| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bueno nicht in Add Ons aber in Programme aufgeführt..Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
06.04.2014, 22:30
| #1 |
 |  Bueno nicht in Add Ons aber in Programme aufgeführt.. Hallo zusammen, habe mir gestern Open Office runtergeladen. Danach ne Menge Werbeeinblendung auf alle Seite. Mit dem letzten Wiederherstellungspunkt System rückgängig gemacht. Open Office ist auch weg. Unter Programme ist allerdings noch folgendes aufgeführt: buenosearchtoolbar RegClean Pro Bueno Chrome Toolbar Advanced System Protector Mega Browse Alle seit gestern installiert. Bin dann hier auf Forum gestoßen und habe folgende Anleitung versucht durchzuführen http://www.trojaner-board.de/150991-...entfernen.html Allerdings finde ich den AddOns kein Bueno Eintrag. Jetzt bin ich was verwirrt. System Win 7 64 und Hauptbrobwser Firefox. Ich hoffe jemand kann mir weiterhelfen. Gruß und Dank vorab Rene |
|
06.04.2014, 23:00
| #2 |
  | Bueno nicht in Add Ons aber in Programme aufgeführt.. Hallo, -rene- und
__________________ Ich werde dir bei der Bereinigung des Computers helfen.
Sieht nach deiner Beschreibung nur nach Adware aus. Wir machen erstmal ein Scan und schauen was da so los ist. Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Geändert von mort (06.04.2014 um 23:58 Uhr) |
|
07.04.2014, 17:21
| #3 |
| | Bueno nicht in Add Ons aber in Programme aufgeführt.. Hi mort,
__________________zunächst mal vielen Dank für deine Hilfe. Hier der Log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Freitag (administrator) on FREITAG-PC on 07-04-2014 18:01:42
Running from C:\Users\Freitag_2\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe
() C:\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
() C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-11] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*Restore] - C:\Windows\System32\rstrui.exe /runonce [296960 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-1809572886-3827079629-4179737001-1001\...\Run: [BrowserChoice] - C:\Windows\System32\browserchoice.exe [294912 2010-02-23] (Microsoft Corporation)
HKU\S-1-5-21-1809572886-3827079629-4179737001-1001\...\RunOnce: [CanonUPW_000] - C:\Program Files (x86)\Common Files\Canon\UPW\2.0.0.0\UPWClean.exe [81920 2008-02-20] (CANON INC.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=96A2002564D3DE83&affID=127685&tsp=5208
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=96A2002564D3DE83&affID=127685&tsp=5208
BHO-x32: Mega Browse - {4e6cd411-ce62-4584-97ff-6afbcf6900af} - C:\Program Files (x86)\Mega Browse\MegaBrowsebho.dll (Mega Browse)
BHO-x32: buenosearch Helper Object - {F1C81E40-2485-4DB6-8C9D-04BD596B281E} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (Montiera Technologies LTD)
Toolbar: HKLM-x32 - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (Montiera Technologies LTD)
Tcpip\Parameters: [DhcpNameServer] 192.168.220.1
FireFox:
========
FF ProfilePath: C:\Users\Freitag\AppData\Roaming\Mozilla\Firefox\Profiles\22fdoa2p.default
FF user.js: detected! => C:\Users\Freitag\AppData\Roaming\Mozilla\Firefox\Profiles\22fdoa2p.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Freitag\AppData\Roaming\Mozilla\Firefox\Profiles\22fdoa2p.default\searchplugins\buenosearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Freitag\AppData\Roaming\Mozilla\Firefox\Profiles\22fdoa2p.default\Extensions\ffxtlbr@buenosearch.com [2014-04-05]
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 Update Mega Browse; C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe [350496 2014-04-04] ()
R2 Util Mega Browse; C:\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe [350496 2014-04-06] ()
==================== Drivers (Whitelisted) ====================
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2008-09-08] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-07 18:01 - 2014-04-07 18:01 - 00006587 _____ () C:\Users\Freitag_2\Desktop\FRST.txt
2014-04-07 18:01 - 2014-04-07 18:01 - 00000000 ____D () C:\FRST
2014-04-07 17:59 - 2014-04-07 18:00 - 02157056 _____ (Farbar) C:\Users\Freitag_2\Desktop\FRST64.exe
2014-04-05 17:43 - 2014-04-06 23:13 - 00000000 ____D () C:\Users\Freitag_2\Downloads\Lounge Chair, Retro, 50er 60er 70er, eames panton blablabla in Bielefeld - Dornberg _ Sessel Möbel - gebraucht oder neu kaufen. Kostenlos verkaufen _ eBay Kleinanzeigen-Dateien
2014-04-05 17:27 - 2014-04-05 17:27 - 00000000 ____D () C:\Users\Freitag_2\AppData\Roaming\OpenOffice
2014-04-05 17:15 - 2014-04-05 17:15 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-05 17:14 - 2014-04-05 17:14 - 00000000 ____D () C:\Users\Freitag_2\AppData\Roaming\Systweak
2014-04-05 17:11 - 2014-04-06 23:13 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2014-04-05 17:11 - 2014-04-06 23:12 - 00000000 ____D () C:\Program Files (x86)\buenosearch LTD
2014-04-05 17:11 - 2014-04-05 17:11 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-04-05 17:11 - 2014-04-05 17:11 - 00001205 _____ () C:\Users\Public\Desktop\Advanced System Protector.lnk
2014-04-05 17:11 - 2012-07-25 12:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-04-05 17:10 - 2014-04-06 23:14 - 00000000 ____D () C:\Program Files (x86)\Mega Browse
2014-04-05 17:10 - 2014-04-06 23:13 - 00000288 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-04-05 17:10 - 2014-04-06 23:13 - 00000280 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-04-05 17:10 - 2014-04-06 23:13 - 00000000 ____D () C:\Users\Freitag\AppData\Roaming\systweak
2014-04-05 17:10 - 2014-04-06 23:13 - 00000000 ____D () C:\Users\Freitag\AppData\Roaming\BabSolution
2014-04-05 17:10 - 2014-04-06 23:13 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-04-05 17:10 - 2014-04-05 17:10 - 00003332 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-04-05 17:10 - 2014-04-05 17:10 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-04-05 17:10 - 2014-04-05 17:10 - 00003038 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-04-05 17:10 - 2014-04-05 17:10 - 00002882 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-04-05 17:10 - 2014-04-05 17:10 - 00001144 _____ () C:\Users\Freitag\Desktop\Continue Open Office Installation.lnk
2014-04-05 17:10 - 2014-04-05 17:10 - 00001054 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-04-05 17:10 - 2014-04-05 17:10 - 00000000 ____D () C:\Users\Freitag\AppData\Roaming\Mozilla
2014-04-05 17:10 - 2014-04-05 17:10 - 00000000 ____D () C:\Users\Freitag\AppData\Local\Mozilla
2014-04-05 17:10 - 2014-04-05 17:10 - 00000000 ____D () C:\ProgramData\Babylon
2014-04-05 17:10 - 2014-01-21 17:28 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-04-05 16:38 - 2014-04-05 16:38 - 00811560 _____ () C:\Users\Freitag_2\Downloads\Open OfficeSetup.exe
2014-04-03 20:08 - 2014-04-03 20:08 - 00000809 _____ () C:\Users\Public\Desktop\TPE.lnk
