|
Log-Analyse und Auswertung: Certified Toolbar nach download eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.09.2013, 15:10 | #1 |
| Certified Toolbar nach download eingefangen Hallo ich habe vor ca. 2 Monaten mir bei einem Download das Programm "Certified Toolbar" eingefangen. Ich habe natürlich sofort versucht, es unter "Standartprogrammen" zu löschen, was leider ohne Erfolg war. Dass es ohne Erfolg war, hab ich anfangs nicht bemerkt (außer dass mein PC ansich langsamer war) doch nach einiger Zeit hat sich dann mein Browserfenster ohne zutun sich in die Startseite von "Certified Toolbar" umgeändert. Seit kurzen wird auch zu allem Übel das Browserfenster von allein geschlossen und ich habe beobachten wie sich für sehr kurze Zeit ein Daten-Transfer-Fenster geöffnet hat. Das sind die Merkmale die ich so beobachten konnte. Ich möchte mich schon mal im Vorraus für die Hilfe bedanken. mfg michl |
04.09.2013, 15:38 | #2 |
/// the machine /// TB-Ausbilder | Certified Toolbar nach download eingefangen Hi,
__________________Logs zur Not aufteilen und dann in den Thread posten. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
04.09.2013, 16:19 | #3 |
| Certified Toolbar nach download eingefangenCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-09-2013 04 Ran by Michael at 2013-09-02 16:06:08 Running from C:\trojana_board_programme\RST Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x32) 8GadgetPack (x32 Version: 5.0.0) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7) Allshare Play Link (x32 Version: 1.0.0) AllSharePlayLink (x32 Version: 1.0.0) AMD APP SDK Runtime (Version: 10.0.938.2) AMD Catalyst Install Manager (Version: 8.0.881.0) Avira Free Antivirus (x32 Version: 13.0.0.4052) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center (x32 Version: 2012.0806.1156.19437) Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437) Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437) Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437) Catalyst Control Center Profiles Mobile (x32 Version: 2012.0806.1156.19437) CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437) CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437) CCC Help Czech (x32 Version: 2012.0806.1155.19437) CCC Help Danish (x32 Version: 2012.0806.1155.19437) CCC Help Dutch (x32 Version: 2012.0806.1155.19437) CCC Help English (x32 Version: 2012.0806.1155.19437) CCC Help Finnish (x32 Version: 2012.0806.1155.19437) CCC Help French (x32 Version: 2012.0806.1155.19437) CCC Help German (x32 Version: 2012.0806.1155.19437) CCC Help Greek (x32 Version: 2012.0806.1155.19437) CCC Help Hungarian (x32 Version: 2012.0806.1155.19437) CCC Help Italian (x32 Version: 2012.0806.1155.19437) CCC Help Japanese (x32 Version: 2012.0806.1155.19437) CCC Help Korean (x32 Version: 2012.0806.1155.19437) CCC Help Norwegian (x32 Version: 2012.0806.1155.19437) CCC Help Polish (x32 Version: 2012.0806.1155.19437) CCC Help Portuguese (x32 Version: 2012.0806.1155.19437) CCC Help Russian (x32 Version: 2012.0806.1155.19437) CCC Help Spanish (x32 Version: 2012.0806.1155.19437) CCC Help Swedish (x32 Version: 2012.0806.1155.19437) CCC Help Thai (x32 Version: 2012.0806.1155.19437) CCC Help Turkish (x32 Version: 2012.0806.1155.19437) ccc-utility64 (Version: 2012.0806.1156.19437) CCleaner (Version: 4.03) CyberLink Power2Go 8 (x32 Version: 8.0.0.1912) CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02) D3DX10 (x32 Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) dows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735) Dropbox (HKCU Version: 2.0.22) Easy File Share (x32 Version: 1.3.4) E-POP (x32 Version: 1.0.1) EPSON SX110 Series Printer Uninstall Fotogalerie (x32 Version: 16.4.3503.0728) Galerie de photos (x32 Version: 16.4.3503.0728) Google Earth (x32 Version: 7.0.3.8542) Help Desk (Version: 1.0.9) HomeTab 4.6 (x32 Version: 4.6) HS.R Netzlaufwerke (x32 Version: 1.0.0.0) ImageJ 1.46r Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11) Intel(R) Control Center (x32 Version: 1.2.1.1008) Intel(R) Display Audio Driver (x32 Version: 6.14.00.3097) Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354) Intel(R) Management Engine Components (x32 Version: 8.1.0.1252) Intel(R) Rapid Storage Technology (x32 Version: 11.6.0.1030) Intel® Trusted Connect Service Client (Version: 1.24.388.1) Juniper Installer Service (x32 Version: 7.1.0.18671) Juniper Networks Network Connect 7.1.0 (x32 Version: 7.1.0.18671) Juniper Networks Network Connect 7.1.14 (x32 Version: 7.1.14.23943) Juniper Networks, Inc. Setup Client (HKCU Version: 7.1.10.21853) Juniper Networks, Inc. Setup Client Activex Control (x32 Version: 2.1.1.1) KeePass Password Safe 2.22 (x32) MATLAB R2011b (Version: 7.13) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office (x32 Version: 14.0.6120.5004) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Movie Maker (x32 Version: 16.4.3503.0728) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1108.0727) Photo Common (x32 Version: 16.4.3503.0728) Photo Gallery (x32 Version: 16.4.3503.0728) PunkBuster Services (x32 Version: 0.986) PX Profile Update (x32 Version: 1.00.1.) Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.216) Qualcomm Atheros Client Installation Program (x32 Version: 10.0) Raccolta foto (x32 Version: 16.4.3503.0728) Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6702) Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030) Recovery (x32 Version: 6.0.9.6) S Agent (Version: 1.1.40) Secure Download Manager (x32 Version: 3.1.0) Settings (x32 Version: 2.0.0) Skype™ 6.6 (x32 Version: 6.6.106) Solid Edge ST5 (x32 Version: 105.00.00102) Support Center (Version: 2.1.100) Support Center FAQ (x32 Version: 1.0.9) SW Update (x32 Version: 2.1.15) Synaptics Pointing Device Driver (Version: 16.2.14.2) Unreal Tournament 2004 (x32 Version: 1.00.0000) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) User Guide (x32 Version: 1.2.00) VLC media player 2.0.7 (x32 Version: 2.0.7) Windows Live (x32 Version: 16.4.3503.0728) Windows Live Communications Platform (x32 Version: 16.4.3503.0728) Windows Live Essentials (x32 Version: 16.4.3503.0728) Windows Live Installer (x32 Version: 16.4.3503.0728) Windows Live Photo Common (x32 Version: 16.4.3503.0728) Windows Live PIMT Platform (x32 Version: 16.4.3503.0728) Windows Live SOXE (x32 Version: 16.4.3503.0728) Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728) Windows Live UX Platform (x32 Version: 16.4.3503.0728) Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728) ==================== Restore Points ========================= 28-07-2013 11:11:43 Geplanter Prüfpunkt 05-08-2013 18:44:31 Microsoft Visual C++ 2005 Redistributable wird installiert ==================== Hosts content: ========================== 2012-07-26 07:26 - 2013-03-25 15:28 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {102BC395-2F8C-4EC0-A1EE-37D1E12B348A} - System32\Tasks\Browser Updater\Browser Updater => C:\Program Files (x86)\HomeTab\TBUpdater.dll [2013-08-22] (Simply Tech Ltd.) Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation) Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler Task: {18FAFEA4-D52F-4F01-95C8-4EB3DA7300CD} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-05-04] (Microsoft Corporation) Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation) Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks Task: {2F3B228A-4D8F-4AFB-A7B9-DAD172A33A5C} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator Task: {384BE781-5910-4849-8492-38CBD0AF0425} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation) Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask Task: {3B817D30-94B8-457E-A302-1DDA92A7F577} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation) Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance Task: {4221B98A-BF87-498C-887E-3C716BBE1CCE} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall Task: {425C79ED-80CD-40A3-B46F-71AFC1E159BF} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => start wuauserv Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation) Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon Task: {4BE15633-30B7-4978-9521-4629C8D4E8B7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15] (Adobe Systems Incorporated) Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation) Task: {67B6AE9B-0A75-4FD0-BE5A-402B2B5BEF76} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation) Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update Task: {780DCAE5-F40B-4A31-BF44-578117B5EEE6} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2678595623-4148133582-4009595467-1001 Task: {789305D1-A5DB-43A8-807C-0B0A8373272F} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe No File Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode) Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses Task: {9419639C-B457-4D36-A7DB-3321B9E45408} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic Task: {99795111-B034-4740-BFF4-82E6B5D710EA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => start osppsvc Task: {9D7A52EA-F8A4-4DE5-B718-C0779A807865} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\ProtectedSearch.exe [2013-08-13] (Simplygen) Task: {9DCAE56A-934A-4476-8952-E3B213C0E1F2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-02-26] (Samsung Electronics CO., LTD.) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation) Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan Task: {B08067A5-E7F8-44D3-A51E-30AE38050839} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2012-07-26] (Microsoft Corporation) Task: {C87E2939-AB5D-4007-963A-AB8E510C4B56} - System32\Tasks\MATLAB R2011b Startup Accelerator => C:\Programme UNI\bin\win64\MATLABStartupAccelerator.exe [2011-07-08] () Task: {CCAA43C7-A484-4D97-8B40-495CB3711C68} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.) Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork Task: {D9B96D9B-307C-41B6-9CDE-A1130CF79F8A} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-03-12] (SEC) Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery Task: {E223A711-C0AE-4F40-9D9E-0063450ECE19} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation) Task: {EAD237E7-D276-4257-9F16-51DF41548733} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2012-07-26] (Microsoft Corporation) Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\windows\Tasks\MATLAB R2011b Startup Accelerator.job => C:\Programme UNI\bin\win64\MATLABStartupAccelerator.exe ==================== Loaded Modules (whitelisted) ============= 2012-11-16 15:33 - 2012-09-20 08:30 - 01743872 _____ (Microsoft Corporation) C:\windows\SYSTEM32\combase.dll 2012-11-18 22:23 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\windows\system32\SHCORE.dll 2012-07-26 01:55 - 2012-07-26 05:07 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\WINMMBASE.dll 2012-07-26 01:31 - 2012-07-26 05:07 - 00050176 _____ (Microsoft Corporation) C:\windows\SYSTEM32\profext.dll 2012-11-18 22:23 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\windows\SYSTEM32\SHCORE.dll 2012-11-16 15:33 - 2012-09-20 08:33 - 00699392 _____ (Microsoft Corporation) C:\Windows\System32\twinapi.dll 2013-06-28 13:58 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\windows\SYSTEM32\Bcp47Langs.dll 2013-06-28 13:59 - 2013-05-04 08:58 - 10116096 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll 2012-11-18 22:23 - 2012-10-11 07:46 - 01395712 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Immersive.dll 2012-07-26 01:33 - 2012-07-26 05:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\windows.immersiveshell.serviceprovider.dll 2012-11-16 15:33 - 2012-09-20 08:33 - 00866304 _____ (Microsoft Corporation) C:\Windows\System32\WinTypes.dll 2013-05-20 19:18 - 2013-04-09 06:51 - 00456704 _____ (Microsoft Corporation) C:\windows\System32\wpncore.dll 2012-07-26 04:06 - 2012-07-26 05:07 - 00119296 _____ (Microsoft Corporation) C:\windows\SYSTEM32\sppc.dll 2012-08-01 19:10 - 2012-08-01 19:10 - 01111040 _____ (Advanced Micro Devices, Inc. ) C:\windows\SYSTEM32\aticfx64.dll 2012-08-01 18:08 - 2012-08-01 18:08 - 00129536 _____ (Advanced Micro Devices, Inc. ) C:\windows\SYSTEM32\atiuxp64.dll 2012-07-20 08:45 - 2012-07-20 08:45 - 08505856 _____ (Intel Corporation) C:\windows\SYSTEM32\igd10umd64.dll 2012-08-01 18:47 - 2012-08-01 18:47 - 07052288 _____ (Advanced Micro Devices, Inc. ) C:\windows\SYSTEM32\atidxx64.dll 2012-07-26 02:05 - 2012-07-26 05:05 - 00192000 _____ (Microsoft Corporation) C:\windows\SYSTEM32\dcomp.dll 2012-07-26 01:54 - 2012-07-26 05:05 - 00171008 _____ (Microsoft Corporation) C:\windows\System32\IDStore.dll 2012-07-26 01:31 - 2012-07-26 05:08 - 00343552 _____ (Microsoft Corporation) C:\windows\System32\wlidprov.dll 2012-07-26 01:24 - 2012-07-26 05:05 - 00186368 _____ (Microsoft Corporation) C:\Windows\System32\InputSwitch.dll 2012-07-26 03:51 - 2012-07-26 05:05 - 00063488 _____ (Microsoft Corporation) C:\windows\SYSTEM32\elscore.dll 2012-07-26 04:22 - 2012-07-26 05:05 - 00701952 _____ (Microsoft Corporation) C:\windows\system32\ElsLad.dll 2012-07-26 01:55 - 2012-07-26 05:07 - 01161216 _____ (Microsoft Corporation) C:\windows\SYSTEM32\UIAutomationCore.dll 2012-07-26 02:04 - 2012-07-26 05:07 - 00046592 _____ (Microsoft Corporation) C:\windows\SYSTEM32\windows.globalization.fontgroups.dll 2012-07-26 01:22 - 2012-07-26 05:06 - 00601600 _____ (Microsoft Corporation) C:\Windows\System32\MrmCoreR.dll 2013-04-19 10:18 - 2013-03-02 04:44 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncInfo.dll 2013-03-13 12:32 - 2013-02-02 10:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Connectivity.dll 2012-07-26 02:05 - 2012-07-26 05:07 - 00029184 _____ (Microsoft Corporation) C:\windows\SYSTEM32\wcmapi.dll 2012-07-26 02:06 - 2012-07-26 05:07 - 00013312 _____ (Microsoft Corporation) C:\windows\SYSTEM32\TimeBrokerClient.dll 2012-11-16 15:33 - 2012-09-20 08:33 - 00249344 _____ (Microsoft Corporation) C:\windows\System32\wpnprv.dll 2013-04-19 10:18 - 2013-03-02 04:45 - 00645120 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll 2012-07-26 02:06 - 2012-07-26 05:07 - 00015360 _____ (Microsoft Corporation) C:\windows\SYSTEM32\SystemEventsBrokerClient.dll 2012-07-26 02:10 - 2012-07-26 05:05 - 00013824 _____ (Microsoft Corporation) C:\windows\SYSTEM32\DPAPI.dll 2012-07-26 02:26 - 2012-07-26 05:07 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\SettingMonitor.dll 2012-07-26 01:58 - 2012-07-26 05:07 - 00068096 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Sockets.PushEnabledApplication.dll 2012-07-26 04:09 - 2012-07-26 05:07 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\qmgrprxy.dll 2012-07-26 02:08 - 2012-07-26 05:06 - 00205312 _____ (Microsoft Corporation) C:\windows\SYSTEM32\NTASN1.dll 2013-01-10 12:16 - 2012-11-26 06:20 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll 2012-07-26 03:22 - 2012-07-26 05:05 - 00060416 _____ (Microsoft Corporation) C:\windows\System32\IME\SHARED\IMEROAMING.DLL 2012-07-26 03:37 - 2012-07-26 05:06 - 00024576 _____ (Microsoft Corporation) C:\windows\System32\NcaApi.dll 2012-07-26 01:33 - 2012-07-26 05:06 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\NetworkStatus.dll 2012-07-26 01:54 - 2012-07-26 05:05 - 00101888 _____ (Microsoft Corporation) C:\Windows\System32\BluetoothApis.dll 2012-11-16 15:33 - 2012-09-20 08:32 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\PackageStateRoaming.dll 2012-07-26 02:51 - 2012-07-26 05:05 - 00123904 _____ (Microsoft Corporation) C:\windows\SYSTEM32\apprepapi.dll 2013-05-25 02:36 - 2013-05-25 02:36 - 00164016 _____ (Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll 2012-07-26 02:12 - 2012-07-26 06:55 - 01326784 _____ (Microsoft Corporation) C:\windows\SYSTEM32\webservices.dll 2012-07-26 04:19 - 2012-07-26 05:06 - 00023040 _____ (Microsoft Corporation) C:\windows\SYSTEM32\pcacli.dll 2013-03-16 15:13 - 2012-11-02 07:18 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\keepaliveprovider.dll 2012-07-26 01:55 - 2012-07-26 05:07 - 00180224 _____ (Microsoft Corporation) C:\windows\SYSTEM32\WINMMBASE.dll 2012-07-20 08:20 - 2012-07-20 08:20 - 00390144 _____ (Intel Corporation) C:\windows\system32\igfxpph.dll 2012-07-20 08:19 - 2012-07-20 08:19 - 00110592 _____ (Intel Corporation) C:\windows\system32\hccutils.DLL 2012-07-20 08:20 - 2012-07-20 08:20 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrDEU.lrc 2012-07-20 08:20 - 2012-07-20 08:20 - 00062976 _____ (Intel Corporation) C:\windows\system32\igfxsrvc.dll 2012-07-20 08:19 - 2012-07-20 08:19 - 00439296 _____ (Intel Corporation) C:\windows\system32\igfxdev.dll 2012-08-06 04:46 - 2012-08-06 04:46 - 00837632 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll 2012-08-06 04:45 - 2012-08-06 04:45 - 00004608 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamdeu.dll 2013-04-19 10:18 - 2013-03-02 04:45 - 00951808 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Globalization.dll 2012-07-26 02:35 - 2012-07-26 05:07 - 04243456 _____ (Microsoft Corporation) C:\windows\system32\UIRibbon.dll 2012-07-26 04:33 - 2012-07-26 04:33 - 00629760 _____ (Microsoft Corporation) C:\windows\SYSTEM32\UIRibbonRes.dll 2012-07-26 02:59 - 2012-07-26 05:05 - 00465408 _____ (Microsoft Corporation) C:\Windows\System32\dlnashext.dll 2012-11-16 15:33 - 2012-09-20 08:33 - 01304064 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Streaming.dll 2013-04-19 10:18 - 2013-03-02 04:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\System32\DevDispItemProvider.dll 2012-07-26 02:06 - 2012-07-26 05:07 - 00033792 _____ (Microsoft Corporation) C:\windows\SYSTEM32\VirtDisk.dll 2012-07-26 03:21 - 2012-07-26 05:06 - 02109440 _____ (Microsoft Corporation) C:\windows\System32\NLSData0007.dll 2012-07-26 04:09 - 2012-07-26 05:05 - 00124928 _____ (Microsoft Corporation) C:\windows\SYSTEM32\CHARTV.dll 2012-12-05 20:44 - 2012-12-05 20:44 - 00203392 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\FolderViewImpl.dll 2011-06-10 18:15 - 2011-06-10 18:15 - 00829264 _____ (Microsoft Corporation) C:\windows\SYSTEM32\MSVCR100.dll 2011-06-10 18:15 - 2011-06-10 18:15 - 00608080 _____ (Microsoft Corporation) C:\windows\SYSTEM32\MSVCP100.dll 2012-12-05 20:45 - 2012-12-05 20:45 - 00113280 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\utils.dll 2012-12-05 20:44 - 2012-12-05 20:44 - 00033408 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\CommApi.dll 2012-07-26 03:00 - 2012-07-26 05:05 - 00163328 _____ (Microsoft Corporation) C:\windows\SYSTEM32\credui.dll 2012-12-05 20:44 - 2012-12-05 20:44 - 00035456 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\ipc.dll 2012-12-05 20:45 - 2012-12-05 20:45 - 00027264 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\TCPConnection.dll 2012-12-15 15:13 - 2012-12-15 15:15 - 00849360 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.51106.1_x64__8wekyb3d8bbwe\MSVCR110.dll 2012-07-26 09:55 - 2012-07-26 09:53 - 00051056 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\wllog.dll 2012-07-26 09:55 - 2012-07-26 09:53 - 02361712 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Service.dll 2012-07-26 01:33 - 2012-07-26 05:07 - 00175616 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Storage.ApplicationData.dll 2012-11-16 15:33 - 2012-09-20 08:33 - 00699392 _____ (Microsoft Corporation) C:\windows\SYSTEM32\twinapi.dll 2012-11-18 22:23 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\windows\SYSTEM32\shcore.dll 2012-07-26 09:55 - 2012-07-26 09:53 - 00225648 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\shared\bici.dll 2012-07-26 01:59 - 2012-07-26 05:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\threadpoolwinrt.dll 2013-06-28 13:58 - 2013-05-04 08:57 - 00122368 _____ (Microsoft Corporation) C:\Windows\System32\biwinrt.dll 2012-07-26 09:55 - 2012-07-26 09:53 - 01740144 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.dll 2013-01-12 11:22 - 2012-11-27 06:19 - 00244736 _____ (Microsoft Corporation) C:\windows\System32\wpnapps.dll 2013-05-20 19:18 - 2013-04-09 06:51 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll 2012-11-18 22:23 - 2012-10-11 07:43 - 00757760 _____ (Microsoft Corporation) C:\windows\SYSTEM32\FirewallAPI.dll 2012-07-26 09:55 - 2012-07-26 09:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2012-07-26 04:01 - 2012-07-26 05:07 - 00056320 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.dll 2012-07-26 09:55 - 2012-07-26 09:53 - 00054128 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Shared.Market.dll 2012-07-26 09:55 - 2012-07-26 09:53 - 00642416 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.PresenceIM.dll 2012-07-26 09:55 - 2012-07-26 09:53 - 01282928 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Eas.dll 2012-07-26 09:55 - 2012-07-26 09:53 - 01274224 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Calendar.dll 2012-07-26 01:43 - 2012-07-26 05:07 - 00371200 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.dll 2012-07-26 01:45 - 2012-07-26 05:06 - 00300032 _____ (Microsoft Corporation) C:\windows\SYSTEM32\NInput.dll 2012-07-26 02:06 - 2012-07-26 05:05 - 00148480 _____ (Microsoft Corporation) C:\Windows\System32\CryptoWinRT.dll 2012-07-26 03:30 - 2012-07-26 05:05 - 00205312 _____ (Microsoft Corporation) C:\Windows\System32\easwrt.dll 2012-07-26 02:03 - 2012-07-26 05:07 - 00096768 _____ (Microsoft Corporation) C:\windows\SYSTEM32\winbio.dll 2012-07-26 02:05 - 2012-07-26 05:05 - 00274432 _____ (Microsoft Corporation) C:\windows\SYSTEM32\AUTHZ.dll 2012-11-18 22:23 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\windows\SYSTEM32\SHCORE.DLL 2012-07-20 08:19 - 2012-07-20 08:19 - 00110592 _____ (Intel Corporation) C:\Windows\System32\hccutils.DLL 2012-11-18 22:23 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\Windows\System32\SHCORE.dll 2012-07-20 08:19 - 2012-07-20 08:19 - 09007616 _____ (Intel Corporation) C:\Windows\System32\igfxress.dll 2012-07-20 08:16 - 2012-07-20 08:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-10-16 20:01 - 2012-10-16 20:01 - 01046840 _____ (Synaptics Incorporated) C:\windows\system32\SynCOM.dll 2012-10-16 20:01 - 2012-10-16 20:01 - 00229176 _____ (Synaptics Incorporated) C:\windows\SYSTEM32\SynTPAPI.dll 2012-10-16 20:02 - 2012-10-16 20:02 - 12377400 _____ (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPRes.dll 2013-07-10 13:26 - 2013-04-23 00:08 - 09808440 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll 2012-07-25 22:13 - 2012-07-12 04:01 - 00856016 _____ (Microsoft Corporation) C:\windows\SYSTEM32\MSVCR110_CLR0400.dll 2013-07-12 13:27 - 2013-07-12 13:27 - 22589440 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ab0a8fc3d086a3aaf942f366a12a9185\mscorlib.ni.dll 2013-07-12 13:28 - 2013-07-12 13:28 - 13227520 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\System\a868e6efe8abc696ec355ae5721a066a\System.ni.dll 2013-07-12 13:28 - 2013-07-12 13:28 - 05458432 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\450cbc54d708a547c21b61cef8356a3e\WindowsBase.ni.dll 2013-07-12 13:29 - 2013-07-12 13:29 - 14784000 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\a1d00fee0f1e5b0923e2f34dda3c0988\PresentationCore.ni.dll 2013-07-12 13:40 - 2013-07-12 13:40 - 24338944 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#\5a31dbec846561d2fa85e292cfbabe40\PresentationFramework.ni.dll 2013-07-12 13:44 - 2013-07-12 13:44 - 02561024 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\fcd538edf5a9ce801c84174fe42add61\System.Xaml.ni.dll 2012-12-05 20:44 - 2012-12-05 20:44 - 00010880 _____ (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\ExtensionToolkit.dll 2013-06-30 21:19 - 2013-04-02 00:06 - 02123320 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll 2012-07-25 22:13 - 2012-07-12 04:01 - 01079792 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationNative_v0400.dll 2013-06-30 21:18 - 2013-04-02 00:06 - 01237024 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll 2013-07-12 13:45 - 2013-07-12 13:45 - 10137088 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ece05aeeb68c0c14dec2136e8e176f0c\System.Xml.ni.dll 2013-07-12 13:41 - 2013-07-12 13:41 - 01259008 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\b4cc2c6435aff36f374e0b84e73c923e\System.Configuration.ni.dll 2012-11-16 15:32 - 2012-08-31 02:52 - 00283192 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_MSIL\PresentationFramework.resources\v4.0_4.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll 2012-12-05 20:44 - 2012-12-05 20:44 - 00034944 _____ (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.Infrastructure.dll 2012-12-05 20:44 - 2012-12-05 20:44 - 00114816 _____ (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\CommApiInterop.dll 2013-07-12 13:41 - 2013-07-12 13:41 - 02268672 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\d0820598259dfaa1026ee64c39cf2f5f\System.Drawing.ni.dll 2013-07-12 13:44 - 2013-07-12 13:44 - 16835072 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\77fb20230ed3bf0f06b755ca67677856\System.Windows.Forms.ni.dll 2013-07-12 13:42 - 2013-07-12 13:42 - 01001984 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\System.Runt73a1fc9d#\c3e296cb07731590a06c97ba59040f10\System.Runtime.Remoting.ni.dll 2012-07-26 01:54 - 2012-07-26 05:05 - 00101888 _____ (Microsoft Corporation) C:\windows\SYSTEM32\BluetoothApis.dll 2012-12-05 20:44 - 2012-12-05 20:44 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2012-11-18 23:00 - 2012-11-18 23:00 - 05104968 _____ (Microsoft Corporation) C:\windows\WinSxS\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_044aad0bab1eb146\mfc90u.dll 2012-07-25 22:11 - 2012-07-06 04:01 - 00245760 _____ (Microsoft Corporation) C:\windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\msvcm90.dll 2012-11-18 23:00 - 2012-11-18 23:00 - 00063312 _____ (Microsoft Corporation) C:\windows\WinSxS\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_01c9581e60cbee58\MFC90DEU.DLL 2012-12-05 20:44 - 2012-12-05 20:44 - 00042112 _____ (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.Toolkit.dll 2012-12-05 20:44 - 2012-12-05 20:44 - 00070784 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\CombineAgent.dll 2011-06-10 18:15 - 2011-06-10 18:15 - 05601616 _____ (Microsoft Corporation) C:\windows\SYSTEM32\mfc100u.dll 2012-12-05 20:44 - 2012-12-05 20:44 - 00253056 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvSdkDll.dll 2011-06-10 18:15 - 2011-06-10 18:15 - 00064336 _____ (Microsoft Corporation) C:\windows\SYSTEM32\MFC100DEU.DLL 2012-08-01 18:08 - 2012-08-01 18:08 - 00103936 _____ (Advanced Micro Devices, Inc. ) C:\windows\SYSTEM32\atiu9p64.dll 2012-07-20 08:48 - 2012-07-20 08:48 - 08281600 _____ (Intel Corporation) C:\windows\SYSTEM32\igdumd64.dll 2012-08-01 18:20 - 2012-08-01 18:20 - 06676480 _____ (Advanced Micro Devices, Inc. ) C:\windows\SYSTEM32\atiumd64.dll 2013-07-12 13:40 - 2013-07-12 13:40 - 00567296 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\Presentatioaec034ca#\df1034da8aa6771c23435bee97dea7f7\PresentationFramework.Aero2.ni.dll 2012-07-26 04:07 - 2012-07-26 05:06 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\msctfui.dll 2012-07-25 22:14 - 2012-07-12 04:02 - 00106448 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll 2012-12-05 20:39 - 2012-12-05 20:39 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll 2012-07-25 22:13 - 2012-07-12 04:02 - 00132656 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll 2013-06-30 17:58 - 2013-02-23 01:09 - 05413952 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll 2012-12-05 20:45 - 2012-12-05 20:45 - 00063104 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\ModuleManager.dll 2012-12-05 20:41 - 2012-12-05 20:41 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2012-12-05 20:41 - 2012-12-05 20:41 - 00063488 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\RfcommLib\rfcommlib.dll 2012-12-05 20:39 - 2012-12-05 20:39 - 00196096 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\Audio\audio.dll 2012-12-05 20:44 - 2012-12-05 20:44 - 00083072 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Handsfree.dll 2011-06-10 18:15 - 2011-06-10 18:15 - 00158536 _____ (Microsoft Corporation) C:\windows\SYSTEM32\ATL100.DLL 2012-12-05 20:41 - 2012-12-05 20:41 - 00090624 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\L2capLib\l2caplib.dll 2012-12-05 20:41 - 2012-12-05 20:41 - 00087552 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\SesMgr\sesmgr.dll 2012-12-05 20:38 - 2012-12-05 20:38 - 00096768 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\goep\goep.dll 2012-12-05 20:42 - 2012-12-05 20:42 - 00161792 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\BasicPrintProfile\BPP.dll 2012-12-05 20:41 - 2012-12-05 20:41 - 00177152 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\BIP\BIP.dll 2012-12-05 20:39 - 2012-12-05 20:39 - 00059392 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\HumanInterfaceDevice\hid.dll 2012-12-05 20:41 - 2012-12-05 20:41 - 00421888 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\FileTransfer\FileTransfer.dll 2012-12-05 20:45 - 2012-12-05 20:45 - 01067648 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\OutlookLib.dll 2012-12-05 20:39 - 2012-12-05 20:39 - 00018432 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\DID\DId.dll 2012-12-05 20:39 - 2012-12-05 20:39 - 00303616 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\LE\LE.dll 2012-12-05 20:44 - 2012-12-05 20:44 - 00125568 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\gatts.DLL 2012-12-05 20:39 - 2012-12-05 20:39 - 00036352 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\FAX\Fax.dll 2012-12-05 20:41 - 2012-12-05 20:41 - 00091648 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\GapSdp\GapSdp.dll 2012-12-05 20:44 - 2012-12-05 20:44 - 00085632 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\GattI.dll 2012-12-05 20:39 - 2012-12-05 20:39 - 00029696 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\HCRP\Hcrp.dll 2012-12-05 20:41 - 2012-12-05 20:41 - 00097280 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\sap\sap.dll 