|
Log-Analyse und Auswertung: AdserverplusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.07.2013, 09:34 | #16 |
/// the machine /// TB-Ausbilder | Adserverplus Delfix sollte Combofix auch restlos entfernen. Las mal TFC laufen, wenn sich Mozilla nicht bessert deinstallieren, keine Daten behalten, neu installieren.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
05.07.2013, 11:29 | #17 |
| Adserverplus Mache ich.Du kannst den Thread dann aus deinen Abos löschen.
__________________Ich habe TFC laufen lassen und als ich Mozilla geöffnet habe hatte ich mysearchdeal.com drauf.Ein Problem löst also das andere ab. |
05.07.2013, 17:05 | #18 |
/// the machine /// TB-Ausbilder | Adserverplus Hast Du firefox komplett deinstalliert und neu installiert wie beschrieben? Zur Not nochmal adwCleaner laden und laufen lassen
__________________
__________________ |
05.07.2013, 17:51 | #19 | |
| AdserverplusZitat:
Code:
ATTFilter # AdwCleaner v2.304 - Datei am 05/07/2013 um 18:39:28 erstellt # Aktualisiert am 03/07/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Rene - RENE-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Rene\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v22.0 (de) Datei : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\c85uxq6e.default\prefs.js [OK] Die Datei ist sauber. Datei : C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\l0hptffk.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v27.0.1453.116 Datei : C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Preferences Gelöscht [l.22] : icon_url = "hxxp://start.mysearchdial.com/favicon.ico", Gelöscht [l.25] : keyword = "mysearchdial.com", Gelöscht [l.29] : search_url = "hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2Xzu[...] Datei : C:\Users\Mick\AppData\Local\Google\Chrome\User Data\Default\Preferences Gelöscht [l.3] : urls_to_restore_on_startup = [ "hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1[...] Gelöscht [l.29] : search_url = "hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2Xzu[...] Gelöscht [l.576] : homepage = "hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0AtAtAyD[...] ************************* AdwCleaner[S1].txt - [7421 octets] - [05/07/2013 18:16:13] AdwCleaner[S2].txt - [1836 octets] - [05/07/2013 18:33:37] AdwCleaner[S3].txt - [1767 octets] - [05/07/2013 18:39:28] ########## EOF - C:\AdwCleaner[S3].txt - [1827 octets] ########## |
05.07.2013, 17:59 | #20 |
/// the machine /// TB-Ausbilder | Adserverplus poste mal bitte ein frisches FRST Log
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
05.07.2013, 18:05 | #21 |
| Adserverplus Ich habe jetzt Firefox zurück gesetzt und er läuft wieder normal.Soll ich trotzdem noch ein FRST Log machen ?Kannst du daran sehen ob mysearchdeal wirklich gelöscht wurde? |
06.07.2013, 08:36 | #22 |
/// the machine /// TB-Ausbilder | Adserverplus ja einfach schnell ein frisches FRST log, ich schau kurz drüber
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.07.2013, 09:13 | #23 |
| Adserverplus Zur Zeit läuft alles normal.Ich habe die Programme die du empfohlen hast installiert. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013 Ran by Rene (administrator) on 06-07-2013 10:09:36 Running from C:\Users\Rene\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Entriq, Inc.) C:\Program Files (x86)\maxdome\DCBin\DCService.exe (Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe () C:\Program Files (x86)\watchmi\TvdService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (ashampoo GmbH & Co. KG) C:\Program Files (x86)\Medion MediaPack 2\Ashampoo Snap\ashsnap.exe () C:\Users\Rene\AppData\Local\Viber\Viber.exe () C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12673128 2011-08-16] (Realtek Semiconductor) HKLM\...\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink) HKLM\...\RunOnce: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe /DeleteRunKey [443688 2011-05-26] (CyberLink) HKCU\...