| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ADWcleaner lässt sich nicht mehr starten.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.07.2014, 00:01
| #16 |
| /// TB-Ausbilder /// Anleitungs-Guru  |  ADWcleaner lässt sich nicht mehr starten. Hi, sind noch nicht fertig...  Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
05.07.2014, 08:53
| #17 |
 | ADWcleaner lässt sich nicht mehr starten. Als ich gestern abend nochmal reingeschaut habe, da fing der ganze bildschirm an zuflimmern, was sich nach nem Computerneustart aber erledigt hatte.
__________________Ob der ADWcleaner wieder geht weiss ich nicht, da ich ja erst programme laden darf wenn ich dein GO habe^^ |
|
05.07.2014, 11:04
| #18 | |
| /// TB-Ausbilder /// Anleitungs-Guru | ADWcleaner lässt sich nicht mehr starten.Zitat:
  Schritt 1   Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter Reboot:
HKU\S-1-5-21-3559629360-2871224288-528010784-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe
C:\ProgramData\Updater\
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R1 {55685567-4840-4a91-962b-49a412e9485a}Gt64; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gt64.sys [60088 2014-05-28] (StdLib)
C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gt64.sys
C:\Users\Public\AlexaNSISPlugin.4500.dll
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
Der PC wird dann neugestartet. Anschließend bitte ein frisches FRST. Schritt 2  Bitte starte FRST erneut, und drücke auf Scan. Bitte poste mir den Inhalt des Logs.
__________________ |
|
05.07.2014, 17:39
| #19 |
| | ADWcleaner lässt sich nicht mehr starten. So hier bitte, die beiden Logs Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01
Ran by Maddin at 2014-07-05 18:12:27 Run:1
Running from C:\Users\Maddin\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Reboot:
HKU\S-1-5-21-3559629360-2871224288-528010784-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe
C:\ProgramData\Updater\
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R1 {55685567-4840-4a91-962b-49a412e9485a}Gt64; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gt64.sys [60088 2014-05-28] (StdLib)
C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gt64.sys
C:\Users\Public\AlexaNSISPlugin.4500.dll
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
*****************
HKU\S-1-5-21-3559629360-2871224288-528010784-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Updater => Value not found.
"C:\ProgramData\Updater" => File/Directory not found.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
{55685567-4840-4a91-962b-49a412e9485a}Gt64 => Service not found.
"C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gt64.sys" => File/Directory not found.
C:\Users\Public\AlexaNSISPlugin.4500.dll => Moved successfully.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
C:\ProgramData\TEMP => ":AD022376" ADS removed successfully.
The system needed a reboot.
==== End of Fixlog ====
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by Maddin (administrator) on MARTIN on 05-07-2014 18:18:06
Running from C:\Users\Maddin\Downloads
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
() C:\Windows\SysWOW64\HsMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Cmaudio8768GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6962720 2009-01-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-01-06] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKU\.DEFAULT\...\Run: [Picasa Media Detector] => C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
HKU\.DEFAULT\...\Run: [fsc-reg] => c:\fsc-reg\fscreg.exe [380688 2008-08-01] (Fujitsu Siemens)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3559629360-2871224288-528010784-1000\...\MountPoints2: {171db5d8-f2aa-11dd-ad52-806e6f6e6963} - F:\Setup.exe
HKU\S-1-5-21-3559629360-2871224288-528010784-1000\...\MountPoints2: {7ebde948-31da-11de-b5c8-00242110eaf6} - D:\SH3Autorun.exe
Startup: C:\Users\Maddin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
BootExecute:
==================== Internet (Whitelisted) ====================
URLSearchHook: HKLM-x32 - (No Name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {301B60B5-4EE1-421E-95C2-22CB96AA0A8F} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - No Name - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No File
Toolbar: HKCU - No Name - {62D40876-DF18-411F-9D34-A9DD7A197BC5} - No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=13 - C:\Program Files (x86)\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FoxyDeal - C:\Users\Maddin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2013-05-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-03]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-06-20]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-06-20]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.de/"
CHR Extension: (Google Docs) - C:\Users\Maddin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-20]
CHR Extension: (Google Drive) - C:\Users\Maddin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-20]
CHR Extension: (YouTube) - C:\Users\Maddin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-20]
CHR Extension: (Adblock Plus) - C:\Users\Maddin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-05]
CHR Extension: (Google-Suche) - C:\Users\Maddin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-20]
CHR Extension: (Google Wallet) - C:\Users\Maddin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-20]
CHR Extension: (Google Mail) - C:\Users\Maddin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
CHR HKLM-x32\...\Chrome\Extension: [nlcphjankhppgohedpkjonpadimhaoof] - C:\Users\Maddin\AppData\Roaming\Browser Extensions\sh_1.0.crx [2012-03-02]
==================== Services (Whitelisted) =================
ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [801872 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-07-01] (Avira Operations GmbH & Co. KG)
S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 D-Link Wireless N DWA-140_WPS; C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-06-03] ()
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-04] (SurfRight B.V.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-05-14] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
S4 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-25] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-05-22] (C-Media Inc)
R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1035104 2010-04-29] (Ralink Technology Corp.)
