Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: ich bekomme odir.org nicht vom verlauf gelöscht

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.01.2014, 15:55   #1
erc13
 
ich bekomme odir.org nicht vom verlauf gelöscht - Standard

ich bekomme odir.org nicht vom verlauf gelöscht



Hallo leutz, ich bräuchte wohl eure hilfe.

ich habe genau das selbe problem wie hier: http://www.trojaner-board.de/134194-...r-nervt-3.html

ich habs versucht aus eigener kraft das problem zu lösen, leider ohne erfolg.

habe mehrere programme installiert und ausgeführt wie ccleaner, malwarebytes, combofix und zoek . . .

Vielen dank im voraus

Alt 09.01.2014, 20:58   #2
schrauber
/// the machine
/// TB-Ausbilder
 

ich bekomme odir.org nicht vom verlauf gelöscht - Standard

ich bekomme odir.org nicht vom verlauf gelöscht



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 09.01.2014, 22:49   #3
erc13
 
ich bekomme odir.org nicht vom verlauf gelöscht - Standard

ich bekomme odir.org nicht vom verlauf gelöscht



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-01-2014
Ran by Admin (administrator) on ADMIN-PC on 09-01-2014 23:44:41
Running from C:\Users\Admin\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\OneClickInternet\WTGService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [snp2uvc] - C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix)
HKLM\...\Run: [SNUVCDSM] - C:\Windows\snuvcdsm.exe [24576 2009-05-22] ()
HKLM\...\Run: [ATSwpNav] - "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [snp2uvc] - C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [614400 2009-10-10] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4D1C814E67C7CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\auege6s2.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\OneClickInternet\WTGService.exe [312784 2009-11-27] ()

