Smithwicks | 09.01.2015 23:49 | wie verhalte ich mich mit den beiden noch offenen Tools "Defogger" und Farbar Recovery Scan"? Ausserdem fordert die Deinstallation des 2. AV Programms einen Neustart. Spätestens damit würde ich die offenen Tools schließen. Habe keine weiteren Logs mehr gefunden. Combo liegt einsatzbereit auf dem Desktop Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 06.07.2014
Suchlauf-Zeit: 17:14:33
Logdatei: MBAM.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.07.06.06
Rootkit Datenbank: v2014.07.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: vladimir
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 322593
Verstrichene Zeit: 16 Min, 50 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert
Prozesse: 2
PUP.Optional.Yawtix.A, C:\Program Files (x86)\Yawtix\updateYawtix.exe, 2680, Löschen bei Neustart, [0846811b0378fc3a3d0a7918d62bb24e]
PUP.Optional.Conduit.A, C:\Users\vladimir\AppData\Local\Temp\~nsu.tmp\Au_.exe, 3812, Löschen bei Neustart, [6ce2f9a31d5eb77f77ebe8a0ed1437c9]
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 16
PUP.Optional.Yawtix.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Yawtix, In Quarantäne, [0846811b0378fc3a3d0a7918d62bb24e],
PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, In Quarantäne, [f559bddf93e848ee0c7bbcd6659c629e],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [6fdf76263744e74f84b47016ce347888],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [6fdf76263744e74f84b47016ce347888],
PUP.Optional.Yawtix.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{f9c8ce1b-66a0-4f45-af10-5f24ef19bc4e}, In Quarantäne, [c38bcad2b9c26ec8ee0ed67623df29d7],
PUP.Optional.Yawtix.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A3DF879E-2EB5-4891-B941-503826264D8C}, In Quarantäne, [c38bcad2b9c26ec8ee0ed67623df29d7],
PUP.Optional.Yawtix.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FE3B64BC-D655-4A40-8F62-91FF0E8860E2}, In Quarantäne, [c38bcad2b9c26ec8ee0ed67623df29d7],
PUP.Optional.Yawtix.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FE3B64BC-D655-4A40-8F62-91FF0E8860E2}, In Quarantäne, [c38bcad2b9c26ec8ee0ed67623df29d7],
PUP.Optional.Yawtix.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A3DF879E-2EB5-4891-B941-503826264D8C}, In Quarantäne, [c38bcad2b9c26ec8ee0ed67623df29d7],
PUP.Optional.Yawtix.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F9C8CE1B-66A0-4F45-AF10-5F24EF19BC4E}, In Quarantäne, [c38bcad2b9c26ec8ee0ed67623df29d7],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3746786549-4074655040-3157731495-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [2925b9e38cef59dd09cafa52b84ad729],
PUP.Optional.Yawtix.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Yawtix, In Quarantäne, [321c4656bebdd4628c27bff7fb077b85],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.Yawtix.A, HKLM\SOFTWARE\WOW6432NODE\Yawtix, In Quarantäne, [5fef0597a2d9290d02b2298d877b718f],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, In Quarantäne, [c787c2da8af1bb7b3105c9ecdb27de22],
PUP.Optional.Yawtix.A, HKU\S-1-5-21-3746786549-4074655040-3157731495-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Yawtix, In Quarantäne, [e8666b3135461026a70e5363b84a51af],
Registrierungswerte: 3
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll acaptuser64.dll, In Quarantäne, [9eb0f8a46b108ea86e6017f7ad571ae6]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll, In Quarantäne, [5cf2792358230432785669a5838136ca]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, In Quarantäne, [c787c2da8af1bb7b3105c9ecdb27de22]
Registrierungsdaten: 3
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll acaptuser64.dll, Gut: (), Schlecht: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll),Ersetzt,[f45a7b2103782d097a0d6929ac55e020]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll, Gut: (), Schlecht: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll),Ersetzt,[e46a75270774d1653e490e842cd5f20e]
PUP.Optional.Trovi.A, HKU\S-1-5-21-3746786549-4074655040-3157731495-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3319738&octid=EB_ORIGINAL_CTID&ISID=M959AFCBA-9FCB-4EF0-81A7-1063E4FC8691&SearchSource=55&CUI=&UM=6&UP=SP6C67F750-B5CE-4592-A6B5-BBDA32A5EA7E&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://www.trovi.com/?gd=&ctid=CT3319738&octid=EB_ORIGINAL_CTID&ISID=M959AFCBA-9FCB-4EF0-81A7-1063E4FC8691&SearchSource=55&CUI=&UM=6&UP=SP6C67F750-B5CE-4592-A6B5-BBDA32A5EA7E&SSPV=),Ersetzt,[bb93376589f279bd827aa5e4bd47946c]
Ordner: 29
PUP.Optional.Yawtix.A, C:\Program Files (x86)\Yawtix, Löschen bei Neustart, [321c4656bebdd4628c27bff7fb077b85],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, Löschen bei Neustart, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, Löschen bei Neustart, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, Löschen bei Neustart, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, Löschen bei Neustart, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Löschen bei Neustart, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, Löschen bei Neustart, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, Löschen bei Neustart, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.OpenCandy, C:\Users\vladimir\AppData\Roaming\OpenCandy, In Quarantäne, [2f1f4d4f1b6040f695a4d6c306fc9f61],
