Trojaner-Board - Rechner läuft immer langsamer nach unbeabsichtigten Download

Hallo, ich habe unbeabsichtigt einen falschen Firefox (us-version) runtergeladen und plötzlich waren da einige Programme, die ich sofort wieder gelöscht (deinstalliert) habe. (Leider weiß ich nicht mehr welche das waren). Jetzt läuft alles ziemlich langsam.

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 20:44 on 24/02/2014 (kleine)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-02-2014

Ran by kleine at 2014-02-24 20:48:18

Running from C:\Users\kleine\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}

AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
 

==================== Installed Programs ======================
 

Ad-Aware Antivirus (HKLM\...\{17E73768-9F21-4334-ABE6-CD131031564C}_AdAwareUpdater) (Version: 11.1.5354.0 - Lavasoft)

AdAwareInstaller (Version: 11.1.5354.0 - Lavasoft) Hidden

AdAwareUpdater (Version: 11.1.5354.0 - Lavasoft) Hidden

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)

Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)

Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)

Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)

AntimalwareEngine (Version: 2.6.0.0 - Lavasoft) Hidden

AntispamEngine (Version: 2.3.29.0 - Lavasoft) Hidden

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ArcSoft MediaImpression (HKLM\...\{CCF38218-BD4A-4A4D-8EBE-735569BF89F5}) (Version: 1.2.33.353 - ArcSoft)

Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - )

Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.7 - )

Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)

Easy Network Manager 4.0 (HKLM\...\InstallShield_{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}) (Version: 4.0.0.13 - Samsung)

Easy Network Manager 4.0 (Version: 4.0.0.13 - Samsung) Hidden

Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.1.0 - )

FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden

FormatFactory 3.0.1 (HKLM\...\FormatFactory) (Version: 3.0.1 - Free Time)

HomeTab 3.5 (HKLM\...\{c5eac06d-16a7-4836-866d-ebf3ecfdcdaa}_is1) (Version: 3.5 - HomeTab)

imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD)

Intel PROSet Wireless (Version:  - ) Hidden

Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}) (Version: 12.00.2000 - Intel(R) Corporation)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)

Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Java(TM) 6 Update 35 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.350 - Oracle)

LAME v3.98.2 for Audacity (HKLM\...\LAME for Audacity_is1) (Version:  - )

Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.45.3.3 - Marvell)

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)

Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation)

Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)

MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden

Mysearchdial (HKLM\...\mysearchdial) (Version:  - Mysearchdial) <==== ATTENTION

NVIDIA Grafiktreiber 310.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.64 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden

NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation) Hidden

NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)

NVIDIA Systemsteuerung 310.64 (Version: 310.64 - NVIDIA Corporation) Hidden

NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)

NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden

OnlineThreatsEngine (Version: 2.2.2.0 - Lavasoft) Hidden

OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)

PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)

PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.7 - )

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.)

RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )

Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD)

Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.6 - Samsung)

Samsung Update Plus (HKLM\...\InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}) (Version: 1.3.0.11 - Samsung Electronics Co., LTD)

Samsung Update Plus (HKLM\...\InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}) (Version: 2.0 - Samsung Electronics Co., LTD)

Samsung Update Plus (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Hidden

Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., LTD) Hidden

SPCA1528 PC Driver (HKLM\...\{570C2A84-A145-4DF0-AE9D-012584DF09DC}) (Version: 2.2.4.0 - )

Spotify (HKCU\...\Spotify) (Version: 0.8.8.454.gfb120cda - Spotify AB)

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.15.1 - Synaptics Incorporated)

TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)

Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)

User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )

Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)

VLC media player 1.1.4 (HKLM\...\VLC media player) (Version: 1.1.4 - VideoLAN)

WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden

WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - WIDCOMM, Inc.)

Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Communications Platform (Version: 14.0.8098.930 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

Windows-Treiberpaket - Intel System  (10/05/2012 9.1.9.1002) (HKLM\...\1AF5F143058CA8C5C954BD408C48232FAF21A69F) (Version: 10/05/2012 9.1.9.1002 - Intel)

Windows-Treiberpaket - Intel System  (10/05/2012 9.1.9.1002) (HKLM\...\2528966896853AC8DEC09D148A501604155972BD) (Version: 10/05/2012 9.1.9.1002 - Intel)

Windows-Treiberpaket - Intel System  (10/05/2012 9.1.9.1002) (HKLM\...\AC2EE0A9AD3E95C0C675C31C13CF653A6CB3A598) (Version: 10/05/2012 9.1.9.1002 - Intel)

Windows-Treiberpaket - Intel USB  (10/05/2012 9.1.9.1002) (HKLM\...\48EC18D43DCBA26BDC1D4FFB660F86792AB475D2) (Version: 10/05/2012 9.1.9.1002 - Intel)

Windows-Treiberpaket - NVIDIA Corporation (NVHDA) MEDIA  (07/03/2012 1.3.18.0) (HKLM\...\B46A8C1640335CA36A800E2C6D832964F6F58B54) (Version: 07/03/2012 1.3.18.0 - NVIDIA Corporation)

WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

XP Codec Pack (HKLM\...\XP Codec Pack) (Version:  - )

XviD MPEG-4 Video Codec (HKLM\...\XviD_is1) (Version: XviD-1.0.2-29082004 - XviD Team (Koepi))
 

==================== Restore Points  =========================
 

21-01-2014 19:21:38 Installed Java 7 Update 51

22-01-2014 08:59:53 Geplanter Prüfpunkt

23-01-2014 18:58:44 AA11

24-01-2014 08:26:19 Windows Update

25-01-2014 22:46:22 Geplanter Prüfpunkt

27-01-2014 08:28:07 Geplanter Prüfpunkt

28-01-2014 07:46:23 Windows Update

29-01-2014 07:52:57 Geplanter Prüfpunkt

29-01-2014 20:30:03 Geplanter Prüfpunkt

30-01-2014 08:39:00 Geplanter Prüfpunkt

31-01-2014 08:00:17 Geplanter Prüfpunkt

02-02-2014 20:18:57 Geplanter Prüfpunkt

03-02-2014 08:45:19 Geplanter Prüfpunkt

04-02-2014 19:40:57 Windows Update

07-02-2014 21:09:58 Windows Update

11-02-2014 20:32:26 Windows Update

12-02-2014 05:17:42 Windows Update

18-02-2014 19:05:49 Windows Update

21-02-2014 19:49:48 Windows Update

23-02-2014 19:20:18 Geplanter Prüfpunkt
 

==================== Hosts content: ==========================
 

2006-11-02 11:23 - 2013-06-25 21:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {0E935E62-1D7B-4E30-AB0D-2807DA10CB83} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-04] (Samsung Electronics Co., Ltd.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {2CBDA259-6EEF-489D-8FA8-FFA18EC3EB35} - System32\Tasks\UpdaterEX => C:\Users\kleine\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)

