Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Softwareupdater.ui.exe lädt unerwünscht Programme herunter (https://www.trojaner-board.de/137151-softwareupdater-ui-exe-laedt-unerwuenscht-programme-herunter.html)

corvin 25.06.2013 12:03
Softwareupdater.ui.exe lädt unerwünscht Programme herunter
 
Hallo, nach jedem Start des PC´s kommt nach kurzer Zeit der Softwareupdater.ui.exe. Wenn ich unter Vista auf "Abbrechen" klicke ist alles ok. Klicke ich auf "zulassen" werden im Hintergrund Programme installiert die mich mit Werbung und Ähnlichem bombardieren.
Es wäre auch gut möglich, dass ich mehr Schadsoftware habe als ich denke.
Ich bräuchte einen Helfer mit guten Nerven. :-) (bin in pc-sachen nicht so fit)

schrauber 25.06.2013 12:22
Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

schrauber 25.06.2013 12:23
Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

corvin 25.06.2013 14:48
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-06-2013 01
Ran by kleine (administrator) on 25-06-2013 15:40:24
Running from C:\Users\kleine\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Lavasoft Limited) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(GFI Software) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Lavasoft) C:\ProgramData\Search Protection\SearchProtection.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [554408 2013-05-15] (Lavasoft)
HKLM\...\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe [942504 2013-05-16] (Lavasoft)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2416368 2013-02-25] (Synaptics Incorporated)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
MountPoints2: {03469692-05f9-11e0-9b29-001377b19588} - G:\KODAK_Software_Downloader.exe
MountPoints2: {1e6fb185-cbcf-11dd-b128-001377b19588} - F:\setup.exe AUTORUN=1
MountPoints2: {5984913d-4a73-11e1-842c-001377b19588} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&st=chrome&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&st=chrome&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&st=chrome&q=
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
HKLM SearchScopes: DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&q={searchTerms}
HKCU SearchScopes: DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=4612_5&babsrc=SP_ss&mntrId=46eabead0000000000000021638d5942
SearchScopes: HKCU - {2BA770C2-E3A0-438F-90BC-C507DF624B32} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_0&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {44F87947-6CB0-4DC7-B01A-0C6A184CE044} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {572D9AB0-4614-4D0A-83C3-BD5F7D01CEBC} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {5A5C2038-9BC0-43F2-91BD-2C638D6BA9F6} URL = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms}
SearchScopes: HKCU - {5C895343-C9EC-4445-AA9F-E7D85DAAC8EA} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
SearchScopes: HKCU - {7C03AD48-57F9-4B72-B451-FF2E5AD2B3B1} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=E38BEE7F-9D4A-497D-A063-FEC530EC2F3A&apn_sauid=5768ABF6-E539-43E7-8F8E-38C52FF9B99B
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={B372A016-6A32-4F35-8B37-BEF51AB0CFE7}&mid=39c54efeafee47d08386d15a31557c7b-7db1f99ce0540e90f824abe8034a3b5e2f511639&lang=de&ds=od011&pr=sa&d=2012-03-29 21:18:31&v=10.2.0.3&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&q={searchTerms}
SearchScopes: HKCU - {CD376ED7-26AA-4576-B779-6817F0068E63} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\qlvwi8hu.default
FF user.js: detected! => C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\qlvwi8hu.default\user.js
FF SearchEngine: Web Search
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_0&hsimp=yhs-lavasoft&ent=bs&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\kleine\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Ad-Aware Security Add-on - C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\qlvwi8hu.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

Chrome:
=======
CHR HomePage:        "homepage":        "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=AA23B4DCF089F5AEFB8E2251A3C8AA33",
CHR RestoreOnStartup: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=AA23B4DCF089F5AEFB8E2251A3C8AA33"

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-03-18] (Lavasoft Limited)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-03-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-29] (Avira Operations GmbH & Co. KG)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe [234776 2012-10-26] (McAfee, Inc.)
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] ()
R2 SBAMSvc; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 SystemStoreService; C:\Program Files\SoftwareUpdater\SystemStore.exe [296448 2013-04-30] ()

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-29] (Avira Operations GmbH & Co. KG)
S3 Bulk1528; C:\Windows\System32\Drivers\Bulk1528.sys [14080 2009-10-20] (SunPlus)
S2 Ca1528av; C:\Windows\System32\Drivers\Ca1528av.sys [516480 2008-12-16] (Digital Camera)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41584 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-05-27] (GFI Software)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-09-12] (SAMSUNG ELECTRONICS CO., LTD.)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [66344 2012-09-12] (GFI Software)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-02] (Avira GmbH)
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [243840 2009-01-23] (Vimicro Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-25 15:40 - 2013-06-25 15:40 - 00000000 ____D C:\FRST
2013-06-25 15:38 - 2013-06-25 15:38 - 01370263 ____A (Farbar) C:\Users\kleine\Desktop\FRST.exe
2013-06-25 12:17 - 2013-06-25 12:17 - 00054738 ____A C:\Users\kleine\Desktop\gmer.txt
2013-06-25 09:19 - 2013-06-25 09:19 - 00103680 ____A (GMER) C:\awdiipod.sys
2013-06-25 09:16 - 2013-06-25 09:16 - 00080372 ____A C:\Users\kleine\Desktop\OTL.Txt
2013-06-25 09:04 - 2013-06-25 09:04 - 00000474 ____A C:\Users\kleine\Desktop\defogger_disable.log
2013-06-24 21:13 - 2013-04-11 11:06 - 00041584 ____A (ThreatTrack Security) C:\Windows\System32\Drivers\gfiark.sys
2013-06-24 21:10 - 2013-06-24 21:10 - 00000000 ____D C:\Windows\System32\Drivers\VDD
2013-06-24 21:04 - 2013-06-24 21:04 - 00152720 ____A C:\Windows\Minidump\Mini062413-02.dmp
2013-06-24 20:57 - 2013-06-24 21:04 - 212311210 ____A C:\Windows\MEMORY.DMP
2013-06-24 20:57 - 2013-06-24 21:04 - 00000000 ____D C:\Windows\Minidump
2013-06-24 20:57 - 2013-06-24 20:57 - 00154392 ____A C:\Windows\Minidump\Mini062413-01.dmp
2013-06-24 20:46 - 2013-06-24 20:46 - 00377856 ____A C:\Users\kleine\Desktop\gmer_2.1.19163.exe
2013-06-24 20:27 - 2013-06-24 20:27 - 00602112 ____A (OldTimer Tools) C:\Users\kleine\Desktop\OTL.exe
2013-06-24 19:52 - 2013-06-24 19:52 - 00000000 ____A C:\Users\kleine\defogger_reenable
2013-06-24 19:51 - 2013-06-24 19:51 - 00050477 ____A C:\Users\kleine\Desktop\Defogger.exe
2013-06-12 08:41 - 2013-05-17 05:50 - 01212928 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 08:41 - 2013-05-17 05:50 - 00916480 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 08:41 - 2013-05-17 05:50 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 08:41 - 2013-05-17 05:48 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-12 08:41 - 2013-05-17 05:46 - 06014464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 08:41 - 2013-05-17 05:46 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2013-06-12 08:41 - 2013-05-17 05:46 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 08:41 - 2013-05-17 05:45 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 08:41 - 2013-05-17 05:45 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-12 08:41 - 2013-05-17 05:45 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-12 08:41 - 2013-05-17 05:45 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 02004992 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 08:41 - 2013-05-17 05:44 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 08:41 - 2013-05-17 04:06 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-12 08:41 - 2013-05-17 02:20 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 08:41 - 2013-05-17 02:19 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 08:41 - 2013-05-17 02:18 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 08:41 - 2013-05-17 02:18 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-12 08:41 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 08:41 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 08:41 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 08:41 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 08:41 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 08:41 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 08:41 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 08:41 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 08:41 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 08:41 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 08:41 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-07 19:31 - 2013-06-07 19:31 - 21151576 ____A (Mozilla) C:\Users\kleine\Downloads\Firefox Setup 21.0(1).exe
2013-05-30 21:06 - 2013-05-30 21:06 - 00000680 ____A C:\Users\kleine\AppData\Local\d3d9caps.dat
2013-05-30 20:56 - 2013-06-04 19:50 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-29 10:16 - 2013-05-29 10:16 - 00000000 ____D C:\ProgramData\Synaptics
2013-05-29 10:10 - 2013-05-29 10:10 - 00000000 ____D C:\Users\kleine\AppData\Roaming\Synaptics
2013-05-29 09:55 - 2013-05-29 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2013-05-29 09:54 - 2013-05-29 09:54 - 00000818 ____A C:\Windows\setupact.log
2013-05-29 09:54 - 2013-05-29 09:54 - 00000000 ____A C:\Windows\setuperr.log
2013-05-29 09:52 - 2013-05-29 10:05 - 00004598 ____A C:\Windows\DPINST.LOG
2013-05-29 09:52 - 2013-05-29 09:52 - 00001350 ____A C:\Windows\Synaptics.log
2013-05-29 09:52 - 2013-02-25 23:28 - 00532208 ____A (Synaptics Incorporated) C:\Windows\System32\SynCOM.dll
2013-05-29 09:52 - 2013-02-25 23:28 - 00355056 ____A (Synaptics Incorporated) C:\Windows\System32\Drivers\SynTP.sys
2013-05-29 09:52 - 2013-02-25 23:28 - 00175856 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPAPI.dll
2013-05-29 09:52 - 2013-02-25 23:28 - 00143088 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPCo16.dll
2013-05-29 09:52 - 2011-09-14 19:11 - 01048576 ____A C:\Windows\System32\syndata.bin
2013-05-28 22:44 - 2013-05-28 22:44 - 03136368 ____A (Adobe Systems, Inc.) C:\Users\kleine\Downloads\install_flash_player_10_active_x(1).exe
2013-05-27 23:03 - 2013-05-27 23:03 - 00000000 ____D C:\Users\kleine\AppData\Roaming\LavasoftStatistics
2013-05-27 23:03 - 2013-05-27 23:03 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-05-27 22:58 - 2013-06-25 12:31 - 00001737 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-05-27 22:58 - 2013-06-24 21:13 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2013-05-27 22:58 - 2013-05-27 22:58 - 00000000 ____D C:\ProgramData\Lavasoft
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\Users\kleine\AppData\Roaming\SecureSearch
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\Users\kleine\AppData\Local\adawarebp
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\ProgramData\Search Protection
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\ProgramData\blekko toolbars
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\ProgramData\adawaretb
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\Program Files\Toolbar Cleaner
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\Program Files\adawaretb
2013-05-27 22:56 - 2013-05-27 23:35 - 00000000 ____D C:\Users\kleine\AppData\Roaming\Ad-Aware Antivirus
2013-05-27 22:56 - 2013-05-27 22:56 - 05577352 ____A (Lavasoft Limited) C:\Users\kleine\Downloads\Adaware_Installer.exe
2013-05-27 22:56 - 2013-05-27 22:56 - 00013560 ____A (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2013-05-27 22:39 - 2013-05-27 22:46 - 00000000 ____D C:\Users\kleine\AppData\Roaming\Systweak
2013-05-27 22:39 - 2013-02-28 16:27 - 00018776 ____A (Systweak Inc., (www.systweak.com)) C:\Windows\System32\roboot.exe
2013-05-27 22:37 - 2013-05-27 22:37 - 04433424 ____A (Systweak Inc                                                ) C:\Users\kleine\Downloads\rcpsetupdsnr_ds3273868.exe
2013-05-27 20:56 - 2013-06-08 09:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-27 20:55 - 2013-05-27 20:56 - 21151576 ____A (Mozilla) C:\Users\kleine\Downloads\Firefox Setup 21.0.exe
2013-05-27 09:01 - 2013-05-27 09:01 - 00104424 ____A C:\Users\kleine\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-27 08:59 - 2013-05-27 08:59 - 00394800 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-26 10:26 - 2013-06-13 19:58 - 00000000 ____D C:\Users\kleine\AppData\Roaming\HomeTab
2013-05-26 10:26 - 2013-06-13 19:58 - 00000000 ____D C:\Program Files\HomeTab
2013-05-26 10:26 - 2013-06-13 05:58 - 00031816 ____A C:\Windows\Launcher.exe
2013-05-26 10:26 - 2013-05-26 10:26 - 00000000 ____D C:\Users\kleine\AppData\Roaming\SimplyTech
2013-05-26 10:18 - 2013-05-26 10:19 - 00000000 ____D C:\Users\kleine\AppData\Local\DownloadGuide
2013-05-26 10:18 - 2013-05-26 10:18 - 00000000 ____D C:\Users\kleine\AppData\Local\Software Updater