PUP.Optional.OpenCandy, C:\Users\vladimir\AppData\Roaming\OpenCandy\A6700865A248403097E53675859122FE, In Quarantäne, [2f1f4d4f1b6040f695a4d6c306fc9f61],
PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\SearchProtect, Löschen bei Neustart, [77d71c805c1f35010b19ad0233cff60a],
PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\SearchProtect\SearchProtect, Löschen bei Neustart, [77d71c805c1f35010b19ad0233cff60a],
PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\SearchProtect\SearchProtect\rep, In Quarantäne, [77d71c805c1f35010b19ad0233cff60a],
PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\SearchProtect\SearchProtect\STG, In Quarantäne, [77d71c805c1f35010b19ad0233cff60a],
PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\SearchProtect\UI, In Quarantäne, [77d71c805c1f35010b19ad0233cff60a],
PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\SearchProtect\UI\rep, In Quarantäne, [77d71c805c1f35010b19ad0233cff60a],
PUP.Optional.Extutil.A, C:\Users\vladimir\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, In Quarantäne, [aea05a42314af4420f783978cb37df21],
PUP.Optional.Managera.A, C:\Users\vladimir\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, In Quarantäne, [1e30277553281e185830d5dc0bf7ec14],
Dateien: 117
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll, Löschen bei Neustart, [a1adb6e64536b2845d2a6b2745bce719],
PUP.Optional.Yawtix.A, C:\Program Files (x86)\Yawtix\updateYawtix.exe, Löschen bei Neustart, [0846811b0378fc3a3d0a7918d62bb24e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Löschen bei Neustart, [f559bddf93e848ee0c7bbcd6659c629e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Löschen bei Neustart, [95b9118bf586c3730285a3ef05fc4eb2],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Löschen bei Neustart, [103e13892556072ff295eba7ca37ef11],
PUP.Optional.Conduit.A, C:\Users\vladimir\AppData\Local\Temp\~nsu.tmp\Au_.exe, Löschen bei Neustart, [6ce2f9a31d5eb77f77ebe8a0ed1437c9],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, In Quarantäne, [f45a7b2103782d097a0d6929ac55e020],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, In Quarantäne, [e46a75270774d1653e490e842cd5f20e],
PUP.Optional.Yawtix.A, C:\Program Files (x86)\Yawtix\YawtixBHO.dll, In Quarantäne, [c38bcad2b9c26ec8ee0ed67623df29d7],
PUP.Optional.Conduit.A, C:\Users\vladimir\AppData\Local\Temp\nsx191C.exe, In Quarantäne, [0747613bbbc07bbba6bcf7918a7747b9],
PUP.Optional.Conduit.A, C:\Users\vladimir\AppData\Local\Temp\nscAEDF.exe, In Quarantäne, [8dc17626d5a63bfb74ee533521e010f0],
PUP.Optional.Conduit.A, C:\Users\vladimir\AppData\Local\Temp\nsd145B.exe, In Quarantäne, [9cb29dff601bd75f243e295fa160ee12],
PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\Temp\nsh4F02.tmp, In Quarantäne, [ba9426767cff2a0c17705141e120aa56],
PUP.Optional.Conduit.A, C:\Users\vladimir\AppData\Local\Temp\nsnAA8B.exe, In Quarantäne, [044aa7f56a11b680115100888f727090],
PUP.Optional.Conduit.A, C:\Users\vladimir\AppData\Local\Temp\nsnB2C7.exe, In Quarantäne, [6de127756b107cbabba7c6c2e71aca36],
PUP.Optional.Conduit.A, C:\Users\vladimir\AppData\Local\Temp\nss1D90.exe, In Quarantäne, [3f0fccd08deead899ac8068212ef46ba],
PUP.Optional.Downloader, C:\Users\vladimir\Downloads\Setup.exe, In Quarantäne, [65e98a12d9a226102e5c1f6ae0245ea2],
PUP.Optional.YourFileDownloader, C:\Users\vladimir\Downloads\chicago-bulls_downloader.exe, In Quarantäne, [ada1dcc089f2280e081ace50fb0527d9],
PUP.Optional.Yawtix.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\2mkc92m4.Freezers-Hockey\extensions\{16d667ee-6782-4b21-81df-8ded8ebc3868}.xpi, In Quarantäne, [d17db6e6f78476c0d7ce12a10bf7e31d],
PUP.Optional.Yawtix.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\lz9ywgr4.test\extensions\{16d667ee-6782-4b21-81df-8ded8ebc3868}.xpi, In Quarantäne, [fb5388146e0dbd79594cc9ea6a986898],
PUP.Optional.Yawtix.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\xo1ykkqx.KoC-Gast\extensions\{16d667ee-6782-4b21-81df-8ded8ebc3868}.xpi, In Quarantäne, [59f52a729fdc4aec00a51c9707fbac54],
PUP.Optional.Yawtix.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\zaf37rbp.Normales surfen\extensions\{16d667ee-6782-4b21-81df-8ded8ebc3868}.xpi, In Quarantäne, [a3abd7c5116ae0561b8aad06f50d2bd5],
PUP.Optional.Yawtix.A, C:\Program Files (x86)\Yawtix\Yawtix.ico, In Quarantäne, [321c4656bebdd4628c27bff7fb077b85],
PUP.Optional.Yawtix.A, C:\Program Files (x86)\Yawtix\0, In Quarantäne, [321c4656bebdd4628c27bff7fb077b85],
PUP.Optional.Yawtix.A, C:\Program Files (x86)\Yawtix\7za.exe, In Quarantäne, [321c4656bebdd4628c27bff7fb077b85],