Task: {4E5C12AA-3A29-4984-BD4E-D57366E9A35C} - System32\Tasks\MySearchDial => C:\Users\kleine\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION

Task: {512087C4-C3C2-4F1C-B8D6-6D622A0A63FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)

Task: {6348F453-7648-43E7-A11B-3ED4D8D0B2A7} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

Task: {70123431-D3B0-44E9-8554-1A05B93730AD} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2008-05-22] (SAMSUNG Electronics)

Task: {8CA034A1-47C7-48C5-967F-80E5A5062EED} - \Browser Updater\Browser Updater No Task File

Task: {90255043-B028-41AF-B007-6EED10787515} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-04-17] (SAMSUNG Electronics co., LTD.)

Task: {A1DD22C6-FBE7-4021-BA65-996B4FECD9B2} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe

Task: {C6D1C84C-0891-4E7E-B2D4-8B200E31F411} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2008-04-25] (Samsung Electronics Co., Ltd.)

Task: {C88CD5CB-B30A-4A91-A310-84715F1796DD} - System32\Tasks\SupBackGroundTask => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe [2010-04-20] ()

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()

Task: {F04F987D-57DD-4E10-ABCB-9CA94823136D} - System32\Tasks\Software Updater Ui => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe

Task: {FAF58D27-CFD2-46AB-9931-EA3C4C25CCB6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\kleine\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: C:\Windows\Tasks\SupBackGroundTask.job => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe

Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\kleine\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: C:\Windows\Tasks\User_Feed_Synchronization-{E5DAD495-48D4-4D94-969F-72B8E436802B}.job => C:\Windows\system32\msfeedssync.exe
 

==================== Loaded Modules (whitelisted) =============
 

2011-02-09 11:33 - 2010-06-17 21:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll

2014-01-23 16:26 - 2014-01-23 16:26 - 00651232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe

2014-01-23 16:33 - 2014-01-23 16:33 - 00087928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_thread-vc100-mt-1_55.dll

2014-01-23 16:33 - 2014-01-23 16:33 - 00022392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_system-vc100-mt-1_55.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00030072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_chrono-vc100-mt-1_55.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00048512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_date_time-vc100-mt-1_55.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00107904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_filesystem-vc100-mt-1_55.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 03053416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareServiceKernel.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00541008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SQLite.dll

2014-01-23 16:33 - 2014-01-23 16:33 - 00131920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\pugixml.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 01928008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\RCF.dll

2014-01-23 16:33 - 2014-01-23 16:33 - 00638328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_regex-vc100-mt-1_55.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00477544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareActivation.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00244088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareApplicationUpdater.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00119656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareGamingMode.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00087384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareReset.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00105304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTime.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00228728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdater.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00170376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdaterScheduler.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00342376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIgnoreList.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00210280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareQuarantine.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00244592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiMalwareEngine.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00174960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiRootkitEngine.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00367472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScannerHistory.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00502112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScanner.dll

2014-01-23 16:33 - 2014-01-23 16:33 - 00030584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_timer-vc100-mt-1_55.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00268656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScannerScheduler.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00274808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareRealTimeProtection.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00190824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIncompatibles.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00181600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiSpam.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00105320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiPhishing.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00472944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareParentalControl.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 01858408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareWebProtection.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00223088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareEmailProtection.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00513392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareNetworkProtection.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00422752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareInstaller.dll

2014-01-23 16:33 - 2014-01-23 16:33 - 00148808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\zlib.dll

2014-01-23 16:33 - 2014-01-23 16:33 - 00122704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\libssh2.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00298840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwarePromo.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00241504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareFeedback.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SecurityCenter.dll

2013-12-15 22:27 - 2013-07-17 17:09 - 00135288 _____ () C:\Windows\system32\bdfwcore.dll

2013-07-17 17:10 - 2013-07-17 17:10 - 00565640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\BDSmartDB.dll

2013-08-21 14:32 - 2013-08-21 14:32 - 00641000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.2.0\ashttpbr.mdl

2013-08-21 14:32 - 2013-08-21 14:32 - 00451480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.2.0\ashttpdsp.mdl

2013-08-21 14:32 - 2013-08-21 14:32 - 01950672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.2.0\ashttpph.mdl

2013-08-21 14:32 - 2013-08-21 14:32 - 00974744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.2.0\ashttprbl.mdl

2013-08-21 14:32 - 2013-08-21 14:32 - 00641000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\WebFiltering Engine\2.2.1.0\ashttpbr.mdl

2013-08-21 14:32 - 2013-08-21 14:32 - 00451480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\WebFiltering Engine\2.2.1.0\ashttpdsp.mdl

2013-08-21 14:32 - 2013-08-21 14:32 - 02281296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\WebFiltering Engine\2.2.1.0\ashttpf.mdl

2013-08-21 14:32 - 2013-08-21 14:32 - 00974744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\WebFiltering Engine\2.2.1.0\ashttprbl.mdl

2008-09-12 05:03 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 02084720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareShellExtension.dll

2008-09-12 05:03 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll

2008-09-12 05:02 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 03643224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe

2014-01-23 16:33 - 2014-01-23 16:33 - 00405880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_locale-vc100-mt-1_55.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00308064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\HtmlFramework.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00056664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\DllStorage.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00789360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTrayDefaultSkin.dll

2014-01-23 16:32 - 2014-01-23 16:32 - 00118104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\Localization.dll

2014-02-23 21:42 - 2014-02-13 01:36 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (02/24/2014 08:02:47 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (02/24/2014 02:06:30 PM) (Source: Windows Search Service) (User: )

Description: Eintrag <C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.
 

Kontext:  Anwendung, SystemIndex Katalog
 
 

Details:

        Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
 

Error: (02/24/2014 02:06:30 PM) (Source: Windows Search Service) (User: )

Description: Eintrag <C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.
 

