| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Search Protect von Conduit - wie restlos entfernen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.01.2014, 22:24
| #1 |
| |  Search Protect von Conduit - wie restlos entfernen? Hallo, habe gestern durch Zufall in meiner Taskleiste das Icon Search Protect von Conduit entdeckt. Hatte keine Ahnung um was es sich dabei handelt, und durch googlen herausgefunden, dass es sich mit allergrößter Wahrscheinlichkeit um Malware handelt. Habe keine Ahnung wie das auf unseren Laptop gekommen ist. Als allererstes hab ich es über Systemsteuerung/Programme wieder deinstalliert, aber wie ich jetzt bei euch in anderen Threads gelesen habe, reicht das nicht. Bei mir war es auch "nur" in der Taskleiste und sonst nirgends, zumindest habe ich es sonst nirgends (Firefox) entdeckt. Mein Virenscanner (Microsoft Security Essentials) hat nach einer Überprüfung zumindest nichts gemeldet (weiß jetzt nicht ob das gut ist, ober ob Microsoft Security Essentials das einfach nicht findet). Ich möchte nun einfach sicher sein, dass es komplett weg ist. Nach eurer Anleitung habe ich Defogger ausgeführt und FRST. Hier die Log-Dateien dazu: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:18 on 21/01/2014 (AT)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by AT (administrator) on AT-PC on 21-01-2014 21:25:00
Running from C:\Users\MamaPapa\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
() C:\Windows\System32\DTS.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\ATService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM\...\Run: [FingerPrintSoftware] - C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582920 2011-05-31] (AuthenTec)
HKLM\...\Run: [FingerPrintSoftwareSplashScreen] - C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2011-05-31] (AuthenTec, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [DisallowCpl] 1
HKU\Nick\...\Policies\system: [LogonHoursAction] 2
HKU\Nick\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Talia\...\Policies\system: [LogonHoursAction] 2
HKU\Talia\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\MamaPapa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP0D7806CC-3A9C-4BE7-AA9E-B9D388FC7C0F&SSPV=
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0D7806CC-3A9C-4BE7-AA9E-B9D388FC7C0F&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0D7806CC-3A9C-4BE7-AA9E-B9D388FC7C0F&q={searchTerms}&SSPV=
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\AT\AppData\Roaming\Mozilla\Firefox\Profiles\ovv17edl.default
FF Homepage: hxxp://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP0D7806CC-3A9C-4BE7-AA9E-B9D388FC7C0F&SSPV=
FF SelectedSearchEngine: Conduit Search
FF NewTab: hxxp://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP0D7806CC-3A9C-4BE7-AA9E-B9D388FC7C0F
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\AT\AppData\Roaming\Mozilla\Firefox\Profiles\ovv17edl.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
==================== Services (Whitelisted) =================
S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2011-05-31] ()
R2 ATService; C:\Windows\system32\ATService.exe [2715976 2011-05-31] (AuthenTec, Inc.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-01-10] (Lenovo.)
R2 dtsvc; C:\Windows\system32\DTS.exe [117760 2011-05-31] ()
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [135168 2009-12-08] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 lnvobus; C:\Windows\system32\drivers\lnvobus.sys [327680 2008-12-16] (MCCI Corporation)
R3 lnvocard; C:\Windows\system32\drivers\lnvocard.sys [378880 2008-12-16] (MCCI Corporation)
R3 lnvogps; C:\Windows\system32\drivers\lnvogps64.sys [87592 2008-10-23] (Ericsson AB)
R3 lnvomdfl; C:\Windows\System32\DRIVERS\lnvomdfl.sys [19456 2008-12-16] (MCCI Corporation)
R3 lnvomdfl2; C:\Windows\System32\DRIVERS\lnvomdfl2.sys [19456 2008-12-16] (MCCI Corporation)
R3 lnvomdm; C:\Windows\System32\DRIVERS\lnvomdm.sys [422912 2008-12-16] (MCCI Corporation)
R3 lnvomdm2; C:\Windows\System32\DRIVERS\lnvomdm2.sys [474624 2008-12-16] (MCCI Corporation)
R3 lnvond5; C:\Windows\System32\DRIVERS\lnvond5.sys [34816 2008-12-16] (MCCI Corporation)
R3 lnvounic; C:\Windows\system32\drivers\lnvounic.sys [431104 2008-12-16] (MCCI Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [26424 2012-07-05] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [27960 2012-07-05] (Synaptics Incorporated)
R3 Sony_EricssonWWSC; C:\Windows\System32\DRIVERS\lnvoscard64.sys [30760 2008-07-08] (Sony Ericsson)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-21 21:25 - 2014-01-21 21:25 - 00011044 _____ C:\Users\MamaPapa\Downloads\FRST.txt
2014-01-21 21:24 - 2014-01-21 21:24 - 00000000 ____D C:\FRST
2014-01-21 21:22 - 2014-01-21 21:22 - 02077184 _____ (Farbar) C:\Users\MamaPapa\Downloads\FRST64.exe
2014-01-21 21:18 - 2014-01-21 21:18 - 00000466 _____ C:\Users\MamaPapa\Downloads\defogger_disable.log
2014-01-21 21:18 - 2014-01-21 21:18 - 00000000 _____ C:\Users\AT\defogger_reenable
2014-01-21 21:16 - 2014-01-21 21:16 - 00050477 _____ C:\Users\MamaPapa\Downloads\Defogger.exe
2014-01-18 18:03 - 2014-01-18 18:03 - 01050768 _____ (Unity Technologies ApS) C:\Users\MamaPapa\Downloads\UnityWebPlayer.exe
2014-01-16 17:23 - 2014-01-16 17:23 - 00000000 ____D C:\Windows\SysWOW64\SearchProtect
2014-01-15 16:58 - 2014-01-15 16:58 - 01585616 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-15 14:05 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 14:05 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 14:05 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 14:05 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 14:05 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 14:05 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 14:05 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 14:05 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 14:05 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 14:09 - 2014-01-12 14:09 - 00001272 _____ C:\Users\Nick\Desktop\Snipping Tool.lnk
2014-01-11 22:28 - 2014-01-11 22:29 - 00813424 _____ C:\Windows\Minidump\011114-20638-01.dmp
2014-01-08 17:41 - 2014-01-08 17:41 - 00745096 _____ C:\Windows\Minidump\010814-19094-01.dmp
2014-01-06 18:34 - 2014-01-06 18:34 - 00743160 _____ C:\Windows\Minidump\010614-19234-01.dmp
2014-01-04 18:55 - 2014-01-04 18:55 - 00745384 _____ C:\Windows\Minidump\010414-21980-01.dmp
2014-01-03 09:57 - 2014-01-19 11:30 - 00000000 ____D C:\Users\MamaPapa\Documents\Barbara
2014-01-02 17:55 - 2014-01-02 17:55 - 00278992 _____ C:\Windows\Minidump\010214-24523-01.dmp
2014-01-02 08:19 - 2014-01-02 08:19 - 00001046 _____ C:\Users\Public\Desktop\Mobile Partner.lnk
2014-01-02 08:19 - 2009-12-08 20:19 - 00135168 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2014-01-02 08:19 - 2009-12-07 19:53 - 00117504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2014-01-02 08:19 - 2009-10-12 15:23 - 00114304 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbdev.sys
2014-01-02 08:19 - 2007-08-09 04:10 - 00029696 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2014-01-01 17:48 - 2014-01-01 17:48 - 00000000 ____D C:\ProgramData\Sun
2014-01-01 17:48 - 2014-01-01 17:48 - 00000000 ____D C:\ProgramData\Oracle
2014-01-01 17:48 - 2014-01-01 17:47 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-01 17:47 - 2014-01-01 17:47 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-01 17:47 - 2014-01-01 17:47 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-01 17:47 - 2014-01-01 17:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-01 17:47 - 2014-01-01 17:47 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-01 17:27 - 2014-01-01 17:27 - 00915368 _____ (Oracle Corporation) C:\Users\MamaPapa\Downloads\jxpiinstall.exe
2014-01-01 01:17 - 2014-01-01 01:17 - 00745096 _____ C:\Windows\Minidump\010114-20654-01.dmp
2013-12-29 22:18 - 2013-12-29 22:19 - 34115288 _____ (DVDVideoSoft Ltd. ) C:\Users\MamaPapa\Downloads\FreeYouTube19ToMP3Converter.exe
2013-12-25 19:07 - 2013-12-25 19:07 - 00001443 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk
2013-12-25 19:06 - 2013-12-25 19:06 - 00000000 ____D C:\Users\AT\AppData\Roaming\OpenCandy
2013-12-25 19:03 - 2013-12-25 19:04 - 32350440 _____ (DVDVideoSoft Ltd. ) C:\Users\MamaPapa\Downloads\Free19YouTubeDownload.exe
2013-12-24 23:04 - 2013-12-24 23:13 - 00000000 ____D C:\Users\MamaPapa\Documents\OneNote-Notizbücher
2013-12-23 20:49 - 2013-12-23 20:49 - 00001111 _____ C:\Users\AT\Desktop\Continue Codec Pack Installation.lnk
2013-12-22 14:18 - 2013-12-22 14:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-01-21 21:25 - 2014-01-21 21:25 - 00011044 _____ C:\Users\MamaPapa\Downloads\FRST.txt