==================== Drivers (Whitelisted) ====================

S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3531776 2009-09-04] ()
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-09 23:44 - 2014-01-09 23:44 - 00009439 _____ C:\Users\Admin\Downloads\FRST.txt
2014-01-09 23:44 - 2014-01-09 23:44 - 00000000 ____D C:\FRST
2014-01-09 23:43 - 2014-01-09 23:44 - 01931772 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2014-01-09 16:36 - 2014-01-09 16:36 - 00022429 _____ C:\ComboFix.txt
2014-01-09 16:20 - 2014-01-09 16:36 - 00000000 ____D C:\Qoobox
2014-01-09 16:20 - 2014-01-09 16:33 - 00000000 ____D C:\Windows\erdnt
2014-01-09 16:20 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-09 16:20 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-09 16:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-09 16:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-09 16:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-09 16:20 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-09 16:20 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-09 16:20 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-09 16:18 - 2014-01-09 16:18 - 05162489 ____R (Swearware) C:\Users\Admin\Downloads\ComboFix.exe
2014-01-09 16:08 - 2014-01-09 16:08 - 01281536 _____ C:\Users\Admin\Downloads\zoek (2).exe
2014-01-09 16:05 - 2014-01-09 15:46 - 00024064 _____ C:\Windows\zoek-delete.exe
2014-01-09 15:48 - 2014-01-09 16:06 - 00004812 _____ C:\zoek-results.log
2014-01-09 15:46 - 2014-01-09 15:46 - 01281536 _____ C:\Users\Admin\Downloads\zoek (1).exe
2014-01-09 15:42 - 2014-01-09 15:42 - 01281536 _____ C:\Users\Admin\Downloads\zoek.exe
2014-01-09 15:42 - 2014-01-09 15:42 - 00000000 ____D C:\zoek_backup
2014-01-09 15:32 - 2014-01-09 15:32 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-09 15:32 - 2014-01-09 15:32 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-09 15:32 - 2014-01-09 15:32 - 00000000 ____D C:\Program Files\CCleaner
2014-01-09 15:24 - 2014-01-09 15:43 - 00000000 ____D C:\AdwCleaner
2014-01-09 15:23 - 2014-01-09 15:24 - 04645232 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup409.exe
2014-01-09 15:18 - 2014-01-09 15:18 - 01233962 _____ C:\Users\Admin\Downloads\adwcleaner.exe
2014-01-09 15:17 - 2014-01-09 15:17 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-09 15:17 - 2014-01-09 15:17 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-01-09 15:17 - 2014-01-09 15:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-09 15:17 - 2014-01-09 15:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-09 15:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-09 15:09 - 2014-01-09 15:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Admin\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-31 11:05 - 2013-12-31 11:05 - 00029696 _____ C:\Users\Admin\Desktop\Dienstvorgabe Boztepe 1-2.xls
2013-12-20 10:52 - 2013-12-20 10:52 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-12-19 10:16 - 2013-12-19 10:55 - 00000000 ____D C:\Users\Admin\Desktop\Neuer Ordner
2013-12-18 14:02 - 2013-12-18 14:02 - 00019884 _____ C:\Users\Admin\Downloads\Nicht bestätigt 389066.crdownload
2013-12-18 13:58 - 2013-12-18 13:58 - 00000138 _____ C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
2013-12-18 13:57 - 2013-12-18 13:57 - 00000000 ____D C:\Windows\Samsung
2013-12-18 13:57 - 2013-12-18 13:57 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2013-12-18 13:57 - 2009-10-07 00:09 - 00081920 _____ (Samsung Electronics) C:\Windows\SysWOW64\ssdevm.dll
2013-12-18 13:57 - 2009-10-07 00:09 - 00074240 _____ (Samsung Electronics) C:\Windows\system32\ssdevm64.dll
2013-12-18 13:57 - 2009-10-06 18:18 - 00482408 _____ () C:\Windows\ssndii.exe
2013-12-18 13:57 - 2007-11-30 05:30 - 00151552 _____ (SS) C:\Windows\system32\ssa1mci.exe
2013-12-18 13:57 - 2007-11-30 05:30 - 00089600 _____ (SS) C:\Windows\system32\ssa1mci.dll
2013-12-18 13:57 - 2007-11-30 05:30 - 00022016 _____ () C:\Windows\system32\ssa1ml6.dll
2013-12-18 13:57 - 2007-11-30 05:30 - 00000357 _____ C:\Windows\system32\ssa1ml6.smt
2013-12-18 13:57 - 2007-11-29 23:38 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml2.dll
2013-12-18 13:57 - 2007-11-29 23:38 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll
2013-12-18 13:57 - 2007-11-29 23:38 - 00049152 _____ (Samsung Electronics) C:\Windows\SysWOW64\ssusbpn.dll
2013-12-18 13:57 - 2007-11-29 23:38 - 00047104 _____ (Samsung Electronics) C:\Windows\system32\ssusbp64.dll
2013-12-18 13:57 - 2007-11-29 23:38 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2013-12-18 13:57 - 2007-11-29 23:38 - 00038160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml2r.dll
2013-12-18 13:57 - 2007-11-29 23:38 - 00021776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml2a.dll
2013-12-18 13:55 - 2013-12-18 13:55 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-12-18 13:55 - 2007-11-30 02:46 - 00011576 ____N (Samsung Electronics) C:\Windows\system32\Drivers\SSPORT.SYS
2013-12-18 13:54 - 2013-12-18 13:55 - 37261048 _____ (Samsung                                                     ) C:\Users\Admin\Downloads\ML-1630W_Print_64bit.exe
2013-12-18 11:49 - 2013-12-12 11:44 - 00163328 _____ C:\Users\Admin\Desktop\161213 bis 150114 (1).xls
2013-12-17 10:34 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-17 10:34 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-17 10:34 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-17 10:33 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-17 10:33 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-17 10:33 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-17 10:33 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-17 10:33 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-17 10:33 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-17 10:33 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-17 10:33 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-17 10:33 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-17 10:33 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-17 10:33 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-17 10:33 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-17 10:33 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-17 10:33 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-17 10:33 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-17 10:33 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-17 10:33 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-17 10:33 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-17 10:33 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-17 10:33 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-17 10:33 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-17 10:33 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-17 10:33 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-17 10:33 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-17 10:33 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-17 10:33 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-17 10:33 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-17 10:33 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-16 17:10 - 2013-12-17 14:47 - 00000000 ____D C:\Users\Admin\AppData\OICE_15_974FA576_32C1D314_A96
2013-12-12 11:44 - 2013-12-12 11:44 - 00163328 _____ C:\Users\Admin\Downloads\161213 bis 150114 (1).xls
2013-12-11 16:58 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 16:58 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 16:58 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 16:58 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 16:58 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 16:58 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 16:58 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 16:58 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 16:58 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 16:58 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 16:58 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 16:58 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 16:58 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 16:58 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 16:58 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-09 23:44 - 2014-01-09 23:44 - 00009439 _____ C:\Users\Admin\Downloads\FRST.txt
2014-01-09 23:44 - 2014-01-09 23:44 - 00000000 ____D C:\FRST
2014-01-09 23:44 - 2014-01-09 23:43 - 01931772 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2014-01-09 23:41 - 2013-10-26 14:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-09 23:41 - 2013-10-12 17:24 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-09 23:41 - 2013-10-12 16:34 - 01244376 _____ C:\Windows\WindowsUpdate.log
2014-01-09 16:38 - 2009-07-14 05:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-09 16:38 - 2009-07-14 05:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-09 16:36 - 2014-01-09 16:36 - 00022429 _____ C:\ComboFix.txt
2014-01-09 16:36 - 2014-01-09 16:20 - 00000000 ____D C:\Qoobox
2014-01-09 16:36 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-09 16:33 - 2014-01-09 16:20 - 00000000 ____D C:\Windows\erdnt
2014-01-09 16:31 - 2013-10-12 17:24 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-09 16:31 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-09 16:30 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-09 16:18 - 2014-01-09 16:18 - 05162489 ____R (Swearware) C:\Users\Admin\Downloads\ComboFix.exe
2014-01-09 16:08 - 2014-01-09 16:08 - 01281536 _____ C:\Users\Admin\Downloads\zoek (2).exe
2014-01-09 16:06 - 2014-01-09 15:48 - 00004812 _____ C:\zoek-results.log
2014-01-09 15:46 - 2014-01-09 16:05 - 00024064 _____ C:\Windows\zoek-delete.exe
2014-01-09 15:46 - 2014-01-09 15:46 - 01281536 _____ C:\Users\Admin\Downloads\zoek (1).exe
2014-01-09 15:43 - 2014-01-09 15:24 - 00000000 ____D C:\AdwCleaner
2014-01-09 15:42 - 2014-01-09 15:42 - 01281536 _____ C:\Users\Admin\Downloads\zoek.exe
2014-01-09 15:42 - 2014-01-09 15:42 - 00000000 ____D C:\zoek_backup
2014-01-09 15:34 - 2013-10-13 02:30 - 00000000 ____D C:\Windows\Panther
2014-01-09 15:32 - 2014-01-09 15:32 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-09 15:32 - 2014-01-09 15:32 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-09 15:32 - 2014-01-09 15:32 - 00000000 ____D C:\Program Files\CCleaner
2014-01-09 15:24 - 2014-01-09 15:23 - 04645232 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup409.exe
2014-01-09 15:18 - 2014-01-09 15:18 - 01233962 _____ C:\Users\Admin\Downloads\adwcleaner.exe
2014-01-09 15:17 - 2014-01-09 15:17 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-09 15:17 - 2014-01-09 15:17 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-01-09 15:17 - 2014-01-09 15:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-09 15:17 - 2014-01-09 15:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-09 15:10 - 2014-01-09 15:09 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Admin\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-02 13:50 - 2013-11-16 16:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-31 11:05 - 2013-12-31 11:05 - 00029696 _____ C:\Users\Admin\Desktop\Dienstvorgabe Boztepe 1-2.xls
2013-12-25 09:52 - 2013-10-12 16:59 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2013-12-20 10:52 - 2013-12-20 10:52 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-12-19 10:55 - 2013-12-19 10:16 - 00000000 ____D C:\Users\Admin\Desktop\Neuer Ordner
2013-12-18 20:51 - 2013-11-19 18:28 - 00000000 ____D C:\Users\Admin\Desktop\iphone4
2013-12-18 14:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-18 14:02 - 2013-12-18 14:02 - 00019884 _____ C:\Users\Admin\Downloads\Nicht bestätigt 389066.crdownload
2013-12-18 13:58 - 2013-12-18 13:58 - 00000138 _____ C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
2013-12-18 13:57 - 2013-12-18 13:57 - 00000000 ____D C:\Windows\Samsung
2013-12-18 13:57 - 2013-12-18 13:57 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2013-12-18 13:55 - 2013-12-18 13:55 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-12-18 13:55 - 2013-12-18 13:54 - 37261048 _____ (Samsung                                                     ) C:\Users\Admin\Downloads\ML-1630W_Print_64bit.exe
2013-12-17 14:54 - 2013-04-15 16:10 - 00698926 _____ C:\Windows\system32\perfh007.dat
2013-12-17 14:54 - 2013-04-15 16:10 - 00149034 _____ C:\Windows\system32\perfc007.dat
2013-12-17 14:54 - 2009-07-14 06:13 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-17 14:47 - 2013-12-16 17:10 - 00000000 ____D C:\Users\Admin\AppData\OICE_15_974FA576_32C1D314_A96
2013-12-17 11:08 - 2013-12-05 10:07 - 00027648 _____ C:\Users\Admin\Desktop\Dienstvorgabe 12-1.xls
2013-12-17 10:36 - 2013-10-12 17:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 11:44 - 2013-12-18 11:49 - 00163328 _____ C:\Users\Admin\Desktop\161213 bis 150114 (1).xls
2013-12-12 11:44 - 2013-12-12 11:44 - 00163328 _____ C:\Users\Admin\Downloads\161213 bis 150114 (1).xls
2013-12-10 20:03 - 2013-10-26 14:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 20:03 - 2013-10-26 14:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 20:03 - 2013-10-26 14:10 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 10:53

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-01-2014
Ran by Admin at 2014-01-09 23:45:30
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
AuthenTec Fingerprint Software (Version: 8.5.4.53 - Ihr Firmenname)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CCleaner (Version: 4.09 - Piriform)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (Version:  - Microsoft)
FJ Camera (x32 Version: 5.8.52008.0 - Sonix)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
iCloud (Version: 3.0.2.163 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2025 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 25.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
OneClick Internet (x32 Version: 3.0 - OneClick Internet)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Samsung ML-1630W Series (x32 Version:  - Samsung Electronics CO.,LTD)
Synaptics Pointing Device Driver (Version: 14.0.10.0 - Synaptics Incorporated)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837626) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837637) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837638) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2850060) 64-Bit Edition (Version:  - Microsoft)

==================== Restore Points  =========================

12-12-2013 20:50:43 Windows Update
16-12-2013 20:31:29 Windows Update
17-12-2013 09:25:48 Windows Update
20-12-2013 09:51:00 Windows Update
22-12-2013 18:00:14 Windows-Sicherung
23-12-2013 14:06:29 Windows Update
26-12-2013 16:51:54 Windows Update
29-12-2013 17:15:45 Windows Update
02-01-2014 10:34:03 Windows Update
05-01-2014 11:36:49 Windows Update
08-01-2014 15:56:51 Windows Update
09-01-2014 14:48:38 zoek.exe restore point