Kontext:  Anwendung, SystemIndex Katalog
 
 

Details:

        Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
 

Error: (02/24/2014 02:06:22 PM) (Source: Windows Search Service) (User: )

Description: Eintrag <C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden.
 

Kontext:  Anwendung, SystemIndex Katalog
 
 

Details:

        Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
 

Error: (02/24/2014 02:03:57 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (02/24/2014 08:49:59 AM) (Source: Windows Search Service) (User: )

Description: Eintrag <C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.
 

Kontext:  Anwendung, SystemIndex Katalog
 
 

Details:

        Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
 

Error: (02/24/2014 08:49:59 AM) (Source: Windows Search Service) (User: )

Description: Eintrag <C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.
 

Kontext:  Anwendung, SystemIndex Katalog
 
 

Details:

        Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
 

Error: (02/24/2014 08:49:59 AM) (Source: Windows Search Service) (User: )

Description: Eintrag <C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.
 

Kontext:  Anwendung, SystemIndex Katalog
 
 

Details:

        Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
 

Error: (02/24/2014 08:49:59 AM) (Source: Windows Search Service) (User: )

Description: Eintrag <C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.
 

Kontext:  Anwendung, SystemIndex Katalog
 
 

Details:

        Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
 

Error: (02/24/2014 08:49:59 AM) (Source: Windows Search Service) (User: )

Description: Eintrag <C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.
 

Kontext:  Anwendung, SystemIndex Katalog
 
 

Details:

        Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
 
 

System errors:

=============

Error: (02/24/2014 08:04:52 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)

Description: 0x80070032
 

Error: (02/24/2014 08:02:48 PM) (Source: Service Control Manager) (User: )

Description: System Store%%3
 

Error: (02/24/2014 08:02:48 PM) (Source: Service Control Manager) (User: )

Description: SPCA1528 Video Camera Service%%1058
 

Error: (02/24/2014 08:02:48 PM) (Source: Service Control Manager) (User: )

Description: Parallel port driver%%1058
 

Error: (02/24/2014 02:06:54 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)

Description: 0x80070032
 

Error: (02/24/2014 02:03:57 PM) (Source: Service Control Manager) (User: )

Description: System Store%%3
 

Error: (02/24/2014 02:03:57 PM) (Source: Service Control Manager) (User: )

Description: SPCA1528 Video Camera Service%%1058
 

Error: (02/24/2014 02:03:57 PM) (Source: Service Control Manager) (User: )

Description: Parallel port driver%%1058
 

Error: (02/24/2014 08:50:18 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)

Description: 0x80070032
 

Error: (02/24/2014 08:48:10 AM) (Source: Service Control Manager) (User: )

Description: System Store%%3
 
 

Microsoft Office Sessions:

=========================

Error: (02/24/2014 08:02:47 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (02/24/2014 02:06:30 PM) (Source: Windows Search Service)(User: )

Description: Kontext:  Anwendung, SystemIndex Katalog
 
 

Details:

        Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\SAFEBROWSING
 

Error: (02/24/2014 02:06:30 PM) (Source: Windows Search Service)(User: )

Description: Kontext:  Anwendung, SystemIndex Katalog
 
 

Details:

        Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\SAFEBROWSING
 

Error: (02/24/2014 02:06:22 PM) (Source: Windows Search Service)(User: )

Description: Kontext:  Anwendung, SystemIndex Katalog
 
 

Details:

        Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\SAFEBROWSING-TO_DELETE
 

Error: (02/24/2014 02:03:57 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (02/24/2014 08:49:59 AM) (Source: Windows Search Service)(User: )

Description: Kontext:  Anwendung, SystemIndex Katalog
 
 

Details:

        Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\CACHE\9
 

Error: (02/24/2014 08:49:59 AM) (Source: Windows Search Service)(User: )

Description: Kontext:  Anwendung, SystemIndex Katalog
 
 

Details:

        Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\CACHE\9
 

Error: (02/24/2014 08:49:59 AM) (Source: Windows Search Service)(User: )

Description: Kontext:  Anwendung, SystemIndex Katalog
 
 

Details:

        Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\CACHE\8
 

Error: (02/24/2014 08:49:59 AM) (Source: Windows Search Service)(User: )

Description: Kontext:  Anwendung, SystemIndex Katalog
 
 

Details:

        Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\CACHE\8
 

Error: (02/24/2014 08:49:59 AM) (Source: Windows Search Service)(User: )

Description: Kontext:  Anwendung, SystemIndex Katalog
 
 

Details:

        Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\CACHE\7
 
 

CodeIntegrity Errors:

===================================

  Date: 2013-12-15 22:18:40.346

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Drivers\i386\wlh\sbhips.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-12-15 22:18:40.036

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Drivers\i386\wlh\sbhips.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-12-15 22:18:39.720

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Drivers\i386\wlh\sbhips.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-12-15 22:18:39.390

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Drivers\i386\wlh\sbhips.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-11-09 23:37:50.575

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-11-09 23:37:50.177

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-08-20 14:04:32.817

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-08-20 14:04:32.511

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-08-20 14:02:46.932

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-08-20 14:02:46.524

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 42%

Total physical RAM: 3065.87 MB

Available physical RAM: 1767.86 MB

Total Pagefile: 6352.14 MB

Available Pagefile: 5127.05 MB

Total Virtual: 2047.88 MB

Available Virtual: 1902.18 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:144.09 GB) (Free:21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: () (Fixed) (Total:144 GB) (Free:143.87 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 298 GB) (Disk ID: 0201FF32)

Partition 1: (Not Active) - (Size=10 GB) - (Type=27)

Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-02-2014

Ran by kleine (administrator) on KLEINE-PC on 24-02-2014 20:47:00

Running from C:\Users\kleine\Desktop

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe

(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe

(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\system32\conime.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)

HKLM\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2416368 2013-02-25] (Synaptics Incorporated)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)

HKLM\...\Run: [] - [X]

HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [3643224 2014-01-23] ()

HKU\S-1-5-21-4273118025-30497289-324835352-1003\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-4273118025-30497289-324835352-1003\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-4273118025-30497289-324835352-1004\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dnldstr0202ff&cd=2XzuyEtN2Y1L1QzutDtDtBtCyCtAzz0DyDzyyEtB0B0E0A0DtN0D0Tzu0SyBzzyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=656912544&ir=

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dnldstr0202ff&cd=2XzuyEtN2Y1L1QzutDtDtBtCyCtAzz0DyDzyyEtB0B0E0A0DtN0D0Tzu0SyBzzyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=656912544&ir=

