Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Rechner läuft immer langsamer nach unbeabsichtigten Download (https://www.trojaner-board.de/150238-rechner-laeuft-immer-langsamer-unbeabsichtigten-download.html)

corvin 24.02.2014 21:26

Rechner läuft immer langsamer nach unbeabsichtigten Download
 
Hallo, ich habe unbeabsichtigt einen falschen Firefox (us-version) runtergeladen und plötzlich waren da einige Programme, die ich sofort wieder gelöscht (deinstalliert) habe. (Leider weiß ich nicht mehr welche das waren). Jetzt läuft alles ziemlich langsam.
Code:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:44 on 24/02/2014 (kleine)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-02-2014
Ran by kleine at 2014-02-24 20:48:18
Running from C:\Users\kleine\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

Ad-Aware Antivirus (HKLM\...\{17E73768-9F21-4334-ABE6-CD131031564C}_AdAwareUpdater) (Version: 11.1.5354.0 - Lavasoft)
AdAwareInstaller (Version: 11.1.5354.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.1.5354.0 - Lavasoft) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AntimalwareEngine (Version: 2.6.0.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.3.29.0 - Lavasoft) Hidden
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression (HKLM\...\{CCF38218-BD4A-4A4D-8EBE-735569BF89F5}) (Version: 1.2.33.353 - ArcSoft)
Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - )
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.7 - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
Easy Network Manager 4.0 (HKLM\...\InstallShield_{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}) (Version: 4.0.0.13 - Samsung)
Easy Network Manager 4.0 (Version: 4.0.0.13 - Samsung) Hidden
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.1.0 - )
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
FormatFactory 3.0.1 (HKLM\...\FormatFactory) (Version: 3.0.1 - Free Time)
HomeTab 3.5 (HKLM\...\{c5eac06d-16a7-4836-866d-ebf3ecfdcdaa}_is1) (Version: 3.5 - HomeTab)
imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}) (Version: 12.00.2000 - Intel(R) Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 35 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.350 - Oracle)
LAME v3.98.2 for Audacity (HKLM\...\LAME for Audacity_is1) (Version:  - )
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.45.3.3 - Marvell)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
Mysearchdial (HKLM\...\mysearchdial) (Version:  - Mysearchdial) <==== ATTENTION
NVIDIA Grafiktreiber 310.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.64 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 310.64 (Version: 310.64 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OnlineThreatsEngine (Version: 2.2.2.0 - Lavasoft) Hidden
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.7 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD)
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.6 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}) (Version: 1.3.0.11 - Samsung Electronics Co., LTD)
Samsung Update Plus (HKLM\...\InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}) (Version: 2.0 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Hidden
Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., LTD) Hidden
SPCA1528 PC Driver (HKLM\...\{570C2A84-A145-4DF0-AE9D-012584DF09DC}) (Version: 2.2.4.0 - )
Spotify (HKCU\...\Spotify) (Version: 0.8.8.454.gfb120cda - Spotify AB)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.15.1 - Synaptics Incorporated)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
VLC media player 1.1.4 (HKLM\...\VLC media player) (Version: 1.1.4 - VideoLAN)
WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden
WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - WIDCOMM, Inc.)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8098.930 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Intel System  (10/05/2012 9.1.9.1002) (HKLM\...\1AF5F143058CA8C5C954BD408C48232FAF21A69F) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - Intel System  (10/05/2012 9.1.9.1002) (HKLM\...\2528966896853AC8DEC09D148A501604155972BD) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - Intel System  (10/05/2012 9.1.9.1002) (HKLM\...\AC2EE0A9AD3E95C0C675C31C13CF653A6CB3A598) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - Intel USB  (10/05/2012 9.1.9.1002) (HKLM\...\48EC18D43DCBA26BDC1D4FFB660F86792AB475D2) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - NVIDIA Corporation (NVHDA) MEDIA  (07/03/2012 1.3.18.0) (HKLM\...\B46A8C1640335CA36A800E2C6D832964F6F58B54) (Version: 07/03/2012 1.3.18.0 - NVIDIA Corporation)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XP Codec Pack (HKLM\...\XP Codec Pack) (Version:  - )
XviD MPEG-4 Video Codec (HKLM\...\XviD_is1) (Version: XviD-1.0.2-29082004 - XviD Team (Koepi))