==================== One Month Modified Files and Folders ========

2013-06-25 15:40 - 2013-06-25 15:40 - 00000000 ____D C:\FRST
2013-06-25 15:38 - 2013-06-25 15:38 - 01370263 ____A (Farbar) C:\Users\kleine\Desktop\FRST.exe
2013-06-25 15:37 - 2006-11-02 14:47 - 00004784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-25 15:37 - 2006-11-02 14:47 - 00004784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-25 15:26 - 2009-02-08 15:35 - 01915734 ____A C:\Windows\WindowsUpdate.log
2013-06-25 15:25 - 2009-02-16 15:18 - 00000416 ___AH C:\Windows\Tasks\SupBackGroundTask.job
2013-06-25 15:22 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-25 13:25 - 2008-09-12 21:41 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-06-25 13:25 - 2006-11-02 15:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-25 13:15 - 2012-04-21 19:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-25 12:31 - 2013-05-27 22:58 - 00001737 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-06-25 12:17 - 2013-06-25 12:17 - 00054738 ____A C:\Users\kleine\Desktop\gmer.txt
2013-06-25 09:19 - 2013-06-25 09:19 - 00103680 ____A (GMER) C:\awdiipod.sys
2013-06-25 09:16 - 2013-06-25 09:16 - 00080372 ____A C:\Users\kleine\Desktop\OTL.Txt
2013-06-25 09:04 - 2013-06-25 09:04 - 00000474 ____A C:\Users\kleine\Desktop\defogger_disable.log
2013-06-25 08:58 - 2010-06-24 10:14 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-06-24 21:24 - 2008-12-17 02:15 - 00000420 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{E5DAD495-48D4-4D94-969F-72B8E436802B}.job
2013-06-24 21:13 - 2013-05-27 22:58 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2013-06-24 21:10 - 2013-06-24 21:10 - 00000000 ____D C:\Windows\System32\Drivers\VDD
2013-06-24 21:04 - 2013-06-24 21:04 - 00152720 ____A C:\Windows\Minidump\Mini062413-02.dmp
2013-06-24 21:04 - 2013-06-24 20:57 - 212311210 ____A C:\Windows\MEMORY.DMP
2013-06-24 21:04 - 2013-06-24 20:57 - 00000000 ____D C:\Windows\Minidump
2013-06-24 20:57 - 2013-06-24 20:57 - 00154392 ____A C:\Windows\Minidump\Mini062413-01.dmp
2013-06-24 20:46 - 2013-06-24 20:46 - 00377856 ____A C:\Users\kleine\Desktop\gmer_2.1.19163.exe
2013-06-24 20:27 - 2013-06-24 20:27 - 00602112 ____A (OldTimer Tools) C:\Users\kleine\Desktop\OTL.exe
2013-06-24 19:52 - 2013-06-24 19:52 - 00000000 ____A C:\Users\kleine\defogger_reenable
2013-06-24 19:52 - 2008-12-17 01:53 - 00000000 ____D C:\users\kleine
2013-06-24 19:51 - 2013-06-24 19:51 - 00050477 ____A C:\Users\kleine\Desktop\Defogger.exe
2013-06-18 11:21 - 2012-12-08 20:11 - 00000000 ____D C:\Users\kleine\Desktop\Fotos
2013-06-18 11:21 - 2009-02-18 19:57 - 00000000 ____D C:\Users\kleine\Desktop\Corvin
2013-06-13 19:58 - 2013-05-26 10:26 - 00000000 ____D C:\Users\kleine\AppData\Roaming\HomeTab
2013-06-13 19:58 - 2013-05-26 10:26 - 00000000 ____D C:\Program Files\HomeTab
2013-06-13 12:29 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:26 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 08:42 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-13 05:58 - 2013-05-26 10:26 - 00031816 ____A C:\Windows\Launcher.exe
2013-06-12 12:15 - 2012-04-21 19:22 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 12:15 - 2011-09-21 16:19 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-08 20:24 - 2008-12-18 13:01 - 00000000 ____D C:\Users\kleine\AppData\Local\Adobe
2013-06-08 09:12 - 2013-05-27 20:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-07 19:32 - 2013-05-24 10:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-07 19:32 - 2010-02-23 23:55 - 00000846 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-07 19:31 - 2013-06-07 19:31 - 21151576 ____A (Mozilla) C:\Users\kleine\Downloads\Firefox Setup 21.0(1).exe
2013-06-04 19:50 - 2013-05-30 20:56 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-04 19:50 - 2009-10-16 22:14 - 00000000 ____D C:\ProgramData\Apple Computer
2013-05-30 21:06 - 2013-05-30 21:06 - 00000680 ____A C:\Users\kleine\AppData\Local\d3d9caps.dat
2013-05-30 21:05 - 2009-10-16 22:17 - 00000000 ____D C:\Users\kleine\AppData\Roaming\Apple Computer
2013-05-30 20:39 - 2012-11-17 17:26 - 00000000 ____D C:\Program Files\SelfUpdater
2013-05-29 10:16 - 2013-05-29 10:16 - 00000000 ____D C:\ProgramData\Synaptics
2013-05-29 10:10 - 2013-05-29 10:10 - 00000000 ____D C:\Users\kleine\AppData\Roaming\Synaptics
2013-05-29 10:05 - 2013-05-29 09:52 - 00004598 ____A C:\Windows\DPINST.LOG
2013-05-29 09:55 - 2013-05-29 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2013-05-29 09:54 - 2013-05-29 09:54 - 00000818 ____A C:\Windows\setupact.log
2013-05-29 09:54 - 2013-05-29 09:54 - 00000000 ____A C:\Windows\setuperr.log
2013-05-29 09:52 - 2013-05-29 09:52 - 00001350 ____A C:\Windows\Synaptics.log
2013-05-28 22:44 - 2013-05-28 22:44 - 03136368 ____A (Adobe Systems, Inc.) C:\Users\kleine\Downloads\install_flash_player_10_active_x(1).exe
2013-05-28 22:43 - 2008-09-12 05:57 - 00000000 ____D C:\ProgramData\Adobe
2013-05-27 23:35 - 2013-05-27 22:56 - 00000000 ____D C:\Users\kleine\AppData\Roaming\Ad-Aware Antivirus
2013-05-27 23:03 - 2013-05-27 23:03 - 00000000 ____D C:\Users\kleine\AppData\Roaming\LavasoftStatistics
2013-05-27 23:03 - 2013-05-27 23:03 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-05-27 22:58 - 2013-05-27 22:58 - 00000000 ____D C:\ProgramData\Lavasoft
2013-05-27 22:58 - 2006-11-02 13:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\Users\kleine\AppData\Roaming\SecureSearch
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\Users\kleine\AppData\Local\adawarebp
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\ProgramData\Search Protection
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\ProgramData\blekko toolbars
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\ProgramData\adawaretb
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\Program Files\Toolbar Cleaner
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\Program Files\adawaretb
2013-05-27 22:56 - 2013-05-27 22:56 - 05577352 ____A (Lavasoft Limited) C:\Users\kleine\Downloads\Adaware_Installer.exe
2013-05-27 22:56 - 2013-05-27 22:56 - 00013560 ____A (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2013-05-27 22:46 - 2013-05-27 22:39 - 00000000 ____D C:\Users\kleine\AppData\Roaming\Systweak
2013-05-27 22:37 - 2013-05-27 22:37 - 04433424 ____A (Systweak Inc                                                ) C:\Users\kleine\Downloads\rcpsetupdsnr_ds3273868.exe
2013-05-27 20:56 - 2013-05-27 20:55 - 21151576 ____A (Mozilla) C:\Users\kleine\Downloads\Firefox Setup 21.0.exe
2013-05-27 09:01 - 2013-05-27 09:01 - 00104424 ____A C:\Users\kleine\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-27 08:59 - 2013-05-27 08:59 - 00394800 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-26 10:26 - 2013-05-26 10:26 - 00000000 ____D C:\Users\kleine\AppData\Roaming\SimplyTech
2013-05-26 10:19 - 2013-05-26 10:18 - 00000000 ____D C:\Users\kleine\AppData\Local\DownloadGuide
2013-05-26 10:18 - 2013-05-26 10:18 - 00000000 ____D C:\Users\kleine\AppData\Local\Software Updater