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-01-09 16:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {312524A9-07FF-4199-9FCE-EA12E78E8CA9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {3851C830-7411-4E63-ACC5-A262727C9666} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {62764129-3F5D-487B-9ABF-778DD067D739} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {C516C6D8-4730-49D9-9319-083094BC4D37} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {ED5B3E9D-9E0E-444B-817B-AACE5B9D91A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-12] (Google Inc.)
Task: {F9A061B8-ED6D-4781-A975-A89FDC3F3FDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-12] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-06 10:06 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-06 10:06 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-06 10:06 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-06 10:06 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-06 10:06 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-06 10:06 - 2013-12-04 03:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Serieller PCI-Anschluss
Description: Serieller PCI-Anschluss
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Sierra Wireless Gobi 2000
Description: Sierra Wireless Gobi 2000
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2014 11:40:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9346223

Error: (01/09/2014 11:40:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9346223

Error: (01/09/2014 11:40:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/09/2014 11:40:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9345162

Error: (01/09/2014 11:40:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9345162

Error: (01/09/2014 11:40:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/09/2014 11:40:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9344164

Error: (01/09/2014 11:40:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9344164

Error: (01/09/2014 11:40:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/09/2014 09:05:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6100


System errors:
=============
Error: (01/09/2014 05:52:33 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/09/2014 04:30:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/09/2014 04:29:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/09/2014 04:26:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/09/2014 04:14:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/09/2014 04:06:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/09/2014 04:02:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/09/2014 04:02:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/09/2014 04:02:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/09/2014 04:01:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================
Error: (01/09/2014 11:40:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9346223

Error: (01/09/2014 11:40:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9346223

Error: (01/09/2014 11:40:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/09/2014 11:40:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9345162

Error: (01/09/2014 11:40:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9345162

Error: (01/09/2014 11:40:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/09/2014 11:40:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9344164

Error: (01/09/2014 11:40:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9344164

Error: (01/09/2014 11:40:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/09/2014 09:05:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6100


==================== Memory info =========================== 

Percentage of memory in use: 53%
Total physical RAM: 3891.47 MB
Available physical RAM: 1823.5 MB
Total Pagefile: 7781.13 MB
Available Pagefile: 5387.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:252.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 8A1D4FEB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 10.01.2014, 13:32   #4
schrauber
/// the machine
/// TB-Ausbilder
 

ich bekomme odir.org nicht vom verlauf gelöscht - Standard

ich bekomme odir.org nicht vom verlauf gelöscht



In welchem Browser?


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.01.2014, 14:36   #5
erc13
 
ich bekomme odir.org nicht vom verlauf gelöscht - Standard

ich bekomme odir.org nicht vom verlauf gelöscht



Google Chrome

Code:
ATTFilter
# AdwCleaner v3.016 - Bericht erstellt am 10/01/2014 um 15:14:42
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Admin - ADMIN-PC
# Gestartet von : C:\Users\Admin\Downloads\adwcleaner (1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\auege6s2.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [928 octets] - [09/01/2014 15:37:28]
AdwCleaner[R1].txt - [1050 octets] - [10/01/2014 14:47:53]
AdwCleaner[S0].txt - [988 octets] - [09/01/2014 15:43:46]
AdwCleaner[S1].txt - [973 octets] - [10/01/2014 15:14:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1032 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x64
Ran by Admin on 10.01.2014 at 15:19:11,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.01.2014 at 15:29:11,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2014
Ran by Admin (administrator) on ADMIN-PC on 10-01-2014 15:33:26
Running from C:\Users\Admin\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Sonix) C:\Windows\vsnp2uvc.exe
() C:\Windows\snuvcdsm.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\OneClickInternet\WTGService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Admin\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [snp2uvc] - C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix)
HKLM\...\Run: [SNUVCDSM] - C:\Windows\snuvcdsm.exe [24576 2009-05-22] ()
HKLM\...\Run: [ATSwpNav] - "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [snp2uvc] - C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [614400 2009-10-10] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4D1C814E67C7CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\auege6s2.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\OneClickInternet\WTGService.exe [312784 2009-11-27] ()