PUP.Optional.Yawtix.A, C:\Program Files (x86)\Yawtix\updateYawtix.InstallState, In Quarantäne, [321c4656bebdd4628c27bff7fb077b85],
PUP.Optional.Yawtix.A, C:\Program Files (x86)\Yawtix\YawtixUninstall.exe, In Quarantäne, [321c4656bebdd4628c27bff7fb077b85],
PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\2mkc92m4.Freezers-Hockey\searchplugins\trovi-search.xml, In Quarantäne, [0549bddfdf9c92a49d1d318f56ac1ee2],
PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\lz9ywgr4.test\searchplugins\trovi-search.xml, In Quarantäne, [d17dfca0bdbe82b4625818a80002ca36],
PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\zaf37rbp.Normales surfen\searchplugins\trovi-search.xml, In Quarantäne, [331b8b117506a492ac0edee2659db34d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, In Quarantäne, [88c61a82611a61d5cf7538c19d66768a],
PUP.Optional.OpenCandy, C:\Users\vladimir\AppData\Roaming\OpenCandy\A6700865A248403097E53675859122FE\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe, In Quarantäne, [2f1f4d4f1b6040f695a4d6c306fc9f61],
PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, In Quarantäne, [77d71c805c1f35010b19ad0233cff60a],
PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, In Quarantäne, [77d71c805c1f35010b19ad0233cff60a],
PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, In Quarantäne, [77d71c805c1f35010b19ad0233cff60a],
PUP.Optional.SearchProtect.A, C:\Users\vladimir\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, In Quarantäne, [77d71c805c1f35010b19ad0233cff60a],
PUP.Optional.Extutil.A, C:\Users\vladimir\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, In Quarantäne, [aea05a42314af4420f783978cb37df21],
PUP.Optional.Extutil.A, C:\Users\vladimir\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, In Quarantäne, [aea05a42314af4420f783978cb37df21],
PUP.Optional.Extutil.A, C:\Users\vladimir\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, In Quarantäne, [aea05a42314af4420f783978cb37df21],
PUP.Optional.Managera.A, C:\Users\vladimir\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, In Quarantäne, [1e30277553281e185830d5dc0bf7ec14],
PUP.Optional.Managera.A, C:\Users\vladimir\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, In Quarantäne, [1e30277553281e185830d5dc0bf7ec14],
PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://www.trovi.com/?gd=&ctid=CT3319738&octid=EB_ORIGINAL_CTID&ISID=M959AFCBA-9FCB-4EF0-81A7-1063E4FC8691&SearchSource=55&CUI=&UM=6&UP=SP6C67F750-B5CE-4592-A6B5-BBDA32A5EA7E&SSPV=" ],), Ersetzt,[d47a39630d6e5dd95ba2833f2dd747b9]
PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://www.trovi.com/?gd=&ctid=CT3319738&octid=EB_ORIGINAL_CTID&ISID=M959AFCBA-9FCB-4EF0-81A7-1063E4FC8691&SearchSource=55&CUI=&UM=6&UP=SP6C67F750-B5CE-4592-A6B5-BBDA32A5EA7E&SSPV=",), Ersetzt,[84ca8f0db8c3b68037c7ebd701034ab6]
PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\2mkc92m4.Freezers-Hockey\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3319738&octid=EB_ORIGINAL_CTID&ISID=M959AFCBA-9FCB-4EF0-81A7-1063E4FC8691&SearchSource=55&CUI=&UM=6&UP=SP6C67F750-B5CE-4592-A6B5-BBDA32A5EA7E&SSPV=");), Ersetzt,[60ee2f6d453602345c9e5171aa5a6c94]
PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\2mkc92m4.Freezers-Hockey\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3319738&octid=EB_ORIGINAL_CTID&ISID=M959AFCBA-9FCB-4EF0-81A7-1063E4FC8691&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP6C67F750-B5CE-4592-A6B5-BBDA32A5EA7E");), Ersetzt,[54fa3d5f5427f54110ebfac8ad57867a]
PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\lz9ywgr4.test\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3319738&octid=EB_ORIGINAL_CTID&ISID=M959AFCBA-9FCB-4EF0-81A7-1063E4FC8691&SearchSource=55&CUI=&UM=6&UP=SP6C67F750-B5CE-4592-A6B5-BBDA32A5EA7E&SSPV=");), Ersetzt,[ef5f217b6c0f9f97b5452c960004a45c]
PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\lz9ywgr4.test\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3319738&octid=EB_ORIGINAL_CTID&ISID=M959AFCBA-9FCB-4EF0-81A7-1063E4FC8691&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP6C67F750-B5CE-4592-A6B5-BBDA32A5EA7E");), Ersetzt,[55f9f9a3ea91e056c2396a58768ecb35]
PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\zaf37rbp.Normales surfen\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3319738&octid=EB_ORIGINAL_CTID&ISID=M959AFCBA-9FCB-4EF0-81A7-1063E4FC8691&SearchSource=55&CUI=&UM=6&UP=SP6C67F750-B5CE-4592-A6B5-BBDA32A5EA7E&SSPV=");), Ersetzt,[d17dd4c8a6d54de99d5d81415ea69a66]
PUP.Optional.Trovi.A, C:\Users\vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\zaf37rbp.Normales surfen\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3319738&octid=EB_ORIGINAL_CTID&ISID=M959AFCBA-9FCB-4EF0-81A7-1063E4FC8691&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP6C67F750-B5CE-4592-A6B5-BBDA32A5EA7E");), Ersetzt,[aea00597582339fd3fbcbb07c34140c0]
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end) ESET Online Scan: Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c2209fd709ec4a4d97afe3b23afcc3a3