S3 PDNMp50; C:\Windows\SysWOW64\drivers\PDNMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PDNSp50; C:\Windows\SysWOW64\drivers\PDNSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2009-10-14] (TuneUp Software)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 LVcKap64; system32\DRIVERS\LVcKap64.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PDNSp50a64; System32\Drivers\PDNSp50a64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-05 18:11 - 2014-07-05 18:11 - 00000000 ____D () C:\Users\Maddin\Downloads\FRST-OlderVersion
2014-07-05 18:08 - 2014-07-05 18:08 - 00000639 _____ () C:\Users\Maddin\Documents\Fixlist.txt
2014-07-05 11:41 - 2014-07-05 11:41 - 00000540 _____ () C:\Windows\system32\.crusader
2014-07-04 15:29 - 2014-07-04 15:29 - 02347384 _____ (ESET) C:\Users\Maddin\Downloads\esetsmartinstaller_deu (1).exe
2014-07-04 15:25 - 2014-07-04 15:25 - 02347384 _____ (ESET) C:\Users\Maddin\Downloads\esetsmartinstaller_deu.exe
2014-07-04 15:05 - 2014-07-04 15:05 - 00186726 _____ () C:\Users\Maddin\Desktop\HitmanPro_20140704_1505.log
2014-07-04 14:53 - 2014-07-04 14:54 - 00001750 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-07-04 14:53 - 2014-07-04 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-07-04 14:53 - 2014-07-04 14:53 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-04 14:52 - 2014-07-05 11:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-04 14:52 - 2014-07-04 14:52 - 11185664 _____ (SurfRight B.V.) C:\Users\Maddin\Downloads\HitmanPro_x64.exe
2014-07-04 14:10 - 2014-07-04 14:10 - 00000255 _____ () C:\Users\Maddin\Desktop\Suchlauf.txt
2014-07-04 13:46 - 2014-07-04 14:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 13:45 - 2014-07-04 13:45 - 00000947 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 13:45 - 2014-07-04 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-04 13:45 - 2014-07-04 13:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-04 13:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-04 13:45 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-04 13:44 - 2014-07-04 13:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Maddin\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-04 13:19 - 2014-07-04 19:53 - 00045728 _____ () C:\Users\Maddin\Downloads\Addition.txt
2014-07-04 13:17 - 2014-07-05 18:18 - 00015352 _____ () C:\Users\Maddin\Downloads\FRST.txt
2014-07-04 13:17 - 2014-07-05 18:18 - 00000000 ____D () C:\FRST
2014-07-04 13:16 - 2014-07-05 18:11 - 02084352 _____ (Farbar) C:\Users\Maddin\Downloads\FRST64.exe
2014-07-02 19:41 - 2014-07-02 19:41 - 00537974 _____ () C:\Users\Maddin\Downloads\noscript-2.6.8.31.xpi.zip
2014-06-26 22:09 - 2014-06-26 22:09 - 00000921 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-06-26 22:09 - 2014-06-26 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-06-26 22:09 - 2014-06-26 22:09 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-06-26 22:07 - 2014-06-26 22:08 - 29256752 _____ (TeamSpeak Systems GmbH) C:\Users\Maddin\Downloads\TeamSpeak3-Client-win64-3.0.15.exe
2014-06-26 10:13 - 2014-06-26 10:13 - 00000000 ____D () C:\New Folder
2014-06-26 10:10 - 2014-07-02 19:41 - 00000000 ____D () C:\Users\Maddin\AppData\Roaming\SynWrite
2014-06-26 10:10 - 2014-07-02 19:41 - 00000000 ____D () C:\SynWrite
2014-06-26 10:10 - 2014-06-26 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SynWrite
2014-06-26 10:08 - 2014-06-26 10:10 - 13642531 _____ (UVViewSoft ) C:\Users\Maddin\Downloads\synwrite (1).exe
2014-06-26 10:04 - 2014-06-26 10:06 - 13642531 _____ (UVViewSoft ) C:\Users\Maddin\Downloads\synwrite.exe
2014-06-25 22:29 - 2014-06-26 08:02 - 00000666 _____ () C:\Users\Public\Desktop\StarCraft II.lnk
2014-06-25 22:28 - 2014-07-01 14:11 - 00000000 ____D () C:\Users\Maddin\Documents\StarCraft II
2014-06-25 22:28 - 2014-06-26 08:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-06-24 20:55 - 2014-06-24 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-24 20:46 - 2014-06-24 20:46 - 01342659 _____ () C:\Users\Maddin\Downloads\adwcleaner_3.213.exe
2014-06-24 20:42 - 2014-07-05 11:26 - 00005894 _____ () C:\Windows\PFRO.log
2014-06-24 08:28 - 2014-06-24 08:28 - 02804344 _____ (TeamViewer GmbH) C:\Users\Maddin\Downloads\customermodule_avira_support_de.exe
2014-06-24 08:28 - 2014-06-24 08:28 - 00000000 ____D () C:\Users\Maddin\AppData\Roaming\TeamViewer
2014-06-23 11:04 - 2014-06-23 11:04 - 01333465 _____ () C:\Users\Maddin\Downloads\adwcleaner_3.212 (1).exe
2014-06-19 21:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-19 21:57 - 2014-06-19 21:57 - 01333465 _____ () C:\Users\Maddin\Downloads\adwcleaner_3.212.exe
2014-06-19 15:52 - 2014-06-19 15:52 - 00011965 _____ () C:\Users\Maddin\Documents\Unbenannt 1.ods
2014-06-19 14:35 - 2014-06-19 14:35 - 00448512 _____ (OldTimer Tools) C:\Users\Maddin\Downloads\TFC (1).exe
2014-06-12 21:57 - 2014-06-12 21:57 - 00000000 ____D () C:\ProgramData\HPSSUPPLY
2014-06-11 08:54 - 2014-05-28 20:53 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 08:54 - 2014-05-28 20:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 08:54 - 2014-05-28 20:35 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 08:54 - 2014-05-28 20:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 08:54 - 2014-05-28 20:31 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 08:54 - 2014-05-28 20:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 08:54 - 2014-05-28 20:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-11 08:54 - 2014-05-28 20:29 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 08:54 - 2014-05-28 20:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 08:54 - 2014-05-28 20:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 08:54 - 2014-05-28 20:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 08:54 - 2014-05-28 20:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 08:54 - 2014-05-28 20:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 08:54 - 2014-05-28 20:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 