2012-12-05 20:39 - 2012-12-05 20:39 - 00064512 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\Sync\Sync.dll 2012-12-05 20:42 - 2012-12-05 20:42 - 00066560 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\pbap\pbap.dll 2012-12-05 20:41 - 2012-12-05 20:41 - 00065024 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\OppOperation\OppOperation.dll 2012-12-05 20:41 - 2012-12-05 20:41 - 00055296 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\spp\spp.dll 2012-07-26 01:58 - 2012-07-26 05:08 - 00064000 _____ (Microsoft Corporation) C:\windows\System32\wshBth.dll 2012-12-05 20:38 - 2012-12-05 20:38 - 00181248 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\OppOperation\ObjPush.dll 2012-12-05 20:45 - 2012-12-05 20:45 - 00130176 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\skypeagent.dll 2011-06-10 18:15 - 2011-06-10 18:15 - 05574984 _____ (Microsoft Corporation) C:\windows\SYSTEM32\mfc100.dll 2012-07-26 02:06 - 2012-07-26 05:05 - 00136192 _____ (Microsoft Corporation) C:\windows\SYSTEM32\Cabinet.dll 2013-04-04 10:55 - 2013-01-19 23:13 - 00049152 _____ (Helmut Buhler) C:\Program Files\Windows Sidebar\dwmapi.dll 2013-07-10 13:26 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-11-16 15:33 - 2012-09-20 08:30 - 02219008 _____ (Microsoft Corporation) C:\windows\SYSTEM32\d3d10warp.dll 2012-07-26 03:21 - 2012-07-26 05:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx 2012-07-26 03:23 - 2012-07-26 05:07 - 00194048 _____ (Microsoft Corporation) C:\Windows\System32\ScrRun.dll 2013-05-20 19:18 - 2013-04-09 06:51 - 14267904 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll 2012-11-16 15:33 - 2012-09-20 08:12 - 09374208 _____ (Microsoft Corporation) C:\windows\system32\wmploc.dll 2013-07-10 13:26 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-07-10 13:26 - 2013-06-12 01:26 - 01084928 _____ (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll 2013-07-10 13:26 - 2013-04-23 00:08 - 10004120 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll 2013-07-12 13:45 - 2013-07-12 13:46 - 15577088 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\a77d877c214d5c7b4adbe2b8a9da3cf2\mscorlib.ni.dll 2013-04-04 10:56 - 2010-05-15 14:10 - 00006144 _____ () C:\Users\Michael\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\CoreTempReader.dll 2013-01-10 12:16 - 2012-10-09 05:09 - 01574496 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll 2013-04-04 10:56 - 2010-05-15 14:10 - 00008704 _____ () C:\Users\Michael\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\GetCoreTempInfoNET.dll 2013-04-04 10:56 - 2010-05-15 14:10 - 00007680 _____ () C:\Users\Michael\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\SystemInfo.dll 2012-11-16 15:32 - 2012-09-14 00:04 - 00315392 _____ (Microsoft Corporation) C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll 2012-08-07 14:22 - 2012-07-26 10:08 - 00797776 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll 2013-02-26 17:56 - 2013-02-26 17:56 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll 2013-01-12 11:22 - 2012-11-27 06:19 - 00244736 _____ (Microsoft Corporation) C:\Windows\System32\wpnapps.dll 2012-07-26 02:10 - 2012-07-26 05:05 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\DPAPI.dll 2013-06-28 13:58 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\Windows\System32\Bcp47Langs.dll 2012-07-26 02:28 - 2012-07-26 05:05 - 00096256 _____ (Microsoft Corporation) C:\Windows\System32\AuthBroker.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00097792 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00031744 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00025088 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00048128 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll 2012-11-16 15:33 - 2012-08-31 02:52 - 00994312 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00022016 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00015360 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00061440 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00018432 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00061440 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00038912 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00029184 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll 2012-07-11 23:56 - 2012-07-11 23:56 - 00175104 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00035328 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00006144 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00048128 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.CoreAudioAPI.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00006656 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00007168 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00006656 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll 2013-07-12 13:28 - 2013-07-12 13:28 - 10137600 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\b0c762ba51fa367fc98f795307a56402\System.Core.ni.dll 2011-10-17 09:48 - 2011-10-17 09:48 - 00045056 _____ (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0601.dll 2011-10-17 09:48 - 2011-10-17 09:48 - 00016384 _____ (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Foundation.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00006656 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll 2012-08-01 19:06 - 2012-08-01 19:06 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\ATIDEMGY.dll 2011-10-17 09:48 - 2011-10-17 09:48 - 00007680 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1010.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00311296 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00196608 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll 2011-10-17 09:48 - 2011-10-17 09:48 - 00006656 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00008704 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll 2011-10-17 09:48 - 2011-10-17 09:48 - 00007168 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0804.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00110592 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Runtime.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.Shared.Private.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00081920 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Shared.dll 2011-10-17 09:48 - 2011-10-17 09:48 - 00005120 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1011.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00036352 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00018432 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll 2011-10-17 09:48 - 2011-10-17 09:48 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00086528 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerXpress.Graphics.Runtime.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00038912 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerXpress.Graphics.Shared.dll 2011-10-17 09:48 - 2011-10-17 09:48 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0702.dll 2011-10-17 09:48 - 2011-10-17 09:48 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0710.dll 2011-10-17 09:48 - 2011-10-17 09:48 - 00005120 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0901.dll 2012-08-06 04:53 - 2012-08-06 04:53 - 00013824 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Runtime.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.shared.dll 2011-10-18 15:08 - 2011-10-18 15:08 - 00007168 _____ ( ) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll 2012-08-06 04:55 - 2012-08-06 04:55 - 00014336 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Runtime.dll 2012-08-06 04:55 - 2012-08-06 04:55 - 00008192 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.shared.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll 2012-08-06 04:55 - 2012-08-06 04:55 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Runtime.dll 2012-08-06 04:55 - 2012-08-06 04:55 - 00012288 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Shared.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00307200 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Client.dll 2012-08-06 04:53 - 2012-08-06 04:53 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Runtime.dll 2012-08-06 04:53 - 2012-08-06 04:53 - 00010752 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Shared.dll 2012-08-06 04:53 - 2012-08-06 04:53 - 00013312 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Fuel.Foundation.dll 2012-08-06 04:55 - 2012-08-06 04:55 - 00011264 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Runtime.dll 2012-08-06 04:55 - 2012-08-06 04:55 - 00009216 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Shared.dll 2012-08-06 04:55 - 2012-08-06 04:55 - 00015360 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Runtime.dll 2012-08-06 04:53 - 2012-08-06 04:53 - 00012800 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Shared.dll 2012-08-06 04:55 - 2012-08-06 04:55 - 00019456 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Shared.dll 2012-08-06 04:53 - 2012-08-06 04:53 - 00050688 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Shared.dll 2012-08-06 04:53 - 2012-08-06 04:53 - 00011776 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll 2012-08-06 04:53 - 2012-08-06 04:53 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00066560 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00007168 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00479744 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Private.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00385024 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00036864 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00341504 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Implementation.de_Localization.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00008192 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll 2012-08-06 04:51 - 2012-08-06 04:51 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 01395712 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00176128 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 01007616 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll 2012-08-06 04:55 - 2012-08-06 04:55 - 00028672 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00057344 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll 2012-08-06 04:54 - 2012-08-06 04:54 - 01406464 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Combined.Graphics.Aspects1.Dashboard.dll 2012-08-06 04:53 - 2012-08-06 04:53 - 00444416 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll 2012-08-06 04:54 - 2012-08-06 04:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll 2012-08-06 04:53 - 2012-08-06 04:53 - 02400256 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll 2012-08-06 04:52 - 2012-08-06 04:52 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MultiVPU2.Graphics.Shared.dll 2012-08-06 04:53 - 2012-08-06 04:53 - 00160256 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Dashboard.dll 2012-08-06 04:53 - 2012-08-06 04:53 - 00053248 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll 2012-08-06 04:54 - 2012-08-06 04:54 - 00289792 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll 2012-08-06 04:54 - 2012-08-06 04:54 - 00035840 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll 2012-08-06 04:55 - 2012-08-06 04:55 - 00021504 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Dashboard.dll 2012-08-06 04:55 - 2012-08-06 04:55 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Audio.Graphics.Dashboard.dll 2012-08-06 04:53 - 2012-08-06 04:53 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Dashboard.dll 2012-08-06 04:55 - 2012-08-06 04:55 - 00008192 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Dashboard.dll 2012-08-06 04:55 - 2012-08-06 04:55 - 00040448 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Dashboard.dll 2012-08-06 04:53 - 2012-08-06 04:53 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll 2012-11-16 15:33 - 2012-08-31 02:52 - 00257024 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_MSIL\System.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.resources.dll 2012-08-06 04:53 - 2012-08-06 04:53 - 00061440 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.ProfileManager2.dll 2012-08-06 04:53 - 2012-08-06 04:53 - 00175104 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll 2012-11-16 15:32 - 2012-08-31 02:52 - 00124456 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_MSIL\PresentationCore.resources\v4.0_4.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll 2012-07-25 22:13 - 2012-07-12 04:02 - 00024584 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll 2013-07-10 13:27 - 2013-05-15 03:04 - 00103560 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll 2013-04-19 10:18 - 2013-03-02 04:44 - 00703488 _____ (Microsoft Corporation) C:\windows\SYSTEM32\drvstore.dll 2013-01-10 12:16 - 2012-08-31 02:52 - 00655928 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll 2013-06-30 21:18 - 2013-04-02 00:06 - 00277040 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll 2013-04-18 22:44 - 2013-04-05 12:41 - 00720384 _____ (Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePassLibC64.dll ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\Users\Michael\Desktop\Thumbs.db:encryptable AlternateDataStreams: C:\Users\Michael\Downloads\Thumbs.db:encryptable AlternateDataStreams: C:\Users\Michael\Documents\Thumbs.db:encryptable AlternateDataStreams: C:\Users\Public\Thumbs.db:encryptable ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/02/2013 03:36:50 PM) (Source: Application Hang) (User: ) Description: Programm firefox.exe, Version 22.0.0.4917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1970 Startzeit: 01cea7e16337f62c Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: b457150c-13d4-11e3-bee5-50b7c3505830 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (08/07/2013 10:23:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MICHIPC) Description: Bei der Aktivierung der App „Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (08/07/2013 10:23:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MICHIPC) Description: Die App „Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing“ wurde nicht innerhalb der vorgesehenen Zeit gestartet. Error: (08/06/2013 10:18:20 PM) (Source: Application Hang) (User: ) Description: Programm firefox.exe, Version 22.0.0.4917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 18b0 Startzeit: 01ce92cdf44ab50b Endzeit: 76 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 52f10edf-fed5-11e2-bee4-50b7c3505830 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (08/06/2013 00:19:10 AM) (Source: Application Hang) (User: ) Description: Programm firefox.exe, Version 22.0.0.4917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1268 Startzeit: 01ce920ebea47b49 Endzeit: 672 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 07908c40-fe1d-11e2-bee4-50b7c3505830 