\Run: [AshSnap] C:\Program Files (x86)\Medion MediaPack 2\Ashampoo Snap\ashsnap.exe [1721344 2011-04-14] (ashampoo GmbH & Co. KG) HKCU\...\Run: [Viber] "C:\Users\Rene\AppData\Local\Viber\Viber.exe" StartMinimized [906240 2013-05-08] () HKCU\...\Policies\system: [DisableRegistryTools] 0 HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [107816 2010-08-04] (CyberLink) HKLM-x32\...\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [29984 2008-07-09] (Nuance Communications, Inc.) HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [46368 2008-07-09] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [328992 2007-08-31] (Nuance Communications, Inc.) HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG) HKU\Default\...\RunOnce: [HKCU] C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\Default\...\RunOnce: [Screensaver] C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] () Startup: C:\ProgramData\Start Menu\Programs\Startup\maxdome Download Manager.lnk ShortcutTarget: maxdome Download Manager.lnk -> C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe () Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {7F083AC7-9F6F-0BD2-6D53-37902E95250C} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0AtAtAyDyDtBtA0C0CtDtN0D0Tzu0CyDyDtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1314905676&ir= SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {118E3EA8-DABB-42BF-DCC5-29C776E632D8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0AtAtAyDyDtBtA0C0CtDtN0D0Tzu0CyDyDtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1314905676&ir= SearchScopes: HKCU - {7F083AC7-9F6F-0BD2-6D53-37902E95250C} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0AtAtAyDyDtBtA0C0CtDtN0D0Tzu0CyDyDtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1314905676&ir= BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 2012\SPMIEToolbar.dll No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\9b5jgj3h.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] C:\Program Files (x86)\Steganos Password Manager 2012\spmplugin3 FF HKCU\...\Firefox\Extensions: [addlyrics@addlyrics.net] C:\Program Files (x86)\AddLyrics\FF\ ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-27] (Avira Operations GmbH & Co. KG) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia) R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] () S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [x] S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [x] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-31] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-31] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-31] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-04-18] (Secunia) S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x] S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-06 10:09 - 2013-07-06 10:09 - 01934636 ____A (Farbar) C:\Users\Rene\Downloads\FRST64.exe 2013-07-06 10:09 - 2013-07-06 10:09 - 00000000 ____D C:\FRST 2013-07-06 09:06 - 2013-07-06 09:06 - 00376576 ____A C:\Users\Rene\Downloads\wot_safe_surfing-20130515-fx.zip 2013-07-06 08:57 - 2013-07-06 09:02 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster 2013-07-06 08:57 - 2013-07-06 08:57 - 04095448 ____A (BrightFort LLC ) C:\Users\Rene\Downloads\spywareblastersetup50.exe 2013-07-06 08:57 - 2013-07-06 08:57 - 00001083 ____A C:\Users\Public\Desktop\SpywareBlaster.lnk 2013-07-06 08:57 - 2013-07-06 08:57 - 00000000 ____D C:\ProgramData\Licenses 2013-07-06 08:57 - 2009-03-24 12:52 - 00129872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL 2013-07-06 08:49 - 2013-07-06 08:49 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-06 08:49 - 2013-07-06 08:49 - 00000000 ____D C:\Users\Rene\AppData\Roaming\Malwarebytes 2013-07-06 08:49 - 2013-07-06 08:49 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-06 08:49 - 2013-07-06 08:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-06 08:49 