Files to move or delete:
====================
C:\ProgramData\nvModes.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-25 15:31

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-06-2013 01
Ran by kleine at 2013-06-25 15:41:26
Running from C:\Users\kleine\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Ad-Aware Antivirus (Version: 10.5.2.4379)
Ad-Aware Security Add-on (Version: 3.0.0.6)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Agere Systems HDA Modem
Agfa ScanWise 2.00
Apple Software Update (Version: 2.1.3.127)
ArcSoft MediaImpression (Version: 1.2.33.353)
Atheros WLAN Client (Version: 1.00.000)
Audacity 1.2.6
Avira Free Antivirus (Version: 13.0.0.3640)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.28)
Easy Battery Manager (Version: 3.2.1.7)
Easy Display Manager (Version: 2.0.0.0)
Easy Network Manager 4.0 (Version: 4.0.0.13)
Easy SpeedUp Manager (Version: 2.0.1.0)
FormatFactory 3.0.1 (Version: 3.0.1)
HomeTab 3.5 (Version: 3.5)
imagine digital freedom - Samsung (Version: 1.0.2.0)
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi-Software (Version: 12.00.2000)
Intel® Matrix Storage Manager
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 35 (Version: 6.0.350)
LAME v3.98.2 for Audacity
Marvell Miniport Driver (Version: 11.45.3.3)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2003 Web Components (Version: 11.0.8003.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SOAP Toolkit 2.0 SP2 (Version: 623.1)
Microsoft SQL Server Native Client (Version: 9.00.2047.00)
Microsoft SQL Server VSS Writer (Version: 9.00.2047.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSVCRT (Version: 14.0.1468.721)
NVIDIA Grafiktreiber 310.64 (Version: 310.64)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.95.599)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Systemsteuerung 310.64 (Version: 310.64)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
PDFCreator (Version: 1.3.2)
PlayCamera (Version: 1.0.1.7)
Realtek High Definition Audio Driver (Version: 6.0.1.5605)
RedMon - Redirection Port Monitor
Samsung Magic Doctor (Version: 5.00)
Samsung Recovery Solution III (Version: 3.0.0.6)
Samsung Update Plus (Version: 1.3.0.11)
Samsung Update Plus (Version: 2.0)
SPCA1528 PC Driver (Version: 2.2.4.0)
Spotify (HKCU Version: 0.8.8.454.gfb120cda)
Synaptics Pointing Device Driver (Version: 16.3.15.1)
TeamViewer 8 (Version: 8.0.16642)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.2047.00)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
User Guide (Version: 1.0)
Vimicro UVC Camera (Version: 1.00.0000)
VLC media player 1.1.4 (Version: 1.1.4)
WIDCOMM Bluetooth Software 6.0.1.6300 (Version: 6.0.1.6300)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows-Treiberpaket - Intel System  (10/05/2012 9.1.9.1002) (Version: 10/05/2012 9.1.9.1002)
Windows-Treiberpaket - Intel USB  (10/05/2012 9.1.9.1002) (Version: 10/05/2012 9.1.9.1002)
Windows-Treiberpaket - NVIDIA Corporation (NVHDA) MEDIA  (07/03/2012 1.3.18.0) (Version: 07/03/2012 1.3.18.0)
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
XP Codec Pack
XviD MPEG-4 Video Codec (Version: XviD-1.0.2-29082004)

==================== Restore Points  =========================

10-06-2013 11:56:11 Geplanter Prüfpunkt
11-06-2013 09:02:40 Geplanter Prüfpunkt
12-06-2013 08:09:52 Geplanter Prüfpunkt
13-06-2013 06:39:24 Windows Update
14-06-2013 07:18:58 Geplanter Prüfpunkt
16-06-2013 20:20:40 Geplanter Prüfpunkt
17-06-2013 08:47:58 Geplanter Prüfpunkt
18-06-2013 18:56:26 Geplanter Prüfpunkt
19-06-2013 12:08:43 Geplanter Prüfpunkt
21-06-2013 07:59:30 Geplanter Prüfpunkt
23-06-2013 19:14:21 Geplanter Prüfpunkt
24-06-2013 07:44:03 Geplanter Prüfpunkt
24-06-2013 23:12:36 Geplanter Prüfpunkt