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search

SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 

SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 

SearchScopes: HKCU - {2BA770C2-E3A0-438F-90BC-C507DF624B32} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}

SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}

SearchScopes: HKCU - {44F87947-6CB0-4DC7-B01A-0C6A184CE044} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin

SearchScopes: HKCU - {572D9AB0-4614-4D0A-83C3-BD5F7D01CEBC} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin

SearchScopes: HKCU - {5A5C2038-9BC0-43F2-91BD-2C638D6BA9F6} URL = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms}

SearchScopes: HKCU - {5C895343-C9EC-4445-AA9F-E7D85DAAC8EA} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich

SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 

SearchScopes: HKCU - {CD376ED7-26AA-4576-B779-6817F0068E63} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()

Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default

FF Homepage: hxxp://www.google.de/

FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\adawaretb.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Ad-Aware Security Add-on - C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2014-02-23]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-15]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-15]
 

Chrome: 

=======

CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=AA23B4DCF089F5AEFB8E2251A3C8AA33

CHR RestoreOnStartup: "hxxp://start.mysearchdial.com/?f=1&a=dnldstr0202ff&cd=2XzuyEtN2Y1L1QzutDtDtBtCyCtAzz0DyDzyyEtB0B0E0A0DtN0D0Tzu0SyBzzyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=656912544&ir=", "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=AA23B4DCF089F5AEFB8E2251A3C8AA33"

CHR DefaultSearchProvider:       "name": "Mysearchdial"

CHR HKLM\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2014-01-17]

CHR HKLM\...\Chrome\Extension: [phegaokedjdajgnfphbnpkcfdgjbidko] - C:\ProgramData\adawaretb\toolbar\chrome\toolbar.crx [2014-01-17]
 

========================== Services (Whitelisted) =================
 

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [651232 2014-01-23] ()

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe [234776 2012-10-26] (McAfee, Inc.)

S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] ()

S2 SystemStoreService; "C:\Program Files\SoftwareUpdater\SystemStore.exe"  -displayname "System Store" -servicename "SystemStoreService" [X]

S2 wtmprovhost; C:\Windows\system32\VAN32.exe [X]
 

==================== Drivers (Whitelisted) ====================
 

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)

R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [77192 2013-07-17] (BitDefender LLC)

R1 bdftdif; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [130640 2013-07-17] (BitDefender LLC)

S3 Bulk1528; C:\Windows\System32\Drivers\Bulk1528.sys [14080 2009-10-20] (SunPlus)

S2 Ca1528av; C:\Windows\System32\Drivers\Ca1528av.sys [516480 2008-12-16] (Digital Camera)

R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-01] (GFI Software)

R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [154464 2013-07-17] (BitDefender LLC)

R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-09-12] (SAMSUNG ELECTRONICS CO., LTD.)

R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [340624 2013-07-17] (BitDefender S.R.L.)

R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [243840 2009-01-23] (Vimicro Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-02-24 20:47 - 2014-02-24 20:48 - 00013393 _____ () C:\Users\kleine\Desktop\FRST.txt

2014-02-24 20:46 - 2014-02-24 20:47 - 00000000 ____D () C:\FRST

2014-02-24 20:45 - 2014-02-24 20:46 - 01144320 _____ (Farbar) C:\Users\kleine\Desktop\FRST.exe

2014-02-24 20:44 - 2014-02-24 20:44 - 00000474 _____ () C:\Users\kleine\Desktop\defogger_disable.log

2014-02-24 20:44 - 2014-02-24 20:44 - 00000000 _____ () C:\Users\kleine\defogger_reenable

2014-02-24 20:41 - 2014-02-24 20:41 - 00050477 _____ () C:\Users\kleine\Desktop\Defogger.exe

2014-02-24 06:37 - 2014-02-24 06:37 - 00000043 _____ () C:\Users\kleine\AppData\Roaming\WB.CFG

2014-02-23 21:52 - 2014-02-24 06:24 - 00000000 ____D () C:\Users\kleine\AppData\Local\adawarebp

2014-02-23 21:51 - 2014-02-23 21:51 - 00000000 ____D () C:\ProgramData\blekko toolbars

2014-02-23 21:51 - 2014-02-23 21:51 - 00000000 ____D () C:\Program Files\Toolbar Cleaner

2014-02-23 21:50 - 2014-02-23 21:50 - 04048592 _____ (Lavasoft) C:\Users\kleine\Downloads\adawareTb_3.8.0.2.exe

2014-02-23 21:42 - 2014-02-23 21:42 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-02-23 21:42 - 2014-02-23 21:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-02-23 21:37 - 2014-02-24 20:37 - 00000296 _____ () C:\Windows\Tasks\MySearchDial.job

2014-02-23 21:36 - 2014-02-23 21:36 - 00000000 ____D () C:\Users\kleine\Documents\Optimizer Pro

2014-02-23 21:31 - 2014-02-24 06:23 - 00000000 ____D () C:\Program Files\FindRight

2014-02-23 21:31 - 2014-02-23 21:31 - 00000296 _____ () C:\Windows\Tasks\UpdaterEX.job

2014-02-23 21:30 - 2014-02-23 21:37 - 00000000 ____D () C:\Users\kleine\AppData\Roaming\mysearchdial

2014-02-23 21:30 - 2014-02-23 21:30 - 24039048 _____ (Mozilla) C:\Users\kleine\Downloads\Firefox_Setup [1].exe

2014-02-23 21:30 - 2014-02-23 21:30 - 00000000 ____D () C:\Program Files\Mysearchdial

2014-02-23 21:29 - 2014-02-23 21:30 - 00738368 _____ ( ) C:\Users\kleine\Downloads\Firefox_Setup.exe

2014-02-15 13:30 - 2014-02-23 21:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-02-11 21:40 - 2014-02-02 21:10 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 06019584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-11 21:40 - 2014-02-02 21:10 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll

2014-02-11 21:40 - 2014-02-01 23:54 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2014-02-11 21:40 - 2014-02-01 23:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-11 21:40 - 2014-02-01 23:47 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-11 21:40 - 2014-02-01 23:46 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-11 21:40 - 2014-02-01 23:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-02-11 21:39 - 2013-12-22 16:42 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-11 21:39 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-01-26 20:03 - 2014-01-26 20:03 - 00622968 _____ () C:\Users\kleine\Downloads\anno1602_windows2000_xp-Downloader.exe
 