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-07-06 08:48 - 2013-07-06 08:48 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Rene\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-06 08:44 - 2013-07-06 08:44 - 00001073 ____A C:\Users\Rene\Desktop\Secunia PSI.lnk 2013-07-06 08:44 - 2013-07-06 08:44 - 00001073 ____A C:\Users\Rene\Desktop\Secunia PSI (2).lnk 2013-07-06 08:41 - 2013-07-06 08:42 - 00262440 ____A C:\Windows\msxml4-KB2758694-enu.LOG 2013-07-06 08:33 - 2013-07-06 08:33 - 02434048 ____A C:\Users\Rene\Downloads\msxml(2).msi 2013-07-06 08:32 - 2013-07-06 08:32 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-07-06 08:32 - 2013-07-06 08:32 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-07-06 08:32 - 2013-07-06 08:32 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-07-06 08:32 - 2013-07-06 08:32 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-07-06 08:32 - 2013-07-06 08:32 - 00001145 ____A C:\Users\Rene\Desktop\Secunia - Verknüpfung.lnk 2013-07-06 08:32 - 2013-07-06 08:32 - 00000000 ____D C:\Program Files (x86)\Java 2013-07-06 08:31 - 2013-07-06 08:31 - 00312232 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-07-06 08:31 - 2013-07-06 08:31 - 00189352 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-07-06 08:31 - 2013-07-06 08:31 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-07-06 08:31 - 2013-07-06 08:31 - 00108968 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll 2013-07-06 08:31 - 2013-07-06 08:31 - 00000000 ____D C:\Program Files\Java 2013-07-06 08:29 - 2013-07-06 08:29 - 02434048 ____A C:\Users\Rene\Downloads\msxml(1).msi 2013-07-06 08:28 - 2013-07-06 08:28 - 02434048 ____A C:\Users\Rene\Downloads\msxml.msi 2013-07-06 08:26 - 2013-07-06 08:26 - 00000000 ____D C:\Users\Rene\AppData\Local\Secunia PSI 2013-07-06 08:25 - 2013-07-06 08:25 - 03270960 ____A (Secunia) C:\Users\Rene\Downloads\PSISetup7009(1).exe 2013-07-06 08:25 - 2013-07-06 08:25 - 00000000 ____D C:\Program Files (x86)\Secunia 2013-07-06 08:23 - 2013-07-06 08:23 - 03270960 ____A (Secunia) C:\Users\Rene\Downloads\PSISetup7009.exe 2013-07-06 07:54 - 2013-07-06 07:54 - 00000000 ____D C:\Users\Rene\AppData\Local\{400DD2F4-FF49-46DC-98C4-835FB09916EE} 2013-07-05 18:51 - 2013-07-05 18:52 - 00001956 ____A C:\AdwCleaner[S4].txt 2013-07-05 18:39 - 2013-07-05 18:40 - 00001896 ____A C:\AdwCleaner[S3].txt 2013-07-05 18:33 - 2013-07-05 18:34 - 00001836 ____A C:\AdwCleaner[S2].txt 2013-07-05 18:28 - 2013-07-05 18:28 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-07-05 18:28 - 2013-07-05 18:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-05 18:27 - 2013-07-05 18:27 - 21703480 ____A (Mozilla) C:\Users\Rene\Downloads\Firefox Setup 22.0.exe 2013-07-05 18:27 - 2013-07-05 18:27 - 21703480 ____A (Mozilla) C:\Users\Rene\Downloads\Firefox Setup 22.0 (1).exe 2013-07-05 18:16 - 2013-07-05 18:16 - 00007421 ____A C:\AdwCleaner[S1].txt 2013-07-05 18:15 - 2013-07-05 18:15 - 00650027 ____A C:\Users\Rene\Desktop\adwcleaner.exe 2013-07-05 18:11 - 2013-07-06 10:03 - 00000616 ____A C:\Windows\setupact.log 2013-07-05 18:11 - 2013-07-05 18:52 - 00002444 ____A C:\Windows\PFRO.log 2013-07-05 18:11 - 2013-07-05 18:11 - 00000000 ____A C:\Windows\setuperr.log 2013-07-05 13:15 - 2013-07-05 13:15 - 00423709 ____A C:\Users\Rene\AppData\Local\mysearchdial_speedial_v9.0.2.crx 2013-07-05 13:15 - 2013-07-05 13:15 - 00000844 ____A C:\Users\Rene\Desktop\Temp File Cleaner.lnk 2013-07-05 13:15 - 2013-07-05 13:15 - 00000000 ____D C:\Users\Rene\AppData\Roaming\addpcs 2013-07-05 13:15 - 2013-07-05 13:15 - 00000000 ____D C:\Program Files\Temp File Cleaner 2013-07-05 09:46 - 2013-07-05 09:46 - 00001010 ____A C:\DelFix.txt 2013-07-05 07:49 - 2013-07-05 07:50 - 00000000 ____D C:\Users\Rene\AppData\Local\{9B1DB4DD-8A55-43AE-8040-FEE958852706} 2013-07-04 13:01 - 2013-07-05 09:46 - 00000000 ____D C:\Windows\ERUNT 2013-07-04 09:19 - 2013-07-04 09:19 - 00000098 ____A C:\Windows\DeleteOnReboot.bat 2013-07-04 09:15 - 2013-07-04 