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (08/05/2013 10:19:43 AM) (Source: ATIeRecord) (User: ) Description: ATI EEU Client event error Error: (07/28/2013 07:30:11 PM) (Source: ATIeRecord) (User: ) Description: ATI EEU Client event error Error: (07/28/2013 06:52:40 PM) (Source: ATIeRecord) (User: ) Description: ATI EEU Client event error Error: (07/27/2013 09:31:54 PM) (Source: Desktop Window Manager) (User: ) Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt. Error: (07/25/2013 10:58:34 PM) (Source: ATIeRecord) (User: ) Description: ATI EEU Client event error System errors: ============= Error: (08/07/2013 10:19:42 AM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 07.08.2013 um 00:29:30 unerwartet heruntergefahren. Error: (08/05/2013 10:18:51 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (07/30/2013 00:46:38 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (07/28/2013 11:09:57 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SWUpdateService erreicht. Error: (07/28/2013 06:52:33 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (07/27/2013 09:32:56 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SWUpdateService erreicht. Error: (07/24/2013 03:23:33 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (07/22/2013 10:21:25 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/22/2013 10:21:25 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Rapid Storage Technology erreicht. Error: (07/22/2013 10:18:31 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 22.07.2013 um 22:14:51 unerwartet heruntergefahren. Microsoft Office Sessions: ========================= Error: (09/02/2013 03:36:50 PM) (Source: Application Hang)(User: ) Description: firefox.exe22.0.0.4917197001cea7e16337f62c0C:\Program Files (x86)\Mozilla Firefox\firefox.exeb457150c-13d4-11e3-bee5-50b7c3505830 Error: (08/07/2013 10:23:47 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: MICHIPC) Description: Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing-2144927142 Error: (08/07/2013 10:23:18 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: MICHIPC) Description: Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing Error: (08/06/2013 10:18:20 PM) (Source: Application Hang)(User: ) Description: firefox.exe22.0.0.491718b001ce92cdf44ab50b76C:\Program Files (x86)\Mozilla Firefox\firefox.exe52f10edf-fed5-11e2-bee4-50b7c3505830 Error: (08/06/2013 00:19:10 AM) (Source: Application Hang)(User: ) Description: firefox.exe22.0.0.4917126801ce920ebea47b49672C:\Program Files (x86)\Mozilla Firefox\firefox.exe07908c40-fe1d-11e2-bee4-50b7c3505830 Error: (08/05/2013 10:19:43 AM) (Source: ATIeRecord)(User: ) Description: Error: (07/28/2013 07:30:11 PM) (Source: ATIeRecord)(User: ) Description: Error: (07/28/2013 06:52:40 PM) (Source: ATIeRecord)(User: ) Description: Error: (07/27/2013 09:31:54 PM) (Source: Desktop Window Manager)(User: ) Description: 0x8898008d Error: (07/25/2013 10:58:34 PM) (Source: ATIeRecord)(User: ) Description: ==================== Memory info =========================== Percentage of memory in use: 31% Total physical RAM: 8083.55 MB Available physical RAM: 5563.08 MB Total Pagefile: 9619.55 MB Available Pagefile: 6955.47 MB Total Virtual: 8192 MB Available Virtual: 8191.76 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:673.74 GB) (Free:551.89 GB) NTFS Drive d: (Crysis) (CDROM) (Total:5.47 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 699 GB) (Disk ID: 4F494D44) Partition: GPT Partition Type ==================== End Of Log ============================ Code:
ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Montag, 2. September 2013 22:37 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 8 Windowsversion : (plain) [6.2.9200] Boot Modus : Normal gebootet Benutzername : Michael Computername : MICHIPC Versionsinformationen: BUILD.DAT : 13.0.0.4052 Bytes 29.08.2013 17:56:00 AVSCAN.EXE : 13.6.20.2100 639032 Bytes 02.09.2013 13:33:49 AVSCANRC.DLL : 13.6.20.2174 63032 Bytes 02.09.2013 13:33:49 LUKE.DLL : 13.6.20.2174 65080 Bytes 02.09.2013 13:33:59 AVSCPLR.DLL : 13.6.20.2174 92216 Bytes 02.09.2013 13:33:49 AVREG.DLL : 13.6.20.2174 250424 Bytes 02.09.2013 13:33:48 avlode.dll : 13.6.20.2174 497720 Bytes 02.09.2013 13:33:47 avlode.rdf : 13.0.1.42 26846 Bytes 02.09.2013 13:34:02 VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 14:55:20 VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 17:07:19 VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 11:31:43 VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 20:26:24 VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 05:40:27 VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 13:33:40 VBASE006.VDF : 7.11.98.187 2048 Bytes 29.08.2013 13:33:41 VBASE007.VDF : 7.11.98.188 2048 Bytes 29.08.2013 13:33:41 VBASE008.VDF : 7.11.98.189 2048 Bytes 29.08.2013 13:33:41 VBASE009.VDF : 7.11.98.190 2048 Bytes 29.08.2013 13:33:41 VBASE010.VDF : 7.11.98.191 2048 Bytes 29.08.2013 13:33:41 VBASE011.VDF : 7.11.98.192 2048 Bytes 29.08.2013 13:33:41 VBASE012.VDF : 7.11.98.193 2048 Bytes 29.08.2013 13:33:41 VBASE013.VDF : 7.11.99.52 270848 Bytes 30.08.2013 13:33:41 VBASE014.VDF : 7.11.99.167 210944 Bytes 02.09.2013 13:33:41 VBASE015.VDF : 7.11.99.168 2048 Bytes 02.09.2013 13:33:41 VBASE016.VDF : 7.11.99.169 2048 Bytes 02.09.2013 13:33:41 VBASE017.VDF : 7.11.99.170 2048 Bytes 02.09.2013 13:33:41 VBASE018.VDF : 7.11.99.171 2048 Bytes 02.09.2013 13:33:41 VBASE019.VDF : 7.11.99.172 2048 Bytes 02.09.2013 13:33:41 VBASE020.VDF : 7.11.99.173 2048 Bytes 02.09.2013 13:33:41 VBASE021.VDF : 7.11.99.174 2048 Bytes 02.09.2013 13:33:41 VBASE022.VDF : 7.11.99.175 2048 Bytes 02.09.2013 13:33:41 VBASE023.VDF : 7.11.99.176 2048 Bytes 02.09.2013 13:33:41 VBASE024.VDF : 7.11.99.177 2048 Bytes 02.09.2013 13:33:41 VBASE025.VDF : 7.11.99.178 2048 Bytes 02.09.2013 13:33:42 VBASE026.VDF : 7.11.99.179 2048 Bytes 02.09.2013 13:33:42 VBASE027.VDF : 7.11.99.180 2048 Bytes 02.09.2013 13:33:42 VBASE028.VDF : 7.11.99.181 2048 Bytes 02.09.2013 13:33:42 VBASE029.VDF : 7.11.99.182 2048 Bytes 02.09.2013 13:33:42 VBASE030.VDF : 7.11.99.183 2048 Bytes 02.09.2013 13:33:42 VBASE031.VDF : 7.11.99.206 72192 Bytes 02.09.2013 13:33:42 Engineversion : 8.2.12.114 AEVDF.DLL : 8.1.3.4 102774 Bytes 13.06.2013 16:40:51 AESCRIPT.DLL : 8.1.4.146 512382 Bytes 02.09.2013 13:33:45 AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 19:24:41 AESBX.DLL : 8.2.16.26 1245560 Bytes 02.09.2013 13:33:45 AERDL.DLL : 8.2.0.128 688504 Bytes 13.06.2013 16:40:50 AEPACK.DLL : 8.3.2.24 749945 Bytes 20.06.2013 11:04:42 AEOFFICE.DLL : 8.1.2.76 205181 Bytes 02.09.2013 13:33:44 AEHEUR.DLL : 8.1.4.588 6091130 Bytes 02.09.2013 13:33:44 AEHELP.DLL : 8.1.27.6 266617 Bytes 02.09.2013 13:33:42 AEGEN.DLL : 8.1.7.12 442743 Bytes 02.09.2013 13:33:42 AEEXP.DLL : 8.4.1.54 311671 Bytes 02.09.2013 13:33:45 AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55 AECORE.DLL : 8.1.32.0 201081 Bytes 02.09.2013 13:33:42 AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38 AVWINLL.DLL : 13.6.20.2174 23608 Bytes 02.09.2013 13:33:35 AVPREF.DLL : 13.6.20.2174 48184 Bytes 02.09.2013 13:33:48 AVREP.DLL : 13.6.20.2174 175672 Bytes 02.09.2013 13:33:48 AVARKT.DLL : 13.6.20.2174 258104 Bytes 02.09.2013 13:33:45 AVEVTLOG.DLL : 13.6.20.2174 165432 Bytes 02.09.2013 13:33:46 SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40 AVSMTP.DLL : 13.6.20.2174 60472 Bytes 02.09.2013 13:33:49 NETNT.DLL : 13.6.20.2174 13368 Bytes 02.09.2013 13:33:59 RCIMAGE.DLL : 13.6.20.2174 4786744 Bytes 02.09.2013 13:33:36 RCTEXT.DLL : 13.6.20.2174 68152 Bytes 02.09.2013 13:33:36 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: Interaktiv Sekundäre Aktion......................: Ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Prüfe alle Dateien....................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Abweichende Gefahrenkategorien........: +GAME,+JOKE,+SPR, Beginn des Suchlaufs: Montag, 2. September 2013 22:37 Der Suchlauf über die Masterbootsektoren wird begonnen: Der Suchlauf über die Bootsektoren wird begonnen: Der Suchlauf nach versteckten Objekten wird begonnen. Fehler in der ARK Library Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'atiesrxx.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '103' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '176' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '127' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'adminservice.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'dsNcService.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'dashost.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'EasyLauncher.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'E_S40STB.EXE' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'E_S40RPB.EXE' - '12' Modul(e) wurden durchsucht Durchsuche Prozess 'HeciServer.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'jhi_service.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'dsAccessService.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'SWMAgent.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'Ath_CoexAgent.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '58' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '104' Modul(e) wurden durchsucht Durchsuche Prozess 'IntelMeFWService.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'LMS.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'DllHost.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'UNS.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '85' Modul(e) wurden durchsucht Durchsuche Prozess 'dwm.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'atieclxx.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhostex.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '256' Modul(e) wurden durchsucht Durchsuche Prozess 'EasySettingsCmdServer.exe' - '99' Modul(e) wurden durchsucht Durchsuche Prozess 'ismagent.exe' - '106' Modul(e) wurden durchsucht Durchsuche Prozess 'LiveComm.exe' - '94' Modul(e) wurden durchsucht Durchsuche Prozess 'sSettings.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxext.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'RAVCpl64.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxtray.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'updateui.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'hkcmd.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxpers.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPEnh.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'BtTray.exe' - '104' Modul(e) wurden durchsucht Durchsuche Prozess 'BtvStack.exe' - '111' Modul(e) wurden durchsucht Durchsuche Prozess 'Skype.exe' - '129' Modul(e) wurden durchsucht Durchsuche Prozess 'sidebar.exe' - '110' Modul(e) wurden durchsucht Durchsuche Prozess 'SYNTPHELPER.EXE' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'Dropbox.exe' - '85' Modul(e) wurden durchsucht Durchsuche Prozess 'ActivateDesktop.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'ONENOTEM.EXE' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'PDVD10Serv.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'CLMLSvc_P2G8.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'CommonAgent.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'RuntimeBroker.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'MOM.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorIcon.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'CCC.exe' - '202' Modul(e) wurden durchsucht Durchsuche Prozess 'GuaranaAgent.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '102' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '88' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'DllHost.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '108' Modul(e) wurden durchsucht Durchsuche Prozess 'KeePass.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '130' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '106' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchFilterHost.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '15' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'WinLogon.exe' - '27' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '26099' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' Ende des Suchlaufs: Dienstag, 3. September 2013 01:48 Benötigte Zeit: 3:11:17 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 42009 Verzeichnisse wurden überprüft 1341073 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 1341073 Dateien ohne Befall 10519 Archive wurden durchsucht 0 Warnungen 0 Hinweise 89 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Log created at 15:58 on 02/09/2013 (Michael) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-09-2013 04 Ran by Michael (administrator) on MICHIPC on 02-09-2013 16:04:41 Running from C:\trojana_board_programme\RST Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\windows\system32\atiesrxx.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Microsoft Corporation) C:\windows\system32\dashost.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe () C:\windows\SysWOW64\PnkBstrA.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (AMD) C:\windows\system32\atieclxx.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Intel Corporation) C:\windows\system32\igfxext.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe () C:\trojana_board_programme\Defogger.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated) HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Atheros Communications) HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) HKCU\...\Run: [EPSON SX110 Series] - C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\windows\TEMP\E_SD1B9.tmp" /EF "HKCU" [x] HKCU\...\Policies\system: [DisableLockWorkstation] 0 MountPoints2: {3804aa3f-4c5e-11e2-be93-50b7c3505830} - "E:\DTVP_Launcher.exe" MountPoints2: {7cc75bf7-aa91-11e2-beb3-806e6f6e6963} - "D:\AutoRunCD.exe" HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1960448 2013-04-05] (Dominik Reichl) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q= HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q= HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q= SearchScopes: HKLM - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms} SearchScopes: HKLM-x32 - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms} SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.2&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms} SearchScopes: HKCU - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms} SearchScopes: HKCU - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms} SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.2&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms} BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: HomeTab - {19a395c9-823b-4700-b817-396fc84ffb16} - C:\Users\Michael\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech Ltd.