==================== One Month Modified Files and Folders =======
 

2014-02-24 20:48 - 2014-02-24 20:47 - 00013393 _____ () C:\Users\kleine\Desktop\FRST.txt

2014-02-24 20:47 - 2014-02-24 20:46 - 00000000 ____D () C:\FRST

2014-02-24 20:46 - 2014-02-24 20:45 - 01144320 _____ (Farbar) C:\Users\kleine\Desktop\FRST.exe

2014-02-24 20:44 - 2014-02-24 20:44 - 00000474 _____ () C:\Users\kleine\Desktop\defogger_disable.log

2014-02-24 20:44 - 2014-02-24 20:44 - 00000000 _____ () C:\Users\kleine\defogger_reenable

2014-02-24 20:44 - 2008-12-17 00:53 - 00000000 ____D () C:\Users\kleine

2014-02-24 20:41 - 2014-02-24 20:41 - 00050477 _____ () C:\Users\kleine\Desktop\Defogger.exe

2014-02-24 20:37 - 2014-02-23 21:37 - 00000296 _____ () C:\Windows\Tasks\MySearchDial.job

2014-02-24 20:15 - 2012-04-21 18:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-24 20:15 - 2009-02-16 14:18 - 00000416 ____H () C:\Windows\Tasks\SupBackGroundTask.job

2014-02-24 20:05 - 2009-02-08 14:35 - 02045299 _____ () C:\Windows\WindowsUpdate.log

2014-02-24 20:03 - 2013-12-15 22:27 - 00002204 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

2014-02-24 20:01 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-24 20:01 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-24 20:01 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-24 14:31 - 2008-09-12 20:41 - 00000012 _____ () C:\Windows\bthservsdp.dat

2014-02-24 14:31 - 2006-11-02 14:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-02-24 06:37 - 2014-02-24 06:37 - 00000043 _____ () C:\Users\kleine\AppData\Roaming\WB.CFG

2014-02-24 06:24 - 2014-02-23 21:52 - 00000000 ____D () C:\Users\kleine\AppData\Local\adawarebp

2014-02-24 06:23 - 2014-02-23 21:31 - 00000000 ____D () C:\Program Files\FindRight

2014-02-24 06:23 - 2013-06-25 21:06 - 00017766 _____ () C:\Windows\PFRO.log

2014-02-24 06:23 - 2013-05-27 21:57 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection

2014-02-23 21:51 - 2014-02-23 21:51 - 00000000 ____D () C:\ProgramData\blekko toolbars

2014-02-23 21:51 - 2014-02-23 21:51 - 00000000 ____D () C:\Program Files\Toolbar Cleaner

2014-02-23 21:51 - 2013-12-15 22:25 - 00000000 ____D () C:\Program Files\Lavasoft

2014-02-23 21:50 - 2014-02-23 21:50 - 04048592 _____ (Lavasoft) C:\Users\kleine\Downloads\adawareTb_3.8.0.2.exe

2014-02-23 21:43 - 2008-12-23 19:47 - 00000000 ____D () C:\Users\kleine\AppData\Roaming\Mozilla

2014-02-23 21:43 - 2008-12-17 01:15 - 00000420 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{E5DAD495-48D4-4D94-969F-72B8E436802B}.job

2014-02-23 21:42 - 2014-02-23 21:42 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-02-23 21:42 - 2014-02-23 21:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-02-23 21:42 - 2014-02-15 13:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-02-23 21:37 - 2014-02-23 21:30 - 00000000 ____D () C:\Users\kleine\AppData\Roaming\mysearchdial

2014-02-23 21:36 - 2014-02-23 21:36 - 00000000 ____D () C:\Users\kleine\Documents\Optimizer Pro

2014-02-23 21:31 - 2014-02-23 21:31 - 00000296 _____ () C:\Windows\Tasks\UpdaterEX.job

2014-02-23 21:30 - 2014-02-23 21:30 - 24039048 _____ (Mozilla) C:\Users\kleine\Downloads\Firefox_Setup [1].exe

2014-02-23 21:30 - 2014-02-23 21:30 - 00000000 ____D () C:\Program Files\Mysearchdial

2014-02-23 21:30 - 2014-02-23 21:29 - 00738368 _____ ( ) C:\Users\kleine\Downloads\Firefox_Setup.exe

2014-02-21 21:15 - 2012-04-21 18:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-02-21 21:15 - 2011-09-21 15:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-02-20 22:17 - 2009-02-18 18:57 - 00000000 ____D () C:\Users\kleine\Desktop\Corvin

2014-02-20 21:25 - 2006-11-02 11:33 - 00149630 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-20 21:23 - 2008-12-16 18:38 - 00033792 _____ () C:\Users\kleine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-02-12 20:50 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-02-12 06:27 - 2013-07-16 22:56 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-12 06:25 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-02-02 21:10 - 2014-02-11 21:40 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 06019584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-02 21:10 - 2014-02-11 21:40 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll

2014-02-01 23:54 - 2014-02-11 21:40 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2014-02-01 23:47 - 2014-02-11 21:40 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-01 23:47 - 2014-02-11 21:40 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-01 23:46 - 2014-02-11 21:40 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-01 23:46 - 2014-02-11 21:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-01-26 20:07 - 2013-05-26 09:18 - 00000000 ____D () C:\Users\kleine\AppData\Local\DownloadGuide

2014-01-26 20:03 - 2014-01-26 20:03 - 00622968 _____ () C:\Users\kleine\Downloads\anno1602_windows2000_xp-Downloader.exe
 

Files to move or delete:

====================

C:\Users\kleine\AppData\Roaming\desktop.ini
 
 

Some content of TEMP:

====================

C:\Users\kleine\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe

C:\Users\kleine\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-02-24 20:08
 

==================== End Of Log ============================

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2014-02-24 21:09:08

Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FB4O 298,09GB

Running: Gmer-19357.exe; Driver: C:\Users\kleine\AppData\Local\Temp\awdiipod.sys
 
 

---- User code sections - GMER 2.1 ----
 

.text           C:\Program Files\Mozilla Firefox\firefox.exe[4852] ntdll.dll!LdrLoadDll                          77D29378 5 Bytes  JMP 74CD1FFD C:\Program Files\Mozilla Firefox\mozglue.dll