09:15 - 00001120 ____A C:\Users\Rene\Desktop\Continue Zip Opener Installation.lnk 2013-07-04 09:14 - 2013-07-04 09:14 - 00793536 ____A C:\Users\Rene\Desktop\ZipOpenerSetup.exe 2013-07-03 18:26 - 2013-07-05 09:43 - 00000000 ____D C:\Windows\erdnt 2013-06-26 10:48 - 2013-07-06 10:05 - 00000000 ____D C:\Users\Rene\AppData\Roaming\ViberPC 2013-06-26 10:48 - 2013-07-06 10:05 - 00000000 ____D C:\Users\Rene\AppData\Local\Viber 2013-06-26 10:48 - 2013-06-26 10:48 - 00001056 ____A C:\Users\Rene\Desktop\Viber.lnk 2013-06-17 15:12 - 2013-06-17 15:12 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-06-17 15:12 - 2013-06-17 15:12 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-06-15 05:25 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-15 05:25 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-15 05:25 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-15 05:25 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-15 05:25 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-15 05:25 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-15 05:25 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-15 05:25 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-15 05:25 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-15 05:25 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-15 05:25 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-15 05:25 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-12 10:54 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 10:54 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 10:54 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 10:54 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 10:54 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-12 10:54 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-12 10:54 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 10:54 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-12 10:54 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 10:54 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 10:54 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 10:54 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 10:54 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 10:54 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-12 10:54 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-12 10:54 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 10:54 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-12 10:54 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-12 10:54 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-12 09:00 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 09:00 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 09:00 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 09:00 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 09:00 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 09:00 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 09:00 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 09:00 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 09:00 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 09:00 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 09:00 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 09:00 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 09:00 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 09:00 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 09:00 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 09:00 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-12 09:00 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-12 09:00 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-12 09:00 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll ==================== One Month Modified Files and Folders ======= 2013-07-06 10:09 - 2013-07-06 10:09 - 01934636 ____A (Farbar) C:\Users\Rene\Downloads\FRST64.exe 2013-07-06 10:09 - 2013-07-06 