08:54 - 2014-05-28 20:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 08:54 - 2014-05-28 20:28 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 08:54 - 2014-05-28 20:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 08:54 - 2014-05-28 20:28 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-11 08:54 - 2014-05-28 20:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-11 08:54 - 2014-05-28 20:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-11 08:54 - 2014-05-28 20:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 08:54 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 08:54 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 08:54 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 08:54 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 08:54 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 08:54 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 08:54 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-06-11 08:54 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 08:54 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 08:54 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-11 08:54 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 08:54 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 08:54 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 08:54 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 08:54 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-06-11 08:54 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 08:54 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 08:54 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 08:54 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-06-11 08:54 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-06-11 08:54 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 08:54 - 2014-04-26 20:21 - 00622592 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 08:54 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 08:54 - 2014-04-05 11:10 - 01422784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 08:54 - 2014-03-10 08:26 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 08:54 - 2014-03-10 08:26 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 08:54 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 08:54 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-05 15:25 - 2014-06-05 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-05 15:24 - 2014-06-05 15:25 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-05 15:24 - 2014-06-05 15:25 - 00000000 ____D () C:\Program Files\iTunes
2014-06-05 15:24 - 2014-06-05 15:25 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-05 15:24 - 2014-06-05 15:24 - 00000000 ____D () C:\Program Files\iPod
==================== One Month Modified Files and Folders =======
2014-07-05 18:18 - 2014-07-04 13:17 - 00015352 _____ () C:\Users\Maddin\Downloads\FRST.txt
2014-07-05 18:18 - 2014-07-04 13:17 - 00000000 ____D () C:\FRST
2014-07-05 18:17 - 2014-05-09 19:49 - 01280593 _____ () C:\Windows\WindowsUpdate.log
2014-07-05 18:17 - 2009-12-04 19:15 - 00004140 _____ () C:\Windows\System32\Tasks\Google Software Updater
2014-07-05 18:17 - 2009-08-27 21:27 - 00001034 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-07-05 18:15 - 2014-01-30 15:27 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-05 18:14 - 2009-01-26 12:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-05 18:14 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-05 18:14 - 2006-11-02 17:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-05 18:14 - 2006-11-02 17:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-05 18:13 - 2006-11-02 17:42 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-05 18:11 - 2014-07-05 18:11 - 00000000 ____D () C:\Users\Maddin\Downloads\FRST-OlderVersion
2014-07-05 18:11 - 2014-07-04 13:16 - 02084352 _____ (Farbar) C:\Users\Maddin\Downloads\FRST64.exe
2014-07-05 18:08 - 2014-07-05 18:08 - 00000639 _____ () C:\Users\Maddin\Documents\Fixlist.txt
2014-07-05 18:04 - 2014-01-30 15:27 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-05 17:55 - 2013-01-29 20:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-05 11:41 - 2014-07-05 11:41 - 00000540 _____ () C:\Windows\system32\.crusader
2014-07-05 11:41 - 2014-07-04 14:52 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-05 11:26 - 2014-06-24 20:42 - 00005894 _____ () C:\Windows\PFRO.log
2014-07-05 09:34 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\MSAgent
2014-07-04 22:53 - 2014-04-19 00:19 - 00000000 ____D () C:\Users\Maddin\AppData\Local\Battle.net
2014-07-04 20:15 - 2011-05-19 18:49 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D93DBACB-AE77-466D-9B91-FD8EC005C83B}
2014-07-04 19:53 - 2014-07-04 13:19 - 00045728 _____ () C:\Users\Maddin\Downloads\Addition.txt
2014-07-04 15:29 - 2014-07-04 15:29 - 02347384 _____ (ESET) C:\Users\Maddin\Downloads\esetsmartinstaller_deu (1).exe
2014-07-04 15:25 - 2014-07-04 15:25 - 02347384 _____ (ESET) C:\Users\Maddin\Downloads\esetsmartinstaller_deu.exe
2014-07-04 15:05 - 2014-07-04 15:05 - 00186726 _____ () C:\Users\Maddin\Desktop\HitmanPro_20140704_1505.log
2014-07-04 14:54 - 2014-07-04 14:53 - 00001750 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-07-04 14:53 - 2014-07-04 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-07-04 14:53 - 2014-07-04 14:53 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-04 14:52 - 2014-07-04 14:52 - 11185664 _____ (SurfRight B.V.) C:\Users\Maddin\Downloads\HitmanPro_x64.exe
2014-07-04 14:40 - 2014-07-04 13:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 14:10 - 2014-07-04 14:10 - 00000255 _____ () C:\Users\Maddin\Desktop\Suchlauf.txt
2014-07-04 14:09 - 2014-01-31 13:13 - 00000000 ____D () C:\Users\Maddin\AppData\Roaming\52eb85fbe56da19e5803d976