2014-01-21 21:24 - 2014-01-21 21:24 - 00000000 ____D C:\FRST
2014-01-21 21:22 - 2014-01-21 21:22 - 02077184 _____ (Farbar) C:\Users\MamaPapa\Downloads\FRST64.exe
2014-01-21 21:18 - 2014-01-21 21:18 - 00000466 _____ C:\Users\MamaPapa\Downloads\defogger_disable.log
2014-01-21 21:18 - 2014-01-21 21:18 - 00000000 _____ C:\Users\AT\defogger_reenable
2014-01-21 21:18 - 2013-06-22 20:36 - 00000000 ____D C:\Users\AT
2014-01-21 21:16 - 2014-01-21 21:16 - 00050477 _____ C:\Users\MamaPapa\Downloads\Defogger.exe
2014-01-21 21:09 - 2013-06-22 20:31 - 01859452 _____ C:\Windows\WindowsUpdate.log
2014-01-21 21:06 - 2013-07-06 22:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 20:55 - 2013-06-27 06:05 - 00000000 ____D C:\Users\Public\Documents\Schwimmen
2014-01-21 20:49 - 2011-04-12 08:43 - 00699418 _____ C:\Windows\system32\perfh007.dat
2014-01-21 20:49 - 2011-04-12 08:43 - 00149526 _____ C:\Windows\system32\perfc007.dat
2014-01-21 20:49 - 2009-07-14 06:13 - 01619600 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-21 20:46 - 2009-07-14 05:51 - 00148327 _____ C:\Windows\setupact.log
2014-01-21 20:14 - 2013-06-23 17:02 - 00001328 __RSH C:\Users\Talia\ntuser.pol
2014-01-21 20:14 - 2013-06-23 17:01 - 00000000 ____D C:\Users\Talia
2014-01-21 20:14 - 2013-06-23 16:50 - 00000680 __RSH C:\Users\MamaPapa\ntuser.pol
2014-01-21 20:14 - 2013-06-23 16:50 - 00000000 ____D C:\Users\MamaPapa
2014-01-21 16:14 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 16:14 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 16:07 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-21 16:06 - 2010-11-21 04:47 - 00077838 _____ C:\Windows\PFRO.log
2014-01-20 21:11 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2014-01-19 21:53 - 2013-11-10 22:29 - 00000000 ____D C:\Users\MamaPapa\Documents\Talia
2014-01-19 21:53 - 2013-06-28 13:04 - 00000000 ____D C:\Users\Public\Documents\Schule
2014-01-19 11:30 - 2014-01-03 09:57 - 00000000 ____D C:\Users\MamaPapa\Documents\Barbara
2014-01-19 08:33 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-18 18:03 - 2014-01-18 18:03 - 01050768 _____ (Unity Technologies ApS) C:\Users\MamaPapa\Downloads\UnityWebPlayer.exe
2014-01-17 22:00 - 2013-08-06 12:18 - 00000000 ____D C:\Users\MamaPapa\Documents\FinePrint-Dateien
2014-01-17 21:34 - 2013-06-28 13:03 - 00000000 ____D C:\Users\Public\Documents\Bestellungen
2014-01-16 18:39 - 2013-06-22 21:56 - 00000680 __RSH C:\Users\AT\ntuser.pol
2014-01-16 18:38 - 2013-06-22 20:36 - 00001428 _____ C:\Users\AT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-16 18:00 - 2013-06-23 09:46 - 00000000 ____D C:\Users\Nick\AppData\Local\Mozilla
2014-01-16 17:30 - 2013-06-23 09:38 - 00001326 __RSH C:\Users\Nick\ntuser.pol
2014-01-16 17:30 - 2013-06-23 09:38 - 00000000 ____D C:\Users\Nick
2014-01-16 17:23 - 2014-01-16 17:23 - 00000000 ____D C:\Windows\SysWOW64\SearchProtect
2014-01-15 21:02 - 2013-06-28 21:09 - 00000000 ____D C:\Users\MamaPapa\Documents\DVDVideoSoft
2014-01-15 17:07 - 2009-07-14 05:45 - 00312496 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 16:58 - 2014-01-15 16:58 - 01585616 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-15 16:53 - 2013-06-23 14:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 16:51 - 2013-07-15 12:24 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 16:48 - 2013-06-22 21:01 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 00:46 - 2013-08-22 17:28 - 00000000 ____D C:\Users\MamaPapa\Documents\My Digital Editions
2014-01-12 14:09 - 2014-01-12 14:09 - 00001272 _____ C:\Users\Nick\Desktop\Snipping Tool.lnk
2014-01-12 13:48 - 2013-06-23 17:04 - 00000000 ____D C:\Users\Talia\Documents\GFS Talia
2014-01-12 12:48 - 2013-06-24 11:43 - 00000000 ____D C:\Users\Talia\AppData\Local\Mozilla
2014-01-12 12:41 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-11 22:29 - 2014-01-11 22:28 - 00813424 _____ C:\Windows\Minidump\011114-20638-01.dmp
2014-01-11 22:28 - 2013-07-06 17:18 - 331569405 _____ C:\Windows\MEMORY.DMP
2014-01-11 22:28 - 2013-07-06 17:18 - 00000000 ____D C:\Windows\Minidump
2014-01-09 18:42 - 2013-08-06 12:17 - 00000000 ____D C:\Users\MamaPapa\Documents\PDF-Dateien
2014-01-08 17:41 - 2014-01-08 17:41 - 00745096 _____ C:\Windows\Minidump\010814-19094-01.dmp
2014-01-06 18:34 - 2014-01-06 18:34 - 00743160 _____ C:\Windows\Minidump\010614-19234-01.dmp
2014-01-04 18:55 - 2014-01-04 18:55 - 00745384 _____ C:\Windows\Minidump\010414-21980-01.dmp
2014-01-02 17:55 - 2014-01-02 17:55 - 00278992 _____ C:\Windows\Minidump\010214-24523-01.dmp
2014-01-02 17:42 - 2013-06-27 20:35 - 00000000 ____D C:\Users\MamaPapa\Documents\Vorlagen
2014-01-02 08:19 - 2014-01-02 08:19 - 00001046 _____ C:\Users\Public\Desktop\Mobile Partner.lnk
2014-01-02 08:19 - 2013-08-07 15:08 - 00000000 ____D C:\Program Files (x86)\Mobile Partner
2014-01-01 17:48 - 2014-01-01 17:48 - 00000000 ____D C:\ProgramData\Sun
2014-01-01 17:48 - 2014-01-01 17:48 - 00000000 ____D C:\ProgramData\Oracle
2014-01-01 17:47 - 2014-01-01 17:48 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-01 17:47 - 2014-01-01 17:47 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-01 17:47 - 2014-01-01 17:47 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-01 17:47 - 2014-01-01 17:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-01 17:47 - 2014-01-01 17:47 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-01 17:27 - 2014-01-01 17:27 - 00915368 _____ (Oracle Corporation) C:\Users\MamaPapa\Downloads\jxpiinstall.exe
2014-01-01 01:17 - 2014-01-01 01:17 - 00745096 _____ C:\Windows\Minidump\010114-20654-01.dmp
2013-12-29 22:21 - 2013-06-28 21:13 - 00001539 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-12-29 22:21 - 2013-06-28 21:13 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-12-29 22:20 - 2013-06-28 21:08 - 00000000 ____D C:\Users\AT\AppData\Roaming\DVDVideoSoft
2013-12-29 22:19 - 2013-12-29 22:18 - 34115288 _____ (DVDVideoSoft Ltd. ) C:\Users\MamaPapa\Downloads\FreeYouTube19ToMP3Converter.exe
2013-12-25 19:07 - 2013-12-25 19:07 - 00001443 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk
2013-12-25 19:07 - 2013-06-28 21:09 - 00000000 ____D C:\Users\MamaPapa\AppData\Roaming\DVDVideoSoft
2013-12-25 19:06 - 2013-12-25 19:06 - 00000000 ____D C:\Users\AT\AppData\Roaming\OpenCandy
2013-12-25 19:04 - 2013-12-25 19:03 - 32350440 _____ (DVDVideoSoft Ltd. ) C:\Users\MamaPapa\Downloads\Free19YouTubeDownload.exe
2013-12-24 23:21 - 2013-06-28 13:04 - 00000000 ____D C:\Users\Public\Documents\Weihnachten
2013-12-24 23:13 - 2013-12-24 23:04 - 00000000 ____D C:\Users\MamaPapa\Documents\OneNote-Notizbücher
2013-12-24 23:04 - 2013-06-23 16:50 - 00000000 ___RD C:\Users\MamaPapa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-24 00:04 - 2013-06-22 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-23 20:49 - 2013-12-23 20:49 - 00001111 _____ C:\Users\AT\Desktop\Continue Codec Pack Installation.lnk
2013-12-22 14:19 - 2013-12-22 14:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
Some content of TEMP:
====================
C:\Users\AT\AppData\Local\Temp\ICReinstall_UltimateCodec.exe
C:\Users\AT\AppData\Local\Temp\nsgD010.exe
C:\Users\AT\AppData\Local\Temp\nsiD796.exe
C:\Users\AT\AppData\Local\Temp\nso44CC.exe
C:\Users\AT\AppData\Local\Temp\nst47F8.exe
C:\Users\AT\AppData\Local\Temp\nstDC1A.exe
C:\Users\AT\AppData\Local\Temp\ose00000.exe
C:\Users\AT\AppData\Local\Temp\setup__3862.exe
C:\Users\MamaPapa\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\MamaPapa\AppData\Local\Temp\ResetDevice.exe
C:\Users\MamaPapa\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\MamaPapa\AppData\Local\Temp\SPSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-11 12:17
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-01-2014
Ran by AT at 2014-01-21 21:25:46
Running from C:\Users\MamaPapa\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Adobe Digital Editions 2.0 (x32 Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Anzeige am Bildschirm (Version: 6.67.10 - )
calibre 64bit (Version: 1.12.0 - Kovid Goyal)
Conexant 20561 SmartAudio HD (Version: 4.92.10.0 - Conexant)
Dienstprogramm "ThinkPad UltraNav" (x32 Version: 2.13.0 - Lenovo)
Druckerdeinstallation für EPSON WF-3520 Series (Version: - SEIKO EPSON Corporation)
Energie-Manager (x32 Version: 6.45 - )
EPSON Scan (x32 Version: - Seiko Epson Corporation)
Ericsson Wireless Module Core (Version: 1.0.1046.229 - Lenovo)
FinePrint (Version: 7.21 - FinePrint Software, LLC)
Free YouTube Download version 3.2.19.1219 (x32 Version: 3.2.19.1219 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.19.1219 (x32 Version: 3.12.19.1219 - DVDVideoSoft Ltd.)