==================== Scheduled Tasks (whitelisted) =============

Task: {0E935E62-1D7B-4E30-AB0D-2807DA10CB83} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-05] (Samsung Electronics Co., Ltd.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {512087C4-C3C2-4F1C-B8D6-6D622A0A63FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {6348F453-7648-43E7-A11B-3ED4D8D0B2A7} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {70123431-D3B0-44E9-8554-1A05B93730AD} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2008-05-22] (SAMSUNG Electronics)
Task: {8CA034A1-47C7-48C5-967F-80E5A5062EED} - System32\Tasks\Browser Updater\Browser Updater => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {90255043-B028-41AF-B007-6EED10787515} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-04-17] (SAMSUNG Electronics co., LTD.)
Task: {93A47401-580A-48F1-9B8D-EC7BC9FF2299} - System32\Tasks\User_Feed_Synchronization-{E5DAD495-48D4-4D94-969F-72B8E436802B} => C:\Windows\system32\msfeedssync.exe [2013-05-17] (Microsoft Corporation)
Task: {A1DD22C6-FBE7-4021-BA65-996B4FECD9B2} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-06-08] ()
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {AEE6B757-ED46-4EE6-B7FA-D670E3E9EAA5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {BD868118-1205-4EE5-9C35-D326D8A0549F} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe [2013-03-18] (Lavasoft Limited)
Task: {C6D1C84C-0891-4E7E-B2D4-8B200E31F411} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2008-04-25] (Samsung Electronics Co., Ltd.)
Task: {C88CD5CB-B30A-4A91-A310-84715F1796DD} - System32\Tasks\SupBackGroundTask => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe [2010-04-20] ()
Task: {E4460BA9-EC23-4812-8A45-67380D5C3C90} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-21] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F04F987D-57DD-4E10-ABCB-9CA94823136D} - System32\Tasks\Software Updater Ui => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-06-08] ()
Task: {FAF58D27-CFD2-46AB-9931-EA3C4C25CCB6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SupBackGroundTask.job => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{E5DAD495-48D4-4D94-969F-72B8E436802B}.job => C:\Windows\system32\msfeedssync.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/25/2013 03:24:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2013 09:40:35 AM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (06/25/2013 09:21:14 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel 0x515d31f0, fehlerhaftes Modul gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel 0x515d31f0, Ausnahmecode 0xc0000005, Fehleroffset 0x00012288,
Prozess-ID 0x9b4, Anwendungsstartzeit gmer_2.1.19163.exe0.

Error: (06/25/2013 09:02:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2013 08:55:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26885197

Error: (06/25/2013 08:55:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 26885197

Error: (06/25/2013 08:55:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/25/2013 08:55:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26883996

Error: (06/25/2013 08:55:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 26883996

Error: (06/25/2013 08:55:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (06/25/2013 03:24:10 PM) (Source: Service Control Manager) (User: )
Description: SPCA1528 Video Camera Service%%1058

Error: (06/25/2013 03:24:10 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (06/25/2013 03:24:02 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/25/2013 09:05:09 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/25/2013 09:02:55 AM) (Source: Service Control Manager) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst%%1053

Error: (06/25/2013 09:02:55 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Media Player-Netzwerkfreigabedienst

Error: (06/25/2013 09:02:55 AM) (Source: Service Control Manager) (User: )
Description: SPCA1528 Video Camera Service%%1058

Error: (06/25/2013 09:02:55 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (06/24/2013 09:15:09 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/24/2013 09:12:25 PM) (Source: Service Control Manager) (User: )
Description: SPCA1528 Video Camera Service%%1058


Microsoft Office Sessions:
=========================
Error: (06/25/2013 03:24:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2013 09:40:35 AM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (06/25/2013 09:21:14 AM) (Source: Application Error)(User: )
Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c0000005000122889b401ce71743ef3c5a8

Error: (06/25/2013 09:02:55 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2013 08:55:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26885197

Error: (06/25/2013 08:55:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 26885197

Error: (06/25/2013 08:55:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/25/2013 08:55:54 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26883996

Error: (06/25/2013 08:55:54 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 26883996

Error: (06/25/2013 08:55:54 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2013-05-29 10:23:37.578
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-29 10:23:37.332
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-29 10:23:26.971
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-29 10:23:26.674
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-29 10:23:13.827
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-29 10:23:13.564
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-29 10:23:09.754
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-29 10:23:09.509
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-29 10:23:05.673
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-29 10:23:05.402
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 3065.87 MB
Available physical RAM: 1862.21 MB
Total Pagefile: 6356.14 MB
Available Pagefile: 4971.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:144.09 GB) (Free:45.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:144 GB) (Free:143.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 0201FF32)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 25.06.2013 15:23
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

corvin 25.06.2013 20:46
Liste der Anhänge anzeigen (Anzahl: 1)
Wie kann ich das Virenprogramm ausschalten?

corvin 25.06.2013 21:53
Code:
ComboFix 13-06-24.01 - kleine 25.06.2013  22:28:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3066.2037 [GMT 2:00]
ausgeführt von:: c:\users\kleine\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\kleine\4.0
c:\windows\IsUn0407.exe
c:\windows\system32\roboot.exe
D:\install.exe
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-05-25 bis 2013-06-25  ))))))))))))))))))))))))))))))
.
.
2013-06-25 20:34 . 2013-06-25 20:34        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-06-25 20:34 . 2013-06-25 20:34        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-06-25 20:34 . 2013-06-25 20:36        --------        d-----w-        c:\users\kleine\AppData\Local\temp
2013-06-25 20:20 . 2013-06-25 20:20        --------        d-----w-        c:\windows\system32\drivers\VDD
2013-06-25 13:40 . 2013-06-25 13:40        --------        d-----w-        C:\FRST
2013-06-25 07:19 . 2013-06-25 07:19        103680        ----a-w-        C:\awdiipod.sys
2013-06-24 19:13 . 2013-04-11 09:06        41584        ----a-w-        c:\windows\system32\drivers\gfiark.sys
2013-06-07 17:32 . 2013-05-11 22:27        262552        ----a-w-        c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-30 18:56 . 2013-06-04 17:50        --------        d-----w-        c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-29 08:16 . 2013-05-29 08:16        --------        d-----w-        c:\programdata\Synaptics
2013-05-29 08:10 . 2013-05-29 08:10        --------        d-----w-        c:\users\kleine\AppData\Roaming\Synaptics
2013-05-29 07:52 . 2013-02-25 21:28        355056        ----a-w-        c:\windows\system32\drivers\SynTP.sys
2013-05-29 07:52 . 2013-02-25 21:28        143088        ----a-w-        c:\windows\system32\SynTPCo16.dll
2013-05-29 07:52 . 2013-02-25 21:28        175856        ----a-w-        c:\windows\system32\SynTPAPI.dll
2013-05-29 07:52 . 2013-02-25 21:28        532208        ----a-w-        c:\windows\system32\SynCOM.dll
2013-05-29 07:52 . 2011-09-14 17:11        1048576        ----a-w-        c:\windows\system32\syndata.bin
2013-05-27 21:03 . 2013-06-25 20:21        --------        d-----w-        c:\users\kleine\AppData\Roaming\LavasoftStatistics
2013-05-27 21:03 . 2013-06-25 20:16        --------        d-----w-        c:\programdata\Ad-Aware Antivirus
2013-05-27 20:58 . 2013-05-27 20:58        --------        d-----w-        c:\programdata\Lavasoft
2013-05-27 20:58 . 2013-06-25 20:20        --------        d-----w-        c:\program files\Ad-Aware Antivirus
2013-05-27 20:57 . 2013-06-25 20:18        --------        d-----w-        c:\programdata\Downloaded Installations
2013-05-27 20:57 . 2013-05-27 20:57        --------        d-----w-        c:\programdata\Search Protection
2013-05-27 20:57 . 2013-05-27 20:57        --------        d-----w-        c:\programdata\blekko toolbars
2013-05-27 20:57 . 2013-05-27 20:57        --------        d-----w-        c:\programdata\adawaretb
2013-05-27 20:57 . 2013-06-25 20:35        --------        d-----w-        c:\programdata\Ad-Aware Browsing Protection
2013-05-27 20:57 . 2013-05-27 20:57        --------        d-----w-        c:\program files\Toolbar Cleaner
2013-05-27 20:57 . 2013-05-27 20:57        --------        d-----w-        c:\users\kleine\AppData\Roaming\SecureSearch
2013-05-27 20:57 . 2013-05-27 20:57        --------        d-----w-        c:\program files\adawaretb
2013-05-27 20:56 . 2013-06-25 20:17        13560        ----a-w-        c:\windows\system32\drivers\gfibto.sys
2013-05-27 20:56 . 2013-05-27 21:35        --------        d-----w-        c:\users\kleine\AppData\Roaming\Ad-Aware Antivirus
2013-05-27 20:39 . 2013-05-27 20:46        --------        d-----w-        c:\users\kleine\AppData\Roaming\Systweak
2013-05-27 18:56 . 2013-06-08 07:12        --------        d-----w-        c:\program files\Mozilla Maintenance Service
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 03:58 . 2013-05-26 08:26        31816        ----a-w-        c:\windows\Launcher.exe
2013-06-12 10:15 . 2012-04-21 17:22        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-06-12 10:15 . 2011-09-21 14:19        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-13 06:19 . 2013-05-25 06:24        7016152        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A8DA2C2-1B09-49DD-8E17-EDEDC8BF4A7D}\mpengine.dll
2013-05-02 00:06 . 2009-10-03 22:07        238872        ------w-        c:\windows\system32\MpSigStub.exe
2013-04-15 14:20 . 2013-05-15 07:09        638328        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 07:09        37376        ----a-w-        c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-15 07:09        2049024        ----a-w-        c:\windows\system32\win32k.sys
2013-04-04 03:35 . 2013-04-22 18:34        94112        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2013-05-16 87464]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2013-05-16 13:55        87464        ----a-w-        c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2013-05-16 87464]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-05-15 554408]
"Search Protection"="c:\programdata\Search Protection\SearchProtection.exe" [2013-05-16 942504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2013-02-25 2416368]
.
c:\users\kleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ad-Aware Antivirus.lnk - c:\program files\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-6-13 2050928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2013-06-13 1236336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - GFIBTO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 10:15]
.
2013-06-25 c:\windows\Tasks\SupBackGroundTask.job
- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [2008-10-27 12:26]
.
2013-06-25 c:\windows\Tasks\User_Feed_Synchronization-{E5DAD495-48D4-4D94-969F-72B8E436802B}.job
- c:\windows\system32\msfeedssync.exe [2013-06-12 00:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:newtab
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&st=chrome&q=
mStart Page = about:newtab
mSearch Bar = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&st=chrome&q=
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=TJ&userid=a4466b73-78a1-4ea3-94a6-32e51e44fa42&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
uSearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\qlvwi8hu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=AA23B4DCF089F5AEFB8E2251A3C8AA33
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_0&hsimp=yhs-lavasoft&ent=bs&q=
FF - ExtSQL: 2013-05-27 22:57; {87934c42-161d-45bc-8cef-ef18abe2a30c}; c:\users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\qlvwi8hu.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Agfa ScanWise 2.00 - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-06-25 22:39
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  SynTPEnh = %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe????????????????????????????????????????????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3320)
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\TeamViewer\Version8\TeamViewer_Service.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Samsung\Easy Display Manager\dmhkcore.exe
c:\program files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\AD-AWA~1\AdAware.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\program files\Ad-Aware Antivirus\SBAMSvc.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-25  22:42:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-06-25 20:41
.
Vor Suchlauf: 8 Verzeichnis(se), 48.089.157.632 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 48.418.152.448 Bytes frei
.
- - End Of File - - 0C8F822040E4F529E1585D1B591B782D
61A349592C4728853F4A90FF78F7628E
Der Softwareupdater kommt immernoch.
Antivir habe ich deinstalliert. Nutze jetzt nur noch Ad-Aware Antivirus.