==================== Restore Points  =========================

21-01-2014 19:21:38 Installed Java 7 Update 51
22-01-2014 08:59:53 Geplanter Prüfpunkt
23-01-2014 18:58:44 AA11
24-01-2014 08:26:19 Windows Update
25-01-2014 22:46:22 Geplanter Prüfpunkt
27-01-2014 08:28:07 Geplanter Prüfpunkt
28-01-2014 07:46:23 Windows Update
29-01-2014 07:52:57 Geplanter Prüfpunkt
29-01-2014 20:30:03 Geplanter Prüfpunkt
30-01-2014 08:39:00 Geplanter Prüfpunkt
31-01-2014 08:00:17 Geplanter Prüfpunkt
02-02-2014 20:18:57 Geplanter Prüfpunkt
03-02-2014 08:45:19 Geplanter Prüfpunkt
04-02-2014 19:40:57 Windows Update
07-02-2014 21:09:58 Windows Update
11-02-2014 20:32:26 Windows Update
12-02-2014 05:17:42 Windows Update
18-02-2014 19:05:49 Windows Update
21-02-2014 19:49:48 Windows Update
23-02-2014 19:20:18 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 11:23 - 2013-06-25 21:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0E935E62-1D7B-4E30-AB0D-2807DA10CB83} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-04] (Samsung Electronics Co., Ltd.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2CBDA259-6EEF-489D-8FA8-FFA18EC3EB35} - System32\Tasks\UpdaterEX => C:\Users\kleine\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4E5C12AA-3A29-4984-BD4E-D57366E9A35C} - System32\Tasks\MySearchDial => C:\Users\kleine\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {512087C4-C3C2-4F1C-B8D6-6D622A0A63FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {6348F453-7648-43E7-A11B-3ED4D8D0B2A7} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {70123431-D3B0-44E9-8554-1A05B93730AD} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2008-05-22] (SAMSUNG Electronics)
Task: {8CA034A1-47C7-48C5-967F-80E5A5062EED} - \Browser Updater\Browser Updater No Task File
Task: {90255043-B028-41AF-B007-6EED10787515} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-04-17] (SAMSUNG Electronics co., LTD.)
Task: {A1DD22C6-FBE7-4021-BA65-996B4FECD9B2} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe
Task: {C6D1C84C-0891-4E7E-B2D4-8B200E31F411} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2008-04-25] (Samsung Electronics Co., Ltd.)
Task: {C88CD5CB-B30A-4A91-A310-84715F1796DD} - System32\Tasks\SupBackGroundTask => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe [2010-04-20] ()
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F04F987D-57DD-4E10-ABCB-9CA94823136D} - System32\Tasks\Software Updater Ui => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe
Task: {FAF58D27-CFD2-46AB-9931-EA3C4C25CCB6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\kleine\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\SupBackGroundTask.job => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\kleine\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\User_Feed_Synchronization-{E5DAD495-48D4-4D94-969F-72B8E436802B}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2011-02-09 11:33 - 2010-06-17 21:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2014-01-23 16:26 - 2014-01-23 16:26 - 00651232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
2014-01-23 16:33 - 2014-01-23 16:33 - 00087928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_thread-vc100-mt-1_55.dll
2014-01-23 16:33 - 2014-01-23 16:33 - 00022392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_system-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00030072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_chrono-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00048512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_date_time-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00107904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_filesystem-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 03053416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareServiceKernel.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00541008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SQLite.dll
2014-01-23 16:33 - 2014-01-23 16:33 - 00131920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\pugixml.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 01928008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\RCF.dll
2014-01-23 16:33 - 2014-01-23 16:33 - 00638328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_regex-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00477544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareActivation.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00244088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareApplicationUpdater.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00119656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareGamingMode.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00087384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareReset.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00105304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTime.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00228728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdater.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00170376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00342376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIgnoreList.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00210280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareQuarantine.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00244592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiMalwareEngine.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00174960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiRootkitEngine.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00367472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScannerHistory.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00502112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScanner.dll
2014-01-23 16:33 - 2014-01-23 16:33 - 00030584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_timer-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00268656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScannerScheduler.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00274808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareRealTimeProtection.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00190824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIncompatibles.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00181600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiSpam.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00105320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiPhishing.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00472944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareParentalControl.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 01858408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareWebProtection.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00223088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareEmailProtection.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00513392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareNetworkProtection.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00422752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareInstaller.dll
2014-01-23 16:33 - 2014-01-23 16:33 - 00148808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\zlib.dll
2014-01-23 16:33 - 2014-01-23 16:33 - 00122704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\libssh2.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00298840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwarePromo.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00241504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareFeedback.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SecurityCenter.dll
2013-12-15 22:27 - 2013-07-17 17:09 - 00135288 _____ () C:\Windows\system32\bdfwcore.dll
2013-07-17 17:10 - 2013-07-17 17:10 - 00565640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\BDSmartDB.dll
2013-08-21 14:32 - 2013-08-21 14:32 - 00641000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.2.0\ashttpbr.mdl
2013-08-21 14:32 - 2013-08-21 14:32 - 00451480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.2.0\ashttpdsp.mdl
2013-08-21 14:32 - 2013-08-21 14:32 - 01950672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.2.0\ashttpph.mdl
2013-08-21 14:32 - 2013-08-21 14:32 - 00974744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.2.0\ashttprbl.mdl
2013-08-21 14:32 - 2013-08-21 14:32 - 00641000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\WebFiltering Engine\2.2.1.0\ashttpbr.mdl
2013-08-21 14:32 - 2013-08-21 14:32 - 00451480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\WebFiltering Engine\2.2.1.0\ashttpdsp.mdl
2013-08-21 14:32 - 2013-08-21 14:32 - 02281296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\WebFiltering Engine\2.2.1.0\ashttpf.mdl
2013-08-21 14:32 - 2013-08-21 14:32 - 00974744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\WebFiltering Engine\2.2.1.0\ashttprbl.mdl
2008-09-12 05:03 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 02084720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareShellExtension.dll
2008-09-12 05:03 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2008-09-12 05:02 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 03643224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
2014-01-23 16:33 - 2014-01-23 16:33 - 00405880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_locale-vc100-mt-1_55.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00308064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\HtmlFramework.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00056664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\DllStorage.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00789360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTrayDefaultSkin.dll
2014-01-23 16:32 - 2014-01-23 16:32 - 00118104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\Localization.dll
2014-02-23 21:42 - 2014-02-13 01:36 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/24/2014 08:02:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2014 02:06:30 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (02/24/2014 02:06:30 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (02/24/2014 02:06:22 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (02/24/2014 02:03:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2014 08:49:59 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (02/24/2014 08:49:59 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (02/24/2014 08:49:59 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (02/24/2014 08:49:59 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (02/24/2014 08:49:59 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)


System errors:
=============
Error: (02/24/2014 08:04:52 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (02/24/2014 08:02:48 PM) (Source: Service Control Manager) (User: )
Description: System Store%%3

Error: (02/24/2014 08:02:48 PM) (Source: Service Control Manager) (User: )
Description: SPCA1528 Video Camera Service%%1058

Error: (02/24/2014 08:02:48 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (02/24/2014 02:06:54 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (02/24/2014 02:03:57 PM) (Source: Service Control Manager) (User: )
Description: System Store%%3

Error: (02/24/2014 02:03:57 PM) (Source: Service Control Manager) (User: )
Description: SPCA1528 Video Camera Service%%1058