==================== Drivers (Whitelisted) ====================

S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3531776 2009-09-04] ()
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-10 15:32 - 2014-01-10 15:33 - 01932166 _____ (Farbar) C:\Users\Admin\Downloads\FRST64 (1).exe
2014-01-10 15:29 - 2014-01-10 15:29 - 00000621 _____ C:\Users\Admin\Desktop\JRT.txt
2014-01-10 15:19 - 2014-01-10 15:19 - 00000000 ____D C:\Windows\ERUNT
2014-01-10 15:18 - 2014-01-10 15:18 - 01037068 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-01-10 15:16 - 2014-01-10 15:16 - 00000056 _____ C:\Windows\setupact.log
2014-01-10 15:16 - 2014-01-10 15:16 - 00000000 _____ C:\Windows\setuperr.log
2014-01-10 15:15 - 2014-01-10 15:16 - 00388192 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-10 14:47 - 2014-01-10 14:47 - 01233962 _____ C:\Users\Admin\Downloads\adwcleaner (1).exe
2014-01-10 00:51 - 2014-01-10 00:51 - 00092256 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-09 23:45 - 2014-01-09 23:45 - 00019644 _____ C:\Users\Admin\Downloads\Addition.txt
2014-01-09 23:44 - 2014-01-10 15:33 - 00010195 _____ C:\Users\Admin\Downloads\FRST.txt
2014-01-09 23:44 - 2014-01-09 23:44 - 00000000 ____D C:\FRST
2014-01-09 23:43 - 2014-01-09 23:44 - 01931772 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2014-01-09 16:36 - 2014-01-09 16:36 - 00022429 _____ C:\ComboFix.txt
2014-01-09 16:20 - 2014-01-09 16:36 - 00000000 ____D C:\Qoobox
2014-01-09 16:20 - 2014-01-09 16:33 - 00000000 ____D C:\Windows\erdnt
2014-01-09 16:20 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-09 16:20 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-09 16:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-09 16:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-09 16:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-09 16:20 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-09 16:20 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-09 16:20 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-09 16:18 - 2014-01-09 16:18 - 05162489 ____R (Swearware) C:\Users\Admin\Downloads\ComboFix.exe
2014-01-09 16:08 - 2014-01-09 16:08 - 01281536 _____ C:\Users\Admin\Downloads\zoek (2).exe
2014-01-09 16:05 - 2014-01-09 15:46 - 00024064 _____ C:\Windows\zoek-delete.exe
2014-01-09 15:48 - 2014-01-09 16:06 - 00004812 _____ C:\zoek-results.log
2014-01-09 15:46 - 2014-01-09 15:46 - 01281536 _____ C:\Users\Admin\Downloads\zoek (1).exe
2014-01-09 15:42 - 2014-01-09 15:42 - 01281536 _____ C:\Users\Admin\Downloads\zoek.exe
2014-01-09 15:42 - 2014-01-09 15:42 - 00000000 ____D C:\zoek_backup
2014-01-09 15:32 - 2014-01-09 15:32 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-09 15:32 - 2014-01-09 15:32 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-09 15:32 - 2014-01-09 15:32 - 00000000 ____D C:\Program Files\CCleaner
2014-01-09 15:24 - 2014-01-10 15:14 - 00000000 ____D C:\AdwCleaner
2014-01-09 15:23 - 2014-01-09 15:24 - 04645232 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup409.exe
2014-01-09 15:18 - 2014-01-09 15:18 - 01233962 _____ C:\Users\Admin\Downloads\adwcleaner.exe
2014-01-09 15:17 - 2014-01-09 15:17 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-09 15:17 - 2014-01-09 15:17 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-01-09 15:17 - 2014-01-09 15:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-09 15:17 - 2014-01-09 15:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-09 15:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-09 15:09 - 2014-01-09 15:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Admin\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-31 11:05 - 2013-12-31 11:05 - 00029696 _____ C:\Users\Admin\Desktop\Dienstvorgabe Boztepe 1-2.xls
2013-12-20 10:52 - 2013-12-20 10:52 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-12-19 10:16 - 2013-12-19 10:55 - 00000000 ____D C:\Users\Admin\Desktop\Neuer Ordner
2013-12-18 14:02 - 2013-12-18 14:02 - 00019884 _____ C:\Users\Admin\Downloads\Nicht bestätigt 389066.crdownload
2013-12-18 13:58 - 2013-12-18 13:58 - 00000138 _____ C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
2013-12-18 13:57 - 2013-12-18 13:57 - 00000000 ____D C:\Windows\Samsung
2013-12-18 13:57 - 2013-12-18 13:57 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2013-12-18 13:57 - 2009-10-07 00:09 - 00081920 _____ (Samsung Electronics) C:\Windows\SysWOW64\ssdevm.dll
2013-12-18 13:57 - 2009-10-07 00:09 - 00074240 _____ (Samsung Electronics) C:\Windows\system32\ssdevm64.dll
2013-12-18 13:57 - 2009-10-06 18:18 - 00482408 _____ () C:\Windows\ssndii.exe
2013-12-18 13:57 - 2007-11-30 05:30 - 00151552 _____ (SS) C:\Windows\system32\ssa1mci.exe
2013-12-18 13:57 - 2007-11-30 05:30 - 00089600 _____ (SS) C:\Windows\system32\ssa1mci.dll
2013-12-18 13:57 - 2007-11-30 05:30 - 00022016 _____ () C:\Windows\system32\ssa1ml6.dll
2013-12-18 13:57 - 2007-11-30 05:30 - 00000357 _____ C:\Windows\system32\ssa1ml6.smt
2013-12-18 13:57 - 2007-11-29 23:38 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml2.dll
2013-12-18 13:57 - 2007-11-29 23:38 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll
2013-12-18 13:57 - 2007-11-29 23:38 - 00049152 _____ (Samsung Electronics) C:\Windows\SysWOW64\ssusbpn.dll
2013-12-18 13:57 - 2007-11-29 23:38 - 00047104 _____ (Samsung Electronics) C:\Windows\system32\ssusbp64.dll
2013-12-18 13:57 - 2007-11-29 23:38 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2013-12-18 13:57 - 2007-11-29 23:38 - 00038160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml2r.dll
2013-12-18 13:57 - 2007-11-29 23:38 - 00021776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml2a.dll
2013-12-18 13:55 - 2013-12-18 13:55 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-12-18 13:55 - 2007-11-30 02:46 - 00011576 ____N (Samsung Electronics) C:\Windows\system32\Drivers\SSPORT.SYS
2013-12-18 13:54 - 2013-12-18 13:55 - 37261048 _____ (Samsung                                                     ) C:\Users\Admin\Downloads\ML-1630W_Print_64bit.exe
2013-12-18 11:49 - 2013-12-12 11:44 - 00163328 _____ C:\Users\Admin\Desktop\161213 bis 150114 (1).xls
2013-12-17 10:34 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-17 10:34 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-17 10:34 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-17 10:33 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-17 10:33 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-17 10:33 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-17 10:33 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-17 10:33 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-17 10:33 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-17 10:33 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-17 10:33 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-17 10:33 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-17 10:33 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-17 10:33 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-17 10:33 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-17 10:33 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-17 10:33 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-17 10:33 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-17 10:33 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-17 10:33 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-17 10:33 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-17 10:33 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-17 10:33 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-17 10:33 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-17 10:33 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-17 10:33 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-17 10:33 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-17 10:33 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-17 10:33 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-17 10:33 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-17 10:33 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-16 17:10 - 2013-12-17 14:47 - 00000000 ____D C:\Users\Admin\AppData\OICE_15_974FA576_32C1D314_A96
2013-12-12 11:44 - 2013-12-12 11:44 - 00163328 _____ C:\Users\Admin\Downloads\161213 bis 150114 (1).xls
2013-12-11 16:58 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 16:58 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 16:58 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 16:58 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 16:58 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 16:58 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 16:58 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 16:58 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 16:58 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 16:58 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 16:58 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 16:58 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 16:58 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 16:58 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 16:58 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-10 15:34 - 2014-01-09 23:44 - 00010195 _____ C:\Users\Admin\Downloads\FRST.txt
2014-01-10 15:33 - 2014-01-10 15:32 - 01932166 _____ (Farbar) C:\Users\Admin\Downloads\FRST64 (1).exe
2014-01-10 15:29 - 2014-01-10 15:29 - 00000621 _____ C:\Users\Admin\Desktop\JRT.txt
2014-01-10 15:27 - 2013-10-12 16:34 - 01321752 _____ C:\Windows\WindowsUpdate.log
2014-01-10 15:23 - 2009-07-14 05:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-10 15:23 - 2009-07-14 05:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-10 15:19 - 2014-01-10 15:19 - 00000000 ____D C:\Windows\ERUNT
2014-01-10 15:18 - 2014-01-10 15:18 - 01037068 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-01-10 15:16 - 2014-01-10 15:16 - 00000056 _____ C:\Windows\setupact.log
2014-01-10 15:16 - 2014-01-10 15:16 - 00000000 _____ C:\Windows\setuperr.log
2014-01-10 15:16 - 2014-01-10 15:15 - 00388192 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-10 15:16 - 2013-10-12 17:24 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-10 15:16 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-10 15:14 - 2014-01-09 15:24 - 00000000 ____D C:\AdwCleaner
2014-01-10 15:06 - 2013-10-12 17:24 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-10 15:03 - 2013-10-26 14:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-10 14:47 - 2014-01-10 14:47 - 01233962 _____ C:\Users\Admin\Downloads\adwcleaner (1).exe
2014-01-10 00:51 - 2014-01-10 00:51 - 00092256 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-09 23:45 - 2014-01-09 23:45 - 00019644 _____ C:\Users\Admin\Downloads\Addition.txt
2014-01-09 23:44 - 2014-01-09 23:44 - 00000000 ____D C:\FRST
2014-01-09 23:44 - 2014-01-09 23:43 - 01931772 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2014-01-09 16:36 - 2014-01-09 16:36 - 00022429 _____ C:\ComboFix.txt
2014-01-09 16:36 - 2014-01-09 16:20 - 00000000 ____D C:\Qoobox
2014-01-09 16:36 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-09 16:33 - 2014-01-09 16:20 - 00000000 ____D C:\Windows\erdnt
2014-01-09 16:31 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-09 16:18 - 2014-01-09 16:18 - 05162489 ____R (Swearware) C:\Users\Admin\Downloads\ComboFix.exe
2014-01-09 16:08 - 2014-01-09 16:08 - 01281536 _____ C:\Users\Admin\Downloads\zoek (2).exe
2014-01-09 16:06 - 2014-01-09 15:48 - 00004812 _____ C:\zoek-results.log
2014-01-09 15:46 - 2014-01-09 16:05 - 00024064 _____ C:\Windows\zoek-delete.exe
2014-01-09 15:46 - 2014-01-09 15:46 - 01281536 _____ C:\Users\Admin\Downloads\zoek (1).exe
2014-01-09 15:42 - 2014-01-09 15:42 - 01281536 _____ C:\Users\Admin\Downloads\zoek.exe
2014-01-09 15:42 - 2014-01-09 15:42 - 00000000 ____D C:\zoek_backup
2014-01-09 15:34 - 2013-10-13 02:30 - 00000000 ____D C:\Windows\Panther
2014-01-09 15:32 - 2014-01-09 15:32 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-09 15:32 - 2014-01-09 15:32 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-09 15:32 - 2014-01-09 15:32 - 00000000 ____D C:\Program Files\CCleaner
2014-01-09 15:24 - 2014-01-09 15:23 - 04645232 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup409.exe
2014-01-09 15:18 - 2014-01-09 15:18 - 01233962 _____ C:\Users\Admin\Downloads\adwcleaner.exe
2014-01-09 15:17 - 2014-01-09 15:17 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-09 15:17 - 2014-01-09 15:17 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-01-09 15:17 - 2014-01-09 15:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-09 15:17 - 2014-01-09 15:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-09 15:10 - 2014-01-09 15:09 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Admin\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-02 13:50 - 2013-11-16 16:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-31 11:05 - 2013-12-31 11:05 - 00029696 _____ C:\Users\Admin\Desktop\Dienstvorgabe Boztepe 1-2.xls
2013-12-25 09:52 - 2013-10-12 16:59 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2013-12-20 10:52 - 2013-12-20 10:52 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-12-19 10:55 - 2013-12-19 10:16 - 00000000 ____D C:\Users\Admin\Desktop\Neuer Ordner
2013-12-18 20:51 - 2013-11-19 18:28 - 00000000 ____D C:\Users\Admin\Desktop\iphone4
2013-12-18 14:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-18 14:02 - 2013-12-18 14:02 - 00019884 _____ C:\Users\Admin\Downloads\Nicht bestätigt 389066.crdownload
2013-12-18 13:58 - 2013-12-18 13:58 - 00000138 _____ C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
2013-12-18 13:57 - 2013-12-18 13:57 - 00000000 ____D C:\Windows\Samsung
2013-12-18 13:57 - 2013-12-18 13:57 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2013-12-18 13:55 - 2013-12-18 13:55 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-12-18 13:55 - 2013-12-18 13:54 - 37261048 _____ (Samsung                                                     ) C:\Users\Admin\Downloads\ML-1630W_Print_64bit.exe
2013-12-17 14:54 - 2013-04-15 16:10 - 00698926 _____ C:\Windows\system32\perfh007.dat
2013-12-17 14:54 - 2013-04-15 16:10 - 00149034 _____ C:\Windows\system32\perfc007.dat
2013-12-17 14:54 - 2009-07-14 06:13 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-17 14:47 - 2013-12-16 17:10 - 00000000 ____D C:\Users\Admin\AppData\OICE_15_974FA576_32C1D314_A96
2013-12-17 11:08 - 2013-12-05 10:07 - 00027648 _____ C:\Users\Admin\Desktop\Dienstvorgabe 12-1.xls
2013-12-17 10:36 - 2013-10-12 17:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 11:44 - 2013-12-18 11:49 - 00163328 _____ C:\Users\Admin\Desktop\161213 bis 150114 (1).xls
2013-12-12 11:44 - 2013-12-12 11:44 - 00163328 _____ C:\Users\Admin\Downloads\161213 bis 150114 (1).xls

