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 00:46 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 00:46 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 00:46 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 00:46 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 00:46 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 00:46 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 00:46 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 00:46 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 00:46 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 00:46 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 00:46 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 00:46 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 00:46 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 00:46 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 00:46 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 00:46 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 00:46 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 00:46 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 07:11 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 07:11 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 07:11 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 07:11 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 07:11 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 07:11 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 07:11 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 07:11 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 07:11 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-08 17:18 - 2013-12-08 17:18 - 00001240 _____ C:\Users\De La Rose\Desktop\Amazon Cloud Player.lnk
2013-12-08 17:18 - 2013-12-08 17:18 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2013-12-08 17:18 - 2013-12-08 17:18 - 00000000 ____D C:\Users\De La Rose\AppData\Local\Amazon Cloud Player
2013-12-08 17:17 - 2013-12-08 17:17 - 36117312 _____ (Amazon) C:\Users\De La Rose\Downloads\AmazonCloudPlayerInstaller_381.exe

==================== One Month Modified Files and Folders =======

2014-01-02 12:37 - 2014-01-02 00:50 - 00000000 ____D C:\Users\De La Rose\Desktop\PC-Analyseprogs
2014-01-02 12:32 - 2014-01-02 12:32 - 00000224 _____ C:\Windows\setupact.log
2014-01-02 12:32 - 2014-01-02 12:32 - 00000000 _____ C:\Windows\setuperr.log
2014-01-02 12:25 - 2014-01-01 16:00 - 00103465 ____N C:\Windows\WindowsUpdate.log
2014-01-02 12:21 - 2012-07-16 09:39 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-02 11:50 - 2012-03-29 14:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-02 11:22 - 2010-06-28 12:33 - 00000000 ____D C:\Users\De La Rose\AppData\Local\PMB Files
2014-01-02 10:55 - 2014-01-02 10:55 - 02347384 _____ (ESET) C:\Users\De La Rose\Downloads\esetsmartinstaller_enu.exe
2014-01-02 10:55 - 2014-01-02 10:55 - 00891200 _____ C:\Users\De La Rose\Desktop\SecurityCheck.exe
2014-01-02 10:52 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-02 10:52 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-02 10:51 - 2014-01-01 13:35 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-02 10:51 - 2012-07-16 09:39 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-02 10:48 - 2010-08-27 09:00 - 00000000 ____D C:\Program Files\Common Files\Akamai
2014-01-02 10:47 - 2011-07-10 18:06 - 00000314 ___SH C:\Windows\Tasks\AUVU.job
2014-01-02 10:47 - 2010-12-09 10:09 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2014-01-02 10:47 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-02 01:41 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing
2014-01-02 00:52 - 2010-10-12 13:40 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Winamp
2014-01-02 00:50 - 2014-01-02 00:49 - 00000000 ____D C:\Users\De La Rose\Desktop\Log-Files
2014-01-01 16:00 - 2014-01-01 16:00 - 00000000 ____D C:\Windows\ERUNT
2014-01-01 15:56 - 2014-01-01 15:53 - 00000000 ____D C:\AdwCleaner
2014-01-01 15:36 - 2014-01-01 15:36 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Malwarebytes
2014-01-01 15:36 - 2014-01-01 15:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-01 15:36 - 2014-01-01 15:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-01 14:13 - 2014-01-01 13:35 - 00574560 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-01-01 14:13 - 2013-06-06 17:38 - 00144992 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-01-01 13:40 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-01 13:36 - 2014-01-01 13:36 - 00001059 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2014-01-01 13:35 - 2014-01-01 13:35 - 00000000 ____D C:\Windows\ELAMBKUP
2014-01-01 13:35 - 2014-01-01 13:35 - 00000000 ____D C:\Program Files\Kaspersky Lab
2014-01-01 13:34 - 2010-03-26 17:24 - 01540144 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-01 13:33 - 2014-01-01 13:33 - 00000000 ____D C:\Program Files\Microsoft.NET
2014-01-01 13:27 - 2014-01-01 13:25 - 221425472 _____ (Kaspersky Lab) C:\Users\De La Rose\Desktop\kav14.0.0.4651en_5447_trial.exe
2014-01-01 12:52 - 2013-04-01 06:01 - 00000000 ____D C:\Users\postgres
2014-01-01 12:51 - 2014-01-01 12:51 - 00000000 ____D C:\FRST
2014-01-01 12:46 - 2014-01-01 12:46 - 00000020 _____ C:\Users\De La Rose\defogger_reenable
2014-01-01 12:46 - 2010-03-26 17:00 - 00000000 ____D C:\Users\De La Rose
2013-12-26 22:44 - 2013-11-03 08:54 - 00000000 ____D C:\ProgramData\HappyCloud
2013-12-26 22:41 - 2011-04-08 21:11 - 00000000 ____D C:\Users\De La Rose\AppData\Local\Electronic Arts
2013-12-26 22:41 - 2010-03-29 19:52 - 00000000 ____D C:\Program Files\Electronic Arts
2013-12-22 20:05 - 2011-09-14 18:51 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Canon
2013-12-18 09:52 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2013-12-17 15:41 - 2012-10-17 20:28 - 00000000 ____D C:\ProgramData\iobit
2013-12-12 11:31 - 2012-05-03 05:40 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-12 11:28 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-12-12 07:56 - 2013-12-12 07:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 06:28 - 2009-07-14 05:33 - 02215744 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 06:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-12 00:46 - 2013-07-19 23:42 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 00:45 - 2010-03-26 18:34 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-11 19:50 - 2012-03-29 14:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 19:50 - 2011-05-16 18:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 00:02 - 2010-03-27 11:54 - 00000000 ____D C:\Users\De La Rose\AppData\Local\PokerStars.EU
2013-12-08 17:18 - 2013-12-08 17:18 - 00001240 _____ C:\Users\De La Rose\Desktop\Amazon Cloud Player.lnk
2013-12-08 17:18 - 2013-12-08 17:18 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2013-12-08 17:18 - 2013-12-08 17:18 - 00000000 ____D C:\Users\De La Rose\AppData\Local\Amazon Cloud Player
2013-12-08 17:17 - 2013-12-08 17:17 - 36117312 _____ (Amazon) C:\Users\De La Rose\Downloads\AmazonCloudPlayerInstaller_381.exe
2013-12-05 21:27 - 2013-01-02 09:47 - 00000000 ____D C:\Program Files\PokerStars.EU
2013-12-05 20:27 - 2013-09-24 09:13 - 00002121 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-03 09:58 - 2009-07-14 05:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\De La Rose\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 00:58