.text           C:\Program Files\Mozilla Firefox\firefox.exe[4852] kernel32.dll!HeapSetInformation + 26          76BAA8B0 7 Bytes  JMP 63505A06 C:\Program Files\Mozilla Firefox\xul.dll

.text           C:\Program Files\Mozilla Firefox\firefox.exe[4852] kernel32.dll!LockResource + C                 76BC6ACB 7 Bytes  JMP 638F049D C:\Program Files\Mozilla Firefox\xul.dll

.text           C:\Program Files\Mozilla Firefox\firefox.exe[4852] kernel32.dll!VirtualAllocEx + 54              76BCAF50 7 Bytes  JMP 638F0455 C:\Program Files\Mozilla Firefox\xul.dll

.text           C:\Program Files\Mozilla Firefox\firefox.exe[4852] GDI32.dll!SetStretchBltMode + 256             770A745C 2 Bytes  JMP 638F04C4 C:\Program Files\Mozilla Firefox\xul.dll

.text           C:\Program Files\Mozilla Firefox\firefox.exe[4852] GDI32.dll!SetStretchBltMode + 259             770A745F 4 Bytes  [84, EC, EB, F9] {TEST AH, CH; JMP 0xfffffffd}

.text           C:\Program Files\Mozilla Firefox\firefox.exe[4852] WS2_32.dll!recv                               77E6343A 6 Bytes  JMP 71A00F5A 

.text           C:\Program Files\Mozilla Firefox\firefox.exe[4852] WS2_32.dll!WSASend                            77E64496 6 Bytes  JMP 719D0F5A 

.text           C:\Program Files\Mozilla Firefox\firefox.exe[4852] WS2_32.dll!WSALookupServiceNextW              77E6455D 6 Bytes  JMP 71A90F5A 

.text           C:\Program Files\Mozilla Firefox\firefox.exe[4852] WS2_32.dll!WSALookupServiceBeginW             77E64E93 6 Bytes  JMP 71AF0F5A 

.text           C:\Program Files\Mozilla Firefox\firefox.exe[4852] WS2_32.dll!WSALookupServiceEnd                77E65564 6 Bytes  JMP 71A60F5A 

.text           C:\Program Files\Mozilla Firefox\firefox.exe[4852] WS2_32.dll!send                               77E6659B 6 Bytes  JMP 71A30F5A 

.text           C:\Program Files\Mozilla Firefox\firefox.exe[4852] WS2_32.dll!WSAGetOverlappedResult             77E68143 6 Bytes  JMP 71970F5A 

.text           C:\Program Files\Mozilla Firefox\firefox.exe[4852] WS2_32.dll!WSARecv                            77E68400 6 Bytes  JMP 719A0F5A 
 

---- Devices - GMER 2.1 ----
 

AttachedDevice  \Driver\tdx \Device\Tcp                                                                          bdftdif.sys

AttachedDevice  \Driver\tdx \Device\Udp                                                                          bdftdif.sys
 

---- Registry - GMER 2.1 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fa0371                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fc199b                      

Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1fa0371 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1fc199b (not active ControlSet)  
 

---- Disk sectors - GMER 2.1 ----
 

Disk            \Device\Harddisk0\DR0                                                                            unknown MBR code
 

---- EOF - GMER 2.1 ----

Code:

# AdwCleaner v3.020 - Bericht erstellt am 28/02/2014 um 21:22:51

# Aktualisiert 27/02/2014 von Xplode

# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

# Benutzername : kleine - KLEINE-PC

# Gestartet von : C:\Users\kleine\Desktop\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

[#] Dienst Gelöscht : SystemStoreService
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\blekko toolbars

Ordner Gelöscht : C:\Program Files\FindRight

Ordner Gelöscht : C:\Program Files\Toolbar Cleaner

Ordner Gelöscht : C:\Users\kleine\AppData\Local\DownloadGuide

Ordner Gelöscht : C:\Users\kleine\AppData\LocalLow\adawaretb

Ordner Gelöscht : C:\Users\kleine\AppData\Roaming\UpdaterEX

Ordner Gelöscht : C:\Users\kleine\Documents\Optimizer Pro

Ordner Gelöscht : C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\adawaretb

Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\adawaretb.xml

Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater Ui

Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater

Datei Gelöscht : C:\Windows\Tasks\UpdaterEX.job

Datei Gelöscht : C:\Windows\System32\Tasks\UpdaterEX
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CA034A1-47C7-48C5-967F-80E5A5062EED}

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F04F987D-57DD-4E10-ABCB-9CA94823136D}

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F04F987D-57DD-4E10-ABCB-9CA94823136D}

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A1DD22C6-FBE7-4021-BA65-996B4FECD9B2}

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1DD22C6-FBE7-4021-BA65-996B4FECD9B2}

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CBDA259-6EEF-489D-8FA8-FFA18EC3EB35}

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CBDA259-6EEF-489D-8FA8-FFA18EC3EB35}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Search Protection]

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

Schlüssel Gelöscht : HKCU\Software\distromatic

Schlüssel Gelöscht : HKCU\Software\InstallCore

Schlüssel Gelöscht : HKCU\Software\simplytech

Schlüssel Gelöscht : HKCU\Software\UpdaterEX

Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawaretb

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech

Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Schlüssel Gelöscht : HKLM\Software\adawaretb

Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar

Schlüssel Gelöscht : HKLM\Software\Toolbar Cleaner

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean Pro_is1

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
 

***** [ Browser ] *****
 

-\\ Internet Explorer v8.0.6001.19499
 

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
 

-\\ Mozilla Firefox v27.0.1 (de)
 

[ Datei : C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\prefs.js ]
 
 

-\\ Google Chrome v
 

[ Datei : C:\Users\kleine\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 

Gelöscht : urls_to_restore_on_startup
 

*************************
 

AdwCleaner[R0].txt - [8196 octets] - [28/02/2014 21:22:04]

AdwCleaner[S0].txt - [7382 octets] - [28/02/2014 21:22:51]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7442 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.2 (02.20.2014:1)

OS: Windows Vista (TM) Home Premium x86

Ran by kleine on 28.02.2014 at 21:46:44,69

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4273118025-30497289-324835352-1003\Software\sweetim
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\Users\kleine\appdata\local\adawarebp"
 