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 10:53

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Alt 11.01.2014, 11:51   #6
schrauber
/// the machine
/// TB-Ausbilder
 

ich bekomme odir.org nicht vom verlauf gelöscht - Standard

ich bekomme odir.org nicht vom verlauf gelöscht



Chrome deinstallieren, keine Daten behalten, neu installieren. Verbindest Du mit einem Google Konto?



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> ich bekomme odir.org nicht vom verlauf gelöscht

Alt 11.01.2014, 13:39   #7
erc13
 
ich bekomme odir.org nicht vom verlauf gelöscht - Standard

ich bekomme odir.org nicht vom verlauf gelöscht



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2014 03
Ran by Admin (administrator) on ADMIN-PC on 11-01-2014 14:35:52
Running from C:\Users\Admin\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Sonix) C:\Windows\vsnp2uvc.exe
() C:\Windows\snuvcdsm.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\OneClickInternet\WTGService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [snp2uvc] - C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix)
HKLM\...\Run: [SNUVCDSM] - C:\Windows\snuvcdsm.exe [24576 2009-05-22] ()
HKLM\...\Run: [ATSwpNav] - "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [snp2uvc] - C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [614400 2009-10-10] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4D1C814E67C7CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\auege6s2.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome: 
=======
CHR Extension: (Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\OneClickInternet\WTGService.exe [312784 2009-11-27] ()