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

DuckDuckGo ist immer noch da. Krass, wenn man bedenkt, dass mir die Suchmaschine in einem Artikel von Spiegel-Online als sichere,anonyme Suchmaschine empfohlen wurde. Hätte den Mist sonst nie installiert.

Hey,

auch sonst leider wieder alles beim Alten. I-Net extrem langsam, Seiten laden nicht usw...
Hatte vergessen, die Firewall und Kaspersky nach ESET wieder zu aktivieren, bevor ich ins Internet gegangen bin und sofort waren die alten Probleme auch wieder da, nachdem seit gestern abend alles wunderbar funktionierte. Lädt sich evtl. irgendetwas sofort runter, wenn ich die Firewall deaktiviere? Ist sowas möglich?


Geändert von kluksch (02.01.2014 um 13:03 Uhr)

Alt 03.01.2014, 12:04   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit)) - Standard

Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))



Flash Player updaten.

Lass Adwcleaner bitte nochmal laufen und poste dann ein frisches FRST log. In welchem Browser hast Du Probleme?
__________________
--> Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))

Alt 03.01.2014, 15:39   #7
kluksch
 
Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit)) - Standard

Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))



Hallo,

ich nutze Firefox 26.0 . Der Cleaner hat wieder was gefunden. Hier das Log:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.016 - Report created 03/01/2014 at 15:29:12
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : De La Rose - SUCHTKASTEN
# Running from : C:\Users\De La Rose\Desktop\PC-Analyseprogs\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (de)

[ File : C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6556 octets] - [01/01/2014 15:53:36]
AdwCleaner[R1].txt - [1115 octets] - [03/01/2014 15:28:09]
AdwCleaner[S0].txt - [6775 octets] - [01/01/2014 15:56:04]
AdwCleaner[S1].txt - [1039 octets] - [03/01/2014 15:29:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1099 octets] ##########
         
--- --- ---

[/CODE]