Intel(R) Network Connections Drivers (Version: - )
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lenovo Fingerprint Software (Version: 3.3.2.50 - AuthenTec, Inc.)
Lenovo Patch Utility (x32 Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (Version: 1.67.04.04 - )
Lenovo System Interface Driver (Version: 1.05 - )
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Mobile Partner (x32 Version: 16.002.03.02.511 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
pdfFactory (Version: 4.81 - FinePrint Software, LLC)
Software Updater (x32 Version: 4.1.7 - SEIKO EPSON CORPORATION)
ThinkPad FullScreen Magnifier (Version: 2.40 - )
ThinkPad UltraNav Driver (Version: 16.2.19.7 - )
ThinkVantage Access Connections (x32 Version: 6.01 - Lenovo)
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (07/02/2010 8.6.0.29) (Version: 07/02/2010 8.6.0.29 - AuthenTec Inc.)
==================== Restore Points =========================
03-01-2014 08:20:57 Windows Update
03-01-2014 08:59:54 Windows-Sicherung
06-01-2014 20:00:54 Windows Update
09-01-2014 21:11:47 Windows Update
13-01-2014 13:50:21 Windows Update
15-01-2014 15:48:19 Windows Update
18-01-2014 20:20:20 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {67430C73-E71C-4051-A768-046B2FB77823} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {888FE7D9-E97F-439C-AFBA-C35EB9A5AC72} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2013-01-10] (Lenovo Group Limited)
Task: {9B123360-43F6-47AC-B04A-D90BC60EEFAE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-04-25 19:42 - 2013-01-10 05:45 - 00104960 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2013-03-18 16:26 - 2013-03-18 16:26 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2013-12-22 14:19 - 2013-12-22 14:19 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/21/2014 08:36:47 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/21/2014 06:04:27 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/21/2014 05:45:50 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/21/2014 04:08:51 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/21/2014 04:08:50 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/21/2014 04:08:49 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/21/2014 04:08:48 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/21/2014 04:08:47 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/21/2014 04:08:46 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/21/2014 04:08:45 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (01/21/2014 04:08:13 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/21/2014 04:07:37 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7
Error: (01/21/2014 04:07:37 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/
Error: (01/21/2014 04:07:37 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7
Error: (01/21/2014 04:07:37 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/
Error: (01/21/2014 04:07:37 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7
Error: (01/21/2014 04:07:37 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/
Error: (01/21/2014 04:07:37 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7
Error: (01/21/2014 04:07:37 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/
Error: (01/21/2014 04:07:37 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 63%
Total physical RAM: 1976.03 MB
Available physical RAM: 718.77 MB
Total Pagefile: 3952.05 MB
Available Pagefile: 2323.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:142.58 GB) (Free:104.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: A0C18448)
Partition 1: (Active) - (Size=6 GB) - (Type=27)
Partition 2: (Not Active) - (Size=143 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19324 - hxxp://www.gmer.net
Rootkit scan 2014-01-21 22:07:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD1600BEVS-08VAT2 rev.14.01A14 149,05GB
Running: gmer.exe; Driver: C:\Users\AT\AppData\Local\Temp\pgldrpoc.sys
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3220:3136] 000007fefb352a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3220:2364] 000007feea044830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3220:3128] 000007feea044830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3220:3520] 000007feea044830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3220:3860] 000007feea044830
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{79EF9C66-2EF2-4640-8168-009E63E3FA5D}\Connection@Name isatap.{9C0C0137-D810-4E9B-B5E6-E7495FD7E2C0}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{BA14939E-3672-4C25-ADD6-FC2A844FE6D5}?\Device\{2B13B0E2-56CB-4F8F-9BE9-2AE9312AB550}?\Device\{79EF9C66-2EF2-4640-8168-009E63E3FA5D}?\Device\{8EF06B9B-926E-44FF-8884-6865D324ADEE}?\Device\{91430389-68AB-409F-8C2D-DD4B8646A477}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{BA14939E-3672-4C25-ADD6-FC2A844FE6D5}"?"{2B13B0E2-56CB-4F8F-9BE9-2AE9312AB550}"?"{79EF9C66-2EF2-4640-8168-009E63E3FA5D}"?"{8EF06B9B-926E-44FF-8884-6865D324ADEE}"?"{91430389-68AB-409F-8C2D-DD4B8646A477}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{BA14939E-3672-4C25-ADD6-FC2A844FE6D5}?\Device\TCPIP6TUNNEL_{2B13B0E2-56CB-4F8F-9BE9-2AE9312AB550}?\Device\TCPIP6TUNNEL_{79EF9C66-2EF2-4640-8168-009E63E3FA5D}?\Device\TCPIP6TUNNEL_{8EF06B9B-926E-44FF-8884-6865D324ADEE}?\Device\TCPIP6TUNNEL_{91430389-68AB-409F-8C2D-DD4B8646A477}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00265e962ad3
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00265eba91ca
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00265eba91ca@74458a09b6b7 0xAF 0x20 0x99 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00265eba91ca@503275266aee 0xB5 0x27 0x5C 0xAB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{79EF9C66-2EF2-4640-8168-009E63E3FA5D}@InterfaceName isatap.{9C0C0137-D810-4E9B-B5E6-E7495FD7E2C0}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{79EF9C66-2EF2-4640-8168-009E63E3FA5D}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00265e962ad3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00265eba91ca (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00265eba91ca@74458a09b6b7 0xAF 0x20 0x99 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00265eba91ca@503275266aee 0xB5 0x27 0x5C 0xAB ...