==================== Drivers (Whitelisted) ====================

S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3531776 2009-09-04] ()
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-11 14:35 - 2014-01-11 14:35 - 00000000 ____D C:\Users\Admin\Downloads\FRST-OlderVersion
2014-01-11 14:33 - 2014-01-11 14:33 - 00002251 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-11 14:32 - 2014-01-11 14:32 - 00819144 _____ (Google Inc.) C:\Users\Admin\Downloads\chrome_installer_31.0.1650.63.exe
2014-01-11 14:32 - 2014-01-11 14:32 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-11 14:32 - 2014-01-11 14:32 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-11 14:32 - 2014-01-11 14:32 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-11 14:32 - 2014-01-11 14:32 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-11 14:25 - 2014-01-11 14:25 - 00987410 _____ C:\Users\Admin\Downloads\SecurityCheck(1).exe
2014-01-11 14:24 - 2014-01-11 14:24 - 00987410 _____ C:\Users\Admin\Downloads\SecurityCheck.exe
2014-01-11 13:04 - 2014-01-11 13:04 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-11 13:03 - 2014-01-11 13:04 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2014-01-11 12:51 - 2014-01-11 12:52 - 00000000 ____D C:\Users\Admin\Desktop\OST - Rocky 4 (1985)
2014-01-11 12:51 - 2014-01-11 12:51 - 00000000 ____D C:\Users\Admin\Desktop\OST - Rocky 3 (1982)
2014-01-11 12:51 - 2014-01-11 12:51 - 00000000 ____D C:\Users\Admin\Desktop\OST - Rocky 2 (1979)
2014-01-11 12:51 - 2014-01-11 12:51 - 00000000 ____D C:\Users\Admin\Desktop\OST - Rocky 1 (1976)
2014-01-11 11:53 - 2014-01-02 09:59 - 00000000 ____D C:\Users\Admin\Desktop\Uğur Işılak - Akifçe (2014)
2014-01-11 11:53 - 2013-12-27 14:14 - 00000000 ____D C:\Users\Admin\Desktop\Hande Yener - Best of Hande Yener (2013)
2014-01-11 11:52 - 2014-01-11 11:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\WinRAR
2014-01-11 11:52 - 2014-01-11 11:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-11 11:52 - 2014-01-11 11:52 - 00000000 ____D C:\Program Files\WinRAR
2014-01-11 11:51 - 2014-01-11 11:51 - 02087616 _____ C:\Users\Admin\Downloads\winrar-x64-501d.exe
2014-01-11 11:25 - 2014-01-11 12:46 - 320929792 _____ C:\Users\Admin\Downloads\59392217.rar
2014-01-11 11:20 - 2014-01-11 11:47 - 81842514 _____ C:\Users\Admin\Downloads\Hande.Y.2013.karam82.rar
2014-01-11 11:16 - 2014-01-11 11:37 - 66078591 _____ C:\Users\Admin\Downloads\Ugur.I.2014.karam82.rar
2014-01-10 15:29 - 2014-01-10 15:29 - 00000621 _____ C:\Users\Admin\Desktop\JRT.txt
2014-01-10 15:19 - 2014-01-10 15:19 - 00000000 ____D C:\Windows\ERUNT
2014-01-10 15:18 - 2014-01-10 15:18 - 01037068 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-01-10 15:16 - 2014-01-10 15:16 - 00000056 _____ C:\Windows\setupact.log
2014-01-10 15:16 - 2014-01-10 15:16 - 00000000 _____ C:\Windows\setuperr.log
2014-01-10 15:15 - 2014-01-10 15:16 - 00388192 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-10 14:47 - 2014-01-10 14:47 - 01233962 _____ C:\Users\Admin\Downloads\adwcleaner (1).exe
2014-01-10 00:51 - 2014-01-10 00:51 - 00092256 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-09 23:45 - 2014-01-09 23:45 - 00019644 _____ C:\Users\Admin\Downloads\Addition.txt
2014-01-09 23:44 - 2014-01-11 14:35 - 00010616 _____ C:\Users\Admin\Downloads\FRST.txt
2014-01-09 23:44 - 2014-01-11 14:35 - 00000000 ____D C:\FRST
2014-01-09 23:43 - 2014-01-11 14:35 - 02076160 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2014-01-09 16:36 - 2014-01-09 16:36 - 00022429 _____ C:\ComboFix.txt
2014-01-09 16:20 - 2014-01-09 16:36 - 00000000 ____D C:\Qoobox
2014-01-09 16:20 - 2014-01-09 16:33 - 00000000 ____D C:\Windows\erdnt
2014-01-09 16:20 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-09 16:20 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-09 16:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-09 16:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-09 16:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-09 16:20 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-09 16:20 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-09 16:20 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-09 16:18 - 2014-01-09 16:18 - 05162489 ____R (Swearware) C:\Users\Admin\Downloads\ComboFix.exe
2014-01-09 16:08 - 2014-01-09 16:08 - 01281536 _____ C:\Users\Admin\Downloads\zoek (2).exe
2014-01-09 16:05 - 2014-01-09 15:46 - 00024064 _____ C:\Windows\zoek-delete.exe
2014-01-09 15:48 - 2014-01-09 16:06 - 00004812 _____ C:\zoek-results.log
2014-01-09 15:46 - 2014-01-09 15:46 - 01281536 _____ C:\Users\Admin\Downloads\zoek (1).exe
2014-01-09 15:42 - 2014-01-09 15:42 - 01281536 _____ C:\Users\Admin\Downloads\zoek.exe
2014-01-09 15:42 - 2014-01-09 15:42 - 00000000 ____D C:\zoek_backup
2014-01-09 15:32 - 2014-01-09 15:32 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-09 15:32 - 2014-01-09 15:32 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-09 15:32 - 2014-01-09 15:32 - 00000000 ____D C:\Program Files\CCleaner
2014-01-09 15:24 - 2014-01-10 15:14 - 00000000 ____D C:\AdwCleaner
2014-01-09 15:23 - 2014-01-09 15:24 - 04645232 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup409.exe
2014-01-09 15:18 - 2014-01-09 15:18 - 01233962 _____ C:\Users\Admin\Downloads\adwcleaner.exe
2014-01-09 15:17 - 2014-01-09 15:17 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-09 15:17 - 2014-01-09 15:17 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-01-09 15:17 - 2014-01-09 15:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-09 15:17 - 2014-01-09 15:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-09 15:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-09 15:09 - 2014-01-09 15:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Admin\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-02 13:50 - 2014-01-02 13:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-31 11:05 - 2013-12-31 11:05 - 00029696 _____ C:\Users\Admin\Desktop\Dienstvorgabe Boztepe 1-2.xls
2013-12-20 10:52 - 2013-12-20 10:52 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-12-19 10:16 - 2013-12-19 10:55 - 00000000 ____D C:\Users\Admin\Desktop\Neuer Ordner
2013-12-18 14:02 - 2013-12-18 14:02 - 00019884 _____ C:\Users\Admin\Downloads\Nicht bestätigt 389066.crdownload
2013-12-18 13:58 - 2013-12-18 13:58 - 00000138 _____ C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
2013-12-18 13:57 - 2013-12-18 13:57 - 00000000 ____D C:\Windows\Samsung
2013-12-18 13:57 - 2013-12-18 13:57 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2013-12-18 13:57 - 2009-10-07 00:09 - 00081920 _____ (Samsung Electronics) C:\Windows\SysWOW64\ssdevm.dll
2013-12-18 13:57 - 2009-10-07 00:09 - 00074240 _____ (Samsung Electronics) C:\Windows\system32\ssdevm64.dll
2013-12-18 13:57 - 2009-10-06 18:18 - 00482408 _____ () C:\Windows\ssndii.exe
2013-12-18 13:57 - 2007-11-30 05:30 - 00151552 _____ (SS) C:\Windows\system32\ssa1mci.exe
2013-12-18 13:57 - 2007-11-30 05:30 - 00089600 _____ (SS) C:\Windows\system32\ssa1mci.dll
2013-12-18 13:57 - 2007-11-30 05:30 - 00022016 _____ () C:\Windows\system32\ssa1ml6.dll
2013-12-18 13:57 - 2007-11-30 05:30 - 00000357 _____ C:\Windows\system32\ssa1ml6.smt
2013-12-18 13:57 - 2007-11-29 23:38 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml2.dll
2013-12-18 13:57 - 2007-11-29 23:38 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll
2013-12-18 13:57 - 2007-11-29 23:38 - 00049152 _____ (Samsung Electronics) C:\Windows\SysWOW64\ssusbpn.dll
2013-12-18 13:57 - 2007-11-29 23:38 - 00047104 _____ (Samsung Electronics) C:\Windows\system32\ssusbp64.dll
2013-12-18 13:57 - 2007-11-29 23:38 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2013-12-18 13:57 - 2007-11-29 23:38 - 00038160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml2r.dll
2013-12-18 13:57 - 2007-11-29 23:38 - 00021776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml2a.dll
2013-12-18 13:55 - 2013-12-18 13:55 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-12-18 13:55 - 2007-11-30 02:46 - 00011576 ____N (Samsung Electronics) C:\Windows\system32\Drivers\SSPORT.SYS
2013-12-18 13:54 - 2013-12-18 13:55 - 37261048 _____ (Samsung                                                     ) C:\Users\Admin\Downloads\ML-1630W_Print_64bit.exe
2013-12-18 11:49 - 2013-12-12 11:44 - 00163328 _____ C:\Users\Admin\Desktop\161213 bis 150114 (1).xls
2013-12-17 10:34 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-17 10:34 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-17 10:34 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-17 10:33 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-17 10:33 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-17 10:33 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-17 10:33 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-17 10:33 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-17 10:33 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-17 10:33 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-17 10:33 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-17 10:33 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-17 10:33 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-17 10:33 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-17 10:33 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-17 10:33 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-17 10:33 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-17 10:33 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-17 10:33 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-17 10:33 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-17 10:33 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-17 10:33 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-17 10:33 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-17 10:33 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-17 10:33 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-17 10:33 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-17 10:33 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-17 10:33 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-17 10:33 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-17 10:33 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-17 10:33 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-16 17:10 - 2013-12-17 14:47 - 00000000 ____D C:\Users\Admin\AppData\OICE_15_974FA576_32C1D314_A96
2013-12-12 11:44 - 2013-12-12 11:44 - 00163328 _____ C:\Users\Admin\Downloads\161213 bis 150114 (1).xls