Error: (02/24/2014 02:03:57 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (02/24/2014 08:50:18 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (02/24/2014 08:48:10 AM) (Source: Service Control Manager) (User: )
Description: System Store%%3


Microsoft Office Sessions:
=========================
Error: (02/24/2014 08:02:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2014 02:06:30 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\SAFEBROWSING

Error: (02/24/2014 02:06:30 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\SAFEBROWSING

Error: (02/24/2014 02:06:22 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\SAFEBROWSING-TO_DELETE

Error: (02/24/2014 02:03:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2014 08:49:59 AM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\CACHE\9

Error: (02/24/2014 08:49:59 AM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\CACHE\9

Error: (02/24/2014 08:49:59 AM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\CACHE\8

Error: (02/24/2014 08:49:59 AM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\CACHE\8

Error: (02/24/2014 08:49:59 AM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\CACHE\7


CodeIntegrity Errors:
===================================
  Date: 2013-12-15 22:18:40.346
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Drivers\i386\wlh\sbhips.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-15 22:18:40.036
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Drivers\i386\wlh\sbhips.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-15 22:18:39.720
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Drivers\i386\wlh\sbhips.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-15 22:18:39.390
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Drivers\i386\wlh\sbhips.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-09 23:37:50.575
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-09 23:37:50.177
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-20 14:04:32.817
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-20 14:04:32.511
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-20 14:02:46.932
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-20 14:02:46.524
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 3065.87 MB
Available physical RAM: 1767.86 MB
Total Pagefile: 6352.14 MB
Available Pagefile: 5127.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:144.09 GB) (Free:21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:144 GB) (Free:143.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 0201FF32)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-02-2014
Ran by kleine (administrator) on KLEINE-PC on 24-02-2014 20:47:00
Running from C:\Users\kleine\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2416368 2013-02-25] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [3643224 2014-01-23] ()
HKU\S-1-5-21-4273118025-30497289-324835352-1003\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4273118025-30497289-324835352-1003\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4273118025-30497289-324835352-1004\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dnldstr0202ff&cd=2XzuyEtN2Y1L1QzutDtDtBtCyCtAzz0DyDzyyEtB0B0E0A0DtN0D0Tzu0SyBzzyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=656912544&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dnldstr0202ff&cd=2XzuyEtN2Y1L1QzutDtDtBtCyCtAzz0DyDzyyEtB0B0E0A0DtN0D0Tzu0SyBzzyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=656912544&ir=
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - {2BA770C2-E3A0-438F-90BC-C507DF624B32} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {44F87947-6CB0-4DC7-B01A-0C6A184CE044} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {572D9AB0-4614-4D0A-83C3-BD5F7D01CEBC} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {5A5C2038-9BC0-43F2-91BD-2C638D6BA9F6} URL = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms}
SearchScopes: HKCU - {5C895343-C9EC-4445-AA9F-E7D85DAAC8EA} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKCU - {CD376ED7-26AA-4576-B779-6817F0068E63} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\adawaretb.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ad-Aware Security Add-on - C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2014-02-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-15]

Chrome:
=======
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=AA23B4DCF089F5AEFB8E2251A3C8AA33
CHR RestoreOnStartup: "hxxp://start.mysearchdial.com/?f=1&a=dnldstr0202ff&cd=2XzuyEtN2Y1L1QzutDtDtBtCyCtAzz0DyDzyyEtB0B0E0A0DtN0D0Tzu0SyBzzyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=656912544&ir=", "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=AA23B4DCF089F5AEFB8E2251A3C8AA33"
CHR DefaultSearchProvider:      "name": "Mysearchdial"
CHR HKLM\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2014-01-17]
CHR HKLM\...\Chrome\Extension: [phegaokedjdajgnfphbnpkcfdgjbidko] - C:\ProgramData\adawaretb\toolbar\chrome\toolbar.crx [2014-01-17]

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [651232 2014-01-23] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe [234776 2012-10-26] (McAfee, Inc.)
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] ()
S2 SystemStoreService; "C:\Program Files\SoftwareUpdater\SystemStore.exe"  -displayname "System Store" -servicename "SystemStoreService" [X]
S2 wtmprovhost; C:\Windows\system32\VAN32.exe [X]