# engine=21833
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-06 02:58:07
# local_time=2015-01-06 03:58:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 9323056 148883135 0 0
# scanned=1109693
# found=50
# cleaned=50
# scan_time=28758
sh=0D8668CF0AC7D53CC5D1CBDB97405E0FC0FE42EC ft=1 fh=9827c864fb8b5371 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\4Videosoft Studio\f88a9246-a7a8-4fda-91b9-2086fae4a60b.dll"
sh=4A56F8FC54F18AAD96FCFD0AD972612D7B54A924 ft=1 fh=64584fffcd3c0785 vn="Variante von Win32/HackTool.Patcher.T potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Enigma Software Group\SpyHunter\spyhunter.4.3.32-patch.exe"
sh=1087416D30709C840DDF8C26B9B7E93A4F9A424A ft=1 fh=263cb55aa8367f0b vn="Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\SIW\siw.exe"
sh=8D0CA7D4410DEC090002F184F0F37586926E18FD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\31iroxfs.Speedtest\extensions\LPESNIOB27154074@RO39491085.com\extensionData\plugins\91.js"
sh=8D0CA7D4410DEC090002F184F0F37586926E18FD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\3dfpzqfo.Olli 433\extensions\LPESNIOB27154074@RO39491085.com\extensionData\plugins\91.js"
sh=8D0CA7D4410DEC090002F184F0F37586926E18FD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\42cr2389.Dani 434\extensions\LPESNIOB27154074@RO39491085.com\extensionData\plugins\91.js"
sh=8D0CA7D4410DEC090002F184F0F37586926E18FD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\fshxio2m.default\extensions\LPESNIOB27154074@RO39491085.com\extensionData\plugins\91.js"
sh=8D0CA7D4410DEC090002F184F0F37586926E18FD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\AppData\Roaming\CometNetwork\CometBird\Profiles\g4xjmmxw.Dani_380\extensions\LPESNIOB27154074@RO39491085.com\extensionData\plugins\91.js"
sh=47BD9CDB767DA544BA171051BB73892FE2DB863F ft=1 fh=538dead66d099a83 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Desktop\Downloads\Programme_Tools\BestVideoDownloaderSetup-TurboUpgrade.exe"
sh=48245FC9CFC465D189A01D5B484DCCA90EF2E627 ft=1 fh=de809c6439ab0a84 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Desktop\Downloads\Programme_Tools\FreeVideoConverterSetup.exe"
sh=A966BECF5434882FDB88FA06282641190C879C59 ft=1 fh=04b73292b1313cd3 vn="Variante von Win32/InstallCore.AE evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Desktop\Downloads\Programme_Tools\fvdsuite_installer.exe"
sh=D0CABAD570CAC11CBB32F46F316546BAAC72759E ft=1 fh=5d292ef713413fd0 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Desktop\Downloads\Programme_Tools\GoogleChromeExtensionUpdate_m3.exe"
sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Desktop\Downloads\Programme_Tools\MyPhoneExplorer_Setup_1.8.5.exe"
sh=3094664D1394F9FB6ACC4749637602F05C91E58D ft=1 fh=cc8b4d4c983f3ca7 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Desktop\Downloads\Programme_Tools\rcsetup142.exe"
sh=E869B1A048B436BF8BDFEB87B8EF405D384316E4 ft=1 fh=4e02d0934a11c13f vn="Win32/RegistryBooster evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Desktop\Downloads\Programme_Tools\registrybooster.exe"
sh=BE6DF413F8E7D87A7B5DAD15FDDED148EDAB56D0 ft=1 fh=8326362d6880baa8 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Desktop\Downloads\Programme_Tools\Setup74_FreeFlvConverter.exe"
sh=6E45431B698CDB7BE8F1A41266BE7B327F33AD38 ft=1 fh=e5f91a3476785862 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Desktop\Downloads\Programme_Tools\Unlocker1.9.1.exe"
sh=F761F86A7DE48EDABC57FCBCF500972CCEC3C48E ft=1 fh=f05a3bf8bb8d516b vn="Win32/InstallCore.BN evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Desktop\Downloads\Programme_Tools\ZipExtractorSetup.exe"
sh=792F41E8858D51522C5B5E992B5DDFFA44105365 ft=1 fh=1a4265f23e541de8 vn="NSIS/TrojanDownloader.Adload.AA Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Downloads\FLVPlayer-Chrome.exe"
sh=5F7557FFE04DA0EB3E76A43659D26EF929DFCC7D ft=1 fh=ab7114e96761e2d9 vn="Variante von Win32/OpenCandy.C potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Downloads\FreeWebMVideoConverter.exe"
sh=5CA96A0C243390C378DEE1A629684EA261E2CFC4 ft=1 fh=a717dcd23690f0a7 vn="Win32/OpenCandy potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\vladimir\Downloads\SetupImgBurn_2.5.8.0.exe"
sh=444ACE7F01A9F49099781EDD53DCA8371792FE5A ft=1 fh=5cde73de24e6a811 vn="Variante von Win32/Keygen.AG potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Audio - Programme\Winamp\(ES) DFX 8\install\Windows Media Player\keygen\Key.exe"
sh=E66527D85670538085DAE0F8268C9E5645056E72 ft=1 fh=706f18e18602624f vn="Variante von Win32/HackTool.Patcher.M potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\DVD Programme\MPack Pro\Da_Ordxpack.exe"
sh=A5B573D5DDEEA1126F249AFBBA6952CAC6A6F850 ft=1 fh=4e391c6c3160de37 vn="Win32/ServU-Daemon potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Serv-U\ServUDaemon.exe"