Und das FRST-Log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-12-2013
Ran by De La Rose (administrator) on SUCHTKASTEN on 03-01-2014 15:32:53
Running from C:\Users\De La Rose\Desktop\PC-Analyseprogs
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
() C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
(D-Link Corp.) C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Pando Networks\Media Booster\PMB.exe
(Akamai Technologies, Inc.) C:\Users\De La Rose\AppData\Local\Akamai\netsession_win.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Akamai Technologies, Inc.) C:\Users\De La Rose\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\wmi32.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1681408 2009-09-21] (VIA)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1316248 2010-12-02] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2569616 2010-07-26] (CANON INC.)
HKLM\...\Run: [Philips Device Listener] - C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2011-03-03] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [D-Link D-Link Wireless N DWA-140] - C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe [1024000 2010-06-30] (D-Link Corp.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-12-06] (Advanced Micro Devices, Inc.)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [2975640 2010-11-05] ()
HKCU\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner.exe [3591960 2013-05-24] (Piriform Ltd)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\De La Rose\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Advanced SystemCare 5] - C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ASCTray.exe [299392 2012-07-26] (IObit)
MountPoints2: {165729f7-38ff-11df-9392-00252204b807} - G:\autorun.exe
MountPoints2: {907382f9-3088-11e1-8920-00252204b807} - F:\setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8205ADD600CDCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKCU - (No Name) - {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6579BD32-B656-4E80-BAF7-6DCB4B33D008} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=380920&p={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FE8C4194-3102-4A3C-8FA3-F6EFA6D879F1}: [NameServer]192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130
FF Homepage: about:home
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @gametap.com/npdd,version=1.0 - B:\Downloader\Metaboli\npdd.dll (Metaboli)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\De La Rose\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Downloader Detector) - B:\Downloader\Metaboli\npdd.dll (Metaboli)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Facebook Plugin) - C:\Users\De La Rose\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx
CHR HKLM\...\Chrome\Extension: [ofahndfepeaeelmhdkjiihmofnokhmik] - C:\Users\DELARO~1\AppData\Local\Temp\tbch.crx

========================== Services (Whitelisted) =================

S4 AdvancedSystemCareService5; C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ascsvc.exe [514432 2012-07-26] (IObit)
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-12-06] (Advanced Micro Devices, Inc.)
S4 ASCAntivirusSrv; C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ascavsvc.exe [906112 2012-08-23] (IOBit)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-11-26] (Kaspersky Lab ZAO)
R2 D-Link Wireless N DWA-140_WPS; C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-06-03] ()