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [77192 2013-07-17] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [130640 2013-07-17] (BitDefender LLC)
S3 Bulk1528; C:\Windows\System32\Drivers\Bulk1528.sys [14080 2009-10-20] (SunPlus)
S2 Ca1528av; C:\Windows\System32\Drivers\Ca1528av.sys [516480 2008-12-16] (Digital Camera)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-01] (GFI Software)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [154464 2013-07-17] (BitDefender LLC)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-09-12] (SAMSUNG ELECTRONICS CO., LTD.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [340624 2013-07-17] (BitDefender S.R.L.)
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [243840 2009-01-23] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-24 20:47 - 2014-02-24 20:48 - 00013393 _____ () C:\Users\kleine\Desktop\FRST.txt
2014-02-24 20:46 - 2014-02-24 20:47 - 00000000 ____D () C:\FRST
2014-02-24 20:45 - 2014-02-24 20:46 - 01144320 _____ (Farbar) C:\Users\kleine\Desktop\FRST.exe
2014-02-24 20:44 - 2014-02-24 20:44 - 00000474 _____ () C:\Users\kleine\Desktop\defogger_disable.log
2014-02-24 20:44 - 2014-02-24 20:44 - 00000000 _____ () C:\Users\kleine\defogger_reenable
2014-02-24 20:41 - 2014-02-24 20:41 - 00050477 _____ () C:\Users\kleine\Desktop\Defogger.exe
2014-02-24 06:37 - 2014-02-24 06:37 - 00000043 _____ () C:\Users\kleine\AppData\Roaming\WB.CFG
2014-02-23 21:52 - 2014-02-24 06:24 - 00000000 ____D () C:\Users\kleine\AppData\Local\adawarebp
2014-02-23 21:51 - 2014-02-23 21:51 - 00000000 ____D () C:\ProgramData\blekko toolbars
2014-02-23 21:51 - 2014-02-23 21:51 - 00000000 ____D () C:\Program Files\Toolbar Cleaner
2014-02-23 21:50 - 2014-02-23 21:50 - 04048592 _____ (Lavasoft) C:\Users\kleine\Downloads\adawareTb_3.8.0.2.exe
2014-02-23 21:42 - 2014-02-23 21:42 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-23 21:42 - 2014-02-23 21:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-23 21:37 - 2014-02-24 20:37 - 00000296 _____ () C:\Windows\Tasks\MySearchDial.job
2014-02-23 21:36 - 2014-02-23 21:36 - 00000000 ____D () C:\Users\kleine\Documents\Optimizer Pro
2014-02-23 21:31 - 2014-02-24 06:23 - 00000000 ____D () C:\Program Files\FindRight
2014-02-23 21:31 - 2014-02-23 21:31 - 00000296 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-02-23 21:30 - 2014-02-23 21:37 - 00000000 ____D () C:\Users\kleine\AppData\Roaming\mysearchdial
2014-02-23 21:30 - 2014-02-23 21:30 - 24039048 _____ (Mozilla) C:\Users\kleine\Downloads\Firefox_Setup [1].exe
2014-02-23 21:30 - 2014-02-23 21:30 - 00000000 ____D () C:\Program Files\Mysearchdial
2014-02-23 21:29 - 2014-02-23 21:30 - 00738368 _____ ( ) C:\Users\kleine\Downloads\Firefox_Setup.exe
2014-02-15 13:30 - 2014-02-23 21:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-11 21:40 - 2014-02-02 21:10 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 06019584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-11 21:40 - 2014-02-02 21:10 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-02-11 21:40 - 2014-02-01 23:54 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-11 21:40 - 2014-02-01 23:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-11 21:40 - 2014-02-01 23:47 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-11 21:40 - 2014-02-01 23:46 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-11 21:40 - 2014-02-01 23:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-11 21:39 - 2013-12-22 16:42 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-11 21:39 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-01-26 20:03 - 2014-01-26 20:03 - 00622968 _____ () C:\Users\kleine\Downloads\anno1602_windows2000_xp-Downloader.exe

==================== One Month Modified Files and Folders =======

2014-02-24 20:48 - 2014-02-24 20:47 - 00013393 _____ () C:\Users\kleine\Desktop\FRST.txt
2014-02-24 20:47 - 2014-02-24 20:46 - 00000000 ____D () C:\FRST
2014-02-24 20:46 - 2014-02-24 20:45 - 01144320 _____ (Farbar) C:\Users\kleine\Desktop\FRST.exe
2014-02-24 20:44 - 2014-02-24 20:44 - 00000474 _____ () C:\Users\kleine\Desktop\defogger_disable.log
2014-02-24 20:44 - 2014-02-24 20:44 - 00000000 _____ () C:\Users\kleine\defogger_reenable
2014-02-24 20:44 - 2008-12-17 00:53 - 00000000 ____D () C:\Users\kleine
2014-02-24 20:41 - 2014-02-24 20:41 - 00050477 _____ () C:\Users\kleine\Desktop\Defogger.exe
2014-02-24 20:37 - 2014-02-23 21:37 - 00000296 _____ () C:\Windows\Tasks\MySearchDial.job
2014-02-24 20:15 - 2012-04-21 18:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-24 20:15 - 2009-02-16 14:18 - 00000416 ____H () C:\Windows\Tasks\SupBackGroundTask.job
2014-02-24 20:05 - 2009-02-08 14:35 - 02045299 _____ () C:\Windows\WindowsUpdate.log
2014-02-24 20:03 - 2013-12-15 22:27 - 00002204 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-02-24 20:01 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-24 20:01 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-24 20:01 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-24 14:31 - 2008-09-12 20:41 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-02-24 14:31 - 2006-11-02 14:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-24 06:37 - 2014-02-24 06:37 - 00000043 _____ () C:\Users\kleine\AppData\Roaming\WB.CFG
2014-02-24 06:24 - 2014-02-23 21:52 - 00000000 ____D () C:\Users\kleine\AppData\Local\adawarebp
2014-02-24 06:23 - 2014-02-23 21:31 - 00000000 ____D () C:\Program Files\FindRight
2014-02-24 06:23 - 2013-06-25 21:06 - 00017766 _____ () C:\Windows\PFRO.log
2014-02-24 06:23 - 2013-05-27 21:57 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-02-23 21:51 - 2014-02-23 21:51 - 00000000 ____D () C:\ProgramData\blekko toolbars
2014-02-23 21:51 - 2014-02-23 21:51 - 00000000 ____D () C:\Program Files\Toolbar Cleaner
2014-02-23 21:51 - 2013-12-15 22:25 - 00000000 ____D () C:\Program Files\Lavasoft
2014-02-23 21:50 - 2014-02-23 21:50 - 04048592 _____ (Lavasoft) C:\Users\kleine\Downloads\adawareTb_3.8.0.2.exe
2014-02-23 21:43 - 2008-12-23 19:47 - 00000000 ____D () C:\Users\kleine\AppData\Roaming\Mozilla
2014-02-23 21:43 - 2008-12-17 01:15 - 00000420 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{E5DAD495-48D4-4D94-969F-72B8E436802B}.job
2014-02-23 21:42 - 2014-02-23 21:42 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-23 21:42 - 2014-02-23 21:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-23 21:42 - 2014-02-15 13:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-23 21:37 - 2014-02-23 21:30 - 00000000 ____D () C:\Users\kleine\AppData\Roaming\mysearchdial
2014-02-23 21:36 - 2014-02-23 21:36 - 00000000 ____D () C:\Users\kleine\Documents\Optimizer Pro
2014-02-23 21:31 - 2014-02-23 21:31 - 00000296 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-02-23 21:30 - 2014-02-23 21:30 - 24039048 _____ (Mozilla) C:\Users\kleine\Downloads\Firefox_Setup [1].exe
2014-02-23 21:30 - 2014-02-23 21:30 - 00000000 ____D () C:\Program Files\Mysearchdial
2014-02-23 21:30 - 2014-02-23 21:29 - 00738368 _____ ( ) C:\Users\kleine\Downloads\Firefox_Setup.exe
2014-02-21 21:15 - 2012-04-21 18:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 21:15 - 2011-09-21 15:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 22:17 - 2009-02-18 18:57 - 00000000 ____D () C:\Users\kleine\Desktop\Corvin
2014-02-20 21:25 - 2006-11-02 11:33 - 00149630 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-20 21:23 - 2008-12-16 18:38 - 00033792 _____ () C:\Users\kleine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-12 20:50 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 06:27 - 2013-07-16 22:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 06:25 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-02 21:10 - 2014-02-11 21:40 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 06019584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-02 21:10 - 2014-02-11 21:40 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-02-01 23:54 - 2014-02-11 21:40 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-01 23:47 - 2014-02-11 21:40 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-01 23:47 - 2014-02-11 21:40 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-01 23:46 - 2014-02-11 21:40 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-01 23:46 - 2014-02-11 21:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-26 20:07 - 2013-05-26 09:18 - 00000000 ____D () C:\Users\kleine\AppData\Local\DownloadGuide
2014-01-26 20:03 - 2014-01-26 20:03 - 00622968 _____ () C:\Users\kleine\Downloads\anno1602_windows2000_xp-Downloader.exe