---- EOF - GMER 2.1 ----
Vorab schonmal recht herzlichen Dank für Eure Hilfe!!! Gruß PC-Trouble |
|
21.01.2014, 22:56
| #2 |
| /// the machine /// TB-Ausbilder    | Search Protect von Conduit - wie restlos entfernen? hi,
__________________Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
22.01.2014, 01:02
| #3 |
| | Search Protect von Conduit - wie restlos entfernen? Hier nun das Logfile von Malwarebytes:
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.21.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 AT :: AT-PC [Administrator] Schutz: Aktiviert 21.01.2014 23:24:09 mbam-log-2014-01-21 (23-24-09).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 280374 Laufzeit: 5 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Daten: @biocpl.dll,-1 -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bösartig: (hxxp://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP0D7806CC-3A9C-4BE7-AA9E-B9D388FC7C0F&SSPV=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 2 C:\Users\AT\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\AT\AppData\Roaming\OpenCandy\3404C261FCB141459C65688A07A0933E (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 12 C:\Users\AT\AppData\Roaming\OpenCandy\3404C261FCB141459C65688A07A0933E\WS_p4v2_2CB2.exe (PUP.Optional.Amonetize) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-21-559542292-2860326632-3622392150-1005\$RN95HK5.exe (PUP.Optional.ChipXonio) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\AT\AppData\Local\Temp\ICReinstall_UltimateCodec.exe (PUP.Optional.JumpyApps) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\AT\AppData\Local\Temp\nsgD010.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\AT\AppData\Local\Temp\nsiD796.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\AT\AppData\Local\Temp\nso44CC.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\AT\AppData\Local\Temp\nst47F8.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\AT\AppData\Local\Temp\nstDC1A.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\AT\AppData\Local\Temp\setup__3862.exe (PUP.Optional.InstallMonetizer) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MamaPapa\AppData\Local\Temp\SPSetup.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Temp\nsq6348.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Temp\nsvA97C.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) AdwCleaner[R0].txt Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 21/01/2014 um 23:52:34
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : AT - AT-PC
# Gestartet von : C:\Users\MamaPapa\Downloads\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\AT\AppDATa\Roaming\Mozilla\Firefox\Profiles\ovv17edl.default\searchplugins\conduit-search.xml
Ordner Gefunden C:\Windows\SysWOW64\Searchprotect
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\AT\AppDATa\Roaming\Mozilla\Firefox\Profiles\ovv17edl.default\prefs.js ]
Zeile gefunden : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP0D7806CC-3A9C-4BE7-AA9E-B9D388FC7C0F&SSPV=");
Zeile gefunden : user_pref("browser.search.selectedEngine", "Conduit Search");
Zeile gefunden : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP0D7806CC-3A9C-4BE7-AA9E-B9D388FC7C0F");
*************************
AdwCleaner[R0].txt - [1591 octets] - [21/01/2014 23:52:34]
########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [1651 octets] ##########
Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 21/01/2014 um 23:54:49
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : AT - AT-PC
# Gestartet von : C:\Users\MamaPapa\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Windows\SysWOW64\Searchprotect
Datei Gelöscht : C:\Users\AT\AppDATa\Roaming\Mozilla\Firefox\Profiles\ovv17edl.default\searchplugins\conduit-search.xml
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\AT\AppDATa\Roaming\Mozilla\Firefox\Profiles\ovv17edl.default\prefs.js ]
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP0D7806CC-3A9C-4BE7-AA9E-B9D388FC7C0F&SSPV=");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Conduit Search");
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP0D7806CC-3A9C-4BE7-AA9E-B9D388FC7C0F");
*************************
AdwCleaner[R0].txt - [1733 octets] - [21/01/2014 23:52:34]
AdwCleaner[S0].txt - [1536 octets] - [21/01/2014 23:54:49]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [1596 octets] ##########
Nach der Ausführung des Junkware Removal Tools wurde eine Datei JRT.txt erstellt, die war auch auf meinem Desktop vorhanden. Wobei allerdings alle Programmsymbole, die ich auf dem Desktop habe, verschoben waren. Ich habe dann Firefox wieder gestartet, aber da war nichts mehr wie vorher, andere Startseite (wieder die Standard-Firefox-Startseite), sämtliche Lesezeichen waren verschwunden, und unter Chronik wurde auch nichts vom Januar angezeigt. Das Systemdatum in der Statuszeile war aber immer noch aktuell. Habe Firefox wieder geschlossen und dann erschien eine Systemmeldung, dass ein Script beschädigt wäre (weiß jetzt leider nicht mehr, ob angezeigt wurde welches) und dass nach einem Neustart der Fehler behoben wäre. Systemneustart war über Button zum Anklicken angeboten. Nach dem Neustart war dann die Datei JRT.txt nicht mehr da. Auch eine Suche nach "JRT.txt" war erfolglos. Soll ich das Junkware Removal Tool nochmals starten oder bringt das ein 2. Mal nicht mehr das gleiche Ergebnis. Hier jedenfalls die nach Junkware Removal Tool erzeugte FRST.txt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014 Ran by MamaPapa (ATTENTION: The logged in user is not administrator) on AT-PC on 22-01-2014 00:35:17 Running from C:\Users\MamaPapa\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo) HKLM\...\Run: [FingerPrintSoftware] - C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582920 2011-05-31] (AuthenTec) HKLM\...\Run: [FingerPrintSoftwareSplashScreen] - C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2011-05-31] (AuthenTec, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f [x] HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) HKCU\...\Policies\system: [LogonHoursAction] 2 HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKCU\...\Policies\Explorer: [DisallowCpl] 1 MountPoints2: E - E:\AutoRun.exe MountPoints2: {4e41bbe1-ff63-11e2-83ae-00265eba91ca} - E:\AutoRun.exe MountPoints2: {4e41bc06-ff63-11e2-83ae-00265eba91ca} - E:\AutoRun.exe MountPoints2: {8159d386-737e-11e3-94c1-028037ec0200} - E:\AutoRun.exe Lsa: [Notification Packages] scecli ACGina Startup: C:\Users\MamaPapa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\MamaPapa\AppData\Roaming\Mozilla\Firefox\Profiles\on9r94r8.default FF Homepage: www.google.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\MamaPapa\AppData\Roaming\Mozilla\Firefox\Profiles\on9r94r8.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\MamaPapa\AppData\Roaming\Mozilla\Firefox\Profiles\on9r94r8.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\MamaPapa\AppData\Roaming\Mozilla\Firefox\Profiles\on9r94r8.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: GMX MailCheck - C:\Users\MamaPapa\AppData\Roaming\Mozilla\Firefox\Profiles\on9r94r8.default\Extensions\toolbar@gmx.net.xpi [2013-06-23] FF Extension: Adblock Plus - C:\Users\MamaPapa\AppData\Roaming\Mozilla\Firefox\Profiles\on9r94r8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-21] ==================== Services (Whitelisted) ================= S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2011-05-31] () R2 ATService; C:\Windows\system32\ATService.exe [2715976 2011-05-31] (AuthenTec, Inc.) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-01-10] (Lenovo.) R2 dtsvc; C:\Windows\system32\DTS.exe [117760 2011-05-31] () R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [135168 2009-12-08] (Huawei Technologies Co., Ltd.) S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.) R3 lnvobus; C:\Windows\system32\drivers\lnvobus.sys [327680 2008-12-16] (MCCI Corporation) R3 lnvocard; C:\Windows\system32\drivers\lnvocard.sys [378880 2008-12-16] (MCCI Corporation) R3 lnvogps; C:\Windows\system32\drivers\lnvogps64.sys [87592 2008-10-23] (Ericsson AB) R3 lnvomdfl; C:\Windows\System32\DRIVERS\lnvomdfl.sys [19456 2008-12-16] (MCCI Corporation) R3 lnvomdfl2; C:\Windows\System32\DRIVERS\lnvomdfl2.sys [19456 2008-12-16] (MCCI Corporation) R3 lnvomdm; C:\Windows\System32\DRIVERS\lnvomdm.sys [422912 2008-12-16] (MCCI Corporation) R3 lnvomdm2; C:\Windows\System32\DRIVERS\lnvomdm2.sys [474624 2008-12-16] (MCCI Corporation) R3 lnvond5; C:\Windows\System32\DRIVERS\lnvond5.sys [34816 2008-12-16] (MCCI Corporation) R3 lnvounic; C:\Windows\system32\drivers\lnvounic.sys [431104 2008-12-16] (MCCI Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [26424 2012-07-05] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [27960 2012-07-05] (Synaptics Incorporated) R3 Sony_EricssonWWSC; C:\Windows\System32\DRIVERS\lnvoscard64.sys [30760 2008-07-08] (Sony Ericsson) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-22 00:35 - 2014-01-22 00:35 - 00011278 _____ C:\Users\MamaPapa\Downloads\FRST.txt 2014-01-22 00:06 - 2014-01-22 00:06 - 00000000 ____D C:\Windows\ERUNT 2014-01-22 00:04 - 2014-01-22 00:04 - 01037068 _____ (Thisisu) C:\Users\MamaPapa\Downloads\JRT.exe 2014-01-21 23:52 - 2014-01-21 23:54 - 00000000 ____D C:\AdwCleaner 2014-01-21 23:38 - 2014-01-21 23:38 - 01236282 _____ C:\Users\MamaPapa\Downloads\adwcleaner.exe 2014-01-21 23:37 - 2014-01-21 23:57 - 00000000 ____D C:\Users\Public\Documents\PC-Probleme 2014-01-21 23:12 - 2014-01-21 23:12 - 00000000 ____D C:\Users\AT\AppData\Roaming\Malwarebytes 2014-01-21 23:11 - 2014-01-21 23:11 - 00001076 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-01-21 23:11 - 2014-01-21 23:11 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-21 23:11 - 2014-01-21 23:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-21 23:11 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-01-21 23:06 - 2014-01-21 23:06 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\MamaPapa\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-21 22:07 - 2014-01-21 22:07 - 00004251 _____ C:\Users\MamaPapa\Downloads\Gmer_.log 2014-01-21 21:50 - 2014-01-21 21:50 - 00379904 _____ C:\Users\MamaPapa\Downloads\gmer.exe 2014-01-21 21:25 - 2014-01-21 21:26 - 00025334 _____ C:\Users\MamaPapa\Downloads\FRST_2014-01-21.txt 2014-01-21 21:25 - 2014-01-21 21:26 - 00015241 _____ C:\Users\MamaPapa\Downloads\Addition.txt 2014-01-21 21:24 - 2014-01-21 21:24 - 00000000 ____D C:\FRST 2014-01-21 21:22 - 2014-01-21 21:22 - 02077184 _____ (Farbar) C:\Users\MamaPapa\Downloads\FRST64.exe 2014-01-21 21:18 - 2014-01-21 21:18 - 00000466 _____ C:\Users\MamaPapa\Downloads\defogger_disable.log 2014-01-21 21:18 - 2014-01-21 21:18 - 00000000 _____ C:\Users\AT\defogger_reenable 2014-01-21 21:16 - 2014-01-21 21:16 - 00050477 _____ C:\Users\MamaPapa\Downloads\Defogger.exe 2014-01-18 18:03 - 2014-01-18 18:03 - 01050768 _____ (Unity Technologies ApS) C:\Users\MamaPapa\Downloads\UnityWebPlayer.exe 2014-01-15 16:58 - 2014-01-15 16:58 - 01585616 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2014-01-15 14:05 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 14:05 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 14:05 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 14:05 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 14:05 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 14:05 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 14:05 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 14:05 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 14:05 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-03 09:57 - 2014-01-21 23:38 - 00000000 ____D C:\Users\MamaPapa\Documents\Barbara 2014-01-02 08:19 - 2014-01-02 08:19 - 00001046 _____ C:\Users\Public\Desktop\Mobile Partner.lnk 2014-01-02 08:19 - 2009-12-08 20:19 - 00135168 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys 2014-01-02 08:19 - 2009-12-07 19:53 - 00117504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2014-01-02 08:19 - 2009-10-12 15:23 - 00114304 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbdev.sys 2014-01-02 08:19 - 2007-08-09 04:10 - 00029696 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys 2014-01-01 17:48 - 2014-01-01 17:48 - 00000000 ____D C:\ProgramData\Sun 2014-01-01 17:48 - 2014-01-01 17:48 - 00000000 ____D C:\ProgramData\Oracle 2014-01-01 17:48 - 2014-01-01 17:47 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-01-01 17:47 - 2014-01-01 17:47 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-01-01 17:47 - 2014-01-01 17:47 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-01-01 17:47 - 2014-01-01 17:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-01 17:47 - 2014-01-01 17:47 - 00000000 ____D C:\Program Files (x86)\Java 2014-01-01 17:27 - 2014-01-01 17:27 - 00915368 _____ (Oracle Corporation) C:\Users\MamaPapa\Downloads\jxpiinstall.exe 2013-12-29 22:18 - 2013-12-29 22:19 - 34115288 _____ (DVDVideoSoft Ltd. ) C:\Users\MamaPapa\Downloads\FreeYouTube19ToMP3Converter.exe 2013-12-25 19:07 - 2013-12-25 19:07 - 00001443 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk 2013-12-25 19:03 - 2013-12-25 19:04 - 32350440 _____ (DVDVideoSoft Ltd. ) C:\Users\MamaPapa\Downloads\Free19YouTubeDownload.exe 2013-12-24 23:04 - 2013-12-24 23:13 - 00000000 ____D C:\Users\MamaPapa\Documents\OneNote-Notizbücher ==================== One Month Modified Files and Folders ======= 2014-01-22 00:35 - 2014-01-22 00:35 - 00011278 _____ C:\Users\MamaPapa\Downloads\FRST.txt 2014-01-22 00:29 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-22 00:29 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-22 00:27 - 2011-04-12 08:43 - 00699418 _____ C:\Windows\system32\perfh007.dat 2014-01-22 00:27 - 2011-04-12 08:43 - 00149526 _____ C:\Windows\system32\perfc007.dat 2014-01-22 00:27 - 2009-07-14 06:13 - 01619600 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-22 00:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-22 00:21 - 2009-07-14 05:51 - 00148495 _____ C:\Windows\setupact.log 2014-01-22 00:20 - 2013-06-22 20:31 - 01883667 _____ C:\Windows\WindowsUpdate.log 2014-01-22 00:06 - 2014-01-22 00:06 - 00000000 ____D C:\Windows\ERUNT 2014-01-22 00:06 - 2013-07-06 22:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-22 00:04 - 2014-01-22 00:04 - 01037068 _____ (Thisisu) C:\Users\MamaPapa\Downloads\JRT.exe 2014-01-21 23:57 - 2014-01-21 23:37 - 00000000 ____D C:\Users\Public\Documents\PC-Probleme 2014-01-21 23:54 - 2014-01-21 23:52 - 00000000 ____D C:\AdwCleaner 2014-01-21 23:47 - 2010-11-21 04:47 - 00081304 _____ C:\Windows\PFRO.log 2014-01-21 23:38 - 2014-01-21 23:38 - 01236282 _____ C:\Users\MamaPapa\Downloads\adwcleaner.exe 2014-01-21 23:38 - 2014-01-03 09:57 - 00000000 ____D C:\Users\MamaPapa\Documents\Barbara 2014-01-21 23:12 - 2014-01-21 23:12 - 00000000 ____D C:\Users\AT\AppData\Roaming\Malwarebytes 2014-01-21 23:11 - 2014-01-21 23:11 - 00001076 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-01-21 23:11 - 2014-01-21 23:11 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-21 23:11 - 2014-01-21 23:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-21 23:06 - 2014-01-21 23:06 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\MamaPapa\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-21 22:07 - 2014-01-21 22:07 - 00004251 _____ C:\Users\MamaPapa\Downloads\Gmer_.log 2014-01-21 22:05 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2014-01-21 21:50 - 2014-01-21 21:50 - 00379904 _____ C:\Users\MamaPapa\Downloads\gmer.exe 2014-01-21 21:26 - 2014-01-21 21:25 - 00025334 _____ C:\Users\MamaPapa\Downloads\FRST_2014-01-21.txt 2014-01-21 21:26 - 2014-01-21 21:25 - 00015241 _____ C:\Users\MamaPapa\Downloads\Addition.txt 2014-01-21 21:24 - 2014-01-21 21:24 - 00000000 ____D C:\FRST 2014-01-21 21:22 - 2014-01-21 21:22 - 02077184 _____ (Farbar) C:\Users\MamaPapa\Downloads\FRST64.exe 2014-01-21 21:18 - 2014-01-21 21:18 - 00000466 _____ C:\Users\MamaPapa\Downloads\defogger_disable.log 2014-01-21 21:18 - 2014-01-21 21:18 - 00000000 _____ C:\Users\AT\defogger_reenable 