2014-04-03 20:08 - 2014-04-03 20:08 - 00000000 ____D () C:\Users\Freitag_2\AppData\Roaming\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1
2014-04-03 20:08 - 2014-04-03 20:08 - 00000000 ____D () C:\Users\Freitag_2\AppData\Roaming\Flexrise
2014-04-03 20:08 - 2014-04-03 20:08 - 00000000 ____D () C:\Program Files (x86)\TPE
2014-04-03 19:58 - 2014-04-03 19:59 - 02510340 _____ () C:\Users\Freitag_2\Downloads\tpe_1_1_1.air
2014-04-03 19:52 - 2014-04-03 19:52 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-04-03 19:52 - 2014-04-03 19:52 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-04-03 19:51 - 2014-04-03 19:51 - 00000000 ____D () C:\Users\Freitag\AppData\Roaming\Macromedia
2014-04-02 08:15 - 2014-04-02 08:15 - 00000000 ____D () C:\Users\Freitag_2\Desktop\Layouts
2014-03-23 22:52 - 2014-03-23 22:53 - 153471382 _____ () C:\Users\Freitag_2\Downloads\Rene.zip
2014-03-20 21:25 - 2014-03-20 21:25 - 00013515 _____ () C:\Users\Freitag_2\Downloads\umsatz-5232________6736-20140320.csv
2014-03-19 19:34 - 2014-03-19 19:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-18 20:04 - 2014-03-18 20:04 - 00000132 _____ () C:\Users\Freitag_2\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2014-03-18 14:45 - 2014-03-18 14:45 - 00001456 _____ () C:\Users\Freitag_2\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2014-03-17 17:56 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-17 17:56 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-17 17:56 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-17 17:56 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-17 17:56 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-17 17:56 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-17 17:56 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-17 17:56 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-17 17:56 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-17 17:56 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-17 17:56 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-17 17:56 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-17 17:56 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-17 17:56 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-17 17:56 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-17 17:56 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-17 17:56 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-17 17:56 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-17 17:56 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-17 17:56 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-17 17:56 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-17 17:56 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-17 17:56 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-17 17:56 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-17 17:56 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-17 17:56 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-17 17:56 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-17 17:56 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-17 17:56 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-17 17:56 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-17 17:56 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-17 17:56 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-17 17:56 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-17 17:56 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-17 17:56 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-17 17:56 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-17 17:56 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-17 17:56 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-17 17:56 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-17 17:56 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-17 17:56 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-17 17:56 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-17 17:56 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-17 17:56 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-17 17:55 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-17 17:55 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-17 17:55 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-17 17:55 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
==================== One Month Modified Files and Folders =======
2014-04-07 18:01 - 2014-04-07 18:01 - 00006587 _____ () C:\Users\Freitag_2\Desktop\FRST.txt
2014-04-07 18:01 - 2014-04-07 18:01 - 00000000 ____D () C:\FRST
2014-04-07 18:01 - 2013-12-24 11:50 - 00000000 ____D () C:\Users\Freitag
2014-04-07 18:00 - 2014-04-07 17:59 - 02157056 _____ (Farbar) C:\Users\Freitag_2\Desktop\FRST64.exe
2014-04-07 17:59 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 17:59 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 17:56 - 2013-12-24 11:45 - 01879098 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 17:56 - 2011-04-12 09:43 - 00699090 _____ () C:\Windows\system32\perfh007.dat
2014-04-07 17:56 - 2011-04-12 09:43 - 00149230 _____ () C:\Windows\system32\perfc007.dat
2014-04-07 17:56 - 2009-07-14 07:13 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-07 17:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-07 17:52 - 2009-07-14 06:51 - 00031183 _____ () C:\Windows\setupact.log
2014-04-06 23:23 - 2013-12-25 12:01 - 00000000 ____D () C:\Users\Freitag_2\AppData\Local\Adobe
2014-04-06 23:21 - 2014-01-21 14:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-06 23:16 - 2013-12-25 12:00 - 00000000 ____D () C:\Users\Freitag_2
2014-04-06 23:14 - 2014-04-05 17:10 - 00000000 ____D () C:\Program Files (x86)\Mega Browse
2014-04-06 23:13 - 2014-04-05 17:43 - 00000000 ____D () C:\Users\Freitag_2\Downloads\Lounge Chair, Retro, 50er 60er 70er, eames panton blablabla in Bielefeld - Dornberg _ Sessel Möbel - gebraucht oder neu kaufen. Kostenlos verkaufen _ eBay Kleinanzeigen-Dateien
2014-04-06 23:13 - 2014-04-05 17:11 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2014-04-06 23:13 - 2014-04-05 17:10 - 00000288 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-04-06 23:13 - 2014-04-05 17:10 - 00000280 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-04-06 23:13 - 2014-04-05 17:10 - 00000000 ____D () C:\Users\Freitag\AppData\Roaming\systweak
2014-04-06 23:13 - 2014-04-05 17:10 - 00000000 ____D () C:\Users\Freitag\AppData\Roaming\BabSolution
2014-04-06 23:13 - 2014-04-05 17:10 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-04-06 23:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-06 23:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-04-06 23:12 - 2014-04-05 17:11 - 00000000 ____D () C:\Program Files (x86)\buenosearch LTD