10:09 - 00000000 ____D C:\FRST 2013-07-06 10:07 - 2009-07-14 06:45 - 00017152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-06 10:07 - 2009-07-14 06:45 - 00017152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-06 10:05 - 2013-06-26 10:48 - 00000000 ____D C:\Users\Rene\AppData\Roaming\ViberPC 2013-07-06 10:05 - 2013-06-26 10:48 - 00000000 ____D C:\Users\Rene\AppData\Local\Viber 2013-07-06 10:03 - 2013-07-05 18:11 - 00000616 ____A C:\Windows\setupact.log 2013-07-06 10:03 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-06 09:16 - 2012-03-29 12:52 - 01205628 ____A C:\Windows\WindowsUpdate.log 2013-07-06 09:06 - 2013-07-06 09:06 - 00376576 ____A C:\Users\Rene\Downloads\wot_safe_surfing-20130515-fx.zip 2013-07-06 09:02 - 2013-07-06 08:57 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster 2013-07-06 08:57 - 2013-07-06 08:57 - 04095448 ____A (BrightFort LLC ) C:\Users\Rene\Downloads\spywareblastersetup50.exe 2013-07-06 08:57 - 2013-07-06 08:57 - 00001083 ____A C:\Users\Public\Desktop\SpywareBlaster.lnk 2013-07-06 08:57 - 2013-07-06 08:57 - 00000000 ____D C:\ProgramData\Licenses 2013-07-06 08:49 - 2013-07-06 08:49 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-06 08:49 - 2013-07-06 08:49 - 00000000 ____D C:\Users\Rene\AppData\Roaming\Malwarebytes 2013-07-06 08:49 - 2013-07-06 08:49 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-06 08:49 - 2013-07-06 08:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-06 08:48 - 2013-07-06 08:48 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Rene\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-06 08:44 - 2013-07-06 08:44 - 00001073 ____A C:\Users\Rene\Desktop\Secunia PSI.lnk 2013-07-06 08:44 - 2013-07-06 08:44 - 00001073 ____A C:\Users\Rene\Desktop\Secunia PSI (2).lnk 2013-07-06 08:43 - 2012-03-30 20:17 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-06 08:42 - 2013-07-06 08:41 - 00262440 ____A C:\Windows\msxml4-KB2758694-enu.LOG 2013-07-06 08:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports 2013-07-06 08:38 - 2011-05-16 16:04 - 00654602 ____A C:\Windows\System32\perfh007.dat 2013-07-06 08:38 - 2011-05-16 16:04 - 00130216 ____A C:\Windows\System32\perfc007.dat 2013-07-06 08:38 - 2009-07-14 07:13 - 01521350 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-06 08:33 - 2013-07-06 08:33 - 02434048 ____A C:\Users\Rene\Downloads\msxml(2).msi 2013-07-06 08:33 - 2012-01-24 00:33 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0 2013-07-06 08:32 - 2013-07-06 08:32 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-07-06 08:32 - 2013-07-06 08:32 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-07-06 08:32 - 2013-07-06 08:32 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-07-06 08:32 - 2013-07-06 08:32 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-07-06 08:32 - 2013-07-06 08:32 - 00001145 ____A C:\Users\Rene\Desktop\Secunia - Verknüpfung.lnk 2013-07-06 08:32 - 2013-07-06 08:32 - 00000000 ____D C:\Program Files (x86)\Java 2013-07-06 08:32 - 2012-01-24 01:44 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll 2013-07-06 08:32 - 2011-07-18 23:13 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-07-06 08:31 - 2013-07-06 08:31 - 00312232 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-07-06 08:31 - 2013-07-06 08:31 - 00189352 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-07-06 08:31 - 2013-07-06 08:31 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-07-06 08:31 - 2013-07-06 08:31 - 00108968 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll 2013-07-06 08:31 - 2013-07-06 08:31 - 00000000 ____D C:\Program Files\Java 2013-07-06 08:31 - 2012-01-24 01:44 - 01093032 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll 2013-07-06 08:31 - 2011-07-18 23:14 - 00972712 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-07-06 08:30 - 2012-01-24 01:42 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2013-07-06 08:29 - 2013-07-06 08:29 - 