Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Malware eingefangen - zig Werbepopups & zusätzliche Fenster öffnen sich - ADS Power by Name (https://www.trojaner-board.de/166079-malware-eingefangen-zig-werbepopups-zusaetzliche-fenster-oeffnen-ads-power-by-name.html)

cosinus 15.04.2015 22:05
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


InGo69 16.04.2015 16:42
Also....auch dieses Mal hat sich Malwarebytes wieder aufgehangen. Ich glaube mittlerweile 10x!? Ich kann das Programm dann noch nicht einmal über den Task-Manager mehr beenden und muss den Rechner abwürgen sozusagen und komplett neu starten.

Lasse jetzt aber mal ESET laufen.....

cosinus 16.04.2015 22:24
Virenscanner vorher mal deaktiviert?

InGo69 19.04.2015 12:23
Firewall & AV sind deaktiviert gewesen ... auch ESET ist nicht durchgelaufen :-(

cosinus 19.04.2015 13:12
Spybot und AVG bitte mal vorher deinstallieren und dann nochmal probieren. Gerade AVG kann mal nerven...

InGo69 20.04.2015 09:32
Beides deinstalliert.....trotzdem hat sich. MWB wieder aufgegangen.

cosinus 20.04.2015 09:41
Wasnda los :wtf:

Bitte mal ein Log mit CF

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

InGo69 20.04.2015 15:01
Das frage ich mich auch ... habe noch nie solch´ein Problem mit meinem Rechner gehabt.

Hier nun das neue Logfile:

Code:
Combofix Logfile:

       
Code:

       
ComboFix 15-04-19.01 - xxx 20.04.2015  15:19:49.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.6142.4113 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\sponsoring\ebay.ico
c:\program files (x86)\xp-AntiSpy\sponsoring\ebay_desktop.ico
c:\program files (x86)\xp-AntiSpy\sponsoring\ebay_hover.ico
c:\program files (x86)\xp-AntiSpy\sponsoring\sponsor.html
c:\program files (x86)\xp-AntiSpy\sponsoring\sponsor.url
c:\users\xxx\AppData\Roaming\Civima
c:\usersxxx\AppData\Roaming\Civima\ytfyul.bey
c:\users\xxx\AppData\Roaming\Local
c:\users\xxx\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\xxx\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\xxx\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\xxx\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
c:\windows\IsUn0407.exe
c:\windows\SysWow64\tmp46CF.tmp
c:\windows\SysWow64\tmpCF01.tmp
c:\windows\WINDOWS
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-03-20 bis 2015-04-20  ))))))))))))))))))))))))))))))
.
.
2015-04-20 13:31 . 2015-04-20 13:31        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2015-04-20 13:31 . 2015-04-20 13:31        --------        d-----w-        c:\users\multiskype\AppData\Local\temp
2015-04-20 13:31 . 2015-04-20 13:31        --------        d-----w-        c:\users\multiskype.xxx\AppData\Local\temp
2015-04-20 13:31 . 2015-04-20 13:31        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-04-19 09:44 . 2015-04-19 09:44        --------        d-----w-        c:\programdata\boost_interprocess
2015-04-17 01:36 . 2015-04-17 01:36        --------        d-s---w-        c:\windows\system32\CompatTel
2015-04-17 01:36 . 2015-04-17 01:36        --------        d-----w-        c:\windows\system32\appraiser
2015-04-15 13:48 . 2015-02-25 03:18        754688        ----a-w-        c:\windows\system32\drivers\http.sys
2015-04-15 13:48 . 2015-03-04 04:55        367552        ----a-w-        c:\windows\system32\clfs.sys
2015-04-15 13:48 . 2015-03-04 04:41        79360        ----a-w-        c:\windows\system32\clfsw32.dll
2015-04-15 13:48 . 2015-03-04 04:10        58880        ----a-w-        c:\windows\SysWow64\clfsw32.dll
2015-04-13 18:18 . 2015-04-15 04:12        --------        d-----w-        C:\FRST
2015-04-09 15:04 . 2015-04-09 15:04        --------        d-----w-        c:\program files (x86)\VS Revo Group
2015-04-07 16:20 . 2015-04-07 16:20        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2015-04-07 04:50 . 2014-07-09 02:03        7168        ----a-w-        c:\windows\system32\KBDYAK.DLL
2015-04-07 04:50 . 2014-07-09 02:03        7168        ----a-w-        c:\windows\system32\KBDTAT.DLL
2015-04-07 04:50 . 2014-07-09 02:03        7168        ----a-w-        c:\windows\system32\KBDRU1.DLL
2015-04-07 04:50 . 2014-07-09 02:03        6656        ----a-w-        c:\windows\system32\KBDRU.DLL
2015-04-07 04:50 . 2014-07-09 02:03        7168        ----a-w-        c:\windows\system32\KBDBASH.DLL
2015-04-06 11:34 . 2015-02-25 07:25        41784        ----a-w-        c:\windows\system32\TURegOpt.exe
2015-04-06 11:34 . 2015-02-25 07:24        30520        ----a-w-        c:\windows\system32\authuitu.dll
2015-04-06 11:34 . 2015-02-25 07:24        25912        ----a-w-        c:\windows\SysWow64\authuitu.dll
2015-04-06 11:33 . 2015-04-06 11:33        --------        d-----w-        c:\users\xxx\AppData\Roaming\AVG
2015-04-06 11:28 . 2015-04-06 11:28        --------        d-----w-        c:\users\xxx\AppData\Local\Avg
2015-04-06 10:41 . 2015-04-06 11:34        --------        d-----w-        c:\programdata\AVG
2015-04-06 08:12 . 2015-04-06 08:30        --------        d-s---w-        c:\windows\system32\GWX
2015-04-06 08:12 . 2015-04-06 08:12        --------        d-s---w-        c:\windows\SysWow64\GWX
2015-04-06 01:10 . 2014-06-27 02:08        2777088        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2015-04-05 09:00 . 2015-04-05 09:00        --------        d-----w-        C:\RegBackup
2015-04-05 08:33 . 2015-04-13 19:57        --------        d-----w-        C:\AdwCleaner
2015-04-05 01:04 . 2014-03-09 21:48        171160        ----a-w-        c:\windows\system32\infocardapi.dll
2015-04-05 01:04 . 2014-03-09 21:48        1389208        ----a-w-        c:\windows\system32\icardagt.exe
2015-04-05 01:04 . 2014-03-09 21:47        619672        ----a-w-        c:\windows\SysWow64\icardagt.exe
2015-04-05 01:04 . 2014-06-30 22:24        8856        ----a-w-        c:\windows\system32\icardres.dll
2015-04-05 01:04 . 2014-06-30 22:14        8856        ----a-w-        c:\windows\SysWow64\icardres.dll
2015-04-05 01:03 . 2014-06-06 06:12        35480        ----a-w-        c:\windows\system32\TsWpfWrp.exe
2015-04-04 18:57 . 2015-04-19 13:29        --------        d-----w-        c:\programdata\MFAData
2015-04-04 18:57 . 2015-04-04 18:57        --------        d-----w-        c:\users\xxx\AppData\Local\MFAData
2015-04-04 12:31 . 2015-02-03 03:30        1202176        ----a-w-        c:\windows\system32\drmv2clt.dll
2015-04-04 12:30 . 2014-10-14 02:13        683520        ----a-w-        c:\windows\system32\termsrv.dll
2015-04-04 12:29 . 2013-12-04 02:16        658432        ----a-w-        c:\windows\system32\RMActivate_isv.exe