sh=4C3F2BF29E630206875862BF0F5BA1B7BCFDA82F ft=1 fh=ec4b64b5f23bcdb8 vn="Variante von Win32/ServU-Daemon.AA potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Serv-U\ServUTray.exe"
sh=A5B573D5DDEEA1126F249AFBBA6952CAC6A6F850 ft=1 fh=4e391c6c3160de37 vn="Win32/ServU-Daemon potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Tools\Serv-U\ServUDaemon.exe"
sh=6DF695F364CF5FCDB9C4626D6CD9E9526AA87315 ft=1 fh=80891607c44a62cf vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\-= Backup Holger Stoll =-\System-Benutzer-User\Desktop\FreeYouTubeToMp3Converter_3.9.32.exe"
sh=80B8FE30BD8F15B63904E68C17C98155B59F906D ft=1 fh=0047b5debc58dc39 vn="Variante von Win32/HackTool.Patcher.AK potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\-= Navigation =-\9.) Seekarten\MAPTECH CHART NAVIGATOR PRO v1.1.61\Crack\Crack.exe"
sh=80B8FE30BD8F15B63904E68C17C98155B59F906D ft=1 fh=0047b5debc58dc39 vn="Variante von Win32/HackTool.Patcher.AK potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\-= Navigation =-\Navi\MapTech\Maptech CNP 1.1\MAPTECH CHART NAVIGATOR PRO v1.1.61\Crack\Crack.exe"
sh=80B8FE30BD8F15B63904E68C17C98155B59F906D ft=1 fh=0047b5debc58dc39 vn="Variante von Win32/HackTool.Patcher.AK potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\-= Navigation =-\Navi\Maptech_CNP_1.1.61\MAPTECH CHART NAVIGATOR PRO v1.1.61\Crack\Crack.exe"
sh=9DEF9E2A2B1C74C704A82B5413D7CEA69C57EF4F ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\-= Software =-\ADOBE\PHOTOSHOP CS4 Ex\Crack\disable_activation.cmd"
sh=5E6A03871B397414C36AF1E1359FE014C7761B74 ft=1 fh=ee8c5e224a6823f5 vn="Variante von Win32/Bundled.Toolbar.Ask.A potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\-= Software =-\nero\NeroBootDisc\ISSETU~0\{BF80A~0\TOOLBAR.EXE"
sh=604CA435CEE366D37545A567237F7C5DBF394274 ft=1 fh=208c1d4f591f86a1 vn="Variante von Win32/Bundled.Toolbar.Ask.A potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Ablage\cpuz_151_setup.exe"
sh=96EC91C7D21CC56C29A23A2D2D252CDD33545491 ft=1 fh=da2ab002893d059c vn="Variante von Win32/Keygen.CY potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Ablage\aaa-Programme für Neuinstallation\Nero\Ahead.Nero.Digital.Pro.v3.1.0.14a.Incl.Keygen-ORiON\Keygen.exe"
sh=F478383D986D3153AC439B95F3DB9371207F4377 ft=1 fh=cbebd7942d3eaaa1 vn="Variante von Win32/HackTool.Patcher.BM potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Audio Tools\dBPower\DB Power amp\crack.exe"
sh=A2E8C51C4345BA061242E47E3E3333F6F304A3E6 ft=1 fh=4aa9a8a6ae73b203 vn="Variante von Win32/Keygen.AG potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Audio Tools\MediaMonkey.Gold.v3.0.3.1183.Multilingual.Incl.Keymaker-CORE\keygen.exe"
sh=444ACE7F01A9F49099781EDD53DCA8371792FE5A ft=1 fh=5cde73de24e6a811 vn="Variante von Win32/Keygen.AG potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Audio Tools\MP3 Splitter & Joiner\Winamp\(ES) DFX 8\install\Windows Media Player\keygen\Key.exe"
sh=ED02463AF022163002623B3F95BE83F47853274A ft=1 fh=66926e8d5c5885c1 vn="Win32/Adware.WildTangent Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Audio Tools\Winamp\WinAmp Plug-Ins\A_Knights_Tale_Visualization.exe"
sh=1E96517A1E5B31A5F03A2EC27F8916035C70C054 ft=1 fh=0a066ab553cde119 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Brenner Programme\Alcohol.120.v1.9.2.1705\Alcohol120_trial_1.9.7.6221.exe"
sh=E4B1FE456AB878B48E677A9E190928BDA1A27D4A ft=1 fh=253d93edf396518c vn="Variante von Win32/HackTool.Loader.B potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Brenner Programme\Alcohol.120.v1.9.2.1705\Alcohol120\KeyMaker.exe"
sh=D32B92ABCEC651ABE6B27997A67674DC994609E4 ft=1 fh=04eb9f1f842db58d vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Brenner Programme\Nero\Nero-8.3.6.0_deu_update.exe"
sh=CE4FA6F89A158AE6D5EE67EC5DE1998E49C91223 ft=1 fh=a094c59bf7ca9b4f vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Brenner Programme\Nero\Nero 7\Nero 7850\Nero-7.8.5.0_deu.exe"
sh=EEA83DB49F52CDCC3BDB69A3E3FDF2FD91419233 ft=1 fh=f78ee07fd38aa416 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Brenner Programme\Nero\Nero.8.3.2.1 Ultra Edition Deutsch ohne Patent Activation inkl. New Keygen\Nero 8.3.2.1.exe"
sh=A86CAD71BE419BE6DCE4ACC988799CB5CC4FED4E ft=1 fh=f1121aa5bc1a1350 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Brenner Programme\Nero\Nero.8.3.2.1 Ultra Edition Deutsch ohne Patent Activation inkl. New Keygen\Nero-8.3.2.1b_deu_update.exe"
sh=96EC91C7D21CC56C29A23A2D2D252CDD33545491 ft=1 fh=da2ab002893d059c vn="Variante von Win32/Keygen.CY potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Brenner Programme\Nero\Plugins\Ahead.Nero.Digital.Pro.v3.1.0.14a.Incl.Keygen-ORiON\Keygen.exe"
sh=A75A0A7AAA7E4C44BB18D822485AD75B5D1DFF69 ft=1 fh=8c8e97dc8939dc40 vn="Variante von Win32/HackTool.Patcher.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\DVD Programme\Cyberlink.PowerDVD.v8.Beta.1422-ENGiNE\ENGiNE\PowerDVD 8 beta_Crk.exe"