schrauber 26.06.2013 08:47
Wir sind ja auch noch nicht fertig :). Ad-Aware gibts als Antivirus? :wtf:

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Scan mit SystemLook

Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    :filefind
    *SoftwareUpdater*
    :regfind
    SoftwareUpdater
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.



FRST löschen, neu laden, und scannen lassen.

corvin 26.06.2013 11:12
Code:
# AdwCleaner v2.303 - Datei am 26/06/2013 um 11:10:07 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : kleine - KLEINE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\kleine\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files\mozilla firefox\searchplugins\Web Search.xml
Ordner Gelöscht : C:\Program Files\adawaretb
Ordner Gelöscht : C:\Program Files\Common Files\spigot
Ordner Gelöscht : C:\Program Files\HomeTab
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\adawaretb
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\search protection
Ordner Gelöscht : C:\Users\kleine\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\kleine\AppData\LocalLow\adawaretb
Ordner Gelöscht : C:\Users\kleine\AppData\LocalLow\HomeTab
Ordner Gelöscht : C:\Users\kleine\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\kleine\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\kleine\AppData\Roaming\HomeTab
Ordner Gelöscht : C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\qlvwi8hu.default\adawaretb
Ordner Gelöscht : C:\Users\kleine\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\kleine\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\kleine\AppData\Roaming\SimplyTech

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\5f08b88e669bd15
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawaretb
Schlüssel Gelöscht : HKCU\Software\HomeTab
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5dfd64a7-81dd-45a9-9874-1fe13b7f4d56}_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\adawaretb
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6492E171-2427-4932-B414-33574A089F5E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6492E171-2427-4932-B414-33574A089F5E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\adawaretb
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cfd485f0-96bd-47cd-bb6d-cd7dda95f102}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19437

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&st=chrome&q= --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&st=chrome&q= --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=TJ&userid=a4466b73-78a1-4ea3-94a6-32e51e44fa42&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&st=chrome&q= --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&st=chrome&q= --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&st=chrome&q= --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&st=chrome&q= --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&st=chrome&q= --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=a4466b73-78a1-4ea3-94a6-32e51e44fa42&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&q=%s --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&st=chrome&q= --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\qlvwi8hu.default\prefs.js

C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\qlvwi8hu.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Gelöscht : user_pref("browser.search.order.1", "Web Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "46eabead0000000000000021638d5942");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15661");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110824&tt=4612_[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.816:24:53");
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\kleine\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [12862 octets] - [26/06/2013 11:10:07]

########## EOF - C:\AdwCleaner[S1].txt - [12923 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by kleine on 26.06.2013 at 11:26:24,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7C03AD48-57F9-4B72-B451-FF2E5AD2B3B1}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\kleine\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\kleine\appdata\local\adawarebp"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\kleine\AppData\Roaming\mozilla\firefox\profiles\qlvwi8hu.default\extensions\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Emptied folder: C:\Users\kleine\AppData\Roaming\mozilla\firefox\profiles\qlvwi8hu.default\minidumps [601 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.06.2013 at 11:27:44,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 12:09 on 26/06/2013 by kleine
Administrator - Elevation successful

========== filefind ==========

Searching for "*SoftwareUpdater*"
C:\Program Files\SelfUpdater\SoftwareUpdater.Bootstrapper.exe        --a---- 60928 bytes        [18:21 10/12/2012]        [17:42 26/04/2013] 98A73E88E75762BD486E153D640EB70E
C:\Program Files\SelfUpdater\SoftwareUpdater.dll        --a---- 608768 bytes        [18:21 13/12/2012]        [08:33 06/03/2013] 62891F2EDC09C945502F902819671092
C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe        --a---- 60928 bytes        [14:11 05/02/2013]        [17:14 08/06/2013] 4D62C3A7FA7C4FF08D5015D75124C92A
C:\Program Files\SoftwareUpdater\SoftwareUpdater.dll        --a---- 168960 bytes        [09:21 08/03/2013]        [17:13 08/06/2013] 1EF11ADFB5DD20F4F78D5AACC309F633
C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe        --a---- 1281536 bytes        [09:22 08/03/2013]        [17:13 08/06/2013] 99345050F950EAD86726BB63715FEDE6
C:\Windows\Prefetch\SOFTWAREUPDATER.BOOTSTRAPPER.-C1C0EF1D.pf        --a---- 93854 bytes        [07:04 27/05/2013]        [09:20 26/06/2013] CC1AD65FFEDC25D758266CF98E4A4558

========== regfind ==========

Searching for "SoftwareUpdater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SoftwareUpdater\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BA46DD38EBDEA24A8A0A387068C22EF\Features]
"SoftwareUpdater"="ProductFeature"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SystemStoreService]
"ImagePath"=""C:\Program Files\SoftwareUpdater\SystemStore.exe"  -displayname "System Store" -servicename "SystemStoreService""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SystemStoreService]
"ImagePath"=""C:\Program Files\SoftwareUpdater\SystemStore.exe"  -displayname "System Store" -servicename "SystemStoreService""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SystemStoreService]
"ImagePath"=""C:\Program Files\SoftwareUpdater\SystemStore.exe"  -displayname "System Store" -servicename "SystemStoreService""

Searching for "        "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="            <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                <InitializationParameters>                    <Param Name="PSVersion" Value="2.0"/>                </InitializationParameters>                <Resources>                    <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                        <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                        <Capability Type="Shell"/>                    </Resource>                </Res
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"FriendlyName"="Rainbow        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_CONCORD&PROD_4340Z&REV_01.0#01.00.00&0#]
"DeviceDesc"="4340z          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_INTENSO&PROD_RAINBOW&REV_0.00#08122000290220&0#]
"DeviceDesc"="Rainbow        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_INTENSO&PROD_RAINBOW&REV_0.00#6&245E7111&0&08122000290220&0#]
"DeviceDesc"="Rainbow        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA04012700008491&0#]
"DeviceDesc"="USB            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"FriendlyName"="Rainbow        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_CONCORD&PROD_4340Z&REV_01.0#01.00.00&0#]
"DeviceDesc"="4340z          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_INTENSO&PROD_RAINBOW&REV_0.00#08122000290220&0#]
"DeviceDesc"="Rainbow        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_INTENSO&PROD_RAINBOW&REV_0.00#6&245E7111&0&08122000290220&0#]
"DeviceDesc"="Rainbow        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA04012700008491&0#]
"DeviceDesc"="USB            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"FriendlyName"="Rainbow        "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_CONCORD&PROD_4340Z&REV_01.0#01.00.00&0#]
"DeviceDesc"="4340z          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_INTENSO&PROD_RAINBOW&REV_0.00#08122000290220&0#]
"DeviceDesc"="Rainbow        "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_INTENSO&PROD_RAINBOW&REV_0.00#6&245E7111&0&08122000290220&0#]
"DeviceDesc"="Rainbow        "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA04012700008491&0#]
"DeviceDesc"="USB            "