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\Michael\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech Ltd.) Toolbar: HKLM-x32 - HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\Michael\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech Ltd.) Toolbar: HKLM-x32 - HomeTab - {19a395c9-823b-4700-b817-396fc84ffb16} - C:\Users\Michael\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech Ltd.) DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default FF DefaultSearchEngine: Web Search FF SearchEngineOrder.1: Web Search FF SelectedSearchEngine: Google FF Homepage: about:home FF Keyword.URL: hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q= FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\searchplugins\Web Search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com FF Extension: Super Start - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\superstart@enjoyfreeware.org FF Extension: Yahoo! Toolbar - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF Extension: 2.0 - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\2.0@disconnect.me.xpi FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2012-12-06] () R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2956336 2013-05-15] (Samsung Electronics CO., LTD.) S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-07-03] (soft Xpansion) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros) ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.) S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-04-02] (Avira Operations GmbH & Co. KG) R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-12-05] (Qualcomm Atheros) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-05] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-02 15:58 - 2013-09-02 15:58 - 00000000 _____ C:\Users\Michael\defogger_reenable 2013-09-02 15:55 - 2013-09-02 16:00 - 00000000 ____D C:\trojana_board_programme 2013-09-02 15:36 - 2013-08-13 08:38 - 00032328 _____ C:\windows\Launcher.exe 2013-09-02 15:29 - 2013-09-02 15:29 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2013-08-05 21:13 - 2013-08-05 21:13 - 00055386 _____ C:\windows\DirectX.log ==================== One Month Modified Files and Folders ======= 2013-09-02 16:04 - 2013-09-02 16:04 - 00000000 ____D C:\FRST 2013-09-02 16:02 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru 2013-09-02 16:00 - 2013-09-02 15:55 - 00000000 ____D C:\trojana_board_programme 2013-09-02 15:58 - 2013-09-02 15:58 - 00000000 _____ C:\Users\Michael\defogger_reenable 2013-09-02 15:58 - 2012-11-16 14:55 - 00000000 ____D C:\Users\Michael 2013-09-02 15:51 - 2012-11-16 21:03 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-09-02 15:36 - 2013-07-03 14:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\HomeTab 2013-09-02 15:36 - 2013-07-03 14:57 - 00000000 ____D C:\Program Files (x86)\HomeTab 2013-09-02 15:35 - 2012-09-18 13:06 - 00000000 ____D C:\ProgramData\WinClon 2013-09-02 15:34 - 2013-05-07 16:03 - 00082136 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2013-09-02 15:34 - 2013-04-02 19:29 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2013-09-02 15:34 - 2013-04-02 19:29 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2013-09-02 15:32 - 2012-11-22 19:31 - 00000510 _____ C:\windows\Tasks\MATLAB R2011b Startup Accelerator.job 2013-09-02 15:32 - 2012-09-19 03:58 - 00764178 _____ C:\windows\system32\perfh007.dat 2013-09-02 15:32 - 2012-09-19 03:58 - 00160770 _____ C:\windows\system32\perfc007.dat 2013-09-02 15:32 - 2012-07-26 09:28 - 01776012 _____ C:\windows\system32\PerfStringBackup.INI 2013-09-02 15:31 - 2013-03-20 16:10 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype 2013-09-02 15:31 - 2012-11-16 18:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox 2013-09-02 15:30 - 2012-11-16 18:59 - 00000000 ___RD C:\Users\Michael\Dropbox 2013-09-02 15:29 - 2013-09-02 15:29 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2013-09-02 15:28 - 2012-09-18 12:55 - 00000868 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2013-09-01 01:00 - 2013-04-19 00:02 - 00000000 ____D C:\Users\Michael\AppData\Roaming\KeePass 2013-08-13 08:38 - 2013-09-02 15:36 - 00032328 _____ C:\windows\Launcher.exe 2013-08-07 10:50 - 2012-09-18 12:55 - 00000870 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2013-08-07 10:19 - 2013-07-18 21:00 - 00446744 _____ C:\windows\system32\FNTCACHE.DAT 2013-08-07 10:19 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-08-06 22:43 - 2013-07-03 15:27 - 01887256 _____ C:\windows\WindowsUpdate.log 2013-08-06 09:52 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent 2013-08-05 21:15 - 2012-09-18 13:25 - 01778284 _____ C:\windows\SysWOW64\PerfStringBackup.INI 2013-08-05 21:15 - 2012-07-26 10:12 - 00000000 ____D C:\windows\Registration 2013-08-05 21:13 - 2013-08-05 21:13 - 00055386 _____ C:\windows\DirectX.log 2013-08-05 21:13 - 2012-12-06 21:13 - 00669184 _____ C:\windows\SysWOW64\pbsvc.exe 2013-08-05 21:13 - 2012-12-06 21:13 - 00103736 _____ C:\windows\SysWOW64\PnkBstrB.exe Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe C:\Users\Michael\GoogleEarthPluginSetup.exe C:\Users\Michael\AppData\Local\Temp\drm_dialogs.dll C:\Users\Michael\AppData\Local\Temp\tbu20D8.exe C:\Users\Michael\AppData\Local\Temp\tbu7DE.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-05 10:19 ==================== End Of Log ============================ --- --- --- |
04.09.2013, 16:21 | #4 |
| Certified Toolbar nach download eingefangen GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-09-02 22:25:19 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000032 ST750LM022_HN-M750MBB rev.2AR10002 698,64GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Michael\AppData\Local\Temp\pxloypow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\windows\System32\win32k.sys!W32pServiceTable fffff96000230d00 7 bytes [40, 6C, 82, 01, 00, 55, F2] .text C:\windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000230d08 7 bytes [01, B1, C1, FF, 00, A1, DC] ---- Threads - GMER 2.1 ---- Thread C:\windows\System32\svchost.exe [396:1392] 000007f8e15fba00 Thread C:\windows\System32\svchost.exe [396:4900] 000007f8e3533fd0 Thread C:\windows\System32\svchost.exe [396:5964] 000007f8e053d594 Thread C:\windows\System32\svchost.exe [396:5236] 000007f8e0534150 Thread C:\windows\System32\svchost.exe [396:8496] 000007f8df8f54c0 Thread C:\windows\System32\svchost.exe [396:5412] 000007f8e6dc1c70 Thread C:\windows\system32\svchost.exe [1712:1884] 000007f8e056c4f0 Thread C:\windows\system32\svchost.exe [1712:1936] 000007f8e0578810 Thread C:\windows\system32\svchost.exe [1712:1944] 000007f8e0595170 Thread C:\windows\system32\svchost.exe [1712:1948] 000007f8e05784a0 Thread C:\windows\system32\svchost.exe [1712:1736] 000007f8e03731a0 Thread C:\windows\system32\svchost.exe [1712:3340] 000007f8e0379c68 Thread C:\windows\system32\svchost.exe [1712:4356] 000007f8d94f24e8 Thread C:\windows\system32\svchost.exe [1712:4372] 000007f8d94d4910 Thread C:\windows\system32\svchost.exe [1712:4448] 000007f8d94c1544 Thread C:\windows\system32\svchost.exe [1712:4504] 000007f8d69e55dc Thread C:\windows\system32\svchost.exe [1712:6508] 000007f8d94d1044 Thread C:\windows\SYSTEM32\ntdll.dll [2176:2180] 00000000001ba912 Thread C:\windows\SYSTEM32\ntdll.dll [852:3280] 000000000027314e Thread C:\windows\SYSTEM32\ntdll.dll [4684:4360] 000000000021e362 Thread C:\windows\system32\DllHost.exe [3500:5936] 000007f8dd8533c0 Thread C:\windows\SYSTEM32\ntdll.dll [2404:3832] 0000000001348fb2 Thread C:\windows\system32\csrss.exe [7524:6160] fffff9600092a5e8 Thread C:\windows\system32\taskhostex.exe [1892:8008] 000007f8e4dc2210 Thread C:\windows\system32\taskhostex.exe [1892:7464] 000007f8e3a125d8 Thread C:\windows\system32\taskhostex.exe [1892:7328] 000007f8e7ab46b0 Thread C:\windows\system32\taskhostex.exe [1892:8244] 000007f8e2ca1130 Thread C:\windows\system32\taskhostex.exe [1892:9000] 000007f8de6177b0 Thread C:\windows\system32\taskhostex.exe [1892:1580] 000007f8de6177b0 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3724:2716] 000007f8de6177b0 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3724:8504] 000007f8de6177b0 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3724:3388] 000007f8e999c648 Thread C:\windows\SYSTEM32\ntdll.dll [5388:2672] 0000000000408417 Thread C:\windows\SYSTEM32\ntdll.dll [5388:5856] 00000000004066c0 Thread C:\windows\SYSTEM32\ntdll.dll [2452:84] 000000000040ee72 Thread C:\windows\SYSTEM32\ntdll.dll [2452:7716] 0000000000402ff0 Thread C:\windows\SYSTEM32\ntdll.dll [2452:4200] 00000000735a97fe Thread C:\windows\SYSTEM32\ntdll.dll [2452:3436] 000000000040c3b0 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
04.09.2013, 20:04 | #5 | |
/// the machine /// TB-Ausbilder | Certified Toolbar nach download eingefangenCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
07.09.2013, 10:23 | #6 |
| Certified Toolbar nach download eingefangen hallo schrauber also ich hab den kombofix zweimal angewendet.Nach dem ersten mal, musst ich feststellen, dass mein password generator "keepass 2" sich nicht mehr starten lässt und die Fehlermeldung "c:/programmfille x86... ein an das system angeschlossenes Gerät funktioniert nicht" erscheint...na muss ich mal schauen darauf hin hab ich das zweite mal das programm gestartet, um zu schauen ob ich irgendwas vermasselt hab, einzustellen. Da ist natürlich das programm vollends nochmal durchgelaufen und hat die erste logdatei durch die zweite ersezt .nach dem ersten mal hat sich jedoch die browserseite wieder auf die von certified toolbar eingestellt. auf jedenfall hier die zweite logdatei. Code:
ATTFilter ComboFix 13-09-06.01 - Michael 07.09.2013 10:56:40.2.8 - x64 Microsoft Windows 8 6.2.9200.0.1252.49.1031.18.8084.6252 [GMT 2:00] ausgeführt von:: c:\trojana_board_programme\combofix\ComboFix.exe AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Michael\AppData\Roaming\HomeTab\HomeTab.dll . . ((((((((((((((((((((((( Dateien erstellt von 2013-08-07 bis 2013-09-07 )))))))))))))))))))))))))))))) . . 2013-09-07 09:03 . 2013-09-07 09:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-03 01:04 . 2013-09-03 01:07 -------- d-----w- c:\windows\system32\MRT 2013-09-03 00:58 . 2013-08-13 06:38 32328 ----a-w- c:\windows\Launcher.exe 2013-09-02 23:09 . 2013-05-23 23:02 1314816 ----a-w- c:\windows\system32\rpcrt4.dll 2013-09-02 23:09 . 2013-05-23 22:25 694272 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2013-09-02 23:07 . 2013-07-26 05:13 915968 ----a-w- c:\windows\system32\uxtheme.dll 2013-09-02 23:06 . 2013-07-26 03:12 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-09-02 23:06 . 2013-07-26 03:12 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll 2013-09-02 23:06 . 2013-07-13 06:16 1889280 ----a-w- c:\windows\system32\crypt32.dll 2013-09-02 23:06 . 2013-07-13 06:18 337408 ----a-w- c:\windows\system32\wintrust.dll 2013-09-02 23:06 . 2013-07-13 06:16 68096 ----a-w- c:\windows\system32\cryptsvc.dll 2013-09-02 23:06 . 2013-07-13 06:15 98304 ----a-w- c:\windows\system32\apprepsync.dll 2013-09-02 23:06 . 2013-07-13 06:15 124416 ----a-w- c:\windows\system32\apprepapi.dll 2013-09-02 23:06 . 2013-07-13 04:24 261120 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-09-02 23:06 . 2013-07-13 04:23 1568256 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-09-02 23:06 . 2013-07-13 04:23 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll 2013-09-02 23:06 . 2013-07-13 04:23 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll 2013-09-02 14:26 . 2013-09-04 13:45 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2013-09-02 14:04 . 2013-09-02 14:04 -------- d-----w- C:\FRST 2013-09-02 13:55 . 2013-09-07 08:05 -------- d-----w- C:\trojana_board_programme . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-03 01:04 . 2012-12-16 11:59 78161360 ----a-w- c:\windows\system32\MRT.exe 2013-09-02 13:34 . 2013-05-07 14:03 82136 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-09-02 13:34 . 2013-04-02 17:29 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-09-02 13:34 . 2013-04-02 17:29 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-08-05 19:13 . 2012-12-06 19:13 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-08-05 19:13 . 2012-12-06 19:13 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe 2013-07-16 08:39 . 2013-07-16 08:39 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2013-07-03 12:54 . 2013-07-03 12:53 444400 ----a-w- c:\program files (x86)\DLG_free-pdf-perfect_chip_de-DE10.exe 2013-06-27 22:04 . 2013-07-11 21:37 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-27 22:04 . 2013-07-11 21:37 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-16 22:41 . 2013-07-19 15:30 997632 ----a-w- c:\windows\system32\drivers\ndis.sys 2013-03-13 14:11 . 2013-03-13 14:11 24449680 ----a-w- c:\program files\GoogleEarthWin703.exe 2012-11-22 16:17 . 2012-11-22 16:17 6208736 ----a-w- c:\program files\JuniperVpnClient.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{19a395c9-823b-4700-b817-396fc84ffb16}] c:\users\Michael\AppData\Roaming\HomeTab\HomeTab.dll [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ba696155-d96e-4281-b467-0367a0456474}] c:\users\Michael\AppData\Roaming\HomeTab\HomeTab.dll [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{ba696155-d96e-4281-b467-0367a0456474}"= "c:\users\Michael\AppData\Roaming\HomeTab\HomeTab.dll" [BU] "{19a395c9-823b-4700-b817-396fc84ffb16}"= "c:\users\Michael\AppData\Roaming\HomeTab\HomeTab.dll" [BU] . [HKEY_CLASSES_ROOT\clsid\{ba696155-d96e-4281-b467-0367a0456474}] [HKEY_CLASSES_ROOT\wtb.Band.1] [HKEY_CLASSES_ROOT\TypeLib\{5b191ea7-f309-4d2f-aaa5-c77d84d29ccd}] [HKEY_CLASSES_ROOT\wtb.Band] . [HKEY_CLASSES_ROOT\clsid\{19a395c9-823b-4700-b817-396fc84ffb16}] [HKEY_CLASSES_ROOT\wtb.Band.1] [HKEY_CLASSES_ROOT\TypeLib\{dabf9301-b3ea-4153-8e6b-06131356bfb8}] [HKEY_CLASSES_ROOT\wtb.Band] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2012-05-19 1371648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-08-15 97392] "CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120] "CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-12 491120] "Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-13 155488] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-02 347192] "KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2013-07-20 2010624] . c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968] OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" . R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 SWUpdateService;SW Update Service;c:\programdata\Samsung\SW Update Service\SWMAgent.exe;c:\programdata\Samsung\SW Update Service\SWMAgent.exe [x] R3 androidusb;ADB Interface Driver;c:\windows\System32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 SXDS10;soft Xpansion Dispatch Service;c:\program files (x86)\Common Files\soft Xpansion\sxds10.exe \Service;c:\program files (x86)\Common Files\soft Xpansion\sxds10.exe \Service [x] R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x] S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x] S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] S2 Easy Launcher;Easy Launcher;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 JuniperAccessService;Juniper Unified Network Service;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x] S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x] S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x] S3 BTATH_HID;Bluetooth HID Device;c:\windows\system32\DRIVERS\btath_hid.