2015-04-04 12:28 . 2014-11-26 03:53        861696        ----a-w-        c:\windows\system32\oleaut32.dll
2015-04-04 12:26 . 2014-07-17 02:07        455168        ----a-w-        c:\windows\system32\winlogon.exe
2015-04-04 12:25 . 2015-02-04 03:16        465920        ----a-w-        c:\windows\system32\WMPhoto.dll
2015-04-04 12:23 . 2014-07-14 02:02        1216000        ----a-w-        c:\windows\system32\rpcrt4.dll
2015-04-03 13:36 . 2015-04-19 12:48        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2015-04-03 13:35 . 2015-04-19 12:53        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy 2
2015-04-03 13:34 . 2015-04-03 13:34        --------        d-----w-        c:\users\xxx\AppData\Roaming\TrojanHunter
2015-04-03 10:58 . 2015-04-03 18:46        --------        d-----w-        c:\program files (x86)\TrojanHunter 5.6
2015-04-03 10:12 . 2015-04-03 10:12        --------        d-----w-        c:\users\xxx\AppData\Local\Lavasoft
2015-04-03 10:11 . 2015-04-03 10:11        --------        d-----w-        c:\program files (x86)\Lavasoft
2015-04-03 10:08 . 2015-04-03 10:08        --------        d-----w-        c:\program files\Lavasoft
2015-04-03 10:07 . 2015-04-03 10:10        --------        d-----w-        c:\users\xxx\AppData\Roaming\Lavasoft
2015-04-03 10:07 . 2015-04-03 10:07        --------        d-----w-        c:\program files\Common Files\Lavasoft
2015-04-03 10:05 . 2015-04-03 10:10        --------        d-----w-        c:\programdata\Lavasoft
2015-04-03 09:08 . 2015-04-03 09:08        --------        d-----w-        c:\programdata\Licenses
2015-04-03 09:06 . 2015-04-03 18:47        --------        d-----w-        c:\program files (x86)\Trojan Remover
2015-03-26 15:34 . 2015-03-26 15:33        111016        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2015-03-25 12:43 . 2015-03-25 12:43        24324280        ----a-w-        c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2015-03-25 12:34 . 2015-03-25 12:34        18475704        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-20 13:41 . 2009-10-19 15:42        25640        ----a-w-        c:\windows\gdrv.sys
2015-04-16 01:07 . 2009-10-30 06:26        128913832        ----a-w-        c:\windows\system32\MRT.exe
2015-04-14 18:01 . 2012-04-02 05:46        778416        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-14 18:01 . 2011-06-15 14:13        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-26 15:33 . 2010-06-29 17:14        319912        ----a-w-        c:\windows\system32\javaws.exe
2015-03-26 15:33 . 2010-06-29 17:14        207272        ----a-w-        c:\windows\system32\javaw.exe
2015-03-26 15:33 . 2010-06-29 17:14        206760        ----a-w-        c:\windows\system32\java.exe
2015-03-26 15:32 . 2015-03-26 17:39        146432        ----a-w-        c:\windows\SysWow64\javacpl.cpl
2015-03-25 03:00 . 2015-04-15 13:49        92672        ----a-w-        c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 13:49        566784        ----a-w-        c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 13:49        29696        ----a-w-        c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 13:49        173056        ----a-w-        c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 13:49        33792        ----a-w-        c:\windows\SysWow64\wuapp.exe
2015-03-17 05:01 . 2015-04-15 13:49        3976632        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2015-03-17 05:01 . 2015-04-15 13:49        3920824        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2015-03-17 04:59 . 2015-04-15 13:49        1309696        ----a-w-        c:\windows\SysWow64\ntdll.dll
2015-03-17 04:57 . 2015-04-15 13:49        172032        ----a-w-        c:\windows\SysWow64\wdigest.dll
2015-03-17 04:57 . 2015-04-15 13:49        65536        ----a-w-        c:\windows\SysWow64\TSpkg.dll
2015-03-17 04:57 . 2015-04-15 13:49        43008        ----a-w-        c:\windows\SysWow64\srclient.dll
2015-03-17 04:57 . 2015-04-15 13:49        248832        ----a-w-        c:\windows\SysWow64\schannel.dll
2015-03-17 04:57 . 2015-04-15 13:49        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2015-03-17 04:57 . 2015-04-15 13:49        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2015-03-17 04:57 . 2015-04-15 13:49        221184        ----a-w-        c:\windows\SysWow64\ncrypt.dll
2015-03-17 04:57 . 2015-04-15 13:49        259584        ----a-w-        c:\windows\SysWow64\msv1_0.dll
2015-03-17 04:57 . 2015-04-15 13:49        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2015-03-17 04:56 . 2015-04-15 13:49        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2015-03-17 04:56 . 2015-04-15 13:49        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2015-03-17 04:56 . 2015-04-15 13:49        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2015-03-17 04:56 . 2015-04-15 13:49        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2015-03-17 04:56 . 2015-04-15 13:49        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll
2015-03-17 04:53 . 2015-04-15 13:49        60416        ----a-w-        c:\windows\SysWow64\msobjs.dll