2014-01-21 21:18 - 2013-06-22 20:36 - 00000000 ____D C:\Users\AT 2014-01-21 21:16 - 2014-01-21 21:16 - 00050477 _____ C:\Users\MamaPapa\Downloads\Defogger.exe 2014-01-21 20:55 - 2013-06-27 06:05 - 00000000 ____D C:\Users\Public\Documents\Schwimmen 2014-01-21 20:14 - 2013-06-23 17:02 - 00001328 __RSH C:\Users\Talia\ntuser.pol 2014-01-21 20:14 - 2013-06-23 17:01 - 00000000 ____D C:\Users\Talia 2014-01-21 20:14 - 2013-06-23 16:50 - 00000680 __RSH C:\Users\MamaPapa\ntuser.pol 2014-01-21 20:14 - 2013-06-23 16:50 - 00000000 ____D C:\Users\MamaPapa 2014-01-19 21:53 - 2013-11-10 22:29 - 00000000 ____D C:\Users\MamaPapa\Documents\Talia 2014-01-19 21:53 - 2013-06-28 13:04 - 00000000 ____D C:\Users\Public\Documents\Schule 2014-01-19 08:33 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-01-18 18:03 - 2014-01-18 18:03 - 01050768 _____ (Unity Technologies ApS) C:\Users\MamaPapa\Downloads\UnityWebPlayer.exe 2014-01-17 22:00 - 2013-08-06 12:18 - 00000000 ____D C:\Users\MamaPapa\Documents\FinePrint-Dateien 2014-01-17 21:34 - 2013-06-28 13:03 - 00000000 ____D C:\Users\Public\Documents\Bestellungen 2014-01-16 18:39 - 2013-06-22 21:56 - 00000680 __RSH C:\Users\AT\ntuser.pol 2014-01-16 17:30 - 2013-06-23 09:38 - 00001326 __RSH C:\Users\Nick\ntuser.pol 2014-01-16 17:30 - 2013-06-23 09:38 - 00000000 ____D C:\Users\Nick 2014-01-15 21:02 - 2013-06-28 21:09 - 00000000 ____D C:\Users\MamaPapa\Documents\DVDVideoSoft 2014-01-15 17:07 - 2009-07-14 05:45 - 00312496 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-15 16:58 - 2014-01-15 16:58 - 01585616 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2014-01-15 16:53 - 2013-06-23 14:09 - 00000000 ____D C:\ProgramData\Microsoft Help 2014-01-15 16:51 - 2013-07-15 12:24 - 00000000 ____D C:\Windows\system32\MRT 2014-01-15 16:48 - 2013-06-22 21:01 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-14 00:46 - 2013-08-22 17:28 - 00000000 ____D C:\Users\MamaPapa\Documents\My Digital Editions 2014-01-12 13:48 - 2013-06-23 17:04 - 00000000 ____D C:\Users\Talia\Documents\GFS Talia 2014-01-11 22:28 - 2013-07-06 17:18 - 331569405 _____ C:\Windows\MEMORY.DMP 2014-01-11 22:28 - 2013-07-06 17:18 - 00000000 ____D C:\Windows\Minidump 2014-01-09 18:42 - 2013-08-06 12:17 - 00000000 ____D C:\Users\MamaPapa\Documents\PDF-Dateien 2014-01-02 17:42 - 2013-06-27 20:35 - 00000000 ____D C:\Users\MamaPapa\Documents\Vorlagen 2014-01-02 08:19 - 2014-01-02 08:19 - 00001046 _____ C:\Users\Public\Desktop\Mobile Partner.lnk 2014-01-02 08:19 - 2013-08-07 15:08 - 00000000 ____D C:\Program Files (x86)\Mobile Partner 2014-01-01 17:48 - 2014-01-01 17:48 - 00000000 ____D C:\ProgramData\Sun 2014-01-01 17:48 - 2014-01-01 17:48 - 00000000 ____D C:\ProgramData\Oracle 2014-01-01 17:47 - 2014-01-01 17:48 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-01-01 17:47 - 2014-01-01 17:47 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-01-01 17:47 - 2014-01-01 17:47 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-01-01 17:47 - 2014-01-01 17:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-01 17:47 - 2014-01-01 17:47 - 00000000 ____D C:\Program Files (x86)\Java 2014-01-01 17:27 - 2014-01-01 17:27 - 00915368 _____ (Oracle Corporation) C:\Users\MamaPapa\Downloads\jxpiinstall.exe 2013-12-29 22:21 - 2013-06-28 21:13 - 00001539 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2013-12-29 22:21 - 2013-06-28 21:13 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2013-12-29 22:20 - 2013-06-28 21:08 - 00000000 ____D C:\Users\AT\AppData\Roaming\DVDVideoSoft 2013-12-29 22:19 - 2013-12-29 22:18 - 34115288 _____ (DVDVideoSoft Ltd. ) C:\Users\MamaPapa\Downloads\FreeYouTube19ToMP3Converter.exe 2013-12-25 19:07 - 2013-12-25 19:07 - 00001443 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk 2013-12-25 19:07 - 2013-06-28 21:09 - 00000000 ____D C:\Users\MamaPapa\AppData\Roaming\DVDVideoSoft 2013-12-25 19:04 - 2013-12-25 19:03 - 32350440 _____ (DVDVideoSoft Ltd. ) C:\Users\MamaPapa\Downloads\Free19YouTubeDownload.exe 2013-12-24 23:21 - 2013-06-28 13:04 - 00000000 ____D C:\Users\Public\Documents\Weihnachten 2013-12-24 23:13 - 2013-12-24 23:04 - 00000000 ____D C:\Users\MamaPapa\Documents\OneNote-Notizbücher 2013-12-24 23:04 - 2013-06-23 16:50 - 00000000 ___RD C:\Users\MamaPapa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-24 00:04 - 2013-06-22 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service Some content of TEMP: ==================== C:\Users\MamaPapa\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\MamaPapa\AppData\Local\Temp\ResetDevice.exe C:\Users\MamaPapa\AppData\Local\Temp\Shockwave_Installer_FF.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ --- --- --- Hiermit verabschiede ich mich für heute Nacht. |
|
22.01.2014, 16:32
| #4 |
| /// the machine /// TB-Ausbilder | Search Protect von Conduit - wie restlos entfernen? Nee passt so. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.01.2014, 15:48
| #5 |
| | Search Protect von Conduit - wie restlos entfernen? Ich hab noch eine Frage zu den anzuschließenden externen Speichermedien: Zählen iPod, MP3-Player und E-Book-Reader auch zu dieser Kategorie? Oder nur externe Festplatte und USB-Sticks? Und ich gehe mal davon aus, dass die externen Speicher (externe Festplatte, USB-Sticks, usw.) alle gleichzeitig angeschlossen werden müssen, oder? |
|
24.01.2014, 09:30
| #6 |
| /// the machine /// TB-Ausbilder | Search Protect von Conduit - wie restlos entfernen? nur Platten und Sticks, is ja auch kein Muss, die könnte man halt grad mitscannen
__________________ --> Search Protect von Conduit - wie restlos entfernen? |
|
24.01.2014, 21:31
| #7 |
| | Search Protect von Conduit - wie restlos entfernen? Mannomann, der Eset-Scan hat ja Ewigkeiten gedauert. Aber jetzt ist der Eset-Scan und der Security-Check endlich fertig. Hier log.txt vom Eset-Scan: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ba27bdfa86d8444dbc7f4f0f7ef85d32
# engine=16784
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-24 04:14:42
# local_time=2014-01-24 05:14:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 17123974 142209932 0 0
# scanned=128110
# found=1
# cleaned=0
# scan_time=8608
sh=2CCEACAB89AA883584A95458DF14091F35ED61E0 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="E:\BT-PC\Backup Set 2013-04-29 141550\Backup Files 2013-05-13 171312\Backup files 2.zip"
Code:
ATTFilter Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 45 Java version out of Date! Adobe Flash Player 12.0.0.43 Flash Player out of Date! Adobe Reader XI Mozilla Firefox (26.0) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014 Ran by MamaPapa (ATTENTION: The logged in user is not administrator) on AT-PC on 24-01-2014 20:53:29 Running from C:\Users\MamaPapa\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo) HKLM\...\Run: [FingerPrintSoftware] - C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582920 2011-05-31] (AuthenTec) HKLM\...\Run: [FingerPrintSoftwareSplashScreen] - C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2011-05-31] (AuthenTec, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f [x] HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) HKCU\...\Policies\system: [LogonHoursAction] 2 HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKCU\...\Policies\Explorer: [DisallowCpl] 1 MountPoints2: E - E:\AutoRun.exe MountPoints2: {4e41bbe1-ff63-11e2-83ae-00265eba91ca} - E:\AutoRun.exe MountPoints2: {4e41bc06-ff63-11e2-83ae-00265eba91ca} - E:\AutoRun.exe MountPoints2: {8159d386-737e-11e3-94c1-028037ec0200} - E:\AutoRun.exe Lsa: [Notification Packages] scecli ACGina Startup: C:\Users\MamaPapa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\MamaPapa\AppData\Roaming\Mozilla\Firefox\Profiles\on9r94r8.default FF Homepage: www.google.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\MamaPapa\AppData\Roaming\Mozilla\Firefox\Profiles\on9r94r8.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\MamaPapa\AppData\Roaming\Mozilla\Firefox\Profiles\on9r94r8.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\MamaPapa\AppData\Roaming\Mozilla\Firefox\Profiles\on9r94r8.