2014-07-04 13:45 - 2014-07-04 13:45 - 00000947 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 13:45 - 2014-07-04 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-04 13:45 - 2014-07-04 13:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-04 13:45 - 2010-07-25 21:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-04 13:44 - 2014-07-04 13:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Maddin\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-03 21:17 - 2009-07-04 16:33 - 00000000 ____D () C:\Users\Maddin\AppData\Roaming\CorelHomeOffice
2014-07-02 23:07 - 2010-11-19 21:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-02 23:07 - 2009-12-30 21:40 - 00000000 ____D () C:\Users\Maddin\AppData\Roaming\TS3Client
2014-07-02 19:41 - 2014-07-02 19:41 - 00537974 _____ () C:\Users\Maddin\Downloads\noscript-2.6.8.31.xpi.zip
2014-07-02 19:41 - 2014-06-26 10:10 - 00000000 ____D () C:\Users\Maddin\AppData\Roaming\SynWrite
2014-07-02 19:41 - 2014-06-26 10:10 - 00000000 ____D () C:\SynWrite
2014-07-01 14:11 - 2014-06-25 22:28 - 00000000 ____D () C:\Users\Maddin\Documents\StarCraft II
2014-07-01 14:05 - 2013-03-27 20:49 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-26 22:09 - 2014-06-26 22:09 - 00000921 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-06-26 22:09 - 2014-06-26 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-06-26 22:09 - 2014-06-26 22:09 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-06-26 22:08 - 2014-06-26 22:07 - 29256752 _____ (TeamSpeak Systems GmbH) C:\Users\Maddin\Downloads\TeamSpeak3-Client-win64-3.0.15.exe
2014-06-26 22:06 - 2009-12-30 21:39 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-06-26 10:13 - 2014-06-26 10:13 - 00000000 ____D () C:\New Folder
2014-06-26 10:10 - 2014-06-26 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SynWrite
2014-06-26 10:10 - 2014-06-26 10:08 - 13642531 _____ (UVViewSoft ) C:\Users\Maddin\Downloads\synwrite (1).exe
2014-06-26 10:06 - 2014-06-26 10:04 - 13642531 _____ (UVViewSoft ) C:\Users\Maddin\Downloads\synwrite.exe
2014-06-26 08:02 - 2014-06-25 22:29 - 00000666 _____ () C:\Users\Public\Desktop\StarCraft II.lnk
2014-06-26 08:02 - 2014-06-25 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-06-25 22:29 - 2010-04-07 14:41 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-06-25 22:26 - 2014-04-19 00:18 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-24 20:55 - 2014-06-24 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-24 20:48 - 2013-02-16 13:14 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-06-24 20:47 - 2013-12-13 16:22 - 00000000 ____D () C:\AdwCleaner
2014-06-24 20:46 - 2014-06-24 20:46 - 01342659 _____ () C:\Users\Maddin\Downloads\adwcleaner_3.213.exe
2014-06-24 08:28 - 2014-06-24 08:28 - 02804344 _____ (TeamViewer GmbH) C:\Users\Maddin\Downloads\customermodule_avira_support_de.exe
2014-06-24 08:28 - 2014-06-24 08:28 - 00000000 ____D () C:\Users\Maddin\AppData\Roaming\TeamViewer
2014-06-23 11:04 - 2014-06-23 11:04 - 01333465 _____ () C:\Users\Maddin\Downloads\adwcleaner_3.212 (1).exe
2014-06-22 20:37 - 2014-04-28 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2014-06-22 20:37 - 2013-05-31 04:21 - 00003786 _____ () C:\Windows\System32\Tasks\Adobe Reader and Acrobat Manager
2014-06-20 20:07 - 2014-03-24 16:39 - 00000000 ____D () C:\Program Files (x86)\Ubi Soft
2014-06-20 20:07 - 2009-04-09 17:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-20 20:01 - 2013-11-13 18:15 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-20 19:59 - 2014-01-30 15:27 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 19:59 - 2014-01-30 15:27 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 19:42 - 2013-03-27 20:49 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-19 22:01 - 2009-04-09 17:00 - 00000000 ____D () C:\ProgramData\ICQ
2014-06-19 22:00 - 2009-04-03 16:44 - 00000000 ____D () C:\Users\Maddin
2014-06-19 21:57 - 2014-06-19 21:57 - 01333465 _____ () C:\Users\Maddin\Downloads\adwcleaner_3.212.exe
2014-06-19 15:52 - 2014-06-19 15:52 - 00011965 _____ () C:\Users\Maddin\Documents\Unbenannt 1.ods
2014-06-19 15:41 - 2010-11-27 21:19 - 00009725 _____ () C:\ProgramData\hpzinstall.log
2014-06-19 15:26 - 2010-11-27 21:19 - 00225436 _____ () C:\Windows\hpoins46.dat
2014-06-19 15:26 - 2006-11-02 14:34 - 00000281 _____ () C:\Windows\win.ini
2014-06-19 14:35 - 2014-06-19 14:35 - 00448512 _____ (OldTimer Tools) C:\Users\Maddin\Downloads\TFC (1).exe
2014-06-17 13:33 - 2013-12-20 21:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-13 08:44 - 2008-01-21 13:10 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-13 08:44 - 2008-01-21 13:09 - 00674024 _____ () C:\Windows\system32\perfh007.dat
2014-06-13 08:44 - 2008-01-21 13:09 - 00146036 _____ () C:\Windows\system32\perfc007.dat
2014-06-12 21:57 - 2014-06-12 21:57 - 00000000 ____D () C:\ProgramData\HPSSUPPLY
2014-06-11 19:40 - 2013-08-14 14:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 19:37 - 2006-11-02 14:35 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-11 12:02 - 2012-06-19 11:45 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-06-05 15:25 - 2014-06-05 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-05 15:25 - 2014-06-05 15:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-05 15:25 - 2014-06-05 15:24 - 00000000 ____D () C:\Program Files\iTunes
2014-06-05 15:25 - 2014-06-05 15:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-05 15:24 - 2014-06-05 15:24 - 00000000 ____D () C:\Program Files\iPod
2014-06-05 15:24 - 2014-04-28 11:15 - 00000000 ____D () C:\ProgramData\Apple Computer
Some content of TEMP:
====================
C:\Users\Maddin\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-07-05 12:09
==================== End Of Log ============================
--- --- --- --- --- --- hab da mal ne kurze zwischenfrage: Was liest du eigtl. aus den FRST Logs? |
|
05.07.2014, 17:58
| #20 |
| /// TB-Ausbilder /// Anleitungs-Guru | ADWcleaner lässt sich nicht mehr starten. Was meinst Du genau was ich da raus lese? Hast Du seit gestern irgendwas löschen lassen oder ein Tool verwendet? Probier mal ob Adwarecleaner wieder geht....