2015-03-17 04:53 . 2015-04-15 13:49        146432        ----a-w-        c:\windows\SysWow64\msaudite.dll
2015-03-17 03:45 . 2015-04-15 13:49        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
2015-03-17 03:45 . 2015-04-15 13:49        2048        ----a-w-        c:\windows\SysWow64\user.exe
2015-03-12 09:59 . 2014-12-31 10:25        373864        ----a-w-        c:\windows\system32\LavasoftTcpService64.dll
2015-03-12 09:58 . 2014-12-31 10:24        326288        ----a-w-        c:\windows\SysWow64\LavasoftTcpService.dll
2015-03-10 03:49 . 2015-04-15 13:49        1763328        ----a-w-        c:\windows\SysWow64\wininet.dll
2015-03-10 03:49 . 2015-04-15 13:49        523776        ----a-w-        c:\windows\SysWow64\vbscript.dll
2015-03-10 03:49 . 2015-04-15 13:49        2864640        ----a-w-        c:\windows\SysWow64\jscript9.dll
2015-03-10 03:48 . 2015-04-15 13:49        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2015-03-10 03:08 . 2015-04-15 13:49        1237504        ----a-w-        c:\windows\SysWow64\msxml3.dll
2015-03-10 03:07 . 2015-04-15 13:49        2706432        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2015-03-10 03:05 . 2015-04-15 13:49        2048        ----a-w-        c:\windows\SysWow64\msxml3r.dll
2015-02-24 02:17 . 2009-10-19 16:00        295552        ------w-        c:\windows\system32\MpSigStub.exe
2015-02-20 04:12 . 2015-04-04 12:32        25600        ----a-w-        c:\windows\SysWow64\lpk.dll
2015-02-17 13:19 . 2015-02-17 13:19        1614496        ----a-w-        c:\windows\system32\FM20.DLL
2015-02-04 02:54 . 2015-04-04 12:25        417792        ----a-w-        c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:12 . 2015-04-04 12:31        617984        ----a-w-        c:\windows\SysWow64\wmdrmsdk.dll
2015-02-03 03:12 . 2015-04-04 12:31        179200        ----a-w-        c:\windows\SysWow64\wintrust.dll
2015-02-03 03:12 . 2015-04-04 12:27        1230848        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2015-02-03 03:12 . 2015-04-04 12:30        171520        ----a-w-        c:\windows\SysWow64\ubpm.dll
2015-02-03 03:12 . 2015-04-04 12:31        4096        ----a-w-        c:\windows\SysWow64\msdxm.ocx
2015-02-03 03:12 . 2015-04-04 12:31        519680        ----a-w-        c:\windows\SysWow64\qdvd.dll
2015-02-03 03:12 . 2015-04-04 12:31        1329664        ----a-w-        c:\windows\SysWow64\quartz.dll
2015-02-03 03:12 . 2015-04-04 12:31        8192        ----a-w-        c:\windows\SysWow64\spwmp.dll
2015-02-03 03:12 . 2015-04-04 12:31        504320        ----a-w-        c:\windows\SysWow64\msscp.dll
2015-02-03 03:12 . 2015-04-04 12:31        265216        ----a-w-        c:\windows\SysWow64\msnetobj.dll
2015-02-03 03:12 . 2015-04-04 12:31        3209728        ----a-w-        c:\windows\SysWow64\mf.dll
2015-02-03 03:12 . 2015-04-04 12:31        354816        ----a-w-        c:\windows\SysWow64\mfplat.dll
2015-02-03 03:12 . 2015-04-04 12:31        103424        ----a-w-        c:\windows\SysWow64\mfps.dll
2015-02-03 03:11 . 2015-04-04 12:31        50176        ----a-w-        c:\windows\SysWow64\rrinstaller.exe
2015-02-03 03:11 . 2015-04-04 12:31        23040        ----a-w-        c:\windows\SysWow64\mfpmp.exe
2015-02-03 03:11 . 2015-04-04 12:31        12625408        ----a-w-        c:\windows\SysWow64\wmploc.DLL
2015-02-03 03:09 . 2015-04-04 12:31        2048        ----a-w-        c:\windows\SysWow64\mferror.dll
2010-07-22 21:40 . 2010-08-07 16:06        2944904        ----a-w-        c:\program files (x86)\Common Files\AskToolbarInstaller.exe
2009-12-01 16:08 . 2009-12-01 16:08        3211264        ----a-w-        c:\program files (x86)\Common FilesDDBACSetup.msi
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\xxxx\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\usersxxx\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative MediaSource Go"="c:\program files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 204800]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2012-07-02 2498048]
"SanDiskSecureAccess_Manager.exe"="c:\users\xxx\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2013-05-15 30705792]
"ScreenSplitter"="c:\program files (x86)\LG Electronics\Screen Split\bin\ScreenSplit.exe" [2013-11-07 693288]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-03-25 31682144]
"Polar FlowSync"="c:\program files (x86)\Polar\Polar FlowSync\FlowSync.exe" [2014-11-11 1125376]
"UIWatcher"="c:\program files (x86)\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe" [2009-02-23 3508568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RunTasktray"="c:\program files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe   --regkeypath=Software\Hewlett-Packard\HP Easy Printer Care\HPPRun  --valuename=InstallTTM" [X]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]
"AVMFBoxMonitor"="c:\program files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe" [2009-07-06 1503232]
"KnexStarter"="c:\program files (x86)\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe" [2009-03-23 159744]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"CamserviceHD"="c:\program files (x86)\Hercules\Dualpix HD\Camservice.exe" [2009-07-07 360448]