Files to move or delete:
====================
C:\Users\kleine\AppData\Roaming\desktop.ini


Some content of TEMP:
====================
C:\Users\kleine\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe
C:\Users\kleine\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-24 20:08

==================== End Of Log ============================

Code:

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-24 21:09:08
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FB4O 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\kleine\AppData\Local\Temp\awdiipod.sys


---- User code sections - GMER 2.1 ----

.text          C:\Program Files\Mozilla Firefox\firefox.exe[4852] ntdll.dll!LdrLoadDll                          77D29378 5 Bytes  JMP 74CD1FFD C:\Program Files\Mozilla Firefox\mozglue.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4852] kernel32.dll!HeapSetInformation + 26          76BAA8B0 7 Bytes  JMP 63505A06 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4852] kernel32.dll!LockResource + C                76BC6ACB 7 Bytes  JMP 638F049D C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4852] kernel32.dll!VirtualAllocEx + 54              76BCAF50 7 Bytes  JMP 638F0455 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4852] GDI32.dll!SetStretchBltMode + 256            770A745C 2 Bytes  JMP 638F04C4 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4852] GDI32.dll!SetStretchBltMode + 259            770A745F 4 Bytes  [84, EC, EB, F9] {TEST AH, CH; JMP 0xfffffffd}
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4852] WS2_32.dll!recv                              77E6343A 6 Bytes  JMP 71A00F5A
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4852] WS2_32.dll!WSASend                            77E64496 6 Bytes  JMP 719D0F5A
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4852] WS2_32.dll!WSALookupServiceNextW              77E6455D 6 Bytes  JMP 71A90F5A
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4852] WS2_32.dll!WSALookupServiceBeginW            77E64E93 6 Bytes  JMP 71AF0F5A
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4852] WS2_32.dll!WSALookupServiceEnd                77E65564 6 Bytes  JMP 71A60F5A
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4852] WS2_32.dll!send                              77E6659B 6 Bytes  JMP 71A30F5A
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4852] WS2_32.dll!WSAGetOverlappedResult            77E68143 6 Bytes  JMP 71970F5A
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4852] WS2_32.dll!WSARecv                            77E68400 6 Bytes  JMP 719A0F5A

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                          bdftdif.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                          bdftdif.sys

---- Registry - GMER 2.1 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fa0371                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fc199b                     
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1fa0371 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1fc199b (not active ControlSet) 

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                            unknown MBR code

---- EOF - GMER 2.1 ----


cosinus 24.02.2014 22:18

Zitat:

FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
Unnötiger Ballast, runter damit und Windows-Firewall einschalten.
Aus welcher Quelle hast du das angeblich Firefox-Setup geladen?

corvin 25.02.2014 21:27

mozilla firefox - Download Mozilla Firefox® Kostenlos Downloaden - Die Nummer Eins für Downloads! | Ez-download.com

da, glaube ich.
wie oder wo kann ich die ad-aware firewall entfernen?
Bin nicht ganz so fit in solchen sachen.
Und erstmal DANKE für deine Hilfe.

cosinus 26.02.2014 01:19

Software lädt man nur aus vertrauenswürdigen Quellen. Firefox nur von direkt vom Hersteller mozilla

Zitat:

wie oder wo kann ich die ad-aware firewall entfernen?
Wie jede andere Software auch, über Systemsteuerung => Programme und Funktionen

Da deinstallierst du den Kram und auch Firefox, keine Daten behalten, lädst Firefox neu runter von mozilla.com und startest dann das Setup.

corvin 26.02.2014 21:19

Liste der Anhänge anzeigen (Anzahl: 1)
Anhang 65187

da finde ich nur das Ad-Aware Virenprogramm.