==================== Drivers (Whitelisted) ====================

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50432 2013-09-19] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-04-09] ()
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [251728 2010-12-08] (AVG Technologies CZ, s.r.o.)
R2 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [353096 2012-03-15] (BitDefender)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-11-26] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [574560 2014-01-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-11-26] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-11-26] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-11-26] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-01-01] (Kaspersky Lab ZAO)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-04-09] ()
R3 netr28u; C:\Windows\System32\DRIVERS\Dnetr28u.sys [855392 2010-05-05] (Ralink Technology Corp.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-10-23] (Duplex Secure Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [340624 2011-11-21] (BitDefender S.R.L.)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
S2 adfs; No ImagePath
S3 cpuz135; \??\C:\Users\DELARO~1\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-03 10:16 - 2014-01-03 15:30 - 00015064 _____ C:\Windows\setupact.log
2014-01-03 10:16 - 2014-01-03 10:16 - 00000000 _____ C:\Windows\setuperr.log
2014-01-02 22:54 - 2014-01-02 22:54 - 00000000 ____D C:\Users\De La Rose\AppData\Local\AMD
2014-01-02 22:54 - 2014-01-02 22:54 - 00000000 ____D C:\ProgramData\ATI
2014-01-02 22:53 - 2014-01-02 22:53 - 00059023 _____ C:\Windows\system32\CCCInstall_201401022253205371.log
2014-01-02 22:53 - 2014-01-02 22:53 - 00000000 ____D C:\Program Files\AMD AVT
2014-01-02 22:52 - 2014-01-02 22:53 - 00000000 ____D C:\ProgramData\AMD
2014-01-02 22:51 - 2014-01-02 22:51 - 00018637 _____ C:\Windows\system32\CCCInstall_201401022251296376.log
2014-01-02 22:50 - 2014-01-02 22:50 - 00000000 ____D C:\Program Files\AMD
2014-01-02 22:45 - 2014-01-02 22:45 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-02 22:42 - 2014-01-02 22:42 - 00000000 ____D C:\AMD
2014-01-02 22:40 - 2014-01-02 22:40 - 00791552 _____ (AMD) C:\Users\De La Rose\Desktop\amddriverdownloader.exe
2014-01-02 10:55 - 2014-01-02 10:55 - 02347384 _____ (ESET) C:\Users\De La Rose\Downloads\esetsmartinstaller_enu.exe
2014-01-02 00:50 - 2014-01-03 15:32 - 00000000 ____D C:\Users\De La Rose\Desktop\PC-Analyseprogs
2014-01-02 00:49 - 2014-01-02 00:50 - 00000000 ____D C:\Users\De La Rose\Desktop\Log-Files
2014-01-01 16:00 - 2014-01-03 15:29 - 00253574 _____ C:\Windows\WindowsUpdate.log
2014-01-01 16:00 - 2014-01-01 16:00 - 00000000 ____D C:\Windows\ERUNT
2014-01-01 15:53 - 2014-01-03 15:29 - 00000000 ____D C:\AdwCleaner
2014-01-01 15:36 - 2014-01-01 15:36 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Malwarebytes
2014-01-01 15:36 - 2014-01-01 15:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-01 15:36 - 2014-01-01 15:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-01 15:36 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-01 13:36 - 2014-01-01 13:36 - 00001059 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2014-01-01 13:35 - 2014-01-03 15:31 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-01 13:35 - 2014-01-01 14:13 - 00574560 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-01-01 13:35 - 2014-01-01 13:35 - 00000000 ____D C:\Windows\ELAMBKUP
2014-01-01 13:35 - 2014-01-01 13:35 - 00000000 ____D C:\Program Files\Kaspersky Lab
2014-01-01 13:35 - 2013-06-08 20:18 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-01-01 13:33 - 2014-01-01 13:33 - 00000000 ____D C:\Program Files\Microsoft.NET
2014-01-01 13:25 - 2014-01-01 13:27 - 221425472 _____ (Kaspersky Lab) C:\Users\De La Rose\Desktop\kav14.0.0.4651en_5447_trial.exe
2014-01-01 12:51 - 2014-01-01 12:51 - 00000000 ____D C:\FRST
2014-01-01 12:46 - 2014-01-01 12:46 - 00000020 _____ C:\Users\De La Rose\defogger_reenable