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hid.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\System32\drivers\dc3d.sys;c:\windows\SYSNATIVE\drivers\dc3d.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x] S3 RadioHIDMini;Radio HID Mini-driver;c:\windows\System32\drivers\RadioHIDMini.sys;c:\windows\SYSNATIVE\drivers\RadioHIDMini.sys [x] S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2013-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-16 06:38] . 2013-09-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 02:54] . 2013-09-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 02:54] . 2013-09-07 c:\windows\Tasks\MATLAB R2011b Startup Accelerator.job - c:\programme uni\bin\win64\MATLABStartupAccelerator.exe [2012-11-22 14:34] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-10 13191824] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-07-20 170304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-07-20 398656] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-07-20 440640] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-12-05 766080] "BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-12-05 128640] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:newtab uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q= mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q= mStart Page = about:newtab mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q= mSearch Bar = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q= IE: An OneNote s&enden - c:\program files\Microsoft Office\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xcel exportieren - c:\program files\Microsoft Office\Office14\EXCEL.EXE/3000 IE: {{92808042-fb78-4fa0-bb4f-c9a95e0e9c10} - {ba696155-d96e-4281-b467-0367a0456474} - c:\users\Michael\AppData\Roaming\HomeTab\HomeTab.dll TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q= FF - ExtSQL: 2013-09-03 04:58; {24532715-4abc-47ee-bd4f-a6774d0723d2}; c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\extensions\{24532715-4abc-47ee-bd4f-a6774d0723d2} . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-2678595623-4148133582-4009595467-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba696155-d96e-4281-b467-0367a0456474}] @Denied: (A 2) (Administrators) @Denied: (A 2) (S-1-5-21-2678595623-4148133582-4009595467-1001) @Allowed: (Read) (S-1-15-3-4096) @Allowed: (Read) (RestrictedCode) "Flags"=dword:00000400 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . Zeit der Fertigstellung: 2013-09-07 11:06:48 ComboFix-quarantined-files.txt 2013-09-07 09:06 ComboFix2.txt 2013-09-07 08:25 . Vor Suchlauf: 19 Verzeichnis(se), 599.983.697.920 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 599.922.335.744 Bytes frei . - - End Of File - - D6B1BF9A2093823B618621CA63113F46 |
07.09.2013, 14:36 | #7 |
/// the machine /// TB-Ausbilder | Certified Toolbar nach download eingefangen Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.09.2013, 13:00 | #8 |
| Certified Toolbar nach download eingefangen hey logfile malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.08.02 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16660 Michael :: MICHIPC [Administrator] Schutz: Aktiviert 08.09.2013 10:19:55 mbam-log-2013-09-08 (10-19-55).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 234942 Laufzeit: 5 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3a4935b3-b7a0-4065-8ccc-0030471b33f1}_is1 (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 6 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 8 C:\Users\Michael\AppData\Roaming\SIMPLYTECH\home (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\chrome (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\support@HomeTab.com (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\SUPPORT@HOMETAB.COM\chrome (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\SUPPORT@HOMETAB.COM\components (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\SUPPORT@HOMETAB.COM\plugins (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAMDATA\MICROSOFT\Windows\START MENU\Programs\HomeTab (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 31 C:\Users\Michael\AppData\Roaming\SIMPLYTECH\home\home.htm (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael\AppData\Roaming\SIMPLYTECH\home\jquery-ui-1.10.1.custom.min.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael\AppData\Roaming\SIMPLYTECH\home\jquiso.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael\AppData\Roaming\SIMPLYTECH\home\socket.io.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael\AppData\Roaming\SIMPLYTECH\home\style.css (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael\AppData\Roaming\SIMPLYTECH\home\vars.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\MICROSOFT.WIN32.TASKSCHEDULER.XML (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\cinshlpr.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\hometab_icon.ico (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\InstallHelper.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\Interop.IWshRuntimeLibrary.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\Microsoft.Win32.TaskScheduler.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\ProtectedSearch.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\ProtectedSearch.ico (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\STInst64.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\STInst64.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\System.Data.SQLite.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\TaskSchedulerCreator.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\TBUpdater.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\ToolbarUninstall.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\unins000.dat (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\unins000.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\chrome\HomeTab.crx (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\SUPPORT@HOMETAB.COM\chrome.manifest (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\SUPPORT@HOMETAB.COM\install.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\SUPPORT@HOMETAB.COM\install.rdf (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\SUPPORT@HOMETAB.COM\pop.htm (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\SUPPORT@HOMETAB.COM\chrome\HomeTab_3869.jar (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\SUPPORT@HOMETAB.COM\COMPONENTS\wtb_complete.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAM FILES (X86)\HomeTab\SUPPORT@HOMETAB.COM\plugins\npwiddit.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\PROGRAMDATA\MICROSOFT\Windows\START MENU\Programs\HomeTab\PROTECTED SEARCH SETTINGS.LNK (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.003 - Bericht erstellt am 08/09/2013 um 11:35:10 # Updated 07/09/2013 von Xplode # Betriebssystem : Windows 8 (64 bits) # Benutzername : Michael - MICHIPC # Gestartet von : C:\trojana_board_programme\adwarecleaner\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\SoftwareUpdater Ordner Gelöscht : C:\ProgramData\boost_interprocess Ordner Gelöscht : C:\Users\Michael\AppData\Local\DownloadGuide Ordner Gelöscht : C:\Users\Michael\AppData\LocalLow\HomeTab Ordner Gelöscht : C:\Users\Michael\AppData\LocalLow\SimplyTech Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\HomeTab Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\SimplyTech Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\{24532715-4abc-47ee-bd4f-a6774d0723d2} Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} Datei Gelöscht : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\foxydeal.sqlite Datei Gelöscht : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\searchplugins\Web Search.xml Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml Datei Gelöscht : C:\windows\System32\Tasks\Browser Updater ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\HomeTab.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.NotificationSource Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19A395C9-823B-4700-B817-396FC84FFB16} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA696155-D96E-4281-B467-0367A0456474} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19A395C9-823B-4700-B817-396FC84FFB16} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA696155-D96E-4281-B467-0367A0456474} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{19A395C9-823B-4700-B817-396FC84FFB16} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA696155-D96E-4281-B467-0367A0456474} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{19A395C9-823B-4700-B817-396FC84FFB16} [#] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA696155-D96E-4281-B467-0367A0456474} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{19A395C9-823B-4700-B817-396FC84FFB16}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA696155-D96E-4281-B467-0367A0456474}] Schlüssel Gelöscht : HKCU\Software\FoxyDeal Schlüssel Gelöscht : HKCU\Software\HomeTab Schlüssel Gelöscht : HKCU\Software\Iminent Schlüssel Gelöscht : HKCU\Software\simplytech Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech Schlüssel Gelöscht : HKLM\Software\Iminent Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16660 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)] -\\ Mozilla Firefox v23.0.1 (de) [ Datei : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\prefs.js ] Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search"); Zeile gelöscht : user_pref("browser.search.order.1", "Web Search"); Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.backgroundjs", "\n\n/*****************************************************************************[...] Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.js", "\n\n /************************************************************************************\[...] Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...] Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...] Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...] Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...] Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...] Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_13.name", "CrossriderAppUtils"); Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...] Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_14.name", "CrossriderUtils"); Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_155.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...] Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...] Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...] Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...] Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...] Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...] Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a};}()var [...] Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_78.name", "CrossriderInfo"); Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform==\[...] Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_91.code", "(function(h){var p=(function(){var R=0;var Z=\"\";function Q(ac){return [...] Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal.[...] Zeile gelöscht : user_pref("extensions.crossrider.bic", "13fa49da2393562e80dd0a110b17808b"); Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.SOFTONICREFRESHRATE", "140000"); Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.SOFTONICREFRESHRATE", "140000"); Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q="); ************************* AdwCleaner[R0].txt - [16588 octets] - [08/09/2013 11:33:24] AdwCleaner[S0].txt - [15152 octets] - [08/09/2013 11:35:10] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15213 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.9 (09.07.2013:1) OS: Windows 8 x64 Ran by Michael on 08.09.2013 at 13:21:36,07 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\hcoijgyh.default\prefs.js user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \" user_pref("iminent.webbooster.scripts.minibar.LayoutId", "1"); user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar"); user_pref("iminent.webbooster.scripts.minibar.Services.BHPCode", "01"); user_pref("iminent.webbooster.scripts.minibar.Services.DefaultEvent", "000"); user_pref("iminent.webbooster.scripts.minibar.Services.DefaultWebSite", "000"); user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11"); user_pref("iminent.webbooster.scripts.minibar.Services.SmartFavCode", "02"); user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0"); user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1372864787113"); user_pref("iminent.webbooster.scripts.sslminibar.LayoutId", "1"); user_pref("iminent.webbooster.scripts.sslminibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar"); user_pref("iminent.webbooster.scripts.sslminibar.Services.BHPCode", "01"); user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultEvent", "000"); user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultWebSite", "000"); user_pref("iminent.webbooster.scripts.sslminibar.Services.IminentClientCode", "11"); user_pref("iminent.webbooster.scripts.sslminibar.Services.SmartFavCode", "02"); Emptied folder: C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\hcoijgyh.default\minidumps [9 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 08.09.2013 at 13:29:58,58 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-09-2013 Ran by Michael (administrator) on MICHIPC on 08-09-2013 13:41:33 Running from C:\trojana_board_programme\RST Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\windows\system32\atiesrxx.exe (AMD) C:\windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Microsoft Corporation) C:\windows\system32\dashost.exe (Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Malwarebytes Corporation) C:\trojana_board_programme\ Malwarebytes Anti-Malware \Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\trojana_board_programme\ Malwarebytes Anti-Malware \Malwarebytes' Anti-Malware\mbamservice.exe () C:\windows\SysWOW64\PnkBstrA.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (Malwarebytes Corporation) C:\trojana_board_programme\ Malwarebytes Anti-Malware \Malwarebytes' Anti-Malware\mbamgui.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (Intel Corporation) C:\windows\system32\igfxext.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16613_none_6273bd8950d6cae2\TiWorker.exe (Microsoft Corporation) C:\windows\system32\msiexec.