"SoundTouch Music Server"="c:\program files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe" [2014-12-11 1082880]
.
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-4-2 43382072]
FRITZ!DSL Startcenter.lnk - c:\users\xxx\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe [2009-10-27 80896]
HP Print View Resource Center.lnk - c:\program files (x86)\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe -hidden [2009-4-14 487992]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-7-3 41160]
Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2CRB2H2105KD;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-10-17 1393016]
PIPModeResolutionUtility.lnk - c:\program files (x86)\LG Electronics\Auto Resolution\bin\AppResUtilityService.exe -startup [2014-10-17 338984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ           autocheck autochk *bddel.exe\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ           scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
.
R1 SDHookDriver;Hook Test Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 2010 CBE\Dfsdks.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 2010 CBE\Dfsdks.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 GigasetGenericUSB_x64;GigasetGenericUSB_x64;c:\windows\system32\DRIVERS\GigasetGenericUSB_x64.sys;c:\windows\SYSNATIVE\DRIVERS\GigasetGenericUSB_x64.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 hxctlflt;hxctlflt;c:\windows\system32\Drivers\hxctlflt.sys;c:\windows\SYSNATIVE\Drivers\hxctlflt.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys;c:\windows\SYSNATIVE\Drivers\RTS5121.sys [x]
R3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB-RNDIS6-Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WPEServ;soft Xpansion Print2Document;c:\program files (x86)\Common Files\WPE\wpeserv.exe;c:\program files (x86)\Common Files\WPE\wpeserv.exe [x]
S1 acedrv08;acedrv08;c:\windows\system32\drivers\acedrv08.sys;c:\windows\SYSNATIVE\drivers\acedrv08.sys [x]
S1 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys;c:\windows\SYSNATIVE\drivers\acedrv09.sys [x]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe;c:\windows\SysWOW64\cjpcsc.exe [x]
S2 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE;c:\program files\FRITZ!DSL\IGDCTRL.EXE [x]
S2 LavasoftTcpService;LavasoftTcpService;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe;c:\windows\SYSNATIVE\atwtusb.exe [x]
S3 cjusb;REINER SCT cyberJack pinpad/e-com USB;c:\windows\system32\DRIVERS\cjusb.sys;c:\windows\SYSNATIVE\DRIVERS\cjusb.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys;c:\windows\SYSNATIVE\DRIVERS\point64k.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys;c:\windows\SYSNATIVE\drivers\t3.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 10:06        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 15:32        8192        ----a-w-        c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:01]
.
2015-04-19 c:\windows\Tasks\Automatische Wartung.job
- c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 2010 CBE\WO2010cbe.exe [2010-02-07 08:50]
.
2015-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-11 10:18]
.
2015-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-11 10:18]
.
2015-04-20 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2014-10-19 08:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-02 7834656]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-02 1833504]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 2342800]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 2314120]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"MacrokeyManager"="WTMKM.exe" [2010-12-24 7319784]
"CamserviceHD"="c:\program files (x86)\Hercules\Dualpix HD\Camservice.exe" [2009-07-07 360448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:8080
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = www.google.com
IE: An OneNote s&enden - c:\progra~1\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: spyhunter4.de\www
Trusted Zone: hp.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\b8k4buhw.default-1428421863067\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
------- Dateityp-Verknüpfung -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600.lnk - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-AVG PC TuneUp - c:\program files (x86)\AVG\AVG PC TuneUp\TUInstallHelper.exe
AddRemove-DAISY - c:\windows\IsUn0407.exe
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\File Type Advisor\fileadvisor.exe
c:\program files (x86)\LG Electronics\Auto Resolution\bin\AppResUtilityService.exe
c:\users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe
c:\program files (x86)\LG Electronics\Screen Split\bin\DDCCI.exe
c:\program files (x86)\LG Electronics\Auto Resolution\bin\Auto Resolution.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe
c:\program files (x86)\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-04-20  15:54:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-04-20 13:54
.
Vor Suchlauf: 24 Verzeichnis(se), 644.513.206.272 Bytes frei
Nach Suchlauf: 32 Verzeichnis(se), 643.824.050.176 Bytes frei
.
- - End Of File - - CF3249ADCBE0A9023D77F63456EB3A19