-= EOF =-

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-06-2013 02
Ran by kleine (administrator) on 26-06-2013 12:20:26
Running from C:\Users\kleine\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Lavasoft Limited) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Lavasoft Limited) C:\PROGRA~1\AD-AWA~1\AdAware.exe
(GFI Software) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [554408 2013-05-15] (Lavasoft)
HKLM\...\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe [x]
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2416368 2013-02-25] (Synaptics Incorporated)
HKLM\...\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKCU - {2BA770C2-E3A0-438F-90BC-C507DF624B32} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
SearchScopes: HKCU - {44F87947-6CB0-4DC7-B01A-0C6A184CE044} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {572D9AB0-4614-4D0A-83C3-BD5F7D01CEBC} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {5A5C2038-9BC0-43F2-91BD-2C638D6BA9F6} URL = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms}
SearchScopes: HKCU - {5C895343-C9EC-4445-AA9F-E7D85DAAC8EA} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
SearchScopes: HKCU - {CD376ED7-26AA-4576-B779-6817F0068E63} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\qlvwi8hu.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_0&hsimp=yhs-lavasoft&ent=bs&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\kleine\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

Chrome:
=======
CHR HomePage:        "homepage":        "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=AA23B4DCF089F5AEFB8E2251A3C8AA33",
CHR RestoreOnStartup: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=AA23B4DCF089F5AEFB8E2251A3C8AA33"

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe [234776 2012-10-26] (McAfee, Inc.)
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] ()
R2 SBAMSvc; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 SystemStoreService; C:\Program Files\SoftwareUpdater\SystemStore.exe [296448 2013-04-30] ()

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 Bulk1528; C:\Windows\System32\Drivers\Bulk1528.sys [14080 2009-10-20] (SunPlus)
S2 Ca1528av; C:\Windows\System32\Drivers\Ca1528av.sys [516480 2008-12-16] (Digital Camera)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41584 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-06-25] (GFI Software)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-09-12] (SAMSUNG ELECTRONICS CO., LTD.)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [66344 2012-09-12] (GFI Software)
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [243840 2009-01-23] (Vimicro Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-26 12:16 - 2013-06-26 12:16 - 01370251 ____A (Farbar) C:\Users\kleine\Desktop\FRST.exe
2013-06-26 12:09 - 2013-06-26 12:11 - 00012162 ____A C:\Users\kleine\Desktop\SystemLook.txt
2013-06-26 12:04 - 2013-06-26 12:04 - 00139264 ____A C:\Users\kleine\Desktop\SystemLook.exe
2013-06-26 11:27 - 2013-06-26 11:27 - 00001616 ____A C:\Users\kleine\Desktop\JRT.txt
2013-06-26 11:26 - 2013-06-26 11:26 - 00000000 ____D C:\Windows\ERUNT
2013-06-26 11:26 - 2013-06-26 11:26 - 00000000 ____D C:\JRT
2013-06-26 11:21 - 2013-06-26 11:24 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\kleine\Desktop\JRT.exe
2013-06-26 11:10 - 2013-06-26 11:11 - 00012993 ____A C:\AdwCleaner[S1].txt
2013-06-26 11:08 - 2013-06-26 11:08 - 00648201 ____A C:\Users\kleine\Desktop\adwcleaner.exe
2013-06-25 22:42 - 2013-06-25 22:42 - 00012630 ____A C:\ComboFix.txt
2013-06-25 22:26 - 2013-06-25 22:42 - 00000000 ____D C:\ComboFix
2013-06-25 22:26 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-25 22:26 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-25 22:26 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-25 22:26 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-25 22:26 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-25 22:26 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-25 22:26 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-25 22:26 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-25 22:20 - 2013-06-25 22:20 - 00000000 ____D C:\Windows\System32\Drivers\VDD
2013-06-25 22:17 - 2013-06-25 22:17 - 05616264 ____A (Lavasoft Limited) C:\Users\kleine\Downloads\Adaware_Installer(1).exe
2013-06-25 22:06 - 2013-06-25 22:35 - 00003500 ____A C:\Windows\PFRO.log
2013-06-25 21:56 - 2013-06-25 22:42 - 00000000 ___AD C:\Qoobox
2013-06-25 21:55 - 2013-06-25 22:41 - 00000000 ____D C:\Windows\erdnt
2013-06-25 21:37 - 2013-06-25 21:37 - 05082330 ___RA (Swearware) C:\Users\kleine\Desktop\ComboFix.exe
2013-06-25 15:40 - 2013-06-25 15:40 - 00000000 ____D C:\FRST
2013-06-25 12:17 - 2013-06-25 12:17 - 00054738 ____A C:\Users\kleine\Desktop\gmer.txt
2013-06-25 09:19 - 2013-06-25 09:19 - 00103680 ____A (GMER) C:\awdiipod.sys
2013-06-25 09:16 - 2013-06-25 09:16 - 00080372 ____A C:\Users\kleine\Desktop\OTL.Txt
2013-06-25 09:04 - 2013-06-25 09:04 - 00000474 ____A C:\Users\kleine\Desktop\defogger_disable.log
2013-06-24 21:13 - 2013-04-11 11:06 - 00041584 ____A (ThreatTrack Security) C:\Windows\System32\Drivers\gfiark.sys
2013-06-24 21:04 - 2013-06-24 21:04 - 00152720 ____A C:\Windows\Minidump\Mini062413-02.dmp
2013-06-24 20:57 - 2013-06-24 21:04 - 212311210 ____A C:\Windows\MEMORY.DMP
2013-06-24 20:57 - 2013-06-24 21:04 - 00000000 ____D C:\Windows\Minidump
2013-06-24 20:57 - 2013-06-24 20:57 - 00154392 ____A C:\Windows\Minidump\Mini062413-01.dmp
2013-06-24 20:46 - 2013-06-24 20:46 - 00377856 ____A C:\Users\kleine\Desktop\gmer_2.1.19163.exe
2013-06-24 20:27 - 2013-06-24 20:27 - 00602112 ____A (OldTimer Tools) C:\Users\kleine\Desktop\OTL.exe
2013-06-24 19:52 - 2013-06-24 19:52 - 00000000 ____A C:\Users\kleine\defogger_reenable
2013-06-24 19:51 - 2013-06-24 19:51 - 00050477 ____A C:\Users\kleine\Desktop\Defogger.exe
2013-06-12 08:41 - 2013-05-17 05:50 - 01212928 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 08:41 - 2013-05-17 05:50 - 00916480 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 08:41 - 2013-05-17 05:50 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 08:41 - 2013-05-17 05:48 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-12 08:41 - 2013-05-17 05:46 - 06014464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 08:41 - 2013-05-17 05:46 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2013-06-12 08:41 - 2013-05-17 05:46 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 08:41 - 2013-05-17 05:45 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 08:41 - 2013-05-17 05:45 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-12 08:41 - 2013-05-17 05:45 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-12 08:41 - 2013-05-17 05:45 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 02004992 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 08:41 - 2013-05-17 05:44 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 08:41 - 2013-05-17 04:06 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-12 08:41 - 2013-05-17 02:20 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 08:41 - 2013-05-17 02:19 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 08:41 - 2013-05-17 02:18 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 08:41 - 2013-05-17 02:18 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-12 08:41 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 08:41 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 08:41 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 08:41 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 08:41 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 08:41 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 08:41 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 08:41 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 08:41 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 08:41 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 08:41 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-07 19:31 - 2013-06-07 19:31 - 21151576 ____A (Mozilla) C:\Users\kleine\Downloads\Firefox Setup 21.0(1).exe
2013-05-30 21:06 - 2013-05-30 21:06 - 00000680 ____A C:\Users\kleine\AppData\Local\d3d9caps.dat
2013-05-30 20:56 - 2013-06-04 19:50 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-29 10:16 - 2013-05-29 10:16 - 00000000 ____D C:\ProgramData\Synaptics
2013-05-29 10:10 - 2013-05-29 10:10 - 00000000 ____D C:\Users\kleine\AppData\Roaming\Synaptics
2013-05-29 09:55 - 2013-05-29 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2013-05-29 09:54 - 2013-05-29 09:54 - 00000818 ____A C:\Windows\setupact.log
2013-05-29 09:54 - 2013-05-29 09:54 - 00000000 ____A C:\Windows\setuperr.log
2013-05-29 09:52 - 2013-05-29 10:05 - 00004598 ____A C:\Windows\DPINST.LOG
2013-05-29 09:52 - 2013-05-29 09:52 - 00001350 ____A C:\Windows\Synaptics.log
2013-05-29 09:52 - 2013-02-25 23:28 - 00532208 ____A (Synaptics Incorporated) C:\Windows\System32\SynCOM.dll
2013-05-29 09:52 - 2013-02-25 23:28 - 00355056 ____A (Synaptics Incorporated) C:\Windows\System32\Drivers\SynTP.sys
2013-05-29 09:52 - 2013-02-25 23:28 - 00175856 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPAPI.dll
2013-05-29 09:52 - 2013-02-25 23:28 - 00143088 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPCo16.dll
2013-05-29 09:52 - 2011-09-14 19:11 - 01048576 ____A C:\Windows\System32\syndata.bin
2013-05-28 22:44 - 2013-05-28 22:44 - 03136368 ____A (Adobe Systems, Inc.) C:\Users\kleine\Downloads\install_flash_player_10_active_x(1).exe
2013-05-27 23:03 - 2013-06-25 22:21 - 00000000 ____D C:\Users\kleine\AppData\Roaming\LavasoftStatistics
2013-05-27 23:03 - 2013-06-25 22:16 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-05-27 22:58 - 2013-06-25 22:21 - 00001737 ____A C:\Users\kleine\Desktop\Ad-Aware Antivirus.lnk
2013-05-27 22:58 - 2013-06-25 22:20 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2013-05-27 22:58 - 2013-05-27 22:58 - 00000000 ____D C:\ProgramData\Lavasoft
2013-05-27 22:57 - 2013-06-25 22:35 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-05-27 22:57 - 2013-06-25 22:18 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\Users\kleine\AppData\Roaming\SecureSearch
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\Program Files\Toolbar Cleaner
2013-05-27 22:56 - 2013-06-25 22:17 - 00013560 ____A (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2013-05-27 22:56 - 2013-05-27 23:35 - 00000000 ____D C:\Users\kleine\AppData\Roaming\Ad-Aware Antivirus
2013-05-27 22:56 - 2013-05-27 22:56 - 05577352 ____A (Lavasoft Limited) C:\Users\kleine\Downloads\Adaware_Installer.exe
2013-05-27 22:37 - 2013-05-27 22:37 - 04433424 ____A (Systweak Inc                                                ) C:\Users\kleine\Downloads\rcpsetupdsnr_ds3273868.exe
2013-05-27 20:56 - 2013-06-08 09:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-27 20:55 - 2013-05-27 20:56 - 21151576 ____A (Mozilla) C:\Users\kleine\Downloads\Firefox Setup 21.0.exe
2013-05-27 09:01 - 2013-05-27 09:01 - 00104424 ____A C:\Users\kleine\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-27 08:59 - 2013-05-27 08:59 - 00394800 ____A C:\Windows\System32\FNTCACHE.DAT