2013-12-12 07:56 - 2013-12-12 07:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 00:46 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 00:46 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 00:46 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 00:46 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 00:46 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 00:46 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 00:46 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 00:46 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 00:46 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 00:46 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 00:46 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 00:46 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 00:46 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 00:46 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 00:46 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 00:46 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 00:46 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 00:46 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 00:46 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 07:11 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 07:11 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 07:11 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 07:11 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 07:11 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 07:11 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 07:11 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 07:11 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 07:11 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-08 17:18 - 2013-12-08 17:18 - 00001240 _____ C:\Users\De La Rose\Desktop\Amazon Cloud Player.lnk
2013-12-08 17:18 - 2013-12-08 17:18 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2013-12-08 17:18 - 2013-12-08 17:18 - 00000000 ____D C:\Users\De La Rose\AppData\Local\Amazon Cloud Player
2013-12-08 17:17 - 2013-12-08 17:17 - 36117312 _____ (Amazon) C:\Users\De La Rose\Downloads\AmazonCloudPlayerInstaller_381.exe
2013-12-06 23:06 - 2013-12-06 23:06 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc32.dll
2013-12-06 23:06 - 2013-12-06 23:06 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom32.dll
2013-12-06 22:51 - 2013-12-06 22:51 - 11527680 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2013-12-06 22:38 - 2013-12-06 22:38 - 00995342 _____ C:\Windows\system32\amdocl_as32.exe
2013-12-06 22:38 - 2013-12-06 22:38 - 00798734 _____ C:\Windows\system32\amdocl_ld32.exe
2013-12-06 22:38 - 2013-12-06 22:38 - 00200704 _____ C:\Windows\system32\clinfo.exe
2013-12-06 22:38 - 2013-12-06 22:38 - 00083968 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo.dll
2013-12-06 22:38 - 2013-12-06 22:38 - 00073728 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode.dll
2013-12-06 22:35 - 2013-12-06 22:35 - 24860160 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl.dll
2013-12-06 22:33 - 2013-12-06 22:33 - 00057344 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-12-06 22:26 - 2013-12-06 22:26 - 00114688 _____ (AMD) C:\Windows\system32\coinst_13.251.dll
2013-12-06 22:13 - 2013-12-06 22:13 - 00550456 _____ C:\Windows\system32\atiapfxx.blb
2013-12-06 22:13 - 2013-12-06 22:13 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2013-12-06 22:12 - 2013-12-06 22:12 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt.dll
2013-12-06 22:12 - 2013-12-06 22:12 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl.dll
2013-12-06 22:09 - 2013-12-06 22:09 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd.dll
2013-12-06 21:58 - 2013-12-06 21:58 - 22157824 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atioglxx.dll
2013-12-06 21:53 - 2013-12-06 21:53 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2013-12-06 21:53 - 2013-12-06 21:53 - 00030720 _____ (AMD) C:\Windows\system32\atimuixx.dll
2013-12-06 21:52 - 2013-12-06 21:52 - 00493056 _____ (AMD) C:\Windows\system32\atieclxx.exe
2013-12-06 21:51 - 2013-12-06 21:51 - 00209408 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2013-12-06 21:50 - 2013-12-06 21:50 - 00164352 _____ (AMD) C:\Windows\system32\atitmmxx.dll
2013-12-06 21:31 - 2013-12-06 21:31 - 03461040 _____ C:\Windows\system32\atiumdva.cap
2013-12-06 21:28 - 2013-12-06 21:28 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2013-12-06 21:28 - 2013-12-06 21:28 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2013-12-06 21:22 - 2013-12-06 21:22 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2013-12-06 21:21 - 2013-12-06 21:21 - 00096768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atigktxx.dll
2013-12-06 21:20 - 2013-12-06 21:20 - 00501248 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2013-12-06 21:18 - 2013-12-06 21:18 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2013-12-06 16:44 - 2013-12-06 16:44 - 00038912 _____ C:\Windows\system32\kdbsdk32.dll