 
 

~~~ FireFox
 

Successfully deleted: [Folder] C:\Users\kleine\AppData\Roaming\mozilla\firefox\profiles\1qv2wd4l.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

Successfully deleted the following from C:\Users\kleine\AppData\Roaming\mozilla\firefox\profiles\1qv2wd4l.default\prefs.js
 

user_pref("keyword.URL", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=");

Emptied folder: C:\Users\kleine\AppData\Roaming\mozilla\firefox\profiles\1qv2wd4l.default\minidumps [4 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 28.02.2014 at 21:49:17,56

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-02-2014 02

Ran by kleine (administrator) on KLEINE-PC on 28-02-2014 21:59:30

Running from C:\Users\kleine\Desktop

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe

(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2416368 2013-02-25] (Synaptics Incorporated)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)

HKLM\...\Run: [] - [X]

HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [3643224 2014-01-23] ()

HKU\S-1-5-21-4273118025-30497289-324835352-1003\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-4273118025-30497289-324835352-1003\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-4273118025-30497289-324835352-1004\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {2BA770C2-E3A0-438F-90BC-C507DF624B32} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}

SearchScopes: HKCU - {44F87947-6CB0-4DC7-B01A-0C6A184CE044} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin

SearchScopes: HKCU - {572D9AB0-4614-4D0A-83C3-BD5F7D01CEBC} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin

SearchScopes: HKCU - {5A5C2038-9BC0-43F2-91BD-2C638D6BA9F6} URL = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms}

SearchScopes: HKCU - {5C895343-C9EC-4445-AA9F-E7D85DAAC8EA} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich

SearchScopes: HKCU - {CD376ED7-26AA-4576-B779-6817F0068E63} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default

FF Homepage: hxxp://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-15]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-15]
 

Chrome: 

=======

CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=AA23B4DCF089F5AEFB8E2251A3C8AA33

CHR RestoreOnStartup: "hxxp://www.google.com"

CHR DefaultSearchProvider:       "name": "Mysearchdial"

CHR HKLM\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2014-01-17]

CHR HKLM\...\Chrome\Extension: [phegaokedjdajgnfphbnpkcfdgjbidko] - C:\ProgramData\adawaretb\toolbar\chrome\toolbar.crx [2014-01-17]
 

========================== Services (Whitelisted) =================
 

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [651232 2014-01-23] ()

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe [234776 2012-10-26] (McAfee, Inc.)

S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] ()

S2 wtmprovhost; C:\Windows\system32\VAN32.exe [X]
 

==================== Drivers (Whitelisted) ====================
 

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)

R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [77192 2013-07-17] (BitDefender LLC)

R1 bdftdif; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [130640 2013-07-17] (BitDefender LLC)

S3 Bulk1528; C:\Windows\System32\Drivers\Bulk1528.sys [14080 2009-10-20] (SunPlus)

S2 Ca1528av; C:\Windows\System32\Drivers\Ca1528av.sys [516480 2008-12-16] (Digital Camera)

R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-01] (GFI Software)

R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [154464 2013-07-17] (BitDefender LLC)

R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-09-12] (SAMSUNG ELECTRONICS CO., LTD.)

R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [340624 2013-07-17] (BitDefender S.R.L.)

R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [243840 2009-01-23] (Vimicro Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-02-28 21:59 - 2014-02-28 21:59 - 00010816 _____ () C:\Users\kleine\Desktop\FRST.txt

2014-02-28 21:59 - 2014-02-28 21:59 - 00000000 ____D () C:\Users\kleine\Desktop\FRST-OlderVersion

2014-02-28 21:49 - 2014-02-28 21:49 - 00001561 _____ () C:\Users\kleine\Desktop\JRT.txt

2014-02-28 21:44 - 2014-02-28 21:44 - 01037734 _____ (Thisisu) C:\Users\kleine\Desktop\JRT.exe

2014-02-28 21:22 - 2014-02-28 21:29 - 00000000 ____D () C:\AdwCleaner

2014-02-28 21:21 - 2014-02-28 21:21 - 01244192 _____ () C:\Users\kleine\Desktop\adwcleaner.exe

2014-02-27 21:19 - 2014-02-27 21:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-02-27 21:19 - 2014-02-27 21:19 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-02-27 21:18 - 2014-02-27 21:45 - 00000000 ____D () C:\Users\kleine\Desktop\mbar

2014-02-27 21:18 - 2014-02-27 21:18 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-02-27 21:15 - 2014-02-27 21:15 - 12589848 _____ (Malwarebytes Corp.) C:\Users\kleine\Desktop\mbar-1.07.0.1009.exe

2014-02-24 21:09 - 2014-02-24 21:09 - 00003577 _____ () C:\Users\kleine\Desktop\Gmer.log

2014-02-24 20:52 - 2014-02-24 20:52 - 00380416 _____ () C:\Users\kleine\Desktop\Gmer-19357.exe

2014-02-24 20:46 - 2014-02-28 21:59 - 00000000 ____D () C:\FRST

2014-02-24 20:45 - 2014-02-28 21:59 - 01143808 _____ (Farbar) C:\Users\kleine\Desktop\FRST.exe

2014-02-24 20:44 - 2014-02-24 20:44 - 00000474 _____ () C:\Users\kleine\Desktop\defogger_disable.log

2014-02-24 20:44 - 2014-02-24 20:44 - 00000000 _____ () C:\Users\kleine\defogger_reenable

2014-02-24 20:41 - 2014-02-24 20:41 - 00050477 _____ () C:\Users\kleine\Desktop\Defogger.exe

2014-02-24 06:37 - 2014-02-25 06:37 - 00000082 _____ () C:\Users\kleine\AppData\Roaming\WB.CFG

2014-02-23 21:50 - 2014-02-23 21:50 - 04048592 _____ (Lavasoft) C:\Users\kleine\Downloads\adawareTb_3.8.0.2.exe

2014-02-23 21:42 - 2014-02-23 21:42 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-02-23 21:42 - 2014-02-23 21:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-02-23 21:30 - 2014-02-23 21:30 - 24039048 _____ (Mozilla) C:\Users\kleine\Downloads\Firefox_Setup [1].exe

2014-02-23 21:29 - 2014-02-23 21:30 - 00738368 _____ ( ) C:\Users\kleine\Downloads\Firefox_Setup.exe

2014-02-15 13:30 - 2014-02-23 21:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-02-11 21:40 - 2014-02-02 21:10 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 06019584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-11 21:40 - 2014-02-02 21:10 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-11 21:40 - 2014-02-02 21:10 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll

2014-02-11 21:40 - 2014-02-01 23:54 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2014-02-11 21:40 - 2014-02-01 23:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-11 21:40 - 2014-02-01 23:47 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-11 21:40 - 2014-02-01 23:46 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-11 21:40 - 2014-02-01 23:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-02-11 21:39 - 2013-12-22 16:42 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-11 21:39 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
 

==================== One Month Modified Files and Folders =======
 

2014-02-28 21:59 - 2014-02-28 21:59 - 00010816 _____ () C:\Users\kleine\Desktop\FRST.txt

2014-02-28 21:59 - 2014-02-28 21:59 - 00000000 ____D () C:\Users\kleine\Desktop\FRST-OlderVersion

2014-02-28 21:59 - 2014-02-24 20:46 - 00000000 ____D () C:\FRST

2014-02-28 21:59 - 2014-02-24 20:45 - 01143808 _____ (Farbar) C:\Users\kleine\Desktop\FRST.exe

2014-02-28 21:49 - 2014-02-28 21:49 - 00001561 _____ () C:\Users\kleine\Desktop\JRT.txt

2014-02-28 21:44 - 2014-02-28 21:44 - 01037734 _____ (Thisisu) C:\Users\kleine\Desktop\JRT.exe

2014-02-28 21:34 - 2009-02-08 14:35 - 01327430 _____ () C:\Windows\WindowsUpdate.log

2014-02-28 21:32 - 2013-12-15 22:27 - 00002204 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

2014-02-28 21:30 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-28 21:30 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-28 21:30 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-28 21:29 - 2014-02-28 21:22 - 00000000 ____D () C:\AdwCleaner

2014-02-28 21:29 - 2008-09-12 20:41 - 00000012 _____ () C:\Windows\bthservsdp.dat

2014-02-28 21:29 - 2006-11-02 14:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-02-28 21:21 - 2014-02-28 21:21 - 01244192 _____ () C:\Users\kleine\Desktop\adwcleaner.exe

2014-02-28 21:15 - 2012-04-21 18:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-28 20:35 - 2009-02-16 14:18 - 00000416 ____H () C:\Windows\Tasks\SupBackGroundTask.job

2014-02-28 12:50 - 2008-12-17 01:15 - 00000420 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{E5DAD495-48D4-4D94-969F-72B8E436802B}.job

2014-02-27 21:45 - 2014-02-27 21:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-02-27 21:45 - 2014-02-27 21:18 - 00000000 ____D () C:\Users\kleine\Desktop\mbar

2014-02-27 21:19 - 2014-02-27 21:19 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-02-27 21:18 - 2014-02-27 21:18 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-02-27 21:15 - 2014-02-27 21:15 - 12589848 _____ (Malwarebytes Corp.) C:\Users\kleine\Desktop\mbar-1.07.0.1009.exe

2014-02-26 21:48 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-02-26 21:29 - 2006-11-02 11:33 - 00247964 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-26 06:20 - 2013-06-25 21:06 - 00069096 _____ () C:\Windows\PFRO.log

2014-02-25 06:37 - 2014-02-24 06:37 - 00000082 _____ () C:\Users\kleine\AppData\Roaming\WB.CFG

2014-02-24 21:09 - 2014-02-24 21:09 - 00003577 _____ () C:\Users\kleine\Desktop\Gmer.log

2014-02-24 20:52 - 2014-02-24 20:52 - 00380416 _____ () C:\Users\kleine\Desktop\Gmer-19357.exe

2014-02-24 20:44 - 2014-02-24 20:44 - 00000474 _____ () C:\Users\kleine\Desktop\defogger_disable.log

2014-02-24 20:44 - 2014-02-24 20:44 - 00000000 _____ () C:\Users\kleine\defogger_reenable

2014-02-24 20:44 - 2008-12-17 00:53 - 00000000 ____D () C:\Users\kleine

2014-02-24 20:41 - 2014-02-24 20:41 - 00050477 _____ () C:\Users\kleine\Desktop\Defogger.exe

2014-02-24 06:23 - 2013-05-27 21:57 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection

2014-02-23 21:51 - 2013-12-15 22:25 - 00000000 ____D () C:\Program Files\Lavasoft

2014-02-23 21:50 - 2014-02-23 21:50 - 04048592 _____ (Lavasoft) C:\Users\kleine\Downloads\adawareTb_3.8.0.2.exe

2014-02-23 21:43 - 2008-12-23 19:47 - 00000000 ____D () C:\Users\kleine\AppData\Roaming\Mozilla

2014-02-23 21:42 - 2014-02-23 21:42 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-02-23 21:42 - 2014-02-23 21:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-02-23 21:42 - 2014-02-15 13:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-02-23 21:30 - 2014-02-23 21:30 - 24039048 _____ (Mozilla) C:\Users\kleine\Downloads\Firefox_Setup [1].exe

2014-02-23 21:30 - 2014-02-23 21:29 - 00738368 _____ ( ) C:\Users\kleine\Downloads\Firefox_Setup.exe

2014-02-21 21:15 - 2012-04-21 18:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-02-21 21:15 - 2011-09-21 15:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-02-20 22:17 - 2009-02-18 18:57 - 00000000 ____D () C:\Users\kleine\Desktop\Corvin

2014-02-20 21:23 - 2008-12-16 18:38 - 00033792 _____ () C:\Users\kleine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-02-12 06:27 - 2013-07-16 22:56 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-12 06:25 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-02-02 21:10 - 2014-02-11 21:40 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 06019584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-02 21:10 - 2014-02-11 21:40 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-02 21:10 - 2014-02-11 21:40 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll

2014-02-01 23:54 - 2014-02-11 21:40 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2014-02-01 23:47 - 2014-02-11 21:40 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-01 23:47 - 2014-02-11 21:40 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-01 23:46 - 2014-02-11 21:40 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-01 23:46 - 2014-02-11 21:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
 

Files to move or delete:

====================

C:\Users\kleine\AppData\Roaming\desktop.ini
 
 

Some content of TEMP:

====================

C:\Users\kleine\AppData\Local\temp\95135uninstall.exe

C:\Users\kleine\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe

C:\Users\kleine\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe

C:\Users\kleine\AppData\Local\temp\Quarantine.exe

C:\Users\kleine\AppData\Local\temp\Sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-02-28 21:36
 

==================== End Of Log ============================

--- --- ---

--- --- ---