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
05.07.2014, 18:11
| #21 |
| | ADWcleaner lässt sich nicht mehr starten. Ich habe nur die Probeversion von HitmanPro aktiviert, Woraufhin er ein Fund entfernt hat der noch gespeichert war. Und zum versuch den ADWcleaner zum laufen zubringen: Erst kommt ein Fenster das mich auffordert "OK" zu drücken um eine aktuelle Version runterzuladen und nachdem ich "OK" gedrückt habe kommt folgende Fehlermeldung: "Der Datei ist kein Programm zur Durchführung dieser Aktion Zugeordnet.Erstellen Sie eine Zuordnung in der Systemsteuerung unter "Zuordnung Festlegen"". Diese meldung kommt jedesmal wenn ich Ihn ausführen will. In der Systemsteuerung finde ich dazu aber keine Option Und zum FRST: naja, irgendwas muss dir der Log ja sagen, sont würdest du ihn ja nicht immer haben wollen^^ |
|
05.07.2014, 18:20
| #22 | |
| /// TB-Ausbilder /// Anleitungs-Guru | ADWcleaner lässt sich nicht mehr starten.Zitat:
 Ja, da kann ich lange fixen wenn Du schon aktiv warst... Den bitte auf den Desktop laden und mal probieren.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
05.07.2014, 18:45
| #23 |
| | ADWcleaner lässt sich nicht mehr starten. Ist durchgelaufen. Das ist ja wirklich ne andere Version, als den den ich hatte. Brauchst Du von dem auch ein Log? |
|
05.07.2014, 19:30
| #24 |
| /// TB-Ausbilder /// Anleitungs-Guru | ADWcleaner lässt sich nicht mehr starten. Nö, ist nicht relevant ob der was gefunden hat: Schritt 1 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter cmd: sc config cryptsvc start= auto
cmd: net start cryptsvc
Reboot:
Bitte nach dem Reboot, neues FRST-Log. Schritt 2 Bitte starte FRST erneut, und drücke auf Scan. Bitte poste mir den Inhalt des Logs.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
05.07.2014, 19:45
| #25 |
| | ADWcleaner lässt sich nicht mehr starten.Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01
Ran by Maddin at 2014-07-05 20:39:00 Run:2
Running from C:\Users\Maddin\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
cmd: sc config cryptsvc start= auto
cmd: net start cryptsvc
Reboot:
*****************
========= sc config cryptsvc start= auto =========
[SC] ChangeServiceConfig ERFOLG
========= End of CMD: =========
========= net start cryptsvc =========
Kryptografiedienste wird gestartet.
Kryptografiedienste wurde erfolgreich gestartet.
========= End of CMD: =========
The system needed a reboot.
==== End of Fixlog ====
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by Maddin (administrator) on MARTIN on 05-07-2014 20:42:24
Running from C:\Users\Maddin\Downloads
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
() C:\Windows\SysWOW64\HsMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Cmaudio8768GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6962720 2009-01-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-01-06] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKU\.DEFAULT\...\Run: [Picasa Media Detector] => C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
HKU\.DEFAULT\...\Run: [fsc-reg] => c:\fsc-reg\fscreg.exe [380688 2008-08-01] (Fujitsu Siemens)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3559629360-2871224288-528010784-1000\...\MountPoints2: {171db5d8-f2aa-11dd-ad52-806e6f6e6963} - F:\Setup.exe
HKU\S-1-5-21-3559629360-2871224288-528010784-1000\...\MountPoints2: {7ebde948-31da-11de-b5c8-00242110eaf6} - D:\SH3Autorun.exe
Startup: C:\Users\Maddin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
BootExecute:
==================== Internet (Whitelisted) ====================
URLSearchHook: HKLM-x32 - (No Name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {301B60B5-4EE1-421E-95C2-22CB96AA0A8F} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - No Name - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No File
Toolbar: HKCU - No Name - {62D40876-DF18-411F-9D34-A9DD7A197BC5} - No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=13 - C:\Program Files (x86)\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FoxyDeal - C:\Users\Maddin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2013-05-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-03]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-06-20]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-06-20]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.de/"
CHR Extension: (Google Docs) - C:\Users\Maddin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-20]
CHR Extension: (Google Drive) - C:\Users\Maddin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-20]
CHR Extension: (YouTube) - C:\Users\Maddin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-20]
CHR Extension: (Adblock Plus) - C:\Users\Maddin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-05]
CHR Extension: (Google-Suche) - C:\Users\Maddin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-20]
CHR Extension: (Google Wallet) - C:\Users\Maddin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-20]
CHR Extension: (Google Mail) - C:\Users\Maddin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
CHR HKLM-x32\...\Chrome\Extension: [nlcphjankhppgohedpkjonpadimhaoof] - C:\Users\Maddin\AppData\Roaming\Browser Extensions\sh_1.0.crx [2012-03-02]
==================== Services (Whitelisted) =================
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [801872 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-07-01] (Avira Operations GmbH & Co. KG)
S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 D-Link Wireless N DWA-140_WPS; C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-06-03] () [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-04] (SurfRight B.V.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-05-14] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]
==================== Drivers (Whitelisted) ====================
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
S4 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-25] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-05-22] (C-Media Inc)
R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1035104 2010-04-29] (Ralink Technology Corp.)