sh=6B45359FE88026CEACDB0DDCD98C70C504A8B92F ft=1 fh=91223acf566744e4 vn="Variante von Win32/Tool.TPE.A potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\DVD Programme\TMPGEnc\TMPGEnc DVD Author 1.6\Patch.exe"
sh=6B45359FE88026CEACDB0DDCD98C70C504A8B92F ft=1 fh=91223acf566744e4 vn="Variante von Win32/Tool.TPE.A potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\DVD Programme\TMPGEnc\TMPGEnc DVD Author 1.6 (1.6.0026)\Patch.exe"
sh=D97D7EE5B61EC9867553E2B05763CA913E2743AA ft=1 fh=5775ef809417d0a2 vn="Win32/ServU-Daemon potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Internet Tools\Serv-U.FTP.Server.v6.0.0.2.Corporate.Edition.WinALL.CRACKED-MiNT\ServUSetup.exe"
sh=5DB6099B607E987CD0BDF2744AD710407EAE70E8 ft=1 fh=936c2bf1344bfc6a vn="Variante von Generik.JKRAEFR Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="F:\System-Tools\Datenrettung\GetDataBack\GetDataBack NTFS\Keygen.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c2209fd709ec4a4d97afe3b23afcc3a3
# engine=21872
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-08 09:01:45
# local_time=2015-01-08 10:01:45 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 9517674 149077753 0 0
# scanned=190448
# found=0
# cleaned=0
# scan_time=4864 Code:
ComboFix 15-01-08.01 - vladimir 09.01.2015 23:00:20.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4094.1878 [GMT 1:00]
ausgeführt von:: c:\users\vladimir\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal Firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\adaware-installer-reboot-required.tmp
c:\users\vladimir\AppData\Roaming\vladimirlog.dat
c:\windows\SysWow64\SET871A.tmp
c:\windows\SysWow64\SETA182.tmp
c:\windows\SysWow64\SETC4B2.tmp
L:\autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-12-09 bis 2015-01-09 ))))))))))))))))))))))))))))))
.
.
2015-01-09 22:13 . 2015-01-09 22:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-09 17:34 . 2015-01-09 17:45 -------- d-----w- C:\FRST
2015-01-09 05:06 . 2015-01-09 05:06 -------- d-----w- c:\users\vladimir\AppData\Local\CrashDumps
2015-01-08 23:04 . 2015-01-08 23:04 -------- d-----w- c:\program files\Windows Imaging
2015-01-08 23:04 . 2015-01-08 23:04 -------- d-----w- c:\program files\Windows AIK
2015-01-08 22:01 . 2015-01-08 22:01 -------- d-----w- c:\users\vladimir\AppData\Local\TeamViewer
2015-01-08 22:00 . 2015-01-08 22:00 -------- d-----w- c:\users\vladimir\AppData\Local\ESET
2015-01-08 21:57 . 2015-01-08 21:57 -------- d-----w- c:\program files\ESET
2015-01-08 21:45 . 2015-01-09 05:51 -------- d-----w- c:\windows\system32\log
2015-01-08 18:14 . 2015-01-08 18:44 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-01-08 18:02 . 2015-01-08 18:03 -------- d-----w- c:\users\Familie Jost
2015-01-08 15:50 . 2015-01-08 16:07 43664 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2015-01-08 15:49 . 2015-01-08 16:04 -------- d-----w- c:\programdata\HitmanPro
2015-01-07 16:24 . 2015-01-08 04:46 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-07 16:24 . 2015-01-07 16:24 -------- d-----w- c:\programdata\RogueKiller
2015-01-07 05:43 . 2015-01-09 05:55 -------- d-----w- c:\users\vladimir\AppData\Local\Google
2015-01-06 21:44 . 2015-01-06 21:52 -------- d-----w- c:\program files (x86)\SRWare Iron
2015-01-06 19:39 . 2015-01-09 05:55 -------- d-----w- c:\program files (x86)\Google
2015-01-06 00:24 . 2015-01-06 00:24 -------- d-----w- c:\program files (x86)\ESET
2015-01-05 23:56 . 2015-01-05 23:56 -------- d-----w- c:\users\vladimir\AppData\Roaming\DropboxMaster
2015-01-05 22:25 . 2015-01-05 22:25 -------- d-----w- c:\windows\ERUNT
2015-01-05 22:15 . 2015-01-05 22:15 -------- d-sh--w- c:\users\vladimir\AppData\Local\EmieBrowserModeList
2015-01-05 22:03 . 2015-01-09 05:51 -------- d-----w- C:\AdwCleaner
2015-01-05 20:24 . 2015-01-05 20:24 -------- d-----w- c:\users\vladimir\AppData\Local\Lavasoft
2015-01-05 20:24 . 2014-12-16 11:10 358736 ----a-w- c:\windows\system32\LavasoftTcpService64.dll
2015-01-05 20:24 . 2014-12-16 11:10 312424 ----a-w- c:\windows\SysWow64\LavasoftTcpService.dll
2015-01-05 20:23 . 2015-01-05 20:23 -------- d-----w- c:\program files (x86)\Lavasoft
2015-01-05 20:21 . 2015-01-09 18:51 -------- d-----w- c:\users\vladimir\AppData\Roaming\Lavasoft
2015-01-05 20:20 . 2015-01-09 18:51 -------- d-----w- c:\programdata\Lavasoft
2015-01-05 20:16 . 2015-01-05 20:16 -------- d-----w- c:\program files (x86)\Enigma Software Group
2015-01-05 20:14 . 2015-01-05 22:15 -------- d-----w- c:\windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2015-01-05 01:20 . 2015-01-05 01:20 -------- d-----w- c:\users\vladimir\AppData\Roaming\22543
2015-01-04 20:42 . 2015-01-04 20:42 2351 ----a-w- c:\windows\patsearch.bin
2015-01-04 19:15 . 2015-01-06 20:31 -------- d-----w- c:\programdata\Elaborate Bytes
2015-01-04 19:15 . 2015-01-06 20:30 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2015-01-04 19:15 . 2015-01-04 19:15 -------- d-----w- c:\programdata\SlySoft