==================== One Month Modified Files and Folders ========

2013-06-26 12:16 - 2013-06-26 12:16 - 01370251 ____A (Farbar) C:\Users\kleine\Desktop\FRST.exe
2013-06-26 12:15 - 2012-04-21 19:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-26 12:11 - 2013-06-26 12:09 - 00012162 ____A C:\Users\kleine\Desktop\SystemLook.txt
2013-06-26 12:04 - 2013-06-26 12:04 - 00139264 ____A C:\Users\kleine\Desktop\SystemLook.exe
2013-06-26 12:02 - 2009-02-08 15:35 - 01996878 ____A C:\Windows\WindowsUpdate.log
2013-06-26 11:50 - 2009-02-16 15:18 - 00000416 ___AH C:\Windows\Tasks\SupBackGroundTask.job
2013-06-26 11:27 - 2013-06-26 11:27 - 00001616 ____A C:\Users\kleine\Desktop\JRT.txt
2013-06-26 11:26 - 2013-06-26 11:26 - 00000000 ____D C:\Windows\ERUNT
2013-06-26 11:26 - 2013-06-26 11:26 - 00000000 ____D C:\JRT
2013-06-26 11:24 - 2013-06-26 11:21 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\kleine\Desktop\JRT.exe
2013-06-26 11:16 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-26 11:16 - 2006-11-02 14:47 - 00004784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-26 11:16 - 2006-11-02 14:47 - 00004784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-26 11:15 - 2008-09-12 21:41 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-06-26 11:15 - 2006-11-02 15:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-26 11:11 - 2013-06-26 11:10 - 00012993 ____A C:\AdwCleaner[S1].txt
2013-06-26 11:10 - 2008-12-23 20:47 - 00000000 ____D C:\ProgramData\ICQ
2013-06-26 11:08 - 2013-06-26 11:08 - 00648201 ____A C:\Users\kleine\Desktop\adwcleaner.exe
2013-06-25 22:42 - 2013-06-25 22:42 - 00012630 ____A C:\ComboFix.txt
2013-06-25 22:42 - 2013-06-25 22:26 - 00000000 ____D C:\ComboFix
2013-06-25 22:42 - 2013-06-25 21:56 - 00000000 ___AD C:\Qoobox
2013-06-25 22:42 - 2006-11-02 13:18 - 00000000 __RHD C:\users\Default
2013-06-25 22:42 - 2006-11-02 13:18 - 00000000 ___RD C:\users\Public
2013-06-25 22:41 - 2013-06-25 21:55 - 00000000 ____D C:\Windows\erdnt
2013-06-25 22:36 - 2006-11-02 12:23 - 00000215 ____A C:\Windows\system.ini
2013-06-25 22:35 - 2013-06-25 22:06 - 00003500 ____A C:\Windows\PFRO.log
2013-06-25 22:35 - 2013-05-27 22:57 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-06-25 22:33 - 2008-12-17 01:53 - 00000000 ____D C:\users\kleine
2013-06-25 22:21 - 2013-05-27 23:03 - 00000000 ____D C:\Users\kleine\AppData\Roaming\LavasoftStatistics
2013-06-25 22:21 - 2013-05-27 22:58 - 00001737 ____A C:\Users\kleine\Desktop\Ad-Aware Antivirus.lnk
2013-06-25 22:20 - 2013-06-25 22:20 - 00000000 ____D C:\Windows\System32\Drivers\VDD
2013-06-25 22:20 - 2013-05-27 22:58 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2013-06-25 22:18 - 2013-05-27 22:57 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-06-25 22:18 - 2013-05-24 10:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-25 22:17 - 2013-06-25 22:17 - 05616264 ____A (Lavasoft Limited) C:\Users\kleine\Downloads\Adaware_Installer(1).exe
2013-06-25 22:17 - 2013-05-27 22:56 - 00013560 ____A (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2013-06-25 22:16 - 2013-05-27 23:03 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-06-25 22:05 - 2008-12-17 02:15 - 00000420 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{E5DAD495-48D4-4D94-969F-72B8E436802B}.job
2013-06-25 21:37 - 2013-06-25 21:37 - 05082330 ___RA (Swearware) C:\Users\kleine\Desktop\ComboFix.exe
2013-06-25 15:40 - 2013-06-25 15:40 - 00000000 ____D C:\FRST
2013-06-25 12:17 - 2013-06-25 12:17 - 00054738 ____A C:\Users\kleine\Desktop\gmer.txt
2013-06-25 09:19 - 2013-06-25 09:19 - 00103680 ____A (GMER) C:\awdiipod.sys
2013-06-25 09:16 - 2013-06-25 09:16 - 00080372 ____A C:\Users\kleine\Desktop\OTL.Txt
2013-06-25 09:04 - 2013-06-25 09:04 - 00000474 ____A C:\Users\kleine\Desktop\defogger_disable.log
2013-06-25 08:58 - 2010-06-24 10:14 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-06-24 21:04 - 2013-06-24 21:04 - 00152720 ____A C:\Windows\Minidump\Mini062413-02.dmp
2013-06-24 21:04 - 2013-06-24 20:57 - 212311210 ____A C:\Windows\MEMORY.DMP
2013-06-24 21:04 - 2013-06-24 20:57 - 00000000 ____D C:\Windows\Minidump
2013-06-24 20:57 - 2013-06-24 20:57 - 00154392 ____A C:\Windows\Minidump\Mini062413-01.dmp
2013-06-24 20:46 - 2013-06-24 20:46 - 00377856 ____A C:\Users\kleine\Desktop\gmer_2.1.19163.exe
2013-06-24 20:27 - 2013-06-24 20:27 - 00602112 ____A (OldTimer Tools) C:\Users\kleine\Desktop\OTL.exe
2013-06-24 19:52 - 2013-06-24 19:52 - 00000000 ____A C:\Users\kleine\defogger_reenable
2013-06-24 19:51 - 2013-06-24 19:51 - 00050477 ____A C:\Users\kleine\Desktop\Defogger.exe
2013-06-18 11:21 - 2012-12-08 20:11 - 00000000 ____D C:\Users\kleine\Desktop\Fotos
2013-06-18 11:21 - 2009-02-18 19:57 - 00000000 ____D C:\Users\kleine\Desktop\Corvin
2013-06-13 12:29 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:26 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 08:42 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-13 05:58 - 2013-05-26 10:26 - 00031816 ____A C:\Windows\Launcher.exe
2013-06-12 12:15 - 2012-04-21 19:22 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 12:15 - 2011-09-21 16:19 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-08 20:24 - 2008-12-18 13:01 - 00000000 ____D C:\Users\kleine\AppData\Local\Adobe
2013-06-08 09:12 - 2013-05-27 20:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-07 19:32 - 2010-02-23 23:55 - 00000846 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-07 19:31 - 2013-06-07 19:31 - 21151576 ____A (Mozilla) C:\Users\kleine\Downloads\Firefox Setup 21.0(1).exe
2013-06-04 19:50 - 2013-05-30 20:56 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-04 19:50 - 2009-10-16 22:14 - 00000000 ____D C:\ProgramData\Apple Computer
2013-05-30 21:06 - 2013-05-30 21:06 - 00000680 ____A C:\Users\kleine\AppData\Local\d3d9caps.dat
2013-05-30 21:05 - 2009-10-16 22:17 - 00000000 ____D C:\Users\kleine\AppData\Roaming\Apple Computer
2013-05-30 20:39 - 2012-11-17 17:26 - 00000000 ____D C:\Program Files\SelfUpdater
2013-05-29 10:16 - 2013-05-29 10:16 - 00000000 ____D C:\ProgramData\Synaptics
2013-05-29 10:10 - 2013-05-29 10:10 - 00000000 ____D C:\Users\kleine\AppData\Roaming\Synaptics
2013-05-29 10:05 - 2013-05-29 09:52 - 00004598 ____A C:\Windows\DPINST.LOG
2013-05-29 09:55 - 2013-05-29 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2013-05-29 09:54 - 2013-05-29 09:54 - 00000818 ____A C:\Windows\setupact.log
2013-05-29 09:54 - 2013-05-29 09:54 - 00000000 ____A C:\Windows\setuperr.log
2013-05-29 09:52 - 2013-05-29 09:52 - 00001350 ____A C:\Windows\Synaptics.log
2013-05-28 22:44 - 2013-05-28 22:44 - 03136368 ____A (Adobe Systems, Inc.) C:\Users\kleine\Downloads\install_flash_player_10_active_x(1).exe
2013-05-28 22:43 - 2008-09-12 05:57 - 00000000 ____D C:\ProgramData\Adobe
2013-05-27 23:35 - 2013-05-27 22:56 - 00000000 ____D C:\Users\kleine\AppData\Roaming\Ad-Aware Antivirus
2013-05-27 22:58 - 2013-05-27 22:58 - 00000000 ____D C:\ProgramData\Lavasoft
2013-05-27 22:58 - 2006-11-02 13:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\Users\kleine\AppData\Roaming\SecureSearch
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\Program Files\Toolbar Cleaner
2013-05-27 22:56 - 2013-05-27 22:56 - 05577352 ____A (Lavasoft Limited) C:\Users\kleine\Downloads\Adaware_Installer.exe
2013-05-27 22:37 - 2013-05-27 22:37 - 04433424 ____A (Systweak Inc                                                ) C:\Users\kleine\Downloads\rcpsetupdsnr_ds3273868.exe
2013-05-27 20:56 - 2013-05-27 20:55 - 21151576 ____A (Mozilla) C:\Users\kleine\Downloads\Firefox Setup 21.0.exe
2013-05-27 09:01 - 2013-05-27 09:01 - 00104424 ____A C:\Users\kleine\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-27 08:59 - 2013-05-27 08:59 - 00394800 ____A C:\Windows\System32\FNTCACHE.DAT