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

cosinus 20.04.2015 15:03
Ok, MBAM und ESET nochmal probieren

InGo69 20.04.2015 17:24
Liste der Anhänge anzeigen (Anzahl: 1)
:headbang::headbang::headbang:

Es läuft nicht durch...habe nun gefühlte 100x den Rechner neu starten müssen, nachdem sich MWBAM und ESET aufgehangen haben....

Das findet er, bis zu dem Punkt, wo sich das Programm aufhängt.

Anhang 73792

cosinus 20.04.2015 21:14
Starte Windows mal im abgesicherten Modus mit Netzwerktreibern und führ dort erstmal nur MBAM aus...

InGo69 22.04.2015 14:29
Das hat nun endlich funktioniert :-D

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 21.04.2015
Suchlauf-Zeit: 15:49:54
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.21.03
Rootkit Datenbank: v2015.04.20.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: xxx

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 584417
Verstrichene Zeit: 22 Min, 6 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 40
PUP.Optional.SofTonic.A, HKU\S-1-5-21-4067268467-3182437459-1756596644-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}, In Quarantäne, [52e5ff709bef270f84301866e81be61a],
PUP.Optional.SofTonic.A, HKU\S-1-5-21-4067268467-3182437459-1756596644-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}, In Quarantäne, [52e5ff709bef270f84301866e81be61a],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.DataContainer, In Quarantäne, [45f257187b0fff37ed0afcc529da8c74],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.DataContainer.1, In Quarantäne, [cc6b97d8b8d259dda453418046bd7d83],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.DataController, In Quarantäne, [51e6432cbad00333f502536e50b3d32d],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.DataController.1, In Quarantäne, [0d2a98d73654dd59f9fe744d42c1f709],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.DataTable, In Quarantäne, [3bfcd897305ae45247b06e53de258779],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.DataTable.1, In Quarantäne, [4dea77f81f6be254698edfe231d2768a],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.DataTableFields, In Quarantäne, [7eb9145be3a775c103f4dfe2d82be818],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.DataTableFields.1, In Quarantäne, [7eb9fe71563437ffe2152998d03305fb],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.DataTableHolder, In Quarantäne, [e05747287119c175db1ca21f1de69868],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.DataTableHolder.1, In Quarantäne, [c4733f30b9d189aded0acff2679c8e72],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.LSPLogic, In Quarantäne, [39febab5cfbbff37e80f259ccc37a858],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.LSPLogic.1, In Quarantäne, [39fea7c808823204787fcef31be88d73],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.ReadOnlyManager, In Quarantäne, [71c6026d9af0ef4776812998e51e2bd5],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.ReadOnlyManager.1, In Quarantäne, [f6414a2588020630a84ff1d03ec5966a],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.WFPController, In Quarantäne, [65d2125d85058ea8c136833e7093dc24],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.WFPController.1, In Quarantäne, [a592fd725b2fbc7a4aad7d442fd4e51b],
PUP.Optional.Gambali.A, HKLM\SOFTWARE\CLASSES\APPID\Gambali.EXE, In Quarantäne, [d166234c79112b0bf8d7d2f0699a728e],
PUP.Optional.Gambali.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\Gambali.EXE, In Quarantäne, [e4534c23820873c303ccdee49f64c23e],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.DataContainer, In Quarantäne, [fb3cf9768cfea195bd3a4b76a75ccc34],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.DataContainer.1, In Quarantäne, [69ce6609602a81b5f3049b26be454bb5],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.DataController, In Quarantäne, [2e09254a4f3bd46293641fa2ba490df3],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.DataController.1, In Quarantäne, [1522e18e1b6ff640886f4f72d52ef60a],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.DataTable, In Quarantäne, [f245db943b4fea4ca354d8e9f310c937],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.DataTable.1, In Quarantäne, [d760f37c1e6c2214966102bf0ef5a45c],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.DataTableFields, In Quarantäne, [f34493dc13776fc71addedd40ff4ac54],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.DataTableFields.1, In Quarantäne, [cf68442bbdcdc76fd0278c35907314ec],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.DataTableHolder, In Quarantäne, [57e095da9ceea98d8077566ba55eed13],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.DataTableHolder.1, In Quarantäne, [2314c7a88307b2845a9d60617e85e818],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.LSPLogic, In Quarantäne, [f542abc4bad0f6402ec98041dc27d729],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.LSPLogic.1, In Quarantäne, [cc6b3c337812b581ce290cb54ab9728e],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.ReadOnlyManager, In Quarantäne, [cd6a115e2a60a88e76818b361de6c43c],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.ReadOnlyManager.1, In Quarantäne, [0631333c3555360001f6843d1de625db],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.WFPController, In Quarantäne, [85b218571d6dca6c55a2dbe60003e917],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.WFPController.1, In Quarantäne, [ec4b4629bcce8aacac4b9b26c43fbe42],
PUP.Optional.Gambali.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\Gambali.EXE, In Quarantäne, [87b0a9c6266426102ca3f0d2f90a946c],
PUP.Optional.MediaPlayer.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Mediaa_Play_AIR_1.4, In Quarantäne, [2413511eed9d0135b6d606edd72c43bd],
PUP.Optional.PicBadges.A, HKU\S-1-5-21-4067268467-3182437459-1756596644-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\mgjkknncnlepghplinfpikcijdbmidbg, In Quarantäne, [64d31e519bef82b4e8d4c9027e85ac54],
PUP.Optional.Softonic.A, HKU\S-1-5-21-4067268467-3182437459-1756596644-500\SOFTWARE\APPDATALOW\SOFTWARE\softonic-de3, In Quarantäne, [c6713d327b0f6bcb2f321cb39271e31d],

Registrierungswerte: 5
PUP.Optional.SofTonic.A, HKU\S-1-5-21-4067268467-3182437459-1756596644-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}, 㣠Ã?Ã?dòJ¿Ã¯
f¶Âe, In Quarantäne, [52e5ff709bef270f84301866e81be61a]
PUP.Optional.SofTonic.A, HKU\S-1-5-21-4067268467-3182437459-1756596644-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}, In Quarantäne, [52e5ff709bef270f84301866e81be61a],
PUP.Optional.SofTonic.A, HKU\S-1-5-21-4067268467-3182437459-1756596644-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}, In Quarantäne, [ee499cd33f4b33036e469ee0a360fe02],
PUP.Optional.SofTonic.A, HKU\S-1-5-21-4067268467-3182437459-1756596644-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}, In Quarantäne, [3502b0bf6a205bdba80cb5c9de2537c9],
PUP.Optional.Conduit.A, HKU\S-1-5-21-4067268467-3182437459-1756596644-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245, In Quarantäne, [2b0c71fedcaebe7862e515ae748f44bc]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 5
PUP.Optional.FoxySecure.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\b8k4buhw.default-1428421863067\extensions\fx@foxysecureKDJJHVLSDUVFU.com, In Quarantäne, [77c0c8a739510f270e40773d5fa4cc34],
PUP.Optional.FoxySecure.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\b8k4buhw.default-1428421863067\extensions\fx@foxysecureKDJJHVLSDUVFU.com\chrome, In Quarantäne, [77c0c8a739510f270e40773d5fa4cc34],
PUP.Optional.FoxySecure.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\b8k4buhw.default-1428421863067\extensions\fx@foxysecureKDJJHVLSDUVFU.com\chrome\content, In Quarantäne, [77c0c8a739510f270e40773d5fa4cc34],
PUP.Optional.PicBadges.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgjkknncnlepghplinfpikcijdbmidbg, In Quarantäne, [3ef9e18efc8ef34375ed7a4114ef9967],
PUP.Optional.PicBadges.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgjkknncnlepghplinfpikcijdbmidbg\1.8_0, In Quarantäne, [3ef9e18efc8ef34375ed7a4114ef9967],