2015-01-04 19:15 . 2015-01-06 20:31 -------- d-----w- c:\program files (x86)\SlySoft
2015-01-04 19:07 . 2015-01-04 19:07 -------- d--h--w- c:\programdata\vid
2015-01-04 19:07 . 2015-01-04 19:07 -------- d--h--w- c:\programdata\tks
2015-01-04 19:06 . 2015-01-04 19:19 -------- d-----w- c:\users\vladimir\AppData\Roaming\log
2015-01-01 20:36 . 2015-01-04 21:59 -------- d-----w- c:\users\vladimir\AppData\Roaming\.ACEStream
2015-01-01 20:35 . 2015-01-04 21:59 -------- d-----w- c:\users\vladimir\AppData\Roaming\ACEStream
2014-12-26 11:25 . 2014-12-27 18:37 -------- d-----w- c:\program files\Recuva
2014-12-26 10:49 . 2014-12-26 10:49 -------- d-----w- c:\users\vladimir\AppData\Roaming\asoftech
2014-12-26 10:49 . 2014-12-26 10:49 -------- d-----w- c:\program files (x86)\Asoftech
2014-12-26 10:26 . 1998-06-17 23:00 89360 ----a-w- c:\windows\SysWow64\VB5DB.DLL
2014-12-23 22:12 . 2014-12-13 00:47 620176 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-12-18 00:27 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-18 00:27 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-16 20:01 . 2014-12-13 00:12 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-12-16 20:01 . 2014-12-13 00:12 2210040 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-12-16 20:01 . 2014-12-13 00:12 1291464 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-12-16 20:01 . 2014-12-13 00:12 2824504 ----a-w- c:\windows\system32\nvspcap64.dll
2014-12-16 19:59 . 2014-11-22 10:46 38032 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-12-16 19:59 . 2014-11-22 10:46 32400 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-12-13 16:30 . 2014-12-18 20:31 -------- d-----w- c:\users\vladimir\AppData\Local\Spotify
2014-12-13 16:29 . 2014-12-18 22:35 -------- d-----w- c:\users\vladimir\AppData\Roaming\Spotify
2014-12-11 02:02 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-11 02:02 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-11 00:35 . 2014-11-22 02:22 772608 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-09 20:04 . 2014-06-20 20:42 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-06 20:11 . 2013-09-16 15:32 99384 ----a-w- c:\users\vladimir\AppData\Roaming\inst.exe
2015-01-06 20:11 . 2013-09-16 15:32 82816 ----a-w- c:\users\vladimir\AppData\Roaming\pcouffin.sys
2014-12-31 11:14 . 2013-04-29 22:06 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 10:08 . 2014-11-10 20:31 2897824 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-12-13 10:08 . 2014-11-05 18:53 16040184 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-12-13 10:08 . 2013-08-21 20:17 14128496 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-12-13 10:08 . 2013-04-29 22:28 74056 ----a-w- c:\windows\system32\OpenCL.dll
2014-12-13 10:08 . 2013-04-29 22:28 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-12-13 10:08 . 2013-04-29 22:28 3293136 ----a-w- c:\windows\system32\nvapi64.dll
2014-12-13 10:08 . 2013-04-29 22:28 18594432 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-12-13 08:03 . 2013-04-29 22:29 6859408 ----a-w- c:\windows\system32\nvcpl.dll
2014-12-13 08:03 . 2013-04-29 22:29 3513488 ----a-w- c:\windows\system32\nvsvc64.dll
2014-12-13 08:03 . 2013-04-29 22:29 935240 ----a-w- c:\windows\system32\nvvsvc.exe
2014-12-13 08:03 . 2013-04-29 22:29 62608 ----a-w- c:\windows\system32\nvshext.dll
2014-12-13 08:03 . 2013-04-29 22:29 386368 ----a-w- c:\windows\system32\nvmctray.dll
2014-12-13 08:03 . 2013-04-29 22:29 2558608 ----a-w- c:\windows\system32\nvsvcr.dll
2014-12-12 23:11 . 2013-04-29 22:29 4151176 ----a-w- c:\windows\system32\nvcoproc.bin
2014-12-11 02:03 . 2013-04-30 04:49 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-12-10 10:20 . 2014-05-14 09:27 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 10:20 . 2014-05-14 09:27 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-24 18:53 . 2013-10-16 05:15 426872 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2014-11-22 10:46 . 2014-10-06 22:01 35472 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-11-21 06:08 . 2014-06-20 20:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 06:07 . 2014-06-20 20:41 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 06:07 . 2014-02-19 08:07 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-13 00:20 . 2014-11-18 19:13 1540424 ----a-w- c:\windows\system32\nvdispgenco6434475.dll
2014-11-13 00:20 . 2014-11-18 19:13 1876296 ----a-w- c:\windows\system32\nvdispco6434475.dll
2014-11-13 00:20 . 2013-04-29 22:28 3262784 ----a-w- c:\windows\system32\SET5BC6.tmp
2014-11-13 00:20 . 2013-04-29 22:28 20986592 ----a-w- c:\windows\system32\SET8255.tmp
2014-11-11 03:08 . 2014-11-18 22:01 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-18 22:01 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-18 22:01 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-18 22:01 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-04 09:35 . 2013-05-02 14:27 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-11-04 00:04 . 2014-11-10 20:31 1876296 ----a-w- c:\windows\system32\nvdispco6434465.dll