==================== One Month Modified Files and Folders =======

2014-01-11 14:36 - 2014-01-09 23:44 - 00010616 _____ C:\Users\Admin\Downloads\FRST.txt
2014-01-11 14:35 - 2014-01-11 14:35 - 00000000 ____D C:\Users\Admin\Downloads\FRST-OlderVersion
2014-01-11 14:35 - 2014-01-09 23:44 - 00000000 ____D C:\FRST
2014-01-11 14:35 - 2014-01-09 23:43 - 02076160 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2014-01-11 14:33 - 2014-01-11 14:33 - 00002251 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-11 14:33 - 2013-10-12 17:24 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2014-01-11 14:33 - 2013-10-12 17:24 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-11 14:32 - 2014-01-11 14:32 - 00819144 _____ (Google Inc.) C:\Users\Admin\Downloads\chrome_installer_31.0.1650.63.exe
2014-01-11 14:32 - 2014-01-11 14:32 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-11 14:32 - 2014-01-11 14:32 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-11 14:32 - 2014-01-11 14:32 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-11 14:32 - 2014-01-11 14:32 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-11 14:25 - 2014-01-11 14:25 - 00987410 _____ C:\Users\Admin\Downloads\SecurityCheck(1).exe
2014-01-11 14:24 - 2014-01-11 14:24 - 00987410 _____ C:\Users\Admin\Downloads\SecurityCheck.exe
2014-01-11 14:03 - 2013-10-26 14:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-11 13:49 - 2013-10-26 14:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-11 13:11 - 2013-10-12 16:34 - 01353850 _____ C:\Windows\WindowsUpdate.log
2014-01-11 13:04 - 2014-01-11 13:04 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-11 13:04 - 2014-01-11 13:03 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2014-01-11 12:52 - 2014-01-11 12:51 - 00000000 ____D C:\Users\Admin\Desktop\OST - Rocky 4 (1985)
2014-01-11 12:51 - 2014-01-11 12:51 - 00000000 ____D C:\Users\Admin\Desktop\OST - Rocky 3 (1982)
2014-01-11 12:51 - 2014-01-11 12:51 - 00000000 ____D C:\Users\Admin\Desktop\OST - Rocky 2 (1979)
2014-01-11 12:51 - 2014-01-11 12:51 - 00000000 ____D C:\Users\Admin\Desktop\OST - Rocky 1 (1976)
2014-01-11 12:46 - 2014-01-11 11:25 - 320929792 _____ C:\Users\Admin\Downloads\59392217.rar
2014-01-11 11:52 - 2014-01-11 11:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\WinRAR
2014-01-11 11:52 - 2014-01-11 11:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-11 11:52 - 2014-01-11 11:52 - 00000000 ____D C:\Program Files\WinRAR
2014-01-11 11:51 - 2014-01-11 11:51 - 02087616 _____ C:\Users\Admin\Downloads\winrar-x64-501d.exe
2014-01-11 11:47 - 2014-01-11 11:20 - 81842514 _____ C:\Users\Admin\Downloads\Hande.Y.2013.karam82.rar
2014-01-11 11:37 - 2014-01-11 11:16 - 66078591 _____ C:\Users\Admin\Downloads\Ugur.I.2014.karam82.rar
2014-01-10 15:29 - 2014-01-10 15:29 - 00000621 _____ C:\Users\Admin\Desktop\JRT.txt
2014-01-10 15:23 - 2009-07-14 05:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-10 15:23 - 2009-07-14 05:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-10 15:19 - 2014-01-10 15:19 - 00000000 ____D C:\Windows\ERUNT
2014-01-10 15:18 - 2014-01-10 15:18 - 01037068 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-01-10 15:16 - 2014-01-10 15:16 - 00000056 _____ C:\Windows\setupact.log
2014-01-10 15:16 - 2014-01-10 15:16 - 00000000 _____ C:\Windows\setuperr.log
2014-01-10 15:16 - 2014-01-10 15:15 - 00388192 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-10 15:16 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-10 15:14 - 2014-01-09 15:24 - 00000000 ____D C:\AdwCleaner
2014-01-10 14:47 - 2014-01-10 14:47 - 01233962 _____ C:\Users\Admin\Downloads\adwcleaner (1).exe
2014-01-10 00:51 - 2014-01-10 00:51 - 00092256 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-09 23:45 - 2014-01-09 23:45 - 00019644 _____ C:\Users\Admin\Downloads\Addition.txt
2014-01-09 16:36 - 2014-01-09 16:36 - 00022429 _____ C:\ComboFix.txt
2014-01-09 16:36 - 2014-01-09 16:20 - 00000000 ____D C:\Qoobox
2014-01-09 16:36 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-09 16:33 - 2014-01-09 16:20 - 00000000 ____D C:\Windows\erdnt
2014-01-09 16:31 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-09 16:18 - 2014-01-09 16:18 - 05162489 ____R (Swearware) C:\Users\Admin\Downloads\ComboFix.exe
2014-01-09 16:08 - 2014-01-09 16:08 - 01281536 _____ C:\Users\Admin\Downloads\zoek (2).exe
2014-01-09 16:06 - 2014-01-09 15:48 - 00004812 _____ C:\zoek-results.log
2014-01-09 15:46 - 2014-01-09 16:05 - 00024064 _____ C:\Windows\zoek-delete.exe
2014-01-09 15:46 - 2014-01-09 15:46 - 01281536 _____ C:\Users\Admin\Downloads\zoek (1).exe
2014-01-09 15:42 - 2014-01-09 15:42 - 01281536 _____ C:\Users\Admin\Downloads\zoek.exe
2014-01-09 15:42 - 2014-01-09 15:42 - 00000000 ____D C:\zoek_backup
2014-01-09 15:34 - 2013-10-13 02:30 - 00000000 ____D C:\Windows\Panther
2014-01-09 15:32 - 2014-01-09 15:32 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-09 15:32 - 2014-01-09 15:32 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-09 15:32 - 2014-01-09 15:32 - 00000000 ____D C:\Program Files\CCleaner
2014-01-09 15:24 - 2014-01-09 15:23 - 04645232 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup409.exe
2014-01-09 15:18 - 2014-01-09 15:18 - 01233962 _____ C:\Users\Admin\Downloads\adwcleaner.exe
2014-01-09 15:17 - 2014-01-09 15:17 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-09 15:17 - 2014-01-09 15:17 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-01-09 15:17 - 2014-01-09 15:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-09 15:17 - 2014-01-09 15:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-09 15:10 - 2014-01-09 15:09 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Admin\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-02 13:50 - 2014-01-02 13:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-02 09:59 - 2014-01-11 11:53 - 00000000 ____D C:\Users\Admin\Desktop\Uğur Işılak - Akifçe (2014)
2013-12-31 11:05 - 2013-12-31 11:05 - 00029696 _____ C:\Users\Admin\Desktop\Dienstvorgabe Boztepe 1-2.xls
2013-12-27 14:14 - 2014-01-11 11:53 - 00000000 ____D C:\Users\Admin\Desktop\Hande Yener - Best of Hande Yener (2013)
2013-12-25 09:52 - 2013-10-12 16:59 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2013-12-20 10:52 - 2013-12-20 10:52 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-12-19 10:55 - 2013-12-19 10:16 - 00000000 ____D C:\Users\Admin\Desktop\Neuer Ordner
2013-12-18 20:51 - 2013-11-19 18:28 - 00000000 ____D C:\Users\Admin\Desktop\iphone4
2013-12-18 14:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-18 14:02 - 2013-12-18 14:02 - 00019884 _____ C:\Users\Admin\Downloads\Nicht bestätigt 389066.crdownload
2013-12-18 13:58 - 2013-12-18 13:58 - 00000138 _____ C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
2013-12-18 13:57 - 2013-12-18 13:57 - 00000000 ____D C:\Windows\Samsung
2013-12-18 13:57 - 2013-12-18 13:57 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2013-12-18 13:55 - 2013-12-18 13:55 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-12-18 13:55 - 2013-12-18 13:54 - 37261048 _____ (Samsung                                                     ) C:\Users\Admin\Downloads\ML-1630W_Print_64bit.exe
2013-12-17 14:54 - 2013-04-15 16:10 - 00698926 _____ C:\Windows\system32\perfh007.dat
2013-12-17 14:54 - 2013-04-15 16:10 - 00149034 _____ C:\Windows\system32\perfc007.dat
2013-12-17 14:54 - 2009-07-14 06:13 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-17 14:47 - 2013-12-16 17:10 - 00000000 ____D C:\Users\Admin\AppData\OICE_15_974FA576_32C1D314_A96
2013-12-17 11:08 - 2013-12-05 10:07 - 00027648 _____ C:\Users\Admin\Desktop\Dienstvorgabe 12-1.xls
2013-12-17 10:36 - 2013-10-12 17:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 11:44 - 2013-12-18 11:49 - 00163328 _____ C:\Users\Admin\Desktop\161213 bis 150114 (1).xls
2013-12-12 11:44 - 2013-12-12 11:44 - 00163328 _____ C:\Users\Admin\Downloads\161213 bis 150114 (1).xls

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 10:53

==================== End Of Log ============================
         
--- --- ---

--- --- ---


also ich habe chrome deinstalliert und alles gelöscht, im nachhinein neu installiert, problem immer noch da

security check ging leider nicht, und eset hat auch nichts gefunden

Alt 12.01.2014, 07:18   #8
schrauber
/// the machine
/// TB-Ausbilder
 

ich bekomme odir.org nicht vom verlauf gelöscht - Standard

ich bekomme odir.org nicht vom verlauf gelöscht



Meine Frage mit dem Google Konto?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.01.2014, 08:58   #9
erc13
 
ich bekomme odir.org nicht vom verlauf gelöscht - Standard

ich bekomme odir.org nicht vom verlauf gelöscht



Ab und an mal, google konto vorhanden.
In letzter zeit war ich angemeldet im google konto

Alt 13.01.2014, 08:16   #10
schrauber
/// the machine
/// TB-Ausbilder
 

ich bekomme odir.org nicht vom verlauf gelöscht - Standard

ich bekomme odir.org nicht vom verlauf gelöscht



Chrome starten, mit dem Google konto verbinden, dann in den Einstellungen von Chrome alles manuell durchsuchen und raus löschen.

Problem ist dass die Adware im Sync des Google Kontos ist und immer wieder in den frischen Chrome gesynct wird.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.01.2014, 12:12   #11
erc13
 
ich bekomme odir.org nicht vom verlauf gelöscht - Standard

ich bekomme odir.org nicht vom verlauf gelöscht



wie und was muss ich denn bei der manuellen suche berücksichtigen?

ich habe dein ordner oder des gleichen, zu den standarteinstellungen immer zurückgesetzt, ansonsten wüsste ich nicht mehr was ich tuen kann

Alt 14.01.2014, 08:47   #12
schrauber
/// the machine
/// TB-Ausbilder
 

ich bekomme odir.org nicht vom verlauf gelöscht - Standard

ich bekomme odir.org nicht vom verlauf gelöscht



In den Einstellungen von Chrome unten auf erweiterte Einstellungen klicken, Addons und Co anschauen, alles was Du nicht kennst raus, ebenso sollte dort ein button sein "Einstellungen im Google Konto" oder so.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.01.2014, 20:19   #13
erc13
 
ich bekomme odir.org nicht vom verlauf gelöscht - Standard

ich bekomme odir.org nicht vom verlauf gelöscht



leider finde ich keine add ons

und problem besteht immer noch

Alt 15.01.2014, 11:54   #14
schrauber
/// the machine
/// TB-Ausbilder
 

ich bekomme odir.org nicht vom verlauf gelöscht - Standard

ich bekomme odir.org nicht vom verlauf gelöscht



was genau ist das derzeitige Problem mit Chrome?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.01.2014, 12:06   #15
erc13
 
ich bekomme odir.org nicht vom verlauf gelöscht - Standard

ich bekomme odir.org nicht vom verlauf gelöscht



wenn ich in die adressleiste bei chrome "youj" schreibe bekomme ich den hinweis von odir.org, dass es 45 alternative seiten gibt, und diesen formular bekomm ich nicht gelöscht

Antwort

Themen zu ich bekomme odir.org nicht vom verlauf gelöscht
.html, ausgeführt, bräuchte, ccleaner, combofix, eigener, gelöscht, installier, installiert, kraft, leutz, lösen, malwarebytes, problem, programme, verlauf, versuch, versucht



Ähnliche Themen: ich bekomme odir.org nicht vom verlauf gelöscht


  1. google verlauf funkzioniert nicht mehr.
    Log-Analyse und Auswertung - 08.01.2014 (5)
  2. Bekomme Snap.Do nicht gelöscht!
    Log-Analyse und Auswertung - 07.06.2013 (19)
  3. Bekomme 2 Objekte mit Malwarebytes nicht gelöscht ?
    Plagegeister aller Art und deren Bekämpfung - 11.04.2013 (41)
  4. W32/Generic.worm!p2p, W32.Patched.UB. Fehlermeldung beim Start von Windows und Virus den ich nicht gelöscht bekomme.
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (4)
  5. Bekomme Mail mit Trojaneranhang in Thunderbird nicht gelöscht
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (9)
  6. TR/spy.2614272.4 und TR/spy.96256.33 bekomme ich nicht gelöscht
    Log-Analyse und Auswertung - 14.10.2010 (4)
  7. Verlauf lässt sich nicht löschen
    Log-Analyse und Auswertung - 21.06.2010 (5)
  8. CCleaner Wichtiger Verlauf Gelöscht!
    Plagegeister aller Art und deren Bekämpfung - 05.03.2010 (10)
  9. IE8 Verlauf lässt sich nicht löschen
    Alles rund um Windows - 27.08.2009 (0)
  10. bekomme ein virus nicht gelöscht
    Plagegeister aller Art und deren Bekämpfung - 22.03.2009 (0)
  11. Hilfe bekomme virus nicht gelöscht
    Plagegeister aller Art und deren Bekämpfung - 08.01.2009 (1)
  12. Bekomme Trojaner nicht gelöscht
    Log-Analyse und Auswertung - 15.01.2008 (0)
  13. IE 7 Verlauf lässt sich nicht löschen
    Log-Analyse und Auswertung - 20.12.2007 (7)
  14. Trojanisches Pferd TR/Crypt.XPACK.Gen , bekomme diesen Trojaner nicht gelöscht
    Plagegeister aller Art und deren Bekämpfung - 04.10.2007 (4)
  15. Hilfe bekomme Virus nicht gelöscht
    Plagegeister aller Art und deren Bekämpfung - 13.09.2007 (7)
  16. DSO Exploid mit sybot serch&destroy gefunden. bekomme es aber nicht gelöscht
    Plagegeister aller Art und deren Bekämpfung - 01.02.2005 (2)
  17. bekomme Viren nicht gelöscht
    Plagegeister aller Art und deren Bekämpfung - 26.12.2004 (3)

Zum Thema ich bekomme odir.org nicht vom verlauf gelöscht - Hallo leutz, ich bräuchte wohl eure hilfe. ich habe genau das selbe problem wie hier: http://www.trojaner-board.de/134194-...r-nervt-3.html ich habs versucht aus eigener kraft das problem zu lösen, leider ohne erfolg. habe - ich bekomme odir.org nicht vom verlauf gelöscht...
Archiv
Du betrachtest: ich bekomme odir.org nicht vom verlauf gelöscht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.