Dateien: 12
PUP.Optional.DomalIQ.SID.A, C:\Users\xxx\Downloads\Setup.exe, In Quarantäne, [0037a0cf5f2b51e5d76e67d79571e51b],
PUP.Optional.FoxySecure.A, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\b8k4buhw.default-1428421863067\extensions\fx@foxysecureKDJJHVLSDUVFU.com\chrome.manifest, In Quarantäne, [77c0c8a739510f270e40773d5fa4cc34],
PUP.Optional.FoxySecure.A, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\b8k4buhw.default-1428421863067\extensions\fx@foxysecureKDJJHVLSDUVFU.com\install.rdf, In Quarantäne, [77c0c8a739510f270e40773d5fa4cc34],
PUP.Optional.FoxySecure.A, C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\b8k4buhw.default-1428421863067\extensions\fx@foxysecureKDJJHVLSDUVFU.com\chrome\content\background.js, In Quarantäne, [77c0c8a739510f270e40773d5fa4cc34],
PUP.Optional.FoxySecure.A, C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\b8k4buhw.default-1428421863067\extensions\fx@foxysecureKDJJHVLSDUVFU.com\chrome\content\background.xul, In Quarantäne, [77c0c8a739510f270e40773d5fa4cc34],
PUP.Optional.PicBadges.A, C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgjkknncnlepghplinfpikcijdbmidbg\1.8_0\background.js, In Quarantäne, [3ef9e18efc8ef34375ed7a4114ef9967],
PUP.Optional.PicBadges.A, C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgjkknncnlepghplinfpikcijdbmidbg\1.8_0\icon.png, In Quarantäne, [3ef9e18efc8ef34375ed7a4114ef9967],
PUP.Optional.PicBadges.A, C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgjkknncnlepghplinfpikcijdbmidbg\1.8_0\icon128.png, In Quarantäne, [3ef9e18efc8ef34375ed7a4114ef9967],
PUP.Optional.PicBadges.A, C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgjkknncnlepghplinfpikcijdbmidbg\1.8_0\icon16.png, In Quarantäne, [3ef9e18efc8ef34375ed7a4114ef9967],
PUP.Optional.PicBadges.A, C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgjkknncnlepghplinfpikcijdbmidbg\1.8_0\icon48.png, In Quarantäne, [3ef9e18efc8ef34375ed7a4114ef9967],
PUP.Optional.PicBadges.A, C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgjkknncnlepghplinfpikcijdbmidbg\1.8_0\manifest.json, In Quarantäne, [3ef9e18efc8ef34375ed7a4114ef9967],
PUP.Optional.PicBadges.A, C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgjkknncnlepghplinfpikcijdbmidbg\1.8_0\trackPlugin.js, In Quarantäne, [3ef9e18efc8ef34375ed7a4114ef9967],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
Versuche es jetzt dann noch einmal mit ESET

Nachdem ESET nun über 20 Std lief habe ich es bei 99% abgebrochen...da stand es nämlich heute Morgen bereits.