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor) HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated) HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Atheros Communications) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms} SearchScopes: HKCU - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = SearchScopes: HKCU - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default FF NewTab: about:home FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com FF Extension: Super Start - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\superstart@enjoyfreeware.org FF Extension: 2.0 - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\2.0@disconnect.me.xpi FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 MBAMScheduler; C:\trojana_board_programme\ Malwarebytes Anti-Malware \Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\trojana_board_programme\ Malwarebytes Anti-Malware \Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2012-12-06] () R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2956336 2013-05-15] (Samsung Electronics CO., LTD.) S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-07-03] (soft Xpansion) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros) ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.) S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-04-02] (Avira Operations GmbH & Co. KG) R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-12-05] (Qualcomm Atheros) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-05] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-08 13:21 - 2013-09-08 13:21 - 00000000 ____D C:\windows\ERUNT 2013-09-08 12:41 - 2013-09-08 12:41 - 00001080 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-09-08 11:41 - 2013-09-08 11:41 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2013-09-08 11:33 - 2013-09-08 11:35 - 00000000 ____D C:\AdwCleaner 2013-09-08 11:27 - 2013-09-08 11:27 - 01037278 _____ C:\Users\Michael\Downloads\adwcleaner.exe 2013-09-08 10:13 - 2013-09-08 10:13 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes 2013-09-08 10:13 - 2013-09-08 10:13 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-08 10:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2013-09-07 11:06 - 2013-09-07 11:06 - 00020205 _____ C:\ComboFix.txt 2013-09-07 10:40 - 2013-09-07 10:40 - 02513520 _____ (Dominik Reichl ) C:\Users\Michael\Downloads\KeePass-2.23-Setup.exe 2013-09-07 10:40 - 2013-09-07 10:40 - 00001133 _____ C:\Users\Michael\Desktop\KeePass 2.lnk 2013-09-07 10:39 - 2013-09-07 10:39 - 01850306 _____ (Dominik Reichl ) C:\Users\Michael\Downloads\KeePass-1.26-Setup.exe 2013-09-07 10:10 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe 2013-09-07 10:10 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe 2013-09-07 10:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2013-09-07 10:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2013-09-07 10:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2013-09-07 10:10 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe 2013-09-07 10:10 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe 2013-09-07 10:10 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe 2013-09-07 10:10 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe 2013-09-07 10:09 - 2013-09-07 11:06 - 00000000 ____D C:\Qoobox 2013-09-07 10:09 - 2013-09-07 10:22 - 00000000 ____D C:\windows\erdnt 2013-09-04 17:04 - 2013-09-04 17:10 - 00000000 ____D C:\Users\Michael\Desktop\Neuer Ordner 2013-09-03 03:04 - 2013-09-03 03:07 - 00000000 ____D C:\windows\system32\MRT 2013-09-03 02:58 - 2013-08-13 08:38 - 00032328 _____ C:\windows\Launcher.exe 2013-09-03 01:09 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll 2013-09-03 01:09 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll 2013-09-03 01:08 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2013-09-03 01:08 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys 2013-09-03 01:08 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys 2013-09-03 01:07 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-09-03 01:07 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-09-03 01:07 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll 2013-09-03 01:07 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll 2013-09-03 01:07 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-09-03 01:07 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-09-03 01:07 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-09-03 01:07 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-09-03 01:07 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-09-03 01:07 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-09-03 01:07 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-09-03 01:07 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-09-03 01:07 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-09-03 01:07 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-09-03 01:07 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-09-03 01:07 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-09-03 01:07 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-09-03 01:07 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-09-03 01:07 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll 2013-09-03 01:07 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-09-03 01:07 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-09-03 01:07 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-09-03 01:07 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-09-03 01:07 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-09-03 01:07 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-09-03 01:07 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-09-03 01:07 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-09-03 01:07 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-09-03 01:07 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll 2013-09-03 01:06 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-09-03 01:06 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-09-03 01:06 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll 2013-09-03 01:06 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll 2013-09-03 01:06 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll 2013-09-03 01:06 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\apprepapi.dll 2013-09-03 01:06 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\apprepsync.dll 2013-09-03 01:06 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll 2013-09-03 01:06 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll 2013-09-03 01:06 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepapi.dll 2013-09-03 01:06 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepsync.dll 2013-09-02 16:26 - 2013-09-04 15:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-09-02 16:04 - 2013-09-02 16:04 - 00000000 ____D C:\FRST 2013-09-02 15:58 - 2013-09-02 15:58 - 00000000 _____ C:\Users\Michael\defogger_reenable 2013-09-02 15:55 - 2013-09-08 12:09 - 00000000 ____D C:\trojana_board_programme ==================== One Month Modified Files and Folders ======= 2013-09-08 13:29 - 2013-09-08 13:29 - 00003279 _____ C:\Users\Michael\Desktop\JRT.txt 2013-09-08 13:21 - 2013-09-08 13:21 - 00000000 ____D C:\windows\ERUNT 2013-09-08 13:20 - 2013-03-20 16:10 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype 2013-09-08 13:02 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru 2013-09-08 13:00 - 2012-11-22 19:31 - 00000510 _____ C:\windows\Tasks\MATLAB R2011b Startup Accelerator.job 2013-09-08 12:51 - 2012-11-16 21:03 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-09-08 12:42 - 2013-04-23 08:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc 2013-09-08 12:41 - 2013-09-08 12:41 - 00001080 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-09-08 12:09 - 2013-09-02 15:55 - 00000000 ____D C:\trojana_board_programme 2013-09-08 12:04 - 2013-07-03 15:27 - 01639875 _____ C:\windows\WindowsUpdate.log 2013-09-08 11:49 - 2012-11-16 15:06 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2678595623-4148133582-4009595467-1001 2013-09-08 11:44 - 2012-11-16 18:59 - 00000000 ___RD C:\Users\Michael\Dropbox 2013-09-08 11:44 - 2012-11-16 18:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox 2013-09-08 11:42 - 2012-09-18 13:06 - 00000000 ____D C:\ProgramData\WinClon 2013-09-08 11:41 - 2013-09-08 11:41 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2013-09-08 11:39 - 2012-09-18 12:55 - 00000868 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2013-09-08 11:37 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-09-08 11:36 - 2012-07-26 07:26 - 00524288 ___SH C:\windows\system32\config\BBI 2013-09-08 11:35 - 2013-09-08 11:33 - 00000000 ____D C:\AdwCleaner 2013-09-08 11:35 - 2013-07-03 14:57 - 00000000 ____D C:\windows\System32\Tasks\Browser Updater 2013-09-08 11:27 - 2013-09-08 11:27 - 01037278 _____ C:\Users\Michael\Downloads\adwcleaner.exe 2013-09-08 10:50 - 2012-09-18 12:55 - 00000870 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2013-09-08 10:39 - 2013-07-05 08:05 - 00014194 _____ C:\windows\PFRO.log 2013-09-08 10:39 - 2013-01-17 23:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-09-08 10:13 - 2013-09-08 10:13 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes 2013-09-08 10:13 - 2013-09-08 10:13 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-08 09:51 - 2012-09-19 03:58 - 00764178 _____ C:\windows\system32\perfh007.dat 2013-09-08 09:51 - 2012-09-19 03:58 - 00160770 _____ C:\windows\system32\perfc007.dat 2013-09-08 09:51 - 2012-07-26 09:28 - 01776012 _____ C:\windows\system32\PerfStringBackup.INI 2013-09-07 11:06 - 2013-09-07 11:06 - 00020205 _____ C:\ComboFix.txt 2013-09-07 11:06 - 2013-09-07 10:09 - 00000000 ____D C:\Qoobox 2013-09-07 11:03 - 2012-07-26 07:26 - 00000215 _____ C:\windows\system.ini 2013-09-07 10:40 - 2013-09-07 10:40 - 02513520 _____ (Dominik Reichl ) C:\Users\Michael\Downloads\KeePass-2.23-Setup.exe 2013-09-07 10:40 - 2013-09-07 10:40 - 00001133 _____ C:\Users\Michael\Desktop\KeePass 2.lnk 2013-09-07 10:40 - 2013-04-18 22:44 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2 2013-09-07 10:39 - 2013-09-07 10:39 - 01850306 _____ (Dominik Reichl ) C:\Users\Michael\Downloads\KeePass-1.26-Setup.exe 2013-09-07 10:25 - 2012-09-18 13:01 - 00000000 ____D C:\Users\EasySurvey 2013-09-07 10:25 - 2012-07-26 07:37 - 00000000 __RHD C:\Users\Default 2013-09-07 10:22 - 2013-09-07 10:09 - 00000000 ____D C:\windows\erdnt 2013-09-07 10:20 - 2012-11-16 14:55 - 00000000 ____D C:\Users\Michael 2013-09-07 10:01 - 2013-07-26 11:55 - 00001592 _____ C:\windows\setupact.log 2013-09-06 23:30 - 2012-07-26 10:12 - 00000000 ____D C:\windows\rescache 2013-09-06 23:00 - 2012-11-16 14:58 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps 2013-09-04 17:10 - 2013-09-04 17:04 - 00000000 ____D C:\Users\Michael\Desktop\Neuer Ordner 2013-09-04 15:48 - 2013-04-19 00:02 - 00000000 ____D C:\Users\Michael\AppData\Roaming\KeePass 2013-09-04 15:45 - 2013-09-02 16:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-09-04 15:37 - 2013-07-03 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-04 15:34 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender 2013-09-04 15:34 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-09-03 15:57 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent 2013-09-03 03:07 - 2013-09-03 03:04 - 00000000 ____D C:\windows\system32\MRT 2013-09-03 03:04 - 2012-12-16 13:59 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-09-02 22:17 - 2013-04-19 00:02 - 00003870 _____ C:\Users\Michael\Documents\NewDatabase.kdbx 2013-09-02 16:04 - 2013-09-02 16:04 - 00000000 ____D C:\FRST 2013-09-02 15:58 - 2013-09-02 15:58 - 00000000 _____ C:\Users\Michael\defogger_reenable 2013-09-02 15:34 - 2013-05-07 16:03 - 00082136 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2013-09-02 15:34 - 2013-04-02 19:29 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2013-09-02 15:34 - 2013-04-02 19:29 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2013-08-13 08:38 - 2013-09-03 02:58 - 00032328 _____ C:\windows\Launcher.exe Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe C:\Users\Michael\AppData\Local\Temp\Quarantine.exe C:\Users\Michael\AppData\Local\Temp\vlc-2.0.8-win32.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-02 16:16 ==================== End Of Log ============================ --- --- --- --- --- --- |
09.09.2013, 05:58 | #9 |
/// the machine /// TB-Ausbilder | Certified Toolbar nach download eingefangenESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
10.09.2013, 19:52 | #10 |
| Certified Toolbar nach download eingefangen guten abend, ich hab jetzt das problem, dass sich bei mir der link zu smartinstaller nicht öffnen lässt.dabei geht für kurze zeit ein neuer reiter auf aber schließ sich darauf sofort wieder.ich habe es dann auch direkt bei eset versucht was sich mit mozilla ebenfalls nicht bewerkstelligen lies.bin dann auf den internet explorer umgestiegen und siehe da hat geklappt. soweit so gut.Programm durchlaufen lassen hat mir aber keine logdatei hinterlassen...wieder internet explorer aufgemacht und da is mir wieder certified toolbar begegnet im allgemeinen is der pc jetzt schon deutlich schnell aber dieser certified is schon n hartnäckiges ding... und was mag denn das problem sein, dass ich deinen link zu smartinstaller nicht öffnen kann? grüße |
11.09.2013, 07:32 | #11 |
/// the machine /// TB-Ausbilder | Certified Toolbar nach download eingefangen Könnte en Schluckauf sein. Poste mal SecurityCheck und ein frisches FRST log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
11.09.2013, 15:23 | #12 |
| Certified Toolbar nach download eingefangenCode:
ATTFilter Results of screen317's Security Check version 0.99.73 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.8.800.168 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (23.0.1) Mozilla Thunderbird (17.0.8) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-09-2013 Ran by Michael (administrator) on MICHIPC on 11-09-2013 16:21:28 Running from C:\trojana_board_programme\RST Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\windows\system32\atiesrxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Microsoft Corporation) C:\windows\system32\dashost.exe (Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Malwarebytes Corporation) C:\trojana_board_programme\ Malwarebytes Anti-Malware \Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\trojana_board_programme\ Malwarebytes Anti-Malware \Malwarebytes' Anti-Malware\mbamservice.exe () C:\windows\SysWOW64\PnkBstrA.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (AMD) C:\windows\system32\atieclxx.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (Malwarebytes Corporation) C:\trojana_board_programme\ Malwarebytes Anti-Malware \Malwarebytes' Anti-Malware\mbamgui.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (Intel Corporation) C:\windows\system32\igfxext.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe (Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor) HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated) HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Atheros Communications) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms} SearchScopes: HKCU - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = SearchScopes: HKCU - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default FF NewTab: about:home FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com FF Extension: Super Start - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\superstart@enjoyfreeware.org FF Extension: 2.0 - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\2.0@disconnect.me.xpi FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 MBAMScheduler; C:\trojana_board_programme\ Malwarebytes Anti-Malware \Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\trojana_board_programme\ Malwarebytes Anti-Malware \Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2012-12-06] () R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2956336 2013-05-15] (Samsung Electronics CO., LTD.) S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-07-03] (soft Xpansion) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros) ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.) S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-04-02] (Avira Operations GmbH & Co. KG) R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-12-05] (Qualcomm Atheros) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-05] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-10 16:27 - 2013-09-10 16:27 - 00000000 ____D C:\Program Files (x86)\ESET 2013-09-08 15:53 - 2013-09-11 16:02 - 97124766 _____ C:\windows\SysWOW64\᯾瞧㺀Ä߿ 2013-09-08 13:29 - 2013-09-08 13:29 - 00003279 _____ C:\Users\Michael\Desktop\JRT.txt 2013-09-08 13:21 - 2013-09-08 13:21 - 00000000 ____D C:\windows\ERUNT 2013-09-08 12:41 - 2013-09-08 12:41 - 00001080 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-09-08 11:33 - 2013-09-08 11:35 - 00000000 ____D C:\AdwCleaner 2013-09-08 11:27 - 2013-09-08 11:27 - 01037278 _____ C:\Users\Michael\Downloads\adwcleaner.exe 2013-09-08 10:13 - 2013-09-08 10:13 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes 2013-09-08 10:13 - 2013-09-08 10:13 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-08 10:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2013-09-07 11:06 - 2013-09-07 11:06 - 00020205 _____ C:\ComboFix.txt 2013-09-07 10:40 - 2013-09-07 10:40 - 02513520 _____ (Dominik Reichl ) C:\Users\Michael\Downloads\KeePass-2.23-Setup.exe 2013-09-07 10:40 - 2013-09-07 10:40 - 00001133 _____ C:\Users\Michael\Desktop\KeePass 2.lnk 2013-09-07 10:39 - 2013-09-07 10:39 - 01850306 _____ (Dominik Reichl ) C:\Users\Michael\Downloads\KeePass-1.26-Setup.exe 2013-09-07 10:10 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe 2013-09-07 10:10 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe 2013-09-07 10:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2013-09-07 10:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2013-09-07 10:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2013-09-07 10:10 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe 2013-09-07 10:10 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe 2013-09-07 10:10 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe 2013-09-07 10:10 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe 2013-09-07 10:09 - 2013-09-07 11:06 - 00000000 ____D C:\Qoobox 2013-09-07 10:09 - 2013-09-07 10:22 - 00000000 ____D C:\windows\erdnt 2013-09-04 17:04 - 2013-09-04 17:10 - 00000000 ____D C:\Users\Michael\Desktop\Neuer Ordner 2013-09-03 03:04 - 2013-09-03 03:07 - 00000000 ____D C:\windows\system32\MRT 2013-09-03 02:58 - 2013-08-13 08:38 - 00032328 _____ C:\windows\Launcher.exe 2013-09-03 01:09 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll 2013-09-03 01:09 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll 2013-09-03 01:08 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2013-09-03 01:08 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys 2013-09-03 01:08 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys 2013-09-03 01:07 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-09-03 01:07 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-09-03 01:07 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll 2013-09-03 01:07 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll 2013-09-03 01:07 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-09-03 01:07 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-09-03 01:07 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-09-03 01:07 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-09-03 01:07 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-09-03 01:07 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-09-03 01:07 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-09-03 01:07 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-09-03 01:07 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-09-03 01:07 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-09-03 01:07 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-09-03 01:07 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-09-03 01:07 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-09-03 01:07 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-09-03 01:07 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll 2013-09-03 01:07 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-09-03 01:07 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-09-03 01:07 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-09-03 01:07 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-09-03 01:07 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-09-03 01:07 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-09-03 01:07 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-09-03 01:07 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-09-03 01:07 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-09-03 01:07 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll 2013-09-03 01:06 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-09-03 01:06 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-09-03 01:06 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll 2013-09-03 01:06 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll 2013-09-03 01:06 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll 2013-09-03 01:06 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\apprepapi.dll 2013-09-03 01:06 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\apprepsync.dll 2013-09-03 01:06 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll 2013-09-03 01:06 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll 2013-09-03 01:06 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepapi.dll 2013-09-03 01:06 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepsync.dll 2013-09-02 16:26 - 2013-09-04 15:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-09-02 16:04 - 2013-09-02 16:04 - 00000000 ____D C:\FRST 2013-09-02 15:58 - 2013-09-02 15:58 - 00000000 _____ C:\Users\Michael\defogger_reenable 2013-09-02 15:55 - 2013-09-11 16:10 - 00000000 ____D C:\trojana_board_programme ==================== One Month Modified Files and Folders ======= 2013-09-11 16:19 - 2013-07-03 15:27 - 01127270 _____ C:\windows\WindowsUpdate.log 2013-09-11 16:14 - 2013-04-19 00:02 - 00000000 ____D C:\Users\Michael\AppData\Roaming\KeePass 2013-09-11 16:10 - 2013-09-02 15:55 - 00000000 ____D C:\trojana_board_programme 2013-09-11 16:05 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent 2013-09-11 16:04 - 2012-09-18 13:06 - 00000000 ____D C:\ProgramData\WinClon 2013-09-11 16:02 - 2013-09-08 15:53 - 97124766 _____ C:\windows\SysWOW64\᯾瞧㺀Ä߿ 2013-09-11 16:02 - 2012-11-22 19:31 - 00000510 _____ C:\windows\Tasks\MATLAB R2011b Startup Accelerator.job 2013-09-11 16:01 - 2012-11-16 18:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox 2013-09-11 16:00 - 2013-09-11 16:00 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2013-09-11 16:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru 2013-09-11 15:59 - 2012-09-18 12:55 - 00000868 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2013-09-11 15:57 - 2012-09-19 03:58 - 00764178 _____ C:\windows\system32\perfh007.dat 2013-09-11 15:57 - 2012-09-19 03:58 - 00160770 _____ C:\windows\system32\perfc007.dat 2013-09-11 15:57 - 2012-07-26 09:28 - 01776012 _____ C:\windows\system32\PerfStringBackup.INI 2013-09-10 20:51 - 2012-11-16 21:03 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-09-10 18:51 - 2012-11-16 21:03 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-09-10 16:27 - 2013-09-10 16:27 - 00000000 ____D C:\Program Files (x86)\ESET 2013-09-09 16:49 - 2013-03-20 16:10 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype 2013-09-08 21:19 - 2013-04-19 00:02 - 00003950 _____ C:\Users\Michael\Documents\NewDatabase.kdbx 2013-09-08 13:29 - 2013-09-08 13:29 - 00003279 _____ C:\Users\Michael\Desktop\JRT.txt 2013-09-08 13:21 - 2013-09-08 13:21 - 00000000 ____D C:\windows\ERUNT 2013-09-08 12:42 - 2013-04-23 08:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc 2013-09-08 12:41 - 2013-09-08 12:41 - 00001080 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-09-08 11:49 - 2012-11-16 15:06 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2678595623-4148133582-4009595467-1001 2013-09-08 11:44 - 2012-11-16 18:59 - 00000000 ___RD C:\Users\Michael\Dropbox 2013-09-08 11:37 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-09-08 11:36 - 2012-07-26 07:26 - 00524288 ___SH C:\windows\system32\config\BBI 2013-09-08 11:35 - 2013-09-08 11:33 - 00000000 ____D C:\AdwCleaner 2013-09-08 11:35 - 2013-07-03 14:57 - 00000000 ____D C:\windows\System32\Tasks\Browser Updater 2013-09-08 11:27 - 2013-09-08 11:27 - 01037278 _____ C:\Users\Michael\Downloads\adwcleaner.exe 2013-09-08 10:50 - 2012-09-18 12:55 - 00000870 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2013-09-08 10:39 - 2013-07-05 08:05 - 00014194 _____ C:\windows\PFRO.log 2013-09-08 10:39 - 2013-01-17 23:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-09-08 10:13 - 2013-09-08 10:13 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes 2013-09-08 10:13 - 2013-09-08 10:13 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-07 11:06 - 2013-09-07 11:06 - 00020205 _____ C:\ComboFix.txt 2013-09-07 11:06 - 2013-09-07 10:09 - 00000000 ____D C:\Qoobox 2013-09-07 11:03 - 2012-07-26 07:26 - 00000215 _____ C:\windows\system.ini 2013-09-07 10:40 - 2013-09-07 10:40 - 02513520 _____ (Dominik Reichl ) C:\Users\Michael\Downloads\KeePass-2.23-Setup.exe 2013-09-07 10:40 - 2013-09-07 10:40 - 00001133 _____ C:\Users\Michael\Desktop\KeePass 2.lnk 2013-09-07 10:40 - 2013-04-18 22:44 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2 2013-09-07 10:39 - 2013-09-07 10:39 - 01850306 _____ (Dominik Reichl ) C:\Users\Michael\Downloads\KeePass-1.26-Setup.exe 2013-09-07 10:25 - 2012-09-18 13:01 - 00000000 ____D C:\Users\EasySurvey 2013-09-07 10:25 - 2012-07-26 07:37 - 00000000 __RHD C:\Users\Default 2013-09-07 10:22 - 2013-09-07 10:09 - 00000000 ____D C:\windows\erdnt 2013-09-07 10:20 - 2012-11-16 14:55 - 00000000 ____D C:\Users\Michael 2013-09-07 10:01 - 2013-07-26 11:55 - 00001592 _____ C:\windows\setupact.log 2013-09-06 23:30 - 2012-07-26 10:12 - 00000000 ____D C:\windows\rescache 2013-09-06 23:00 - 2012-11-16 14:58 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps 2013-09-04 17:10 - 2013-09-04 17:04 - 00000000 ____D C:\Users\Michael\Desktop\Neuer Ordner 2013-09-04 15:45 - 2013-09-02 16:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-09-04 15:37 - 2013-07-03 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-04 15:34 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender 2013-09-04 15:34 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-09-03 03:07 - 2013-09-03 03:04 - 00000000 ____D C:\windows\system32\MRT 2013-09-03 03:04 - 2012-12-16 13:59 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-09-02 16:04 - 2013-09-02 16:04 - 00000000 ____D C:\FRST 2013-09-02 15:58 - 2013-09-02 15:58 - 00000000 _____ C:\Users\Michael\defogger_reenable 2013-09-02 15:34 - 2013-05-07 16:03 - 00082136 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2013-09-02 15:34 - 2013-04-02 19:29 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2013-09-02 15:34 - 2013-04-02 19:29 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2013-08-13 08:38 - 2013-09-03 02:58 - 00032328 _____ C:\windows\Launcher.exe Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe C:\Users\Michael\AppData\Local\Temp\vlc-2.0.8-win32.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-09 16:07 ==================== End Of Log ============================ --- --- --- |
11.09.2013, 19:37 | #13 |
/// the machine /// TB-Ausbilder | Certified Toolbar nach download eingefangen Adobe updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter SearchScopes: HKLM-x32 - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms} SearchScopes: HKCU - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = SearchScopes: HKCU - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
16.09.2013, 14:39 | #14 |
| Certified Toolbar nach download eingefangen hallo so hab mal wieder zwei erstellt da das erste mal mit netz ... Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-09-2013 Ran by Michael at 2013-09-16 15:26:37 Run:1 Running from C:\trojana_board_programme\RST Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKLM-x32 - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms} SearchScopes: HKCU - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = SearchScopes: HKCU - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = ***************** HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} => Key deleted successfully. HKCR\CLSID\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} => Key not found. ==== End of Fixlog ==== Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-09-2013 Ran by Michael at 2013-09-16 15:34:43 Run:2 Running from C:\trojana_board_programme\RST Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKLM-x32 - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms} SearchScopes: HKCU - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = SearchScopes: HKCU - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = ***************** HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} => Key not found. HKCR\Wow6432Node\CLSID\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} => Key not found. HKCR\CLSID\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} => Key not found. ==== End of Fixlog ==== |
16.09.2013, 19:37 | #15 |
/// the machine /// TB-Ausbilder | Certified Toolbar nach download eingefangen Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Certified Toolbar nach download eingefangen |
browserfenster, certified, certified toolbar, download, eingefangen, gefangen, geschlossen, hijack.searchpage, kurze, langsamer, löschen, nach download, programm, programme, programmen, pup.optional.hometab.a, pup.optional.iminent.a, sofort, standartprogramme, startseite, toolbar, versuch |