02434048 ____A C:\Users\Rene\Downloads\msxml(1).msi 2013-07-06 08:28 - 2013-07-06 08:28 - 02434048 ____A C:\Users\Rene\Downloads\msxml.msi 2013-07-06 08:26 - 2013-07-06 08:26 - 00000000 ____D C:\Users\Rene\AppData\Local\Secunia PSI 2013-07-06 08:25 - 2013-07-06 08:25 - 03270960 ____A (Secunia) C:\Users\Rene\Downloads\PSISetup7009(1).exe 2013-07-06 08:25 - 2013-07-06 08:25 - 00000000 ____D C:\Program Files (x86)\Secunia 2013-07-06 08:23 - 2013-07-06 08:23 - 03270960 ____A (Secunia) C:\Users\Rene\Downloads\PSISetup7009.exe 2013-07-06 07:54 - 2013-07-06 07:54 - 00000000 ____D C:\Users\Rene\AppData\Local\{400DD2F4-FF49-46DC-98C4-835FB09916EE} 2013-07-06 07:52 - 2012-03-29 12:51 - 00000000 ____D C:\Program Files (x86)\Google 2013-07-05 18:52 - 2013-07-05 18:51 - 00001956 ____A C:\AdwCleaner[S4].txt 2013-07-05 18:52 - 2013-07-05 18:11 - 00002444 ____A C:\Windows\PFRO.log 2013-07-05 18:40 - 2013-07-05 18:39 - 00001896 ____A C:\AdwCleaner[S3].txt 2013-07-05 18:34 - 2013-07-05 18:33 - 00001836 ____A C:\AdwCleaner[S2].txt 2013-07-05 18:28 - 2013-07-05 18:28 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-07-05 18:28 - 2013-07-05 18:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-05 18:28 - 2013-05-17 21:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-05 18:27 - 2013-07-05 18:27 - 21703480 ____A (Mozilla) C:\Users\Rene\Downloads\Firefox Setup 22.0.exe 2013-07-05 18:27 - 2013-07-05 18:27 - 21703480 ____A (Mozilla) C:\Users\Rene\Downloads\Firefox Setup 22.0 (1).exe 2013-07-05 18:16 - 2013-07-05 18:16 - 00007421 ____A C:\AdwCleaner[S1].txt 2013-07-05 18:15 - 2013-07-05 18:15 - 00650027 ____A C:\Users\Rene\Desktop\adwcleaner.exe 2013-07-05 18:11 - 2013-07-05 18:11 - 00000000 ____A C:\Windows\setuperr.log 2013-07-05 13:15 - 2013-07-05 13:15 - 00423709 ____A C:\Users\Rene\AppData\Local\mysearchdial_speedial_v9.0.2.crx 2013-07-05 13:15 - 2013-07-05 13:15 - 00000844 ____A C:\Users\Rene\Desktop\Temp File Cleaner.lnk 2013-07-05 13:15 - 2013-07-05 13:15 - 00000000 ____D C:\Users\Rene\AppData\Roaming\addpcs 2013-07-05 13:15 - 2013-07-05 13:15 - 00000000 ____D C:\Program Files\Temp File Cleaner 2013-07-05 12:23 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-05 09:46 - 2013-07-05 09:46 - 00001010 ____A C:\DelFix.txt 2013-07-05 09:46 - 2013-07-04 13:01 - 00000000 ____D C:\Windows\ERUNT 2013-07-05 09:43 - 2013-07-03 18:26 - 00000000 ____D C:\Windows\erdnt 2013-07-05 08:13 - 2012-03-29 12:56 - 00000000 ____D C:\users\Rene 2013-07-05 07:50 - 2013-07-05 07:49 - 00000000 ____D C:\Users\Rene\AppData\Local\{9B1DB4DD-8A55-43AE-8040-FEE958852706} 2013-07-04 16:29 - 2013-02-06 15:56 - 00002070 ____A C:\Users\Public\Desktop\Avira Control Center.lnk 2013-07-04 16:29 - 2013-02-06 15:56 - 00000000 ____D C:\ProgramData\Avira 2013-07-04 09:19 - 2013-07-04 09:19 - 00000098 ____A C:\Windows\DeleteOnReboot.bat 2013-07-04 09:15 - 2013-07-04 09:15 - 00001120 ____A C:\Users\Rene\Desktop\Continue Zip Opener Installation.lnk 2013-07-04 09:14 - 2013-07-04 09:14 - 00793536 ____A C:\Users\Rene\Desktop\ZipOpenerSetup.exe 2013-07-03 18:55 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default 2013-07-03 18:50 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini 2013-07-03 15:02 - 2013-03-24 19:54 - 00000000 ____D C:\Users\Rene\AppData\Local\DoNotTrackPlus 2013-07-03 10:11 - 2012-04-01 19:32 - 00000000 ____D C:\Users\Mick\AppData\Roaming\SoftGrid Client 2013-07-02 17:37 - 2012-03-30 14:57 - 00000000 ____D C:\Users\Rene\AppData\Roaming\SoftGrid Client 2013-06-27 14:24 - 2013-05-07 11:54 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys 2013-06-26 10:48 - 2013-06-26 10:48 - 00001056 ____A C:\Users\Rene\Desktop\Viber.lnk 2013-06-17 15:12 - 2013-06-17 15:12 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-06-17 15:12 - 2013-06-17 15:12 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-06-15 12:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-06-15 05:21 - 2013-02-20 21:01 - 00701952 ____A