2014-11-04 00:04 . 2014-11-10 20:31 1539272 ----a-w- c:\windows\system32\nvdispgenco6434465.dll
2014-10-30 17:51 . 2014-10-30 17:51 93022 ----a-w- c:\windows\system32\cc_20141030_185104.reg
2014-10-30 04:53 . 2014-11-05 18:53 1876296 ----a-w- c:\windows\system32\nvdispco6434460.dll
2014-10-30 04:53 . 2014-11-05 18:53 1539272 ----a-w- c:\windows\system32\nvdispgenco6434460.dll
2014-10-25 01:57 . 2014-11-11 23:02 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-11 23:02 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-20 08:29 . 2014-10-20 08:30 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-18 02:05 . 2014-11-11 23:02 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-11 23:02 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-16 16:54 . 2014-10-23 13:23 1876296 ----a-w- c:\windows\system32\nvdispco6434448.dll
2014-10-16 16:54 . 2014-10-23 13:23 1539272 ----a-w- c:\windows\system32\nvdispgenco6434448.dll
2014-10-14 02:16 . 2014-11-11 23:03 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-11 23:03 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-11 23:02 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-11 23:03 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-11 23:03 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-11 23:03 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-11 23:03 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-11 23:02 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-11 23:03 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-11 23:03 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-11 23:03 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2009-09-27 07:39 415744 --sh--w- c:\windows\SysWOW64\avisynth.dll
2005-07-14 10:31 32256 --sh--w- c:\windows\SysWOW64\AVSredirect.dll
2004-02-22 08:11 764416 --sh--w- c:\windows\SysWOW64\devil.dll
2004-01-24 22:00 70656 --sh--w- c:\windows\SysWOW64\i420vfw.dll
2004-01-24 22:00 70656 --sh--w- c:\windows\SysWOW64\yv12vfw.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 00:41 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 00:41 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 00:41 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44 131248 ----a-w- c:\users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44 131248 ----a-w- c:\users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44 131248 ----a-w- c:\users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lightshot"="c:\program files (x86)\Skillbrains\lightshot\Lightshot.exe" [2014-11-18 226560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LavasoftTcpService;LavasoftTcpService;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\RpcAgentSrv.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE;c:\program files\FRITZ!DSL\IGDCTRL.EXE [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 SearchProtectionService;IE Search Set;c:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe;c:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [x]
S2 StarMoney 9.0 OnlineUpdate;StarMoney 9.0 OnlineUpdate;d:\starmoney\ouservice\StarMoneyOnlineUpdate.exe;d:\starmoney\ouservice\StarMoneyOnlineUpdate.exe [x]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
S4 gzflt;gzflt;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - NVSTREAMKMS
*Deregistered* - webinstrNHK
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14 10:20]
.
2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06 19:39]
.
2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06 19:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 08:07 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 08:07 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 08:07 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44 164016 ----a-w- c:\users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44 164016 ----a-w- c:\users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44 164016 ----a-w- c:\users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44 164016 ----a-w- c:\users\vladimir\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-10-01 5595336]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
IE: Add to AMV/AVI Video Converter... - c:\program files (x86)\Philips Media Convertor v1.2\AMVConverter\grab.html
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\vladimir\AppData\Local\Temp\ie_script.htm
TCP: DhcpNameServer = 192.168.178.1
.
.
------- Dateityp-Verknüpfung -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} - (no file)
AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-09 23:17:14
ComboFix-quarantined-files.txt 2015-01-09 22:17
.
Vor Suchlauf: 16 Verzeichnis(se), 330.432.282.624 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 329.576.243.200 Bytes frei
.
- - End Of File - - 0C9E98905FD6550598080BC8E0D543A8
A36C5E4F47E84449FF07ED3517B43A31 |