Hast du denn noch etwas gefunden das zu Problemen führen könnte?

cosinus 27.02.2014 01:15

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

corvin 27.02.2014 21:47

Code:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19499

Java version: 1.6.0_35

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3214798848, free: 2157674496

Downloaded database version: v2014.02.27.10
Downloaded database version: v2014.02.20.01
Initializing...
======================
------------ Kernel report ------------
    02/27/2014 21:19:25
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\gfibto.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\iaNvStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\yk60x86.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\nvhda32v.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\??\c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\VMC302.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\kmdfmemio.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\Trufos.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85f34300
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff85413028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85f34300, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8637bd18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85f34300, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85413028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 201FF32

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 20971520

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 20973568  Numsec = 302178304
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 323151872  Numsec = 301987840

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-20973568-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished


cosinus 28.02.2014 01:25

Falsches Log, bitte das richtige posten

Zitat:

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

corvin 28.02.2014 21:19

oh, sorry

Code:

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.27.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19499
kleine :: KLEINE-PC [administrator]

27.02.2014 21:19:31
mbar-log-2014-02-27 (21-19-31).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 243187
Time elapsed: 25 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


cosinus 28.02.2014 21:20

Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


corvin 28.02.2014 22:01

Code:

# AdwCleaner v3.020 - Bericht erstellt am 28/02/2014 um 21:22:51
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : kleine - KLEINE-PC
# Gestartet von : C:\Users\kleine\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : SystemStoreService

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\Program Files\FindRight
Ordner Gelöscht : C:\Program Files\Toolbar Cleaner
Ordner Gelöscht : C:\Users\kleine\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\kleine\AppData\LocalLow\adawaretb
Ordner Gelöscht : C:\Users\kleine\AppData\Roaming\UpdaterEX
Ordner Gelöscht : C:\Users\kleine\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\adawaretb
Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\adawaretb.xml
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater Ui
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater
Datei Gelöscht : C:\Windows\Tasks\UpdaterEX.job
Datei Gelöscht : C:\Windows\System32\Tasks\UpdaterEX

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CA034A1-47C7-48C5-967F-80E5A5062EED}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F04F987D-57DD-4E10-ABCB-9CA94823136D}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F04F987D-57DD-4E10-ABCB-9CA94823136D}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A1DD22C6-FBE7-4021-BA65-996B4FECD9B2}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1DD22C6-FBE7-4021-BA65-996B4FECD9B2}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CBDA259-6EEF-489D-8FA8-FFA18EC3EB35}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CBDA259-6EEF-489D-8FA8-FFA18EC3EB35}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Search Protection]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\UpdaterEX
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawaretb
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\adawaretb
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\Toolbar Cleaner
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean Pro_is1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browser ] *****

-\\ Internet Explorer v8.0.6001.19499

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]

-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\kleine\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [8196 octets] - [28/02/2014 21:22:04]
AdwCleaner[S0].txt - [7382 octets] - [28/02/2014 21:22:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7442 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by kleine on 28.02.2014 at 21:46:44,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4273118025-30497289-324835352-1003\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\kleine\appdata\local\adawarebp"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\kleine\AppData\Roaming\mozilla\firefox\profiles\1qv2wd4l.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Successfully deleted the following from C:\Users\kleine\AppData\Roaming\mozilla\firefox\profiles\1qv2wd4l.default\prefs.js

user_pref("keyword.URL", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=");
Emptied folder: C:\Users\kleine\AppData\Roaming\mozilla\firefox\profiles\1qv2wd4l.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.02.2014 at 21:49:17,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:

FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-02-2014 02
Ran by kleine (administrator) on KLEINE-PC on 28-02-2014 21:59:30
Running from C:\Users\kleine\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2416368 2013-02-25] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [3643224 2014-01-23] ()
HKU\S-1-5-21-4273118025-30497289-324835352-1003\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4273118025-30497289-324835352-1003\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4273118025-30497289-324835352-1004\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {2BA770C2-E3A0-438F-90BC-C507DF624B32} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
SearchScopes: HKCU - {44F87947-6CB0-4DC7-B01A-0C6A184CE044} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {572D9AB0-4614-4D0A-83C3-BD5F7D01CEBC} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {5A5C2038-9BC0-43F2-91BD-2C638D6BA9F6} URL = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms}
SearchScopes: HKCU - {5C895343-C9EC-4445-AA9F-E7D85DAAC8EA} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
SearchScopes: HKCU - {CD376ED7-26AA-4576-B779-6817F0068E63} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-15]

Chrome:
=======
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=AA23B4DCF089F5AEFB8E2251A3C8AA33
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchProvider:      "name": "Mysearchdial"
CHR HKLM\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2014-01-17]
CHR HKLM\...\Chrome\Extension: [phegaokedjdajgnfphbnpkcfdgjbidko] - C:\ProgramData\adawaretb\toolbar\chrome\toolbar.crx [2014-01-17]

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [651232 2014-01-23] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe [234776 2012-10-26] (McAfee, Inc.)
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] ()
S2 wtmprovhost; C:\Windows\system32\VAN32.exe [X]