S3 PDNMp50; C:\Windows\SysWOW64\drivers\PDNMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PDNSp50; C:\Windows\SysWOW64\drivers\PDNSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2009-10-14] (TuneUp Software)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 LVcKap64; system32\DRIVERS\LVcKap64.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PDNSp50a64; System32\Drivers\PDNSp50a64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-05 19:53 - 2014-07-05 19:53 - 01346519 _____ () C:\Users\Maddin\Downloads\Nicht bestätigt 852810.crdownload
2014-07-05 19:43 - 2014-07-05 19:43 - 01346519 _____ () C:\Users\Maddin\Downloads\a (1).exe
2014-07-05 18:11 - 2014-07-05 18:11 - 00000000 ____D () C:\Users\Maddin\Downloads\FRST-OlderVersion
2014-07-05 18:08 - 2014-07-05 18:08 - 00000639 _____ () C:\Users\Maddin\Documents\Fixlist.txt
2014-07-05 11:41 - 2014-07-05 11:41 - 00000540 _____ () C:\Windows\system32\.crusader
2014-07-04 15:29 - 2014-07-04 15:29 - 02347384 _____ (ESET) C:\Users\Maddin\Downloads\esetsmartinstaller_deu (1).exe
2014-07-04 15:25 - 2014-07-04 15:25 - 02347384 _____ (ESET) C:\Users\Maddin\Downloads\esetsmartinstaller_deu.exe
2014-07-04 15:05 - 2014-07-04 15:05 - 00186726 _____ () C:\Users\Maddin\Desktop\HitmanPro_20140704_1505.log
2014-07-04 14:53 - 2014-07-04 14:54 - 00001750 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-07-04 14:53 - 2014-07-04 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-07-04 14:53 - 2014-07-04 14:53 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-04 14:52 - 2014-07-05 11:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-04 14:52 - 2014-07-04 14:52 - 11185664 _____ (SurfRight B.V.) C:\Users\Maddin\Downloads\HitmanPro_x64.exe
2014-07-04 14:10 - 2014-07-04 14:10 - 00000255 _____ () C:\Users\Maddin\Desktop\Suchlauf.txt
2014-07-04 13:46 - 2014-07-04 14:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 13:45 - 2014-07-04 13:45 - 00000947 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 13:45 - 2014-07-04 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-04 13:45 - 2014-07-04 13:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-04 13:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-04 13:45 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-04 13:44 - 2014-07-04 13:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Maddin\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-04 13:19 - 2014-07-04 19:53 - 00045728 _____ () C:\Users\Maddin\Downloads\Addition.txt
2014-07-04 13:17 - 2014-07-05 20:42 - 00015619 _____ () C:\Users\Maddin\Downloads\FRST.txt
2014-07-04 13:17 - 2014-07-05 20:42 - 00000000 ____D () C:\FRST
2014-07-04 13:16 - 2014-07-05 18:11 - 02084352 _____ (Farbar) C:\Users\Maddin\Downloads\FRST64.exe
2014-07-02 19:41 - 2014-07-02 19:41 - 00537974 _____ () C:\Users\Maddin\Downloads\noscript-2.6.8.31.xpi.zip
2014-06-26 22:09 - 2014-06-26 22:09 - 00000921 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-06-26 22:09 - 2014-06-26 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-06-26 22:09 - 2014-06-26 22:09 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-06-26 22:07 - 2014-06-26 22:08 - 29256752 _____ (TeamSpeak Systems GmbH) C:\Users\Maddin\Downloads\TeamSpeak3-Client-win64-3.0.15.exe
2014-06-26 10:13 - 2014-06-26 10:13 - 00000000 ____D () C:\New Folder
2014-06-26 10:10 - 2014-07-02 19:41 - 00000000 ____D () C:\Users\Maddin\AppData\Roaming\SynWrite
2014-06-26 10:10 - 2014-07-02 19:41 - 00000000 ____D () C:\SynWrite
2014-06-26 10:10 - 2014-06-26 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SynWrite
2014-06-26 10:08 - 2014-06-26 10:10 - 13642531 _____ (UVViewSoft ) C:\Users\Maddin\Downloads\synwrite (1).exe
2014-06-26 10:04 - 2014-06-26 10:06 - 13642531 _____ (UVViewSoft ) C:\Users\Maddin\Downloads\synwrite.exe
2014-06-25 22:29 - 2014-06-26 08:02 - 00000666 _____ () C:\Users\Public\Desktop\StarCraft II.lnk
2014-06-25 22:28 - 2014-07-01 14:11 - 00000000 ____D () C:\Users\Maddin\Documents\StarCraft II
2014-06-25 22:28 - 2014-06-26 08:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-06-24 20:55 - 2014-06-24 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-24 20:46 - 2014-06-24 20:46 - 01342659 _____ () C:\Users\Maddin\Downloads\adwcleaner_3.213.exe
2014-06-24 20:42 - 2014-07-05 19:47 - 00006204 _____ () C:\Windows\PFRO.log
2014-06-24 08:28 - 2014-06-24 08:28 - 02804344 _____ (TeamViewer GmbH) C:\Users\Maddin\Downloads\customermodule_avira_support_de.exe
2014-06-24 08:28 - 2014-06-24 08:28 - 00000000 ____D () C:\Users\Maddin\AppData\Roaming\TeamViewer
2014-06-23 11:04 - 2014-06-23 11:04 - 01333465 _____ () C:\Users\Maddin\Downloads\adwcleaner_3.212 (1).exe
2014-06-19 21:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-19 21:57 - 2014-06-19 21:57 - 01333465 _____ () C:\Users\Maddin\Downloads\adwcleaner_3.212.exe
2014-06-19 15:52 - 2014-06-19 15:52 - 00011965 _____ () C:\Users\Maddin\Documents\Unbenannt 1.ods
2014-06-19 14:35 - 2014-06-19 14:35 - 00448512 _____ (OldTimer Tools) C:\Users\Maddin\Downloads\TFC (1).exe
2014-06-12 21:57 - 2014-06-12 21:57 - 00000000 ____D () C:\ProgramData\HPSSUPPLY
2014-06-11 08:54 - 2014-05-28 20:53 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 08:54 - 2014-05-28 20:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 08:54 - 2014-05-28 20:35 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 08:54 - 2014-05-28 20:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 08:54 - 2014-05-28 20:31 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 08:54 - 2014-05-28 20:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 08:54 - 2014-05-28 20:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-11 08:54 - 2014-05-28 20:29 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 08:54 - 2014-05-28 20:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 08:54 - 2014-05-28 20:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 08:54 - 2014-05-28 20:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 08:54 - 2014-05-28 20:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 08:54 - 2014-05-28 20:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 08:54 - 2014-05-28 20:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 08:54 - 2014-05-28 20:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 08:54 - 2014-05-28 20:28 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 08:54 - 2014-05-28 20:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 08:54 - 2014-05-28 20:28 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-11 08:54 - 2014-05-28 20:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-11 