==================== One Month Modified Files and Folders =======

2014-01-03 15:34 - 2010-06-28 12:33 - 00000000 ____D C:\Users\De La Rose\AppData\Local\PMB Files
2014-01-03 15:32 - 2014-01-02 00:50 - 00000000 ____D C:\Users\De La Rose\Desktop\PC-Analyseprogs
2014-01-03 15:31 - 2014-01-01 13:35 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-03 15:31 - 2010-08-27 09:00 - 00000000 ____D C:\Program Files\Common Files\Akamai
2014-01-03 15:30 - 2014-01-03 10:16 - 00015064 _____ C:\Windows\setupact.log
2014-01-03 15:30 - 2012-07-16 09:39 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-03 15:30 - 2011-07-10 18:06 - 00000314 ___SH C:\Windows\Tasks\AUVU.job
2014-01-03 15:30 - 2010-12-09 10:09 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2014-01-03 15:30 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-03 15:29 - 2014-01-01 16:00 - 00253574 _____ C:\Windows\WindowsUpdate.log
2014-01-03 15:29 - 2014-01-01 15:53 - 00000000 ____D C:\AdwCleaner
2014-01-03 15:21 - 2012-07-16 09:39 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-03 15:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing
2014-01-03 14:50 - 2012-03-29 14:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-03 10:16 - 2014-01-03 10:16 - 00000000 _____ C:\Windows\setuperr.log
2014-01-03 10:01 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 10:01 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-03 09:57 - 2010-10-12 13:40 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Winamp
2014-01-03 01:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-03 00:05 - 2010-03-27 11:54 - 00000000 ____D C:\Users\De La Rose\AppData\Local\PokerStars.EU
2014-01-02 22:54 - 2014-01-02 22:54 - 00000000 ____D C:\Users\De La Rose\AppData\Local\AMD
2014-01-02 22:54 - 2014-01-02 22:54 - 00000000 ____D C:\ProgramData\ATI
2014-01-02 22:53 - 2014-01-02 22:53 - 00059023 _____ C:\Windows\system32\CCCInstall_201401022253205371.log
2014-01-02 22:53 - 2014-01-02 22:53 - 00000000 ____D C:\Program Files\AMD AVT
2014-01-02 22:53 - 2014-01-02 22:52 - 00000000 ____D C:\ProgramData\AMD
2014-01-02 22:52 - 2010-03-26 18:20 - 00000000 ____D C:\Program Files\ATI Technologies
2014-01-02 22:51 - 2014-01-02 22:51 - 00018637 _____ C:\Windows\system32\CCCInstall_201401022251296376.log
2014-01-02 22:50 - 2014-01-02 22:50 - 00000000 ____D C:\Program Files\AMD
2014-01-02 22:48 - 2010-03-26 17:24 - 01665022 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-02 22:45 - 2014-01-02 22:45 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-02 22:42 - 2014-01-02 22:42 - 00000000 ____D C:\AMD
2014-01-02 22:40 - 2014-01-02 22:40 - 00791552 _____ (AMD) C:\Users\De La Rose\Desktop\amddriverdownloader.exe
2014-01-02 10:55 - 2014-01-02 10:55 - 02347384 _____ (ESET) C:\Users\De La Rose\Downloads\esetsmartinstaller_enu.exe
2014-01-02 00:50 - 2014-01-02 00:49 - 00000000 ____D C:\Users\De La Rose\Desktop\Log-Files
2014-01-01 16:00 - 2014-01-01 16:00 - 00000000 ____D C:\Windows\ERUNT
2014-01-01 15:36 - 2014-01-01 15:36 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Malwarebytes
2014-01-01 15:36 - 2014-01-01 15:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-01 15:36 - 2014-01-01 15:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-01 14:13 - 2014-01-01 13:35 - 00574560 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-01-01 14:13 - 2013-06-06 17:38 - 00144992 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-01-01 13:36 - 2014-01-01 13:36 - 00001059 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2014-01-01 13:35 - 2014-01-01 13:35 - 00000000 ____D C:\Windows\ELAMBKUP
2014-01-01 13:35 - 2014-01-01 13:35 - 00000000 ____D C:\Program Files\Kaspersky Lab
2014-01-01 13:33 - 2014-01-01 13:33 - 00000000 ____D C:\Program Files\Microsoft.NET
2014-01-01 13:27 - 2014-01-01 13:25 - 221425472 _____ (Kaspersky Lab) C:\Users\De La Rose\Desktop\kav14.0.0.4651en_5447_trial.exe
2014-01-01 12:52 - 2013-04-01 06:01 - 00000000 ____D C:\Users\postgres
2014-01-01 12:51 - 2014-01-01 12:51 - 00000000 ____D C:\FRST
2014-01-01 12:46 - 2014-01-01 12:46 - 00000020 _____ C:\Users\De La Rose\defogger_reenable
2014-01-01 12:46 - 2010-03-26 17:00 - 00000000 ____D C:\Users\De La Rose
2013-12-26 22:44 - 2013-11-03 08:54 - 00000000 ____D C:\ProgramData\HappyCloud
2013-12-26 22:41 - 2011-04-08 21:11 - 00000000 ____D C:\Users\De La Rose\AppData\Local\Electronic Arts
2013-12-26 22:41 - 2010-03-29 19:52 - 00000000 ____D C:\Program Files\Electronic Arts
2013-12-22 20:05 - 2011-09-14 18:51 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Canon
2013-12-18 09:52 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2013-12-17 15:41 - 2012-10-17 20:28 - 00000000 ____D C:\ProgramData\iobit