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [77192 2013-07-17] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [130640 2013-07-17] (BitDefender LLC)
S3 Bulk1528; C:\Windows\System32\Drivers\Bulk1528.sys [14080 2009-10-20] (SunPlus)
S2 Ca1528av; C:\Windows\System32\Drivers\Ca1528av.sys [516480 2008-12-16] (Digital Camera)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-01] (GFI Software)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [154464 2013-07-17] (BitDefender LLC)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-09-12] (SAMSUNG ELECTRONICS CO., LTD.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [340624 2013-07-17] (BitDefender S.R.L.)
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [243840 2009-01-23] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-28 21:59 - 2014-02-28 21:59 - 00010816 _____ () C:\Users\kleine\Desktop\FRST.txt
2014-02-28 21:59 - 2014-02-28 21:59 - 00000000 ____D () C:\Users\kleine\Desktop\FRST-OlderVersion
2014-02-28 21:49 - 2014-02-28 21:49 - 00001561 _____ () C:\Users\kleine\Desktop\JRT.txt
2014-02-28 21:44 - 2014-02-28 21:44 - 01037734 _____ (Thisisu) C:\Users\kleine\Desktop\JRT.exe
2014-02-28 21:22 - 2014-02-28 21:29 - 00000000 ____D () C:\AdwCleaner
2014-02-28 21:21 - 2014-02-28 21:21 - 01244192 _____ () C:\Users\kleine\Desktop\adwcleaner.exe
2014-02-27 21:19 - 2014-02-27 21:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-27 21:19 - 2014-02-27 21:19 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-27 21:18 - 2014-02-27 21:45 - 00000000 ____D () C:\Users\kleine\Desktop\mbar
2014-02-27 21:18 - 2014-02-27 21:18 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-27 21:15 - 2014-02-27 21:15 - 12589848 _____ (Malwarebytes Corp.) C:\Users\kleine\Desktop\mbar-1.07.0.1009.exe
2014-02-24 21:09 - 2014-02-24 21:09 - 00003577 _____ () C:\Users\kleine\Desktop\Gmer.log
2014-02-24 20:52 - 2014-02-24 20:52 - 00380416 _____ () C:\Users\kleine\Desktop\Gmer-19357.exe
2014-02-24 20:46 - 2014-02-28 21:59 - 00000000 ____D () C:\FRST
2014-02-24 20:45 - 2014-02-28 21:59 - 01143808 _____ (Farbar) C:\Users\kleine\Desktop\FRST.exe
2014-02-24 20:44 - 2014-02-24 20:44 - 00000474 _____ () C:\Users\kleine\Desktop\defogger_disable.log
2014-02-24 20:44 - 2014-02-24 20:44 - 00000000 _____ () C:\Users\kleine\defogger_reenable
2014-02-24 20:41 - 2014-02-24 20:41 - 00050477 _____ () C:\Users\kleine\Desktop\Defogger.exe
2014-02-24 06:37 - 2014-02-25 06:37 - 00000082 _____ () C:\Users\kleine\AppData\Roaming\WB.CFG
2014-02-23 21:50 - 2014-02-23 21:50 - 04048592 _____ (Lavasoft) C:\Users\kleine\Downloads\adawareTb_3.8.0.2.exe
2014-02-23 21:42 - 2014-02-23 21:42 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-23 21:42 - 2014-02-23 21:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-23 21:30 - 2014-02-23 21:30 - 24039048 _____ (Mozilla) C:\Users\kleine\Downloads\Firefox_Setup [1].exe
2014-02-23 21:29 - 2014-02-23 21:30 - 00738368 _____ ( ) C:\Users\kleine\Downloads\Firefox_Setup.exe
2014-02-15 13:30 - 2014-02-23 21:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-11 21:40 - 2014-02-02 21:10 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 06019584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-11 21:40 - 2014-02-02 21:10 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-11 21:40 - 2014-02-02 21:10 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-02-11 21:40 - 2014-02-01 23:54 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-11 21:40 - 2014-02-01 23:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-11 21:40 - 2014-02-01 23:47 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-11 21:40 - 2014-02-01 23:46 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-11 21:40 - 2014-02-01 23:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-11 21:39 - 2013-12-22 16:42 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-11 21:39 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

==================== One Month Modified Files and Folders =======

2014-02-28 21:59 - 2014-02-28 21:59 - 00010816 _____ () C:\Users\kleine\Desktop\FRST.txt
2014-02-28 21:59 - 2014-02-28 21:59 - 00000000 ____D () C:\Users\kleine\Desktop\FRST-OlderVersion
2014-02-28 21:59 - 2014-02-24 20:46 - 00000000 ____D () C:\FRST
2014-02-28 21:59 - 2014-02-24 20:45 - 01143808 _____ (Farbar) C:\Users\kleine\Desktop\FRST.exe
2014-02-28 21:49 - 2014-02-28 21:49 - 00001561 _____ () C:\Users\kleine\Desktop\JRT.txt
2014-02-28 21:44 - 2014-02-28 21:44 - 01037734 _____ (Thisisu) C:\Users\kleine\Desktop\JRT.exe
2014-02-28 21:34 - 2009-02-08 14:35 - 01327430 _____ () C:\Windows\WindowsUpdate.log
2014-02-28 21:32 - 2013-12-15 22:27 - 00002204 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-02-28 21:30 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-28 21:30 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-28 21:30 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-28 21:29 - 2014-02-28 21:22 - 00000000 ____D () C:\AdwCleaner
2014-02-28 21:29 - 2008-09-12 20:41 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-02-28 21:29 - 2006-11-02 14:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-28 21:21 - 2014-02-28 21:21 - 01244192 _____ () C:\Users\kleine\Desktop\adwcleaner.exe
2014-02-28 21:15 - 2012-04-21 18:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-28 20:35 - 2009-02-16 14:18 - 00000416 ____H () C:\Windows\Tasks\SupBackGroundTask.job
2014-02-28 12:50 - 2008-12-17 01:15 - 00000420 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{E5DAD495-48D4-4D94-969F-72B8E436802B}.job
2014-02-27 21:45 - 2014-02-27 21:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-27 21:45 - 2014-02-27 21:18 - 00000000 ____D () C:\Users\kleine\Desktop\mbar
2014-02-27 21:19 - 2014-02-27 21:19 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-27 21:18 - 2014-02-27 21:18 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-27 21:15 - 2014-02-27 21:15 - 12589848 _____ (Malwarebytes Corp.) C:\Users\kleine\Desktop\mbar-1.07.0.1009.exe
2014-02-26 21:48 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-26 21:29 - 2006-11-02 11:33 - 00247964 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 06:20 - 2013-06-25 21:06 - 00069096 _____ () C:\Windows\PFRO.log
2014-02-25 06:37 - 2014-02-24 06:37 - 00000082 _____ () C:\Users\kleine\AppData\Roaming\WB.CFG
2014-02-24 21:09 - 2014-02-24 21:09 - 00003577 _____ () C:\Users\kleine\Desktop\Gmer.log
2014-02-24 20:52 - 2014-02-24 20:52 - 00380416 _____ () C:\Users\kleine\Desktop\Gmer-19357.exe
2014-02-24 20:44 - 2014-02-24 20:44 - 00000474 _____ () C:\Users\kleine\Desktop\defogger_disable.log
2014-02-24 20:44 - 2014-02-24 20:44 - 00000000 _____ () C:\Users\kleine\defogger_reenable
2014-02-24 20:44 - 2008-12-17 00:53 - 00000000 ____D () C:\Users\kleine
2014-02-24 20:41 - 2014-02-24 20:41 - 00050477 _____ () C:\Users\kleine\Desktop\Defogger.exe
2014-02-24 06:23 - 2013-05-27 21:57 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-02-23 21:51 - 2013-12-15 22:25 - 00000000 ____D () C:\Program Files\Lavasoft
2014-02-23 21:50 - 2014-02-23 21:50 - 04048592 _____ (Lavasoft) C:\Users\kleine\Downloads\adawareTb_3.8.0.2.exe
2014-02-23 21:43 - 2008-12-23 19:47 - 00000000 ____D () C:\Users\kleine\AppData\Roaming\Mozilla
2014-02-23 21:42 - 2014-02-23 21:42 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-23 21:42 - 2014-02-23 21:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-23 21:42 - 2014-02-15 13:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-23 21:30 - 2014-02-23 21:30 - 24039048 _____ (Mozilla) C:\Users\kleine\Downloads\Firefox_Setup [1].exe
2014-02-23 21:30 - 2014-02-23 21:29 - 00738368 _____ ( ) C:\Users\kleine\Downloads\Firefox_Setup.exe
2014-02-21 21:15 - 2012-04-21 18:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 21:15 - 2011-09-21 15:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 22:17 - 2009-02-18 18:57 - 00000000 ____D () C:\Users\kleine\Desktop\Corvin
2014-02-20 21:23 - 2008-12-16 18:38 - 00033792 _____ () C:\Users\kleine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-12 06:27 - 2013-07-16 22:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 06:25 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-02 21:10 - 2014-02-11 21:40 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 06019584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-02 21:10 - 2014-02-11 21:40 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-02 21:10 - 2014-02-11 21:40 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-02-01 23:54 - 2014-02-11 21:40 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-01 23:47 - 2014-02-11 21:40 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-01 23:47 - 2014-02-11 21:40 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-01 23:46 - 2014-02-11 21:40 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-01 23:46 - 2014-02-11 21:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