C:\Users\Mick\Desktop\Arbeitsplan.xls 2013-06-12 20:43 - 2012-03-30 20:17 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 20:43 - 2011-12-01 23:26 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-12 10:54 - 2011-07-18 22:31 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-08 16:08 - 2013-06-15 05:25 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 16:07 - 2013-06-15 05:25 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 16:06 - 2013-06-15 05:25 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 16:06 - 2013-06-15 05:25 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 16:06 - 2013-06-15 05:25 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 14:28 - 2013-06-15 05:25 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 13:42 - 2013-06-15 05:25 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 13:40 - 2013-06-15 05:25 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 13:40 - 2013-06-15 05:25 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 13:40 - 2013-06-15 05:25 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 13:40 - 2013-06-15 05:25 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 13:13 - 2013-06-15 05:25 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-03 15:53 ==================== End Of Log ============================ |
06.07.2013, 10:21 | #24 |
/// the machine /// TB-Ausbilder | Adserverplus Fix mit FRST Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {7F083AC7-9F6F-0BD2-6D53-37902E95250C} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0AtAtAyDyDtBtA0C0CtDtN0D0Tzu0CyDyDtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1314905676&ir= SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {118E3EA8-DABB-42BF-DCC5-29C776E632D8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0AtAtAyDyDtBtA0C0CtDtN0D0Tzu0CyDyDtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1314905676&ir= SearchScopes: HKCU - {7F083AC7-9F6F-0BD2-6D53-37902E95250C} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0AtAtAyDyDtBtA0C0CtDtN0D0Tzu0CyDyDtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1314905676&ir= FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKCU\...\Firefox\Extensions: [addlyrics@addlyrics.net] C:\Program Files (x86)\AddLyrics\FF\
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.07.2013, 14:23 | #25 |
| Adserverplus Nach mehreren Versuchen hab ich es endlich. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-07-2013 Ran by Rene at 2013-07-06 15:18:33 Run:1 Running from C:\Users\Rene\Downloads\1 Boot Mode: Normal ============================================== HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F083AC7-9F6F-0BD2-6D53-37902E95250C} => Key deleted successfully. HKCR\CLSID\{7F083AC7-9F6F-0BD2-6D53-37902E95250C} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{118E3EA8-DABB-42BF-DCC5-29C776E632D8} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{118E3EA8-DABB-42BF-DCC5-29C776E632D8} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F083AC7-9F6F-0BD2-6D53-37902E95250C} => Key deleted successfully. HKCR\CLSID\{7F083AC7-9F6F-0BD2-6D53-37902E95250C} => Key not found. C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => Moved successfully. HKCU\Software\Mozilla\Firefox\Extensions\\addlyrics@addlyrics.net => Value deleted successfully. ==== End of Fixlog ==== |
06.07.2013, 17:22 | #26 |
/// the machine /// TB-Ausbilder | Adserverplus Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
07.07.2013, 07:32 | #27 |
| Adserverplus Guten Morgen Schrauber, keine Probleme mehr.Meinst du wir sind fertig? |
07.07.2013, 09:18 | #28 |
/// the machine /// TB-Ausbilder | Adserverplus Jap, enfach nochmal DelFix laden und laufen lassen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Adserverplus |
adserverplus, angemeldet, beseitigung, brauche, defogger, desktop, disable, einfach, geklickt, gemeldet, gen, hilfesuche, hilft, hoffe, problem, scan, starte, startet, troja, überhaupt |