2013-12-12 11:31 - 2012-05-03 05:40 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-12 11:28 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-12-12 07:56 - 2013-12-12 07:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 06:28 - 2009-07-14 05:33 - 02215744 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 06:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-12 00:46 - 2013-07-19 23:42 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 00:45 - 2010-03-26 18:34 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-11 19:50 - 2012-03-29 14:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 19:50 - 2011-05-16 18:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-08 17:18 - 2013-12-08 17:18 - 00001240 _____ C:\Users\De La Rose\Desktop\Amazon Cloud Player.lnk
2013-12-08 17:18 - 2013-12-08 17:18 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2013-12-08 17:18 - 2013-12-08 17:18 - 00000000 ____D C:\Users\De La Rose\AppData\Local\Amazon Cloud Player
2013-12-08 17:17 - 2013-12-08 17:17 - 36117312 _____ (Amazon) C:\Users\De La Rose\Downloads\AmazonCloudPlayerInstaller_381.exe
2013-12-06 23:06 - 2013-12-06 23:06 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc32.dll
2013-12-06 23:06 - 2013-12-06 23:06 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom32.dll
2013-12-06 23:03 - 2010-03-03 04:06 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxpag.dll
2013-12-06 23:02 - 2011-01-26 21:12 - 00098496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9pag.dll
2013-12-06 23:00 - 2010-03-03 05:16 - 01100216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx32.dll
2013-12-06 22:59 - 2010-03-03 05:06 - 08406024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx32.dll
2013-12-06 22:58 - 2011-01-26 21:24 - 08287008 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumdva.dll
2013-12-06 22:57 - 2011-01-26 21:28 - 06630232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumdag.dll
2013-12-06 22:51 - 2013-12-06 22:51 - 11527680 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2013-12-06 22:38 - 2013-12-06 22:38 - 00995342 _____ C:\Windows\system32\amdocl_as32.exe
2013-12-06 22:38 - 2013-12-06 22:38 - 00798734 _____ C:\Windows\system32\amdocl_ld32.exe
2013-12-06 22:38 - 2013-12-06 22:38 - 00200704 _____ C:\Windows\system32\clinfo.exe
2013-12-06 22:38 - 2013-12-06 22:38 - 00083968 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo.dll
2013-12-06 22:38 - 2013-12-06 22:38 - 00073728 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode.dll
2013-12-06 22:35 - 2013-12-06 22:35 - 24860160 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl.dll
2013-12-06 22:33 - 2013-12-06 22:33 - 00057344 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-12-06 22:26 - 2013-12-06 22:26 - 00114688 _____ (AMD) C:\Windows\system32\coinst_13.251.dll
2013-12-06 22:13 - 2013-12-06 22:13 - 00550456 _____ C:\Windows\system32\atiapfxx.blb
2013-12-06 22:13 - 2013-12-06 22:13 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2013-12-06 22:12 - 2013-12-06 22:12 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt.dll
2013-12-06 22:12 - 2013-12-06 22:12 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl.dll
2013-12-06 22:09 - 2013-12-06 22:09 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd.dll
2013-12-06 21:58 - 2013-12-06 21:58 - 22157824 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atioglxx.dll
2013-12-06 21:53 - 2013-12-06 21:53 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2013-12-06 21:53 - 2013-12-06 21:53 - 00030720 _____ (AMD) C:\Windows\system32\atimuixx.dll
2013-12-06 21:52 - 2013-12-06 21:52 - 00493056 _____ (AMD) C:\Windows\system32\atieclxx.exe
2013-12-06 21:51 - 2013-12-06 21:51 - 00209408 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2013-12-06 21:50 - 2013-12-06 21:50 - 00164352 _____ (AMD) C:\Windows\system32\atitmmxx.dll
2013-12-06 21:31 - 2013-12-06 21:31 - 03461040 _____ C:\Windows\system32\atiumdva.cap
2013-12-06 21:28 - 2013-12-06 21:28 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2013-12-06 21:28 - 2013-12-06 21:28 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2013-12-06 21:22 - 2013-12-06 21:22 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2013-12-06 21:22 - 2010-03-03 04:08 - 00825344 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2013-12-06 21:21 - 2013-12-06 21:21 - 00096768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atigktxx.dll
2013-12-06 21:20 - 2013-12-06 21:20 - 00501248 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2013-12-06 21:18 - 2013-12-06 21:18 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2013-12-06 16:44 - 2013-12-06 16:44 - 00038912 _____ C:\Windows\system32\kdbsdk32.dll
2013-12-05 21:27 - 2013-01-02 09:47 - 00000000 ____D C:\Program Files\PokerStars.EU
2013-12-05 20:27 - 2013-09-24 09:13 - 00002121 _____ C:\Users\Public\Desktop\Google Chrome.lnk