08:54 - 2014-05-28 20:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-11 08:54 - 2014-05-28 20:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 08:54 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 08:54 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 08:54 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 08:54 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 08:54 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 08:54 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 08:54 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-06-11 08:54 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 08:54 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 08:54 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-11 08:54 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 08:54 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 08:54 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 08:54 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 08:54 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-06-11 08:54 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 08:54 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 08:54 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 08:54 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-06-11 08:54 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-06-11 08:54 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 08:54 - 2014-04-26 20:21 - 00622592 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 08:54 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 08:54 - 2014-04-05 11:10 - 01422784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 08:54 - 2014-03-10 08:26 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 08:54 - 2014-03-10 08:26 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 08:54 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 08:54 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-05 15:25 - 2014-06-05 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-05 15:24 - 2014-06-05 15:25 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-05 15:24 - 2014-06-05 15:25 - 00000000 ____D () C:\Program Files\iTunes
2014-06-05 15:24 - 2014-06-05 15:25 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-05 15:24 - 2014-06-05 15:24 - 00000000 ____D () C:\Program Files\iPod
==================== One Month Modified Files and Folders =======
2014-07-05 20:43 - 2014-07-04 13:17 - 00015619 _____ () C:\Users\Maddin\Downloads\FRST.txt
2014-07-05 20:43 - 2009-12-04 19:15 - 00004140 _____ () C:\Windows\System32\Tasks\Google Software Updater
2014-07-05 20:43 - 2009-08-27 21:27 - 00001034 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-07-05 20:42 - 2014-07-04 13:17 - 00000000 ____D () C:\FRST
2014-07-05 20:40 - 2014-01-30 15:27 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-05 20:40 - 2009-01-26 12:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-05 20:40 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-05 20:40 - 2006-11-02 17:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-05 20:40 - 2006-11-02 17:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-05 20:39 - 2014-05-09 19:49 - 01287982 _____ () C:\Windows\WindowsUpdate.log
2014-07-05 20:39 - 2006-11-02 17:42 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-05 20:37 - 2014-04-19 00:19 - 00000000 ____D () C:\Users\Maddin\AppData\Local\Battle.net
2014-07-05 20:04 - 2014-01-30 15:27 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-05 19:55 - 2013-01-29 20:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-05 19:53 - 2014-07-05 19:53 - 01346519 _____ () C:\Users\Maddin\Downloads\Nicht bestätigt 852810.crdownload
2014-07-05 19:47 - 2014-06-24 20:42 - 00006204 _____ () C:\Windows\PFRO.log
2014-07-05 19:46 - 2013-12-13 16:22 - 00000000 ____D () C:\AdwCleaner
2014-07-05 19:43 - 2014-07-05 19:43 - 01346519 _____ () C:\Users\Maddin\Downloads\a (1).exe
2014-07-05 18:11 - 2014-07-05 18:11 - 00000000 ____D () C:\Users\Maddin\Downloads\FRST-OlderVersion
2014-07-05 18:11 - 2014-07-04 13:16 - 02084352 _____ (Farbar) C:\Users\Maddin\Downloads\FRST64.exe
2014-07-05 18:08 - 2014-07-05 18:08 - 00000639 _____ () C:\Users\Maddin\Documents\Fixlist.txt
2014-07-05 11:41 - 2014-07-05 11:41 - 00000540 _____ () C:\Windows\system32\.crusader
2014-07-05 11:41 - 2014-07-04 14:52 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-05 09:34 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\MSAgent
2014-07-04 20:15 - 2011-05-19 18:49 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D93DBACB-AE77-466D-9B91-FD8EC005C83B}
2014-07-04 19:53 - 2014-07-04 13:19 - 00045728 _____ () C:\Users\Maddin\Downloads\Addition.txt
2014-07-04 15:29 - 2014-07-04 15:29 - 02347384 _____ (ESET) C:\Users\Maddin\Downloads\esetsmartinstaller_deu (1).exe
2014-07-04 15:25 - 2014-07-04 15:25 - 02347384 _____ (ESET) C:\Users\Maddin\Downloads\esetsmartinstaller_deu.exe
2014-07-04 15:05 - 2014-07-04 15:05 - 00186726 _____ () C:\Users\Maddin\Desktop\HitmanPro_20140704_1505.log
2014-07-04 14:54 - 2014-07-04 14:53 - 00001750 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-07-04 14:53 - 2014-07-04 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-07-04 14:53 - 2014-07-04 14:53 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-04 14:52 - 2014-07-04 14:52 - 11185664 _____ (SurfRight B.V.) C:\Users\Maddin\Downloads\HitmanPro_x64.exe
2014-07-04 14:40 - 2014-07-04 13:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 14:10 - 2014-07-04 14:10 - 00000255 _____ () C:\Users\Maddin\Desktop\Suchlauf.txt
2014-07-04 14:09 - 2014-01-31 13:13 - 00000000 ____D () C:\Users\Maddin\AppData\Roaming\52eb85fbe56da19e5803d976
2014-07-04 13:45 - 2014-07-04 13:45 - 00000947 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 13:45 - 2014-07-04 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-04 13:45 - 2014-07-04 13:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-04 13:45 - 2010-07-25 21:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-04 13:44 - 2014-07-04 13:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Maddin\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-03 21:17 - 2009-07-04 16:33 - 00000000 ____D () C:\Users\Maddin\AppData\Roaming\CorelHomeOffice
2014-07-02 23:07 - 2010-11-19 21:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-02 23:07 - 2009-12-30 21:40 - 00000000 ____D () C:\Users\Maddin\AppData\Roaming\TS3Client
2014-07-02 19:41 - 2014-07-02 19:41 - 00537974 _____ () C:\Users\Maddin\Downloads\noscript-2.6.8.31.xpi.zip