Files to move or delete:
====================
C:\ProgramData\nvModes.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-26 11:22

==================== End Of Log ============================
--- --- ---

--- --- ---


Die Addition wurde nicht erstellt. Was hab ich falsch gemacht?

schrauber 26.06.2013 12:23
Zitat:
Die Addition wurde nicht erstellt. Was hab ich falsch gemacht?
nix, die wird nur beim ersten Lauf erstellt :)


Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
C:\Program Files\SelfUpdater
C:\Program Files\SoftwareUpdater
C:\ProgramData\nvModes.dat
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log. Noch Probleme?

corvin 26.06.2013 18:28
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-06-2013 02
Ran by kleine at 2013-06-26 19:26:57 Run:1
Running from C:\Users\kleine\Desktop
Boot Mode: Normal

==============================================

C:\Program Files\SelfUpdater => Moved successfully.
C:\Program Files\SoftwareUpdater => Moved successfully.
C:\ProgramData\nvModes.dat => Moved successfully.

==== End of Fixlog ====

schrauber 26.06.2013 19:39
Und weiter im Text :)

corvin 26.06.2013 20:35
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6727362331a36f408e58bc15e110e5c6
# engine=14163
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-26 07:33:09
# local_time=2013-06-26 09:33:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 2812135 209807918 0 0
# scanned=128525
# found=0
# cleaned=0
# scan_time=6945
Code:
Results of screen317's Security Check version 0.99.68 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Lavasoft Ad-Aware 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 CCleaner   
 Java(TM) 6 Update 35 
 Java 7 Update 21 
 Java version out of Date!
 Adobe Flash Player        11.7.700.224 
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Mozilla Firefox 21.0 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Ad-Aware Antivirus AdAwareService.exe 
 Ad-Aware Antivirus SBAMSvc.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
Kann ich die Firewall wieder einschalten?


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-06-2013 02
Ran by kleine (administrator) on 26-06-2013 21:43:54
Running from C:\Users\kleine\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Lavasoft Limited) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Lavasoft Limited) C:\PROGRA~1\AD-AWA~1\AdAware.exe
(GFI Software) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [554408 2013-05-15] (Lavasoft)
HKLM\...\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe [x]
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2416368 2013-02-25] (Synaptics Incorporated)
HKLM\...\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKCU - {2BA770C2-E3A0-438F-90BC-C507DF624B32} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
SearchScopes: HKCU - {44F87947-6CB0-4DC7-B01A-0C6A184CE044} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {572D9AB0-4614-4D0A-83C3-BD5F7D01CEBC} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {5A5C2038-9BC0-43F2-91BD-2C638D6BA9F6} URL = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms}
SearchScopes: HKCU - {5C895343-C9EC-4445-AA9F-E7D85DAAC8EA} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
SearchScopes: HKCU - {CD376ED7-26AA-4576-B779-6817F0068E63} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\qlvwi8hu.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_0&hsimp=yhs-lavasoft&ent=bs&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\kleine\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

Chrome:
=======
CHR HomePage:        "homepage":        "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=AA23B4DCF089F5AEFB8E2251A3C8AA33",
CHR RestoreOnStartup: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=AA23B4DCF089F5AEFB8E2251A3C8AA33"

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe [234776 2012-10-26] (McAfee, Inc.)
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] ()
R2 SBAMSvc; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 SystemStoreService; "C:\Program Files\SoftwareUpdater\SystemStore.exe"  -displayname "System Store" -servicename "SystemStoreService" [x]

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 Bulk1528; C:\Windows\System32\Drivers\Bulk1528.sys [14080 2009-10-20] (SunPlus)
S2 Ca1528av; C:\Windows\System32\Drivers\Ca1528av.sys [516480 2008-12-16] (Digital Camera)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41584 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-06-25] (GFI Software)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-09-12] (SAMSUNG ELECTRONICS CO., LTD.)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [66344 2012-09-12] (GFI Software)
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [243840 2009-01-23] (Vimicro Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-26 21:36 - 2013-06-26 21:36 - 00890988 ____A C:\Users\kleine\Desktop\SecurityCheck.exe
2013-06-26 19:35 - 2013-06-26 19:35 - 00000000 ____D C:\Program Files\ESET
2013-06-26 19:29 - 2013-06-26 19:29 - 02347384 ____A (ESET) C:\Users\kleine\Desktop\esetsmartinstaller_enu.exe
2013-06-26 19:07 - 2013-06-26 19:07 - 00000000 ____D C:\Users\kleine\AppData\Local\adawarebp
2013-06-26 12:16 - 2013-06-26