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: GMX MailCheck - C:\Users\MamaPapa\AppData\Roaming\Mozilla\Firefox\Profiles\on9r94r8.default\Extensions\toolbar@gmx.net.xpi [2013-06-23] FF Extension: Adblock Plus - C:\Users\MamaPapa\AppData\Roaming\Mozilla\Firefox\Profiles\on9r94r8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-21] ==================== Services (Whitelisted) ================= S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2011-05-31] () R2 ATService; C:\Windows\system32\ATService.exe [2715976 2011-05-31] (AuthenTec, Inc.) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-01-10] (Lenovo.) R2 dtsvc; C:\Windows\system32\DTS.exe [117760 2011-05-31] () R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [135168 2009-12-08] (Huawei Technologies Co., Ltd.) S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.) R3 lnvobus; C:\Windows\system32\drivers\lnvobus.sys [327680 2008-12-16] (MCCI Corporation) R3 lnvocard; C:\Windows\system32\drivers\lnvocard.sys [378880 2008-12-16] (MCCI Corporation) R3 lnvogps; C:\Windows\system32\drivers\lnvogps64.sys [87592 2008-10-23] (Ericsson AB) R3 lnvomdfl; C:\Windows\System32\DRIVERS\lnvomdfl.sys [19456 2008-12-16] (MCCI Corporation) R3 lnvomdfl2; C:\Windows\System32\DRIVERS\lnvomdfl2.sys [19456 2008-12-16] (MCCI Corporation) R3 lnvomdm; C:\Windows\System32\DRIVERS\lnvomdm.sys [422912 2008-12-16] (MCCI Corporation) R3 lnvomdm2; C:\Windows\System32\DRIVERS\lnvomdm2.sys [474624 2008-12-16] (MCCI Corporation) R3 lnvond5; C:\Windows\System32\DRIVERS\lnvond5.sys [34816 2008-12-16] (MCCI Corporation) R3 lnvounic; C:\Windows\system32\drivers\lnvounic.sys [431104 2008-12-16] (MCCI Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [26424 2012-07-05] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [27960 2012-07-05] (Synaptics Incorporated) R3 Sony_EricssonWWSC; C:\Windows\System32\DRIVERS\lnvoscard64.sys [30760 2008-07-08] (Sony Ericsson) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-24 20:53 - 2014-01-24 20:53 - 00011407 _____ C:\Users\MamaPapa\Downloads\FRST.txt 2014-01-24 20:23 - 2014-01-24 20:23 - 00000106 _____ C:\Users\MamaPapa\Downloads\ESET-Scan_2014-01-24.txt 2014-01-24 14:46 - 2014-01-24 14:46 - 00000000 ____D C:\Program Files (x86)\ESET 2014-01-24 14:40 - 2014-01-24 14:40 - 00987425 _____ C:\Users\MamaPapa\Desktop\SecurityCheck.exe 2014-01-24 14:39 - 2014-01-24 14:39 - 02347384 _____ (ESET) C:\Users\MamaPapa\Downloads\esetsmartinstaller_enu.exe 2014-01-22 00:35 - 2014-01-22 00:36 - 00025473 _____ C:\Users\MamaPapa\Downloads\FRST_2014-01-22.txt 2014-01-22 00:06 - 2014-01-22 00:06 - 00000000 ____D C:\Windows\ERUNT 2014-01-22 00:04 - 2014-01-22 00:04 - 01037068 _____ (Thisisu) C:\Users\MamaPapa\Downloads\JRT.exe 2014-01-21 23:52 - 2014-01-21 23:54 - 00000000 ____D C:\AdwCleaner 2014-01-21 23:38 - 2014-01-21 23:38 - 01236282 _____ C:\Users\MamaPapa\Downloads\adwcleaner.exe 2014-01-21 23:37 - 2014-01-24 20:44 - 00000000 ____D C:\Users\Public\Documents\PC-Probleme 2014-01-21 23:12 - 2014-01-21 23:12 - 00000000 ____D C:\Users\AT\AppData\Roaming\Malwarebytes 2014-01-21 23:11 - 2014-01-21 23:11 - 00001076 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-01-21 23:11 - 2014-01-21 23:11 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-21 23:11 - 2014-01-21 23:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-21 23:11 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-01-21 23:06 - 2014-01-21 23:06 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\MamaPapa\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-21 22:07 - 2014-01-21 22:07 - 00004251 _____ C:\Users\MamaPapa\Downloads\Gmer_.log 2014-01-21 21:50 - 2014-01-21 21:50 - 00379904 _____ C:\Users\MamaPapa\Downloads\gmer.exe 2014-01-21 21:25 - 2014-01-21 21:26 - 00025334 _____ C:\Users\MamaPapa\Downloads\FRST_2014-01-21.txt 2014-01-21 21:25 - 2014-01-21 21:26 - 00015241 _____ C:\Users\MamaPapa\Downloads\Addition.txt 2014-01-21 21:24 - 2014-01-21 21:24 - 00000000 ____D C:\FRST 2014-01-21 21:22 - 2014-01-21 21:22 - 02077184 _____ (Farbar) C:\Users\MamaPapa\Downloads\FRST64.exe 2014-01-21 21:18 - 2014-01-21 21:18 - 00000466 _____ C:\Users\MamaPapa\Downloads\defogger_disable.log 2014-01-21 21:18 - 2014-01-21 21:18 - 00000000 _____ C:\Users\AT\defogger_reenable 2014-01-21 21:16 - 2014-01-21 21:16 - 00050477 _____ C:\Users\MamaPapa\Downloads\Defogger.exe 2014-01-18 18:03 - 2014-01-18 18:03 - 01050768 _____ (Unity Technologies ApS) C:\Users\MamaPapa\Downloads\UnityWebPlayer.exe 2014-01-15 16:58 - 2014-01-22 14:33 - 01593980 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2014-01-15 14:05 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 14:05 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 14:05 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 14:05 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 14:05 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 14:05 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 14:05 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 14:05 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 14:05 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-03 09:57 - 2014-01-21 23:38 - 00000000 ____D C:\Users\MamaPapa\Documents\Barbara 2014-01-02 08:19 - 2014-01-02 08:19 - 00001046 _____ C:\Users\Public\Desktop\Mobile Partner.lnk 2014-01-02 08:19 - 2009-12-08 20:19 - 00135168 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys 2014-01-02 08:19 - 2009-12-07 19:53 - 00117504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2014-01-02 08:19 - 2009-10-12 15:23 - 00114304 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbdev.sys 2014-01-02 08:19 - 2007-08-09 04:10 - 00029696 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys 2014-01-01 17:48 - 2014-01-01 17:48 - 00000000 ____D C:\ProgramData\Sun 2014-01-01 17:48 - 2014-01-01 17:48 - 00000000 ____D C:\ProgramData\Oracle 2014-01-01 17:48 - 2014-01-01 17:47 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-01-01 17:47 - 2014-01-01 17:47 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-01-01 17:47 - 2014-01-01 17:47 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-01-01 17:47 - 2014-01-01 17:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-01 17:47 - 2014-01-01 17:47 - 00000000 ____D C:\Program Files (x86)\Java 2014-01-01 17:27 - 2014-01-01 17:27 - 00915368 _____ (Oracle Corporation) C:\Users\MamaPapa\Downloads\jxpiinstall.exe 2013-12-29 22:18 - 2013-12-29 22:19 - 34115288 _____ (DVDVideoSoft Ltd. ) C:\Users\MamaPapa\Downloads\FreeYouTube19ToMP3Converter.exe 2013-12-25 19:07 - 2013-12-25 19:07 - 00001443 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk 2013-12-25 19:03 - 2013-12-25 19:04 - 32350440 _____ (DVDVideoSoft Ltd. ) C:\Users\MamaPapa\Downloads\Free19YouTubeDownload.exe ==================== One Month Modified Files and Folders ======= 2014-01-24 20:53 - 2014-01-24 20:53 - 00011407 _____ C:\Users\MamaPapa\Downloads\FRST.txt 2014-01-24 20:44 - 2014-01-21 23:37 - 00000000 ____D C:\Users\Public\Documents\PC-Probleme 2014-01-24 20:23 - 2014-01-24 20:23 - 00000106 _____ C:\Users\MamaPapa\Downloads\ESET-Scan_2014-01-24.txt 2014-01-24 20:06 - 2013-07-06 22:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-24 19:38 - 2013-06-22 20:31 - 02002368 _____ C:\Windows\WindowsUpdate.log 2014-01-24 19:38 - 2009-07-14 05:51 - 00149335 _____ C:\Windows\setupact.log 2014-01-24 14:50 - 2011-04-12 08:43 - 00699440 _____ C:\Windows\system32\perfh007.dat 2014-01-24 14:50 - 2011-04-12 08:43 - 00149548 _____ C:\Windows\system32\perfc007.dat 2014-01-24 14:50 - 2009-07-14 06:13 - 01619700 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-24 14:46 - 2014-01-24 14:46 - 00000000 ____D C:\Program Files (x86)\ESET 2014-01-24 14:42 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-24 14:42 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-24 14:40 - 2014-01-24 14:40 - 00987425 _____ C:\Users\MamaPapa\Desktop\SecurityCheck.exe 2014-01-24 14:39 - 2014-01-24 14:39 - 02347384 _____ (ESET) C:\Users\MamaPapa\Downloads\esetsmartinstaller_enu.exe 2014-01-24 14:38 - 2013-06-23 13:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-24 14:38 - 2013-06-23 13:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-24 14:34 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-24 07:57 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2014-01-23 22:20 - 2013-06-27 06:05 - 00000000 ____D C:\Users\Public\Documents\Schwimmen 2014-01-22 14:33 - 2014-01-15 16:58 - 01593980 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2014-01-22 00:36 - 2014-01-22 00:35 - 00025473 _____ C:\Users\MamaPapa\Downloads\FRST_2014-01-22.txt 2014-01-22 00:06 - 2014-01-22 00:06 - 00000000 ____D C:\Windows\ERUNT 2014-01-22 00:04 - 2014-01-22 00:04 - 01037068 _____ (Thisisu) C:\Users\MamaPapa\Downloads\JRT.exe 2014-01-21 23:54 - 2014-01-21 23:52 - 00000000 ____D C:\AdwCleaner 2014-01-21 23:47 - 2010-11-21 04:47 - 00081304 _____ C:\Windows\PFRO.log 2014-01-21 23:38 - 2014-01-21 23:38 - 01236282 _____ C:\Users\MamaPapa\Downloads\adwcleaner.exe 2014-01-21 23:38 - 2014-01-03 09:57 - 00000000 ____D C:\Users\MamaPapa\Documents\Barbara 2014-01-21 23:12 - 2014-01-21 23:12 - 00000000 ____D C:\Users\AT\AppData\Roaming\Malwarebytes 2014-01-21 23:11 - 2014-01-21 23:11 - 00001076 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-01-21 23:11 - 2014-01-21 23:11 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-21 23:11 - 2014-01-21 23:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-21 23:06 - 2014-01-21 23:06 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\MamaPapa\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-21 22:07 - 2014-01-21 22:07 - 00004251 _____ C:\Users\MamaPapa\Downloads\Gmer_.log 2014-01-21 21:50 - 2014-01-21 21:50 - 00379904 _____ C:\Users\MamaPapa\Downloads\gmer.exe 2014-01-21 21:26 - 2014-01-21 21:25 - 00025334 _____ C:\Users\MamaPapa\Downloads\FRST_2014-01-21.txt 2014-01-21 21:26 - 2014-01-21 21:25 - 00015241 _____ C:\Users\MamaPapa\Downloads\Addition.txt 2014-01-21 21:24 - 2014-01-21 21:24 - 00000000 ____D C:\FRST 2014-01-21 21:22 - 2014-01-21 21:22 - 02077184 _____ (Farbar) C:\Users\MamaPapa\Downloads\FRST64.exe 2014-01-21 21:18 - 2014-01-21 21:18 - 00000466 _____ C:\Users\MamaPapa\Downloads\defogger_disable.log 2014-01-21 21:18 - 2014-01-21 21:18 - 00000000 _____ C:\Users\AT\defogger_reenable 2014-01-21 21:18 - 2013-06-22 20:36 - 00000000 ____D C:\Users\AT 2014-01-21 21:16 - 2014-01-21 21:16 - 00050477 _____ C:\Users\MamaPapa\Downloads\Defogger.exe 2014-01-21 20:14 - 2013-06-23 17:02 - 00001328 __RSH C:\Users\Talia\ntuser.pol 2014-01-21 20:14 - 2013-06-23 17:01 - 00000000 ____D C:\Users\Talia 2014-01-21 20:14 - 2013-06-23 16:50 - 00000680 __RSH C:\Users\MamaPapa\ntuser.pol 2014-01-21 20:14 - 2013-06-23 16:50 - 00000000 ____D C:\Users\MamaPapa 2014-01-19 21:53 - 2013-11-10 22:29 - 00000000 ____D C:\Users\MamaPapa\Documents\Talia 2014-01-19 21:53 - 2013-06-28 13:04 - 00000000 ____D C:\Users\Public\Documents\Schule 2014-01-19 08:33 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-01-18 18:03 - 2014-01-18 18:03 - 01050768 _____ (Unity Technologies ApS) C:\Users\MamaPapa\Downloads\UnityWebPlayer.exe 2014-01-17 22:00 - 2013-08-06 12:18 - 00000000 ____D C:\Users\MamaPapa\Documents\FinePrint-Dateien 2014-01-17 21:34 - 2013-06-28 13:03 - 00000000 ____D C:\Users\Public\Documents\Bestellungen 2014-01-16 18:39 - 2013-06-22 21:56 - 00000680 __RSH C:\Users\AT\ntuser.pol 2014-01-16 17:30 - 2013-06-23 09:38 - 00001326 __RSH C:\Users\Nick\ntuser.pol 2014-01-16 17:30 - 2013-06-23 09:38 - 00000000 ____D C:\Users\Nick 2014-01-15 21:02 - 2013-06-28 21:09 - 00000000 ____D C:\Users\MamaPapa\Documents\DVDVideoSoft 2014-01-15 17:07 - 2009-07-14 05:45 - 00312496 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-15 16:53 - 2013-06-23 14:09 - 00000000 ____D C:\ProgramData\Microsoft Help 2014-01-15 16:51 - 2013-07-15 12:24 - 00000000 ____D C:\Windows\system32\MRT 2014-01-15 16:48 - 2013-06-22 21:01 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-14 00:46 - 2013-08-22 17:28 - 00000000 ____D C:\Users\MamaPapa\Documents\My Digital Editions 2014-01-12 13:48 - 2013-06-23 17:04 - 00000000 ____D C:\Users\Talia\Documents\GFS Talia 2014-01-11 22:28 - 2013-07-06 17:18 - 331569405 _____ C:\Windows\MEMORY.DMP 2014-01-11 22:28 - 2013-07-06 17:18 - 00000000 ____D C:\Windows\Minidump 2014-01-09 18:42 - 2013-08-06 12:17 - 00000000 ____D C:\Users\MamaPapa\Documents\PDF-Dateien 2014-01-02 17:42 - 2013-06-27 20:35 - 00000000 ____D C:\Users\MamaPapa\Documents\Vorlagen 2014-01-02 08:19 - 2014-01-02 08:19 - 00001046 _____ C:\Users\Public\Desktop\Mobile Partner.lnk 2014-01-02 08:19 - 2013-08-07 15:08 - 00000000 ____D C:\Program Files (x86)\Mobile Partner 2014-01-01 17:48 - 2014-01-01 17:48 - 00000000 ____D C:\ProgramData\Sun 2014-01-01 17:48 - 2014-01-01 17:48 - 00000000 ____D C:\ProgramData\Oracle 2014-01-01 17:47 - 2014-01-01 17:48 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-01-01 17:47 - 2014-01-01 17:47 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-01-01 17:47 - 2014-01-01 17:47 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-01-01 17:47 - 2014-01-01 17:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-01 17:47 - 2014-01-01 17:47 - 00000000 ____D C:\Program Files (x86)\Java 2014-01-01 17:27 - 2014-01-01 17:27 - 00915368 _____ (Oracle Corporation) C:\Users\MamaPapa\Downloads\jxpiinstall.exe 2013-12-29 22:21 - 2013-06-28 21:13 - 00001539 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2013-12-29 22:21 - 2013-06-28 21:13 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2013-12-29 22:20 - 2013-06-28 21:08 - 00000000 ____D C:\Users\AT\AppData\Roaming\DVDVideoSoft 2013-12-29 22:19 - 2013-12-29 22:18 - 34115288 _____ (DVDVideoSoft Ltd. ) C:\Users\MamaPapa\Downloads\FreeYouTube19ToMP3Converter.exe 2013-12-25 19:07 - 2013-12-25 19:07 - 00001443 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk 2013-12-25 19:07 - 2013-06-28 21:09 - 00000000 ____D C:\Users\MamaPapa\AppData\Roaming\DVDVideoSoft 2013-12-25 19:04 - 2013-12-25 19:03 - 32350440 _____ (DVDVideoSoft Ltd. ) C:\Users\MamaPapa\Downloads\Free19YouTubeDownload.exe Some content of TEMP: ==================== C:\Users\MamaPapa\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\MamaPapa\AppData\Local\Temp\ResetDevice.exe C:\Users\MamaPapa\AppData\Local\Temp\Shockwave_Installer_FF.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ --- --- --- --- --- --- |
|
25.01.2014, 13:33
| #8 |
| /// the machine /// TB-Ausbilder | Search Protect von Conduit - wie restlos entfernen? Java und Flash updaten. Fertig Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.01.2014, 23:13
| #9 |
| | Search Protect von Conduit - wie restlos entfernen? So, ich hoffe, dass das Thema "Search Protect" nun wirklich erledigt ist:
Was mir aber immer noch keine Ruhe lässt, ist, dass ich nicht weiß/rekonstruieren kann, wie bzw. über welche Seite/Aktion dieses blöde "Search Protect" auf unseren Laptop gekommen ist. Ich bin über eure Hilfe sehr froh und sehr dankbar, ich glaube bzw. weiß, dass ich das alleine nicht so hinbekommen hätte. Dazu fehlt mir einfach das nötige Fachwissen. Nochmals vielen vielen DANK!! |
|
27.01.2014, 16:15
| #10 |
| /// the machine /// TB-Ausbilder | Search Protect von Conduit - wie restlos entfernen? Nicht nachvollziehbar. aufpassen beim Klicken und vor allem beim Installieren von Software. Nie Standard, immer Benutzerdefiniert
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Search Protect von Conduit - wie restlos entfernen? |
| 4d36e972-e325-11ce-bfc1-08002be10318, adobe, continue, defender, dvdvideosoft ltd., excel, explorer, flash player, home, icreinstall, malware.trace, minidump, mozilla, newtab, pup.optional.amonetize, pup.optional.chipxonio, pup.optional.conduit.a, pup.optional.installmonetizer, pup.optional.jumpyapps, pup.optional.opencandy, pup.optional.searchprotect.a, pwmtr64v.dll, registry, search protect, services.exe, software, svchost.exe, taskleiste, tunnel, winlogon.exe |
Linear-Darstellung