2014-07-02 19:41 - 2014-06-26 10:10 - 00000000 ____D () C:\Users\Maddin\AppData\Roaming\SynWrite
2014-07-02 19:41 - 2014-06-26 10:10 - 00000000 ____D () C:\SynWrite
2014-07-01 14:11 - 2014-06-25 22:28 - 00000000 ____D () C:\Users\Maddin\Documents\StarCraft II
2014-07-01 14:05 - 2013-03-27 20:49 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-26 22:09 - 2014-06-26 22:09 - 00000921 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-06-26 22:09 - 2014-06-26 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-06-26 22:09 - 2014-06-26 22:09 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-06-26 22:08 - 2014-06-26 22:07 - 29256752 _____ (TeamSpeak Systems GmbH) C:\Users\Maddin\Downloads\TeamSpeak3-Client-win64-3.0.15.exe
2014-06-26 22:06 - 2009-12-30 21:39 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-06-26 10:13 - 2014-06-26 10:13 - 00000000 ____D () C:\New Folder
2014-06-26 10:10 - 2014-06-26 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SynWrite
2014-06-26 10:10 - 2014-06-26 10:08 - 13642531 _____ (UVViewSoft ) C:\Users\Maddin\Downloads\synwrite (1).exe
2014-06-26 10:06 - 2014-06-26 10:04 - 13642531 _____ (UVViewSoft ) C:\Users\Maddin\Downloads\synwrite.exe
2014-06-26 08:02 - 2014-06-25 22:29 - 00000666 _____ () C:\Users\Public\Desktop\StarCraft II.lnk
2014-06-26 08:02 - 2014-06-25 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-06-25 22:29 - 2010-04-07 14:41 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-06-25 22:26 - 2014-04-19 00:18 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-24 20:55 - 2014-06-24 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-24 20:48 - 2013-02-16 13:14 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-06-24 20:46 - 2014-06-24 20:46 - 01342659 _____ () C:\Users\Maddin\Downloads\adwcleaner_3.213.exe
2014-06-24 08:28 - 2014-06-24 08:28 - 02804344 _____ (TeamViewer GmbH) C:\Users\Maddin\Downloads\customermodule_avira_support_de.exe
2014-06-24 08:28 - 2014-06-24 08:28 - 00000000 ____D () C:\Users\Maddin\AppData\Roaming\TeamViewer
2014-06-23 11:04 - 2014-06-23 11:04 - 01333465 _____ () C:\Users\Maddin\Downloads\adwcleaner_3.212 (1).exe
2014-06-22 20:37 - 2014-04-28 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2014-06-22 20:37 - 2013-05-31 04:21 - 00003786 _____ () C:\Windows\System32\Tasks\Adobe Reader and Acrobat Manager
2014-06-20 20:07 - 2014-03-24 16:39 - 00000000 ____D () C:\Program Files (x86)\Ubi Soft
2014-06-20 20:07 - 2009-04-09 17:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-20 20:01 - 2013-11-13 18:15 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-20 19:59 - 2014-01-30 15:27 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 19:59 - 2014-01-30 15:27 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 19:42 - 2013-03-27 20:49 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-19 22:01 - 2009-04-09 17:00 - 00000000 ____D () C:\ProgramData\ICQ
2014-06-19 22:00 - 2009-04-03 16:44 - 00000000 ____D () C:\Users\Maddin
2014-06-19 21:57 - 2014-06-19 21:57 - 01333465 _____ () C:\Users\Maddin\Downloads\adwcleaner_3.212.exe
2014-06-19 15:52 - 2014-06-19 15:52 - 00011965 _____ () C:\Users\Maddin\Documents\Unbenannt 1.ods
2014-06-19 15:41 - 2010-11-27 21:19 - 00009725 _____ () C:\ProgramData\hpzinstall.log
2014-06-19 15:26 - 2010-11-27 21:19 - 00225436 _____ () C:\Windows\hpoins46.dat
2014-06-19 15:26 - 2006-11-02 14:34 - 00000281 _____ () C:\Windows\win.ini
2014-06-19 14:35 - 2014-06-19 14:35 - 00448512 _____ (OldTimer Tools) C:\Users\Maddin\Downloads\TFC (1).exe
2014-06-17 13:33 - 2013-12-20 21:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-13 08:44 - 2008-01-21 13:10 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-13 08:44 - 2008-01-21 13:09 - 00674024 _____ () C:\Windows\system32\perfh007.dat
2014-06-13 08:44 - 2008-01-21 13:09 - 00146036 _____ () C:\Windows\system32\perfc007.dat
2014-06-12 21:57 - 2014-06-12 21:57 - 00000000 ____D () C:\ProgramData\HPSSUPPLY
2014-06-11 19:40 - 2013-08-14 14:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 19:37 - 2006-11-02 14:35 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-11 12:02 - 2012-06-19 11:45 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-06-05 15:25 - 2014-06-05 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-05 15:25 - 2014-06-05 15:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-05 15:25 - 2014-06-05 15:24 - 00000000 ____D () C:\Program Files\iTunes
2014-06-05 15:25 - 2014-06-05 15:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-05 15:24 - 2014-06-05 15:24 - 00000000 ____D () C:\Program Files\iPod
2014-06-05 15:24 - 2014-04-28 11:15 - 00000000 ____D () C:\ProgramData\Apple Computer
Some content of TEMP:
====================
C:\Users\Maddin\AppData\Local\Temp\avgnt.exe
C:\Users\Maddin\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-05 19:54
==================== End Of Log ============================
--- --- --- Bitte schön Mfg Jojobin |
|
05.07.2014, 19:52
| #26 |
| /// TB-Ausbilder /// Anleitungs-Guru | ADWcleaner lässt sich nicht mehr starten. OK, Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
 Chrome auf Version 35 aktualisieren. Flash-Link mit allen Browsern aufrufen. Flash installieren. Optionale Angebote ablehnen.  Cleanup: Alle Logs gepostet? Ja! Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. >>clean<< Wir haben es geschafft!  Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.  Wie kann ich mich in Zukunft besser schützen?Tipps, Dos & Don'ts  Updates & Software
Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Firewall, Antivirus & Co.
 Cracks, Downloads & Co.Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten. Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten. Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Abschließend noch ein paar grundsätzliche Bemerkungen:
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
05.07.2014, 20:59
| #27 |
| | ADWcleaner lässt sich nicht mehr starten. Super. ich werde die drei Spürnasen regelmäßig durchlaufen lassen und eure hinsichtlich Softwareinstallation beherzigen. Vielen Dank an Dich. Spende folgt, garantiert ich hoffe das ich eure hilfe nicht noch einmal in ansrpuch nehmen muss, aber wenn dann weiss ich wenigstens das Ihr wisst was Ihr tut DANKE DANKE |
|
05.07.2014, 21:04
| #28 |
| /// TB-Ausbilder /// Anleitungs-Guru | ADWcleaner lässt sich nicht mehr starten. Gerne! Alles Gute!
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
Windows die 
automatischen Updates
Firewall. Die in Windows integrierte genügt im Normalfall völlig.
ESET
NoScript
Linear-Darstellung