Files to move or delete:
====================
C:\Users\kleine\AppData\Roaming\desktop.ini


Some content of TEMP:
====================
C:\Users\kleine\AppData\Local\temp\95135uninstall.exe
C:\Users\kleine\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe
C:\Users\kleine\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe
C:\Users\kleine\AppData\Local\temp\Quarantine.exe
C:\Users\kleine\AppData\Local\temp\Sqlite3.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 21:36

==================== End Of Log ============================

--- --- ---

--- --- ---

cosinus 28.02.2014 22:04

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


corvin 01.03.2014 07:11

Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6727362331a36f408e58bc15e110e5c6
# engine=17274
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-28 11:20:02
# local_time=2014-03-01 12:20:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 299686 231162330 0 0
# scanned=138508
# found=3
# cleaned=0
# scan_time=5807
sh=4FBAB0FB90B65E6DD12F14829E3F7DD5B7320C32 ft=0 fh=0000000000000000 vn="a variant of Win32/Kryptik.BCOI trojan" ac=I fn="C:\Users\kleine\AppData\Local\temp\33dZt0On.zip.part"
sh=DB5E4E4F64BAA359255F230C658BE286E266892A ft=1 fh=cc4c339215781df4 vn="multiple threats" ac=I fn="C:\Users\kleine\AppData\Local\temp\{C4A6AC3A-1572-4E11-AA1F-A4A836F46EF3}\setup.exe"
sh=B106EA2186F56D287332AFA76DE99EECD8508B6A ft=1 fh=a71de47f4b49be98 vn="a variant of Win32/Kryptik.BWAM trojan" ac=I fn="C:\Users\kleine\Downloads\Firefox_Setup.exe"

Malwarebytes Anti-Malware hat nix gefunden, aber ESET hat 3 Files gefunden.

cosinus 01.03.2014 12:53

Log von MBAM immer posten.

Zitat:

vn="a variant of Win32/Kryptik.BWAM trojan" ac=I fn="C:\Users\kleine\Downloads\Firefox_Setup.exe"
Aus welcher Quelle stammt dieses Firefox-Setup?

corvin 02.03.2014 20:52

Code:

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.28.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19499
kleine :: KLEINE-PC [administrator]

28.02.2014 22:10:00
mbar-log-2014-02-28 (22-10-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 243485
Time elapsed: 25 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

hxxp://www.google.de/aclk?sa=l&ai=CEdJ6j4sTU962HY2Q0wXF74HoCYmlktAE0Z6EjaMBxZqxewgAEAFQ4LChyv3_____AWCViraCxAegAdXxsuoDyAEBqgQiT9AAzA7oJjutyivYn8O0-EzGOoukX8IgYA7F_s9GX01knboFEwic2ZXiz_S8AhWELs0KHYtIAAPKBQCAB5OOzRWQBwM&ei=j4sTU9zVGoTdtAaLkYEY&sig=AOD64_00e9ceBNqOtxxBopdrPUNCeHKdVg&rct=j&q=mozilla+ firefox&sqi=2&ved=0CC4Q0Qw&adurl=hxxp://www.ez-download.com/forward.php%3Fkw%3Dmozilla%2520firefox%26subid%3DEZFFDE%26cust%3Dmozilla%2520firefox%26type%3Dfirefox&cad=rja

Ich habe bei Google "Mozilla Firefox" eingegeben und auf die Anzeige ganz oben geklickt.


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:52 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132