Some content of TEMP:
====================
C:\Users\De La Rose\AppData\Local\Temp\13-12_win7_win8_32_dd_ccc_whql.exe
C:\Users\De La Rose\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 00:58

==================== End Of Log ============================
         
--- --- ---


Nachdem AdwCleaner-Scan scheint das Internet wieder prima zu laufen.

Alt 04.01.2014, 15:30   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit)) - Standard

Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))



Deinstalliere Firefox einmal komplett und installiere ihn neu.


Fertig

Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.01.2014, 21:12   #9
kluksch
 
Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit)) - Standard

Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))



Huhu Schrauber,

es ist weg! Vielen, vielen Dank! I-net läuft wie geschmiert! Bloss gut, dass ich es mal hier versucht habe. Und danke auch für die Tipps zur Sicherheit, werde sie befolgen und mich mal über die Anleitungen hermachen. Kann Dir garnicht beschreiben, wie erleichtert ich bin.

Herzlichen Gruß!
Thomas

Hey,

jetzt habe ich doch noch eine kurze Frage. Ich führe standardmässig bei jedem Neustart meines Rechners den CC-Cleaner aus. Dieser überprüft auch die Registry-Einträge. Benötige ich dieses Tool noch, oder kann ich es deinstallieren? Und noch eine frage zu Secunia: Hab es installiert und gestartet, allerdings kommt das Programm über den Ladebildschirm nicht hinaus. Dachte erst, der Scan dauert etwas länger, aber nach 20 min kommt es mir nun doch etwas komisch vor. Das Programm zeigt mir allerdings immerhin über die Windows-Taskleiste an, dass Programme ein manuelles Update benötigen. Hast du eventuell eine Idee, wieso das Programm nicht startet?

Geändert von kluksch (04.01.2014 um 21:59 Uhr)

Alt 05.01.2014, 16:32   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit)) - Standard

Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))



Deinstalliere Secunia, such mal nach FileHippo Updatechecker und versuch den.

Ccleaner weg und Finger weg von der Registry
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))
akamai, antivirus, branding, browser, computer, downloader, duckduckgo, entfernen, flash player, hijack.zones, homepage, problem, prozessor, registry, required, richtlinie, schach, software, suchmaschine, svchost.exe, trojan.downloader, trojan.fakealert, trojan.fakealert.sa, vista, windows, windows xp



Ähnliche Themen: Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))


  1. Fehlerhinweis "Ungültiges Bild" unter WINDOWS 7: "C:\PROGRA~2\SEARCH~2\SEARCH~1\bin\VC32LO~1.DLL" +
    Log-Analyse und Auswertung - 19.04.2015 (9)
  2. Windows 7: C:\PROGRA~2\SEARCH~1\bin\VC32LO~.DLL ist entweder nicht für die Ausführung unter Windows vorgesehn oder enthält einen Fehler...
    Log-Analyse und Auswertung - 03.04.2015 (11)
  3. C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL ist entweder nicht für die Ausführung unter Windows vorgesehen...
    Plagegeister aller Art und deren Bekämpfung - 16.03.2015 (17)
  4. C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL ist entweder nicht für die Ausführung unter Windows vorgesehe
    Plagegeister aller Art und deren Bekämpfung - 06.02.2015 (5)
  5. duckduckgo versucht zu entfernen aber ohne Erfolg!
    Log-Analyse und Auswertung - 03.01.2015 (29)
  6. Search Protect unter Win 7 entfernen
    Log-Analyse und Auswertung - 08.12.2014 (35)
  7. DuckDuckGo lässt sich nicht aus Firefox entfernen
    Log-Analyse und Auswertung - 02.12.2014 (37)
  8. Search d.p Engine. Ist das Delta-Search? Wenn nein, egal ich werde es nicht mehr los
    Log-Analyse und Auswertung - 27.01.2014 (11)
  9. Windows 8 u. IE: snap.do engine lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (13)
  10. Windows 7: Snap.do und Search-Gol wird je nach User unter Firefox als Suchmaschine vorgeschlagen
    Log-Analyse und Auswertung - 14.10.2013 (9)
  11. Search conduit aus Firefox entfernen?
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (13)
  12. Claro-Search von Firefox entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.12.2012 (15)
  13. Claro-Search von Firefox entfernen
    Log-Analyse und Auswertung - 05.12.2012 (20)
  14. Claro-search Firefox entfernen
    Log-Analyse und Auswertung - 31.10.2012 (11)
  15. default search engine protection was ist das???
    Alles rund um Windows - 28.01.2009 (0)
  16. best search engine
    Plagegeister aller Art und deren Bekämpfung - 07.03.2005 (1)
  17. Best Search Engine!!! bzw. Just find it!
    Log-Analyse und Auswertung - 02.03.2005 (5)

Zum Thema Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit)) - Hallo, erst einmal ein gesundes neues Jahr 2014. Mein Problem: Ich hatte vor einigen Monaten DuckDuckGo als Suchmaschine genutzt und mir auch ein Suchtool installiert,welches DDG als bevorzugte Suchmaschine nutzt. - Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))...
Archiv
Du betrachtest: Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit)) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.