Herausgekommen ist das:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1f76f95bc6c5b24da10c142e59caa0f8
# engine=23492
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-22 01:21:18
# local_time=2015-04-22 03:21:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 76504 181338728 0 0
# scanned=436060
# found=19
# cleaned=0
# scan_time=74170
sh=01C53FBC0030066FE9032FEC431D9EA26B5811CC ft=1 fh=af8c82510ee8e748 vn="Win32/AlteredSoftware.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe.vir"
sh=0E7CC420B0BE38296EF8516DC3786361119F1F5F ft=1 fh=02f58beb2edcfbd2 vn="Win32/AlteredSoftware.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe.vir"
sh=01C53FBC0030066FE9032FEC431D9EA26B5811CC ft=1 fh=af8c82510ee8e748 vn="Win32/AlteredSoftware.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe.vir"
sh=A565AA91F7873179776579995E9F4D2B2894AE5A ft=1 fh=22e3a81795d8fb05 vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe.vir"
sh=F1A0D0D29F924A24AF0F0521CF6F9A9150A10ECC ft=1 fh=22e3a817befc6b5a vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe.vir"
sh=9E2BB88A6A67D7785C14FC594CB672E8C8C2872E ft=1 fh=c71c00112372d0ea vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll.vir"
sh=0A6DCC2D1FD48FFD8E530E36853B99DCDF597257 ft=1 fh=d9cdf1c8ff17595a vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll.vir"
sh=58FEF548C9FE5AB9F393BDFD0EDC49F240DA03D1 ft=1 fh=c71c001182a9b069 vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll.vir"
sh=EDB4A6C7E75E18ACB805418EFFD78267BB2F37C4 ft=1 fh=c71c001126306ac8 vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll.vir"
sh=399CE73FBD27EABB303FD899656E3C66C55B3F29 ft=1 fh=c71c001160921a34 vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll.vir"
sh=84D71ECEE62C4141F1D0B4A24D925F3EBA7180A8 ft=1 fh=737f51bd30d7d258 vn="Variante von Win32/MyPCBackup.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\DEL_MPCBClient.dll.vir"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\xxxx\AppData\Roaming\n8WoXTR.xBAD"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\xxx\AppData\Roaming\xqi4HgB8PWds.xBAD"
sh=3A177006C5DE14DA54414DD987C1BD59B35BBE7E ft=0 fh=0000000000000000 vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\eMule\Incoming\Uniblue RegistryBooster 2011 5.0.12.1 + serial.rar"
sh=401D0F3679A4FFB9353F814E22C3E9E8924B130A ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.Youmi.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\xxxx\Backup_Stairway\Messenger_1.2.2.apk"
sh=401D0F3679A4FFB9353F814E22C3E9E8924B130A ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.Youmi.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\xxx\Documents\Backups\Backup_Handy\Messenger_1.2.2.apk"
sh=401D0F3679A4FFB9353F814E22C3E9E8924B130A ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.Youmi.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\xxxx\Documents\Backups\Backup_Handy\neu_08.01.15\Messenger_1.2.2.apk"
sh=7539BAA7DBA23263EFF76D36F84B3343422CDE55 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.Youmi.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\xxxx\Documents\Backups\Backup_Wiko_1214\BackupYourMobile\applications\com.outfit7.tomsmessengerfree-1"
sh=B373A7DA30E42837DB643EA542F63ABA797F55ED ft=1 fh=f36215a44e811eb8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\xxxx\Downloads\Revo Uninstaller - CHIP-Installer.exe"

cosinus 22.04.2015 14:52
FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Program Files (x86)\eMule
C:\Users\xxxx\Backup_Stairway\Messenger_1.2.2.apk
C:\Users\xxx\Documents\Backups\Backup_Handy\Messenger_1.2.2.apk
C:\Users\xxxx\Documents\Backups\Backup_Handy\neu_08.01.15\Messenger_1.2.2.apk
C:\Users\xxxx\Documents\Backups\Backup_Wiko_1214\BackupYourMobile\applications\com.outfit7.tomsmessengerfree-1
C:\Users\xxxx\Downloads\Revo Uninstaller - CHIP-Installer.exe
EmptyTemp:
Solltest du deinen Benutzernamen z. B. durch "xxx" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


InGo69 22.04.2015 16:54
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2015
Ran by xxx at 2015-04-22 17:41:34 Run:4
Running from C:\Users\xxx\Desktop
Loaded Profiles: xxx (Available profiles: *** & UpdatusUser & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\eMule
C:\Users\xxx\Backup_Stairway\Messenger_1.2.2.apk
C:\Users\xxx\Documents\Backups\Backup_Handy\Messenger_1.2.2.apk
C:\Users\xxx\Documents\Backups\Backup_Handy\neu_08.01.15\Messenger_1.2.2.apk
C:\Users\xxx\Documents\Backups\Backup_Wiko_1214\BackupYourMobile\applications\com.outfit7.tomsmessengerfree-1
C:\Users\xxx\Downloads\Revo Uninstaller - CHIP-Installer.exe
EmptyTemp:
*****************

C:\Program Files (x86)\eMule => Moved successfully.
C:\Users\xxx\Backup_Stairway\Messenger_1.2.2.apk => Moved successfully.
C:\Users\xxx\Documents\Backups\Backup_Handy\Messenger_1.2.2.apk => Moved successfully.
C:\Users\xxx\Documents\Backups\Backup_Handy\neu_08.01.15\Messenger_1.2.2.apk => Moved successfully.
C:\Users\xxx\Documents\Backups\Backup_Wiko_1214\BackupYourMobile\applications\com.outfit7.tomsmessengerfree-1 => Moved successfully.
C:\Users\xxx\Downloads\Revo Uninstaller - CHIP-Installer.exe => Moved successfully.
EmptyTemp: => Removed 492.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 17:43:02 ====

cosinus 22.04.2015 19:51
Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:15 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131