2014-04-05 17:43 - 2013-12-25 12:01 - 00065248 _____ () C:\Users\Freitag_2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-05 17:27 - 2014-04-05 17:27 - 00000000 ____D () C:\Users\Freitag_2\AppData\Roaming\OpenOffice
2014-04-05 17:15 - 2014-04-05 17:15 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-05 17:14 - 2014-04-05 17:14 - 00000000 ____D () C:\Users\Freitag_2\AppData\Roaming\Systweak
2014-04-05 17:11 - 2014-04-05 17:11 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-04-05 17:11 - 2014-04-05 17:11 - 00001205 _____ () C:\Users\Public\Desktop\Advanced System Protector.lnk
2014-04-05 17:11 - 2013-12-25 10:23 - 00059240 _____ () C:\Users\Freitag\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-05 17:10 - 2014-04-05 17:10 - 00003332 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-04-05 17:10 - 2014-04-05 17:10 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-04-05 17:10 - 2014-04-05 17:10 - 00003038 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-04-05 17:10 - 2014-04-05 17:10 - 00002882 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-04-05 17:10 - 2014-04-05 17:10 - 00001144 _____ () C:\Users\Freitag\Desktop\Continue Open Office Installation.lnk
2014-04-05 17:10 - 2014-04-05 17:10 - 00001054 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-04-05 17:10 - 2014-04-05 17:10 - 00000000 ____D () C:\Users\Freitag\AppData\Roaming\Mozilla
2014-04-05 17:10 - 2014-04-05 17:10 - 00000000 ____D () C:\Users\Freitag\AppData\Local\Mozilla
2014-04-05 17:10 - 2014-04-05 17:10 - 00000000 ____D () C:\ProgramData\Babylon
2014-04-05 16:38 - 2014-04-05 16:38 - 00811560 _____ () C:\Users\Freitag_2\Downloads\Open OfficeSetup.exe
2014-04-03 20:08 - 2014-04-03 20:08 - 00000809 _____ () C:\Users\Public\Desktop\TPE.lnk
2014-04-03 20:08 - 2014-04-03 20:08 - 00000000 ____D () C:\Users\Freitag_2\AppData\Roaming\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1
2014-04-03 20:08 - 2014-04-03 20:08 - 00000000 ____D () C:\Users\Freitag_2\AppData\Roaming\Flexrise
2014-04-03 20:08 - 2014-04-03 20:08 - 00000000 ____D () C:\Program Files (x86)\TPE
2014-04-03 20:08 - 2013-12-25 10:05 - 00000000 ____D () C:\Users\Freitag\AppData\Roaming\Adobe
2014-04-03 19:59 - 2014-04-03 19:58 - 02510340 _____ () C:\Users\Freitag_2\Downloads\tpe_1_1_1.air
2014-04-03 19:58 - 2013-12-25 12:01 - 00000000 ____D () C:\Users\Freitag_2\AppData\Roaming\Adobe
2014-04-03 19:58 - 2013-12-25 10:22 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-03 19:52 - 2014-04-03 19:52 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-04-03 19:52 - 2014-04-03 19:52 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-04-03 19:52 - 2013-12-25 13:45 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-03 19:51 - 2014-04-03 19:51 - 00000000 ____D () C:\Users\Freitag\AppData\Roaming\Macromedia
2014-04-03 19:51 - 2013-12-25 10:24 - 00000000 ____D () C:\Users\Freitag\AppData\Local\Adobe
2014-04-02 08:15 - 2014-04-02 08:15 - 00000000 ____D () C:\Users\Freitag_2\Desktop\Layouts
2014-03-23 22:53 - 2014-03-23 22:52 - 153471382 _____ () C:\Users\Freitag_2\Downloads\Rene.zip
2014-03-22 14:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-03-20 21:25 - 2014-03-20 21:25 - 00013515 _____ () C:\Users\Freitag_2\Downloads\umsatz-5232________6736-20140320.csv
2014-03-20 21:19 - 2013-12-25 13:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-19 23:52 - 2014-02-27 21:21 - 00000025 _____ () C:\Users\Freitag_2\Documents\tempFolderPath.dat
2014-03-19 19:34 - 2014-03-19 19:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-18 20:04 - 2014-03-18 20:04 - 00000132 _____ () C:\Users\Freitag_2\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2014-03-18 14:45 - 2014-03-18 14:45 - 00001456 _____ () C:\Users\Freitag_2\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2014-03-18 04:19 - 2014-01-25 17:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-18 04:19 - 2014-01-25 17:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-18 04:19 - 2009-07-14 06:45 - 07947856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 18:21 - 2014-01-21 14:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-17 18:21 - 2014-01-21 14:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-17 18:21 - 2014-01-21 14:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
Some content of TEMP:
====================
C:\Users\Freitag\AppData\Local\Temp\ICReinstall_Open OfficeSetup.exe
C:\Users\Freitag\AppData\Local\Temp\readSTILog.dll
C:\Users\Freitag_2\AppData\Local\Temp\Creative Cloud Helper.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-01 21:56
==================== End Of Log ============================
FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Freitag at 2014-04-07 18:02:04
Running from C:\Users\Freitag_2\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.1.351 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Lightroom 3.2 64-bit (HKLM\...\{A94AABAE-52F0-48C4-9F94-A4CA4B423576}) (Version: 3.2.1 - Adobe)
Adobe Photoshop Lightroom 4 64-bit (HKLM\...\{669A82E0-43E2-4645-8A2E-1A3DE78F8312}) (Version: 4.0.1 - Adobe)
Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Advanced System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.12594 - Systweak Software) <==== ATTENTION
Bueno Chrome Toolbar (HKLM-x32\...\Bueno Chrome Toolbar) (Version: - BuenoSearch) <==== ATTENTION
buenosearch toolbar (HKLM-x32\...\buenosearch) (Version: 1.8.28.7 - Montiera technologies LTD) <==== ATTENTION
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
Mega Browse (HKLM\...\Mega Browse) (Version: 2014.04.04.201638 - Mega Browse)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
PanoramaStudio 2.5 Pro ((deinstallieren)) (HKLM\...\PanoramaStudio2Pro) (Version: - )
Photomatix Pro version 4.2.7 (HKLM\...\PhotomatixPro42x64_is1) (Version: 4.2.7 - HDRsoft Ltd)
PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Spyder3Express (HKLM-x32\...\Spyder3Express) (Version: - )
The Photographer's Ephemeris (HKLM-x32\...\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1) (Version: 1.1.1 - UNKNOWN)
The Photographer's Ephemeris (x32 Version: 1.1.1 - UNKNOWN) Hidden
TKexe photocenter (HKCU\...\177d5912b8f783e6) (Version: 1.0.1.11 - TKexe Printservice)
==================== Restore Points =========================
17-03-2014 15:55:45 Windows Update
18-03-2014 02:00:19 Windows Update
21-03-2014 16:23:29 Windows Update
25-03-2014 21:52:54 Windows Update
01-04-2014 16:46:08 Windows Update
05-04-2014 12:42:59 Windows Update
05-04-2014 15:11:55 RegClean Pro Sa, Apr 05, 14 17:11
05-04-2014 15:15:17 Installed OpenOffice 4.0.1
06-04-2014 21:11:56 Wiederherstellungsvorgang
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {320D4BFD-17E7-4366-9964-662F4F9EE3AB} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe [2014-01-17] (Systweak Inc ) <==== ATTENTION
Task: {51B0F0A1-966F-4A4C-AEAC-58AE459174F5} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-21] (Systweak Inc) <==== ATTENTION
Task: {7958A77D-BDB1-4143-B51D-C15C69AF9B8F} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-21] (Systweak Inc) <==== ATTENTION
Task: {9F0EACB6-E4BF-4DD6-BE7A-86E4FAECE212} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-21] (Systweak Inc) <==== ATTENTION
Task: {ADE4B9A9-D575-40CA-8AA9-778D0904F596} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-17] (Adobe Systems Incorporated)
Task: {B3F611AE-A21D-4FD7-8C6F-B9138DCA141F} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2014-02-28] (Systweak) <==== ATTENTION
Task: {D52402B2-4949-4888-85ED-F1F66425A932} - System32\Tasks\AdobeAAMUpdater-1.0-Freitag-PC-Freitag_2 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-04-04 22:16 - 2014-04-04 22:16 - 00350496 _____ () C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe
2014-04-06 23:14 - 2014-04-06 23:14 - 00350496 _____ () C:\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe
2014-02-11 04:21 - 2014-02-11 04:21 - 00644464 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2009-08-11 11:19 - 2009-08-11 11:19 - 06798714 _____ () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
2009-08-11 11:19 - 2009-08-11 11:19 - 00135168 _____ () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\Appearance Pak.dll
2009-08-11 11:19 - 2009-08-11 11:19 - 00147456 _____ () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\RegEx.dll
2009-08-11 11:19 - 2009-08-11 11:19 - 00897024 _____ () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\RBScript.dll
2009-08-11 11:19 - 2009-08-11 11:19 - 00098304 _____ () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\Shell.dll
2009-08-11 11:19 - 2009-08-11 11:19 - 00762368 _____ () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\XML.dll
2009-08-11 11:19 - 2009-08-11 11:19 - 00335872 _____ () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\CGamma.dll
2009-08-11 11:19 - 2009-08-11 11:19 - 00131072 _____ () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\CSensor.dll
2009-08-11 11:19 - 2009-08-11 11:19 - 00028672 _____ () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll
2009-08-11 11:19 - 2009-08-11 11:19 - 00025600 _____ () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll
2014-02-11 16:09 - 2014-02-11 16:09 - 32733080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2014-03-19 19:34 - 2014-03-19 19:34 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-17 18:21 - 2014-03-17 18:21 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/07/2014 05:54:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/06/2014 11:15:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/02/2014 06:35:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/01/2014 06:43:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/24/2014 10:09:15 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_77.exe, Version: 12.0.0.77, Zeitstempel: 0x5314f5f7
Name des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_77.exe, Version: 12.0.0.77, Zeitstempel: 0x5314f5f7
Ausnahmecode: 0x40000015
Fehleroffset: 0x000180f0
ID des fehlerhaften Prozesses: 0xf08
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_12_0_0_77.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_77.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_77.exe2
Berichtskennung: FlashPlayerPlugin_12_0_0_77.exe3
Error: (03/21/2014 06:21:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2014 09:20:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2014 06:57:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/19/2014 06:44:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/18/2014 04:20:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (04/07/2014 05:52:29 PM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (04/07/2014 05:52:29 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (04/07/2014 05:52:28 PM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (04/07/2014 05:52:28 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (04/06/2014 11:13:29 PM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (04/06/2014 11:13:29 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (04/06/2014 11:13:28 PM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (04/06/2014 11:13:28 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (04/06/2014 11:08:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update Mega Browse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/06/2014 11:07:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Util Mega Browse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (04/07/2014 05:54:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/06/2014 11:15:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/02/2014 06:35:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/01/2014 06:43:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/24/2014 10:09:15 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_12_0_0_77.exe12.0.0.775314f5f7FlashPlayerPlugin_12_0_0_77.exe12.0.0.775314f5f740000015000180f0f0801cf4521a8b073a4C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe2c31ed27-b390-11e3-812f-002564d3de83
Error: (03/21/2014 06:21:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2014 09:20:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2014 06:57:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/19/2014 06:44:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/18/2014 04:20:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 20%
Total physical RAM: 8190.18 MB
Available physical RAM: 6489.45 MB
Total Pagefile: 16378.53 MB
Available Pagefile: 14569.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:122.04 GB) NTFS
Drive d: (Bilder) (Fixed) (Total:3725.9 GB) (Free:1016.77 GB) NTFS
Drive e: (25 Mrz 2008) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
Drive i: (EOS_DIGITAL) (Removable) (Total:14.9 GB) (Free:3.71 GB) FAT32
Drive l: () (Removable) (Total:3.83 GB) (Free:2.89 GB) FAT32
Drive m: (Backup Bilder F:) (Fixed) (Total:3726.01 GB) (Free:1613.83 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 3726 GB) (Disk ID: C00853EE)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 51A3B4B5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 4 GB) (Disk ID: 5E4555BC)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 3.
========================================================
Disk: 5 (Size: 15 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter
|
|
08.04.2014, 07:34
| #4 |
| | Bueno nicht in Add Ons aber in Programme aufgeführt.. Ist nichts schlimmes. Schritt 1 Klicke bitte auf den Windowsbutton in der Taskleiste und dort auf "Systemsteuerung". Wenn du dort bist, gehe auf "Programme deinstallieren" unter "Programme". Hier kannst du nun folgende Programm deinstallieren.
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 4 ESET Online Scanner
Schritt 5 Starte noch einmal FRST.
Sind nun noch Probleme vorhanden? |
|
08.04.2014, 20:24
| #5 |
| | Bueno nicht in Add Ons aber in Programme aufgeführt.. Hallo bei der Deinstallation von - Advanced System Protector - RegClean Pro kommt leider eine Fehlermeldung (siehe Anhang) Gruß Rene |
|
09.04.2014, 08:49
| #6 |
| | Bueno nicht in Add Ons aber in Programme aufgeführt.. Versuche es mit Revo Schritt 1 Donwloade dir bitte Revo Uninstaller. Starte Revo und suche nacheinander folgende Programme raus. Klicke dabei nach jedem Programm auf Uninstall und wähle Moderat.
|
|
09.04.2014, 18:40
| #7 |
| | Bueno nicht in Add Ons aber in Programme aufgeführt.. Schön guten Abend, es kam wieder gleiche Meldung welche ich weggeklickt habe wärend des uninstall Prozess kam die Meldung im Anhang. Hier war nichts angehakt und habe es so weiter laufen lassen. Beide Programee sind auch nach Neustart noch auf dem Rechner. Muss ich etwa Haken setzen? Gruß Rene |
|
09.04.2014, 18:47
| #8 |
| | Bueno nicht in Add Ons aber in Programme aufgeführt.. Hier noch der vergessene Anhang |
|
10.04.2014, 07:55
| #9 |
| | Bueno nicht in Add Ons aber in Programme aufgeführt.. Gehe in diesem Fenster unten auf "Makiere alle", dann auf "löschen" und schließlich auf "weiter". |
|
13.04.2014, 11:44
| #10 |
| | Bueno nicht in Add Ons aber in Programme aufgeführt.. Hallo, benötigst Du noch weiterhin Hilfe? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist |
|
13.04.2014, 20:50
| #11 |
| | Bueno nicht in Add Ons aber in Programme aufgeführt.. Hallo, danke der Nachfrage, war drei Tage im Krankenhaus. Bin jetzt bis Schritt Schritt 4 (ESET Online Scanner) gekommen. Nach durchlaufen des Scan kommt die Meldung "Unexpected Error 2002".... Hier schon mal die vorherigen Logs adwcleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 13/04/2014 um 20:25:01
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Freitag - FREITAG-PC
# Gestartet von : C:\Users\Freitag_2\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Freitag\AppData\Local\Temp\Mega Browse
Ordner Gelöscht : C:\Users\Freitag\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Freitag_2\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Freitag\AppData\Roaming\Mozilla\Firefox\Profiles\22fdoa2p.default\searchplugins\buenosearch.xml
Datei Gelöscht : C:\Users\Freitag\AppData\Roaming\Mozilla\Firefox\Profiles\22fdoa2p.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector
Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector_startup
Datei Gelöscht : C:\Windows\System32\Tasks\RegClean Pro
Datei Gelöscht : C:\Windows\Tasks\RegClean Pro_DEFAULT.job
Datei Gelöscht : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
Datei Gelöscht : C:\Windows\Tasks\RegClean Pro_UPDATES.job
Datei Gelöscht : C:\Windows\System32\Tasks\RegClean Pro_UPDATES
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\systweak
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Freitag\AppData\Roaming\Mozilla\Firefox\Profiles\22fdoa2p.default\prefs.js ]
[ Datei : C:\Users\Freitag_2\AppData\Roaming\Mozilla\Firefox\Profiles\neno4lr7.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [2443 octets] - [13/04/2014 20:23:29]
AdwCleaner[S0].txt - [2147 octets] - [13/04/2014 20:25:01]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [2207 octets] ##########
Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 13.04.2014 Suchlauf-Zeit: 20:39:39 Logdatei: mbam suchlaufprotokoll.txt Administrator: Nein Version: 2.00.1.1004 Malware Datenbank: v2014.04.13.05 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Freitag_2 Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 197658 Verstrichene Zeit: 4 Min, 25 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 1 PUP.Optional.InstallCore.A, C:\$Recycle.Bin\S-1-5-21-1809572886-3827079629-4179737001-1003\$RRG3HMP.exe, In Quarantäne, [6178cc5dd5a6fd3986186da8f80c9b65], Physische Sektoren: 0 (No malicious items detected) (end) |
|
14.04.2014, 09:40
| #12 |
| | Bueno nicht in Add Ons aber in Programme aufgeführt.. Versuche bitte ESET als Administrator nochmal. |
|
16.04.2014, 07:02
| #13 |
| | Bueno nicht in Add Ons aber in Programme aufgeführt.. Jetzt hats funktioniert. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=cd25b7f0197a7a40bcbed1f11b4eff2d
# engine=17898
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-15 09:43:54
# local_time=2014-04-15 11:43:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 19301 149228084 0 0
# scanned=1519699
# found=1
# cleaned=0
# scan_time=14897
sh=4694D99C352228A6DA9ACA394DDD481341DDF958 ft=1 fh=fe9c9d8c9ed8715f vn="a variant of Win32/AdWare.PricePeep.A application" ac=I fn="G:\Users\Freitag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SEJ4OKV9\pricepeep_190001_0102[1].exe"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014 Ran by Freitag (administrator) on FREITAG-PC on 16-04-2014 07:56:37 Running from C:\Users\Freitag_2\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe () C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-11] (Adobe Systems Incorporated) HKLM\...\RunOnce: [*Restore] - C:\Windows\System32\rstrui.exe /runonce [296960 2010-11-21] (Microsoft Corporation) HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation) HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation) HKU\S-1-5-21-1809572886-3827079629-4179737001-1001\...\Run: [BrowserChoice] => C:\Windows\System32\browserchoice.exe [294912 2010-02-23] (Microsoft Corporation) HKU\S-1-5-21-1809572886-3827079629-4179737001-1001\...\RunOnce: [CanonUPW_000] - C:\Program Files (x86)\Common Files\Canon\UPW\2.0.0.0\UPWClean.exe [81920 2008-02-20] (CANON INC.) HKU\S-1-5-21-1809572886-3827079629-4179737001-1001\...\RunOnce: [Report] - \AdwCleaner\AdwCleaner[S0].txt [2285 2014-04-13] () HKU\S-1-5-21-1809572886-3827079629-4179737001-1003\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe [841096 2014-03-17] (Adobe Systems Incorporated) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=96A2002564D3DE83&affID=127685&tsp=5208 Tcpip\Parameters: [DhcpNameServer] 192.168.220.1 FireFox: ======== FF ProfilePath: C:\Users\Freitag\AppData\Roaming\Mozilla\Firefox\Profiles\22fdoa2p.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Freitag\AppData\Roaming\Mozilla\Firefox\Profiles\22fdoa2p.default\Extensions\ffxtlbr@buenosearch.com [2014-04-05] ==================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated) ==================== Drivers (Whitelisted) ==================== R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation) S3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2008-09-08] () R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-04-07] (StdLib) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-16 07:55 - 2014-04-16 07:55 - 00000000 ____D () C:\Users\Freitag_2\Desktop\FRST-OlderVersion 2014-04-13 20:46 - 2014-04-13 20:46 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-13 20:43 - 2014-04-13 20:46 - 02347384 _____ (ESET) C:\Users\Freitag_2\Downloads\esetsmartinstaller_enu.exe 2014-04-13 20:42 - 2014-04-13 20:42 - 00001299 _____ () C:\Users\Freitag_2\Desktop\mbam suchlaufprotokoll.txt 2014-04-13 20:33 - 2014-04-13 20:33 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-13 20:33 - 2014-04-13 20:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-13 20:33 - 2014-04-13 20:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-13 20:33 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-13 20:33 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-13 20:33 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-13 20:28 - 2014-04-13 20:30 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Freitag_2\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-13 20:24 - 2014-04-13 20:24 - 00002443 _____ () C:\Users\Freitag\Desktop\AdwCleaner[R0].txt 2014-04-13 20:23 - 2014-04-13 20:25 - 00000000 ____D () C:\AdwCleaner 2014-04-13 20:22 - 2014-04-13 20:22 - 01426178 _____ () C:\Users\Freitag_2\Downloads\adwcleaner.exe 2014-04-10 17:59 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-10 17:59 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-10 17:59 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-10 17:59 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-10 17:50 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-10 17:50 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-10 17:50 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-10 17:50 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-10 17:50 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-10 17:50 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-10 17:50 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-10 17:50 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-10 17:50 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-10 17:50 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-10 17:50 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-10 17:50 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-10 17:50 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-10 17:50 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-10 17:50 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-10 17:50 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-10 17:50 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-09 19:03 - 2014-04-13 20:19 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-07 21:33 - 2014-04-07 21:33 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys 2014-04-07 18:02 - 2014-04-07 18:02 - 00018511 _____ () C:\Users\Freitag_2\Desktop\Addition.txt 2014-04-07 18:01 - 2014-04-16 07:56 - 00005714 _____ () C:\Users\Freitag_2\Desktop\FRST.txt 2014-04-07 18:01 - 2014-04-16 07:56 - 00000000 ____D () C:\FRST 2014-04-07 17:59 - 2014-04-16 07:55 - 02054144 _____ (Farbar) C:\Users\Freitag_2\Desktop\FRST64.exe 2014-04-05 17:43 - 2014-04-06 23:13 - 00000000 ____D () C:\Users\Freitag_2\Downloads\Lounge Chair, Retro, 50er 60er 70er, eames panton blablabla in Bielefeld - Dornberg _ Sessel Möbel - gebraucht oder neu kaufen. Kostenlos verkaufen _ eBay Kleinanzeigen-Dateien 2014-04-05 17:27 - 2014-04-05 17:27 - 00000000 ____D () C:\Users\Freitag_2\AppData\Roaming\OpenOffice 2014-04-05 17:15 - 2014-04-05 17:15 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-04-05 17:11 - 2012-07-25 12:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe 2014-04-05 17:10 - 2014-04-05 17:10 - 00001144 _____ () C:\Users\Freitag\Desktop\Continue Open Office Installation.lnk 2014-04-05 17:10 - 2014-04-05 17:10 - 00000000 ____D () C:\Users\Freitag\AppData\Roaming\Mozilla 2014-04-05 17:10 - 2014-04-05 17:10 - 00000000 ____D () C:\Users\Freitag\AppData\Local\Mozilla 2014-04-03 20:08 - 2014-04-03 20:08 - 00000809 _____ () C:\Users\Public\Desktop\TPE.lnk 2014-04-03 20:08 - 2014-04-03 20:08 - 00000000 ____D () C:\Users\Freitag_2\AppData\Roaming\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1 2014-04-03 20:08 - 2014-04-03 20:08 - 00000000 ____D () C:\Users\Freitag_2\AppData\Roaming\Flexrise 2014-04-03 20:08 - 2014-04-03 20:08 - 00000000 ____D () C:\Program Files (x86)\TPE 2014-04-03 19:58 - 2014-04-03 19:59 - 02510340 _____ () C:\Users\Freitag_2\Downloads\tpe_1_1_1.air 2014-04-03 19:52 - 2014-04-03 19:52 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2014-04-03 19:52 - 2014-04-03 19:52 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2014-04-03 19:51 - 2014-04-03 19:51 - 00000000 ____D () C:\Users\Freitag\AppData\Roaming\Macromedia 2014-04-02 08:15 - 2014-04-02 08:15 - 00000000 ____D () C:\Users\Freitag_2\Desktop\Layouts 2014-03-23 22:52 - 2014-03-23 22:53 - 153471382 _____ () C:\Users\Freitag_2\Downloads\Rene.zip 2014-03-20 21:25 - 2014-03-20 21:25 - 00013515 _____ () C:\Users\Freitag_2\Downloads\umsatz-5232________6736-20140320.csv 2014-03-19 19:34 - 2014-03-19 19:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 20:04 - 2014-03-18 20:04 - 00000132 _____ () C:\Users\Freitag_2\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format 2014-03-18 14:45 - 2014-03-18 14:45 - 00001456 _____ () C:\Users\Freitag_2\AppData\Local\Adobe Für Web speichern 12.0 Prefs 2014-03-17 17:56 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-17 17:56 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-17 17:56 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-17 17:56 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-17 17:56 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-17 17:56 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-17 17:56 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-17 17:56 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-17 17:56 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-17 17:56 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-17 17:56 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-17 17:56 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-17 17:56 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-17 17:56 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-17 17:56 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-17 17:56 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-17 17:56 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-17 17:56 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-17 17:56 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-17 17:56 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-17 17:56 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-17 17:56 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-17 17:56 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-17 17:56 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-17 17:56 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-17 17:56 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-17 17:56 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-17 17:56 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-17 17:56 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-17 17:56 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-17 17:56 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-17 17:56 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-17 17:56 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-17 17:56 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-17 17:56 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-17 17:56 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-17 17:56 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-17 17:56 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-17 17:56 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-17 17:56 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-17 17:55 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-17 17:55 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-17 17:55 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-17 17:55 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll ==================== One Month Modified Files and Folders ======= 2014-04-16 07:56 - 2014-04-07 18:01 - 00005714 _____ () C:\Users\Freitag_2\Desktop\FRST.txt 2014-04-16 07:56 - 2014-04-07 18:01 - 00000000 ____D () C:\FRST 2014-04-16 07:55 - 2014-04-16 07:55 - 00000000 ____D () C:\Users\Freitag_2\Desktop\FRST-OlderVersion 2014-04-16 07:55 - 2014-04-07 17:59 - 02054144 _____ (Farbar) C:\Users\Freitag_2\Desktop\FRST64.exe 2014-04-16 07:21 - 2014-01-21 14:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-16 03:29 - 2013-12-24 11:45 - 01333364 _____ () C:\Windows\WindowsUpdate.log 2014-04-16 02:00 - 2013-12-25 12:01 - 00000000 ____D () C:\Users\Freitag_2\AppData\Local\Adobe 2014-04-16 00:17 - 2014-02-15 12:41 - 00000000 ____D () C:\Windows\rescache 2014-04-13 20:47 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-13 20:47 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-13 20:46 - 2014-04-13 20:46 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-13 20:46 - 2014-04-13 20:43 - 02347384 _____ (ESET) C:\Users\Freitag_2\Downloads\esetsmartinstaller_enu.exe 2014-04-13 20:46 - 2011-04-12 09:43 - 00699090 _____ () C:\Windows\system32\perfh007.dat 2014-04-13 20:46 - 2011-04-12 09:43 - 00149230 _____ () C:\Windows\system32\perfc007.dat 2014-04-13 20:46 - 2009-07-14 07:13 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-13 20:42 - 2014-04-13 20:42 - 00001299 _____ () C:\Users\Freitag_2\Desktop\mbam suchlaufprotokoll.txt 2014-04-13 20:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-13 20:40 - 2009-07-14 06:51 - 00031855 _____ () C:\Windows\setupact.log 2014-04-13 20:33 - 2014-04-13 20:33 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-13 20:33 - 2014-04-13 20:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-13 20:33 - 2014-04-13 20:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-13 20:30 - 2014-04-13 20:28 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Freitag_2\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-13 20:25 - 2014-04-13 20:23 - 00000000 ____D () C:\AdwCleaner 2014-04-13 20:24 - 2014-04-13 20:24 - 00002443 _____ () C:\Users\Freitag\Desktop\AdwCleaner[R0].txt 2014-04-13 20:22 - 2014-04-13 20:22 - 01426178 _____ () C:\Users\Freitag_2\Downloads\adwcleaner.exe 2014-04-13 20:19 - 2014-04-09 19:03 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-10 17:51 - 2013-12-24 11:50 - 00000000 ____D () C:\Users\Freitag 2014-04-09 19:37 - 2014-01-23 18:51 - 00001835 _____ () C:\Users\Freitag_2\Desktop\Photomatix Pro 4.2.7 (64-bit).lnk 2014-04-09 18:26 - 2010-11-21 05:47 - 00104082 _____ () C:\Windows\PFRO.log 2014-04-08 21:22 - 2013-12-25 12:01 - 00059240 _____ () C:\Users\Freitag_2\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-07 21:33 - 2014-04-07 21:33 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys 2014-04-07 21:33 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini 2014-04-07 18:02 - 2014-04-07 18:02 - 00018511 _____ () C:\Users\Freitag_2\Desktop\Addition.txt 2014-04-06 23:16 - 2013-12-25 12:00 - 00000000 ____D () C:\Users\Freitag_2 2014-04-06 23:13 - 2014-04-05 17:43 - 00000000 ____D () C:\Users\Freitag_2\Downloads\Lounge Chair, Retro, 50er 60er 70er, eames panton blablabla in Bielefeld - Dornberg _ Sessel Möbel - gebraucht oder neu kaufen. Kostenlos verkaufen _ eBay Kleinanzeigen-Dateien 2014-04-06 23:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-04-06 23:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2014-04-05 17:27 - 2014-04-05 17:27 - 00000000 ____D () C:\Users\Freitag_2\AppData\Roaming\OpenOffice 2014-04-05 17:15 - 2014-04-05 17:15 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-04-05 17:11 - 2013-12-25 10:23 - 00059240 _____ () C:\Users\Freitag\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-05 17:10 - 2014-04-05 17:10 - 00001144 _____ () C:\Users\Freitag\Desktop\Continue Open Office Installation.lnk 2014-04-05 17:10 - 2014-04-05 17:10 - 00000000 ____D () C:\Users\Freitag\AppData\Roaming\Mozilla 2014-04-05 17:10 - 2014-04-05 17:10 - 00000000 ____D () C:\Users\Freitag\AppData\Local\Mozilla 2014-04-03 20:08 - 2014-04-03 20:08 - 00000809 _____ () C:\Users\Public\Desktop\TPE.lnk 2014-04-03 20:08 - 2014-04-03 20:08 - 00000000 ____D () C:\Users\Freitag_2\AppData\Roaming\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1 2014-04-03 20:08 - 2014-04-03 20:08 - 00000000 ____D () C:\Users\Freitag_2\AppData\Roaming\Flexrise 2014-04-03 20:08 - 2014-04-03 20:08 - 00000000 ____D () C:\Program Files (x86)\TPE 2014-04-03 20:08 - 2013-12-25 10:05 - 00000000 ____D () C:\Users\Freitag\AppData\Roaming\Adobe 2014-04-03 19:59 - 2014-04-03 19:58 - 02510340 _____ () C:\Users\Freitag_2\Downloads\tpe_1_1_1.air 2014-04-03 19:58 - 2013-12-25 12:01 - 00000000 ____D () C:\Users\Freitag_2\AppData\Roaming\Adobe 2014-04-03 19:58 - 2013-12-25 10:22 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-03 19:52 - 2014-04-03 19:52 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2014-04-03 19:52 - 2014-04-03 19:52 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2014-04-03 19:52 - 2013-12-25 13:45 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-04-03 19:51 - 2014-04-03 19:51 - 00000000 ____D () C:\Users\Freitag\AppData\Roaming\Macromedia 2014-04-03 19:51 - 2013-12-25 10:24 - 00000000 ____D () C:\Users\Freitag\AppData\Local\Adobe 2014-04-03 09:51 - 2014-04-13 20:33 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-13 20:33 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-13 20:33 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 08:15 - 2014-04-02 08:15 - 00000000 ____D () C:\Users\Freitag_2\Desktop\Layouts 2014-03-31 03:16 - 2014-04-10 17:59 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-31 03:13 - 2014-04-10 17:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-31 02:13 - 2014-04-10 17:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-31 01:57 - 2014-04-10 17:59 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-23 22:53 - 2014-03-23 22:52 - 153471382 _____ () C:\Users\Freitag_2\Downloads\Rene.zip 2014-03-22 14:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-03-20 21:25 - 2014-03-20 21:25 - 00013515 _____ () C:\Users\Freitag_2\Downloads\umsatz-5232________6736-20140320.csv 2014-03-20 21:19 - 2013-12-25 13:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-19 23:52 - 2014-02-27 21:21 - 00000025 _____ () C:\Users\Freitag_2\Documents\tempFolderPath.dat 2014-03-19 19:34 - 2014-03-19 19:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 20:04 - 2014-03-18 20:04 - 00000132 _____ () C:\Users\Freitag_2\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format 2014-03-18 14:45 - 2014-03-18 14:45 - 00001456 _____ () C:\Users\Freitag_2\AppData\Local\Adobe Für Web speichern 12.0 Prefs 2014-03-18 04:19 - 2014-01-25 17:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-18 04:19 - 2014-01-25 17:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-18 04:19 - 2009-07-14 06:45 - 07947856 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-17 18:21 - 2014-01-21 14:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-17 18:21 - 2014-01-21 14:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-17 18:21 - 2014-01-21 14:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater Some content of TEMP: ==================== C:\Users\Freitag\AppData\Local\Temp\ICReinstall_Open OfficeSetup.exe C:\Users\Freitag\AppData\Local\Temp\Quarantine.exe C:\Users\Freitag\AppData\Local\Temp\readSTILog.dll C:\Users\Freitag_2\AppData\Local\Temp\Creative Cloud Helper.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-10 20:42 ==================== End Of Log ============================ --- --- --- |
|
16.04.2014, 11:50
| #14 |
| | Bueno nicht in Add Ons aber in Programme aufgeführt.. Der Fund ist in den temporären Daten. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-1809572886-3827079629-4179737001-1001\...\RunOnce: [Report] - \AdwCleaner\AdwCleaner[S0].txt [2285 2014-04-13] ()
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=96A2002564D3DE83&affID=127685&tsp=5208
FF Extension: No Name - C:\Users\Freitag\AppData\Roaming\Mozilla\Firefox\Profiles\22fdoa2p.default\Extensions\ffxtlbr@buenosearch.com [2014-04-05]
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Wenn du zufrieden bist, kannst du mir hier gerne danken. Ich sehe in deinen Logs nichts gefährliches mehr.  Cleanup Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Die Reihenfolge ist hier entscheidend.
Tipps  Welches Antiviren-Programm soll ich nehmen?Es gibt kein Antiviren-Programm, dass alle Schädlinge findet und du kannst dich nicht 100%-ig auf das Programm verlassen. Es hängt immer noch von deinem Verhalten ab. Mit dem richtigen Verhalten schützt du dich am besten davor, dass du überhaupt infiziert wirst.
Nutze immer nur ein Antiviren Programm, da mehrere sich gegenseitig blockieren werden und es somit mehr schadet, als es nutzt. Falls du mehr als einen installiert hast, entscheide dich für einen von denen und deinstalliere die anderen. Halte außerdem dein Antiviren-Programm immer aktuell, denn durch eine veraltete Datenbank kann das Programm die neuen Infektionen nicht finden.
Zusätzlich zu deinem Antiviren-Programm kannst du kannst auch regelmäßig einen On-Demand Scanner laufen lassen um dir eine zweite Meinung zu holen. Ein On-Demand Scanner läuft im Gegensatz zu einem normalem Antiviren-Programm nicht ständig mit sondern nur wenn du ihm sagst, dass er das System scannen soll.
Was sollte ich vor dem Runterladen beachten?
Sonstige Tipps
Wenn du das Trojaner-Board unterstützten willst, kannst du gerne Spenden. Ich wünsche dir noch eine schöne Zeit. |
|
16.04.2014, 18:55
| #15 |
| | Bueno nicht in Add Ons aber in Programme aufgeführt..Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-04-2014 01
Ran by Freitag_2 at 2014-04-16 19:43:55 Run:1
Running from C:\Users\Freitag_2\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-1809572886-3827079629-4179737001-1001\...\RunOnce: [Report] - \AdwCleaner\AdwCleaner[S0].txt [2285 2014-04-13] ()
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=96A2002564D3DE83&affID=127685&tsp=5208
FF Extension: No Name - C:\Users\Freitag\AppData\Roaming\Mozilla\Firefox\Profiles\22fdoa2p.default\Extensions\ffxtlbr@buenosearch.com [2014-04-05]
*****************
HKU\S-1-5-21-1809572886-3827079629-4179737001-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
C:\Users\Freitag\AppData\Roaming\Mozilla\Firefox\Profiles\22fdoa2p.default\Extensions\ffxtlbr@buenosearch.com not found.
==== End of Fixlog ====
vielen Dank erst mal!! Habe wie beschrieben den TempFileCleaner genutzt. Den nächsten Absatz verstehe ich aber nicht. Ich kenne weder Defogger/Combofix, noch habe ich diese Programme genutzt? Muss ich nu noch was tun? |
|
| Themen zu Bueno nicht in Add Ons aber in Programme aufgeführt.. |
| .html, add ons, addons, anleitung, chrome, folge, folgendes, forum, gestern, hallo zusammen, hoffe, installier, leitung, menge, office, open office, programme, rückgängig, system, versuch, versucht, werbeeinblendung, win, win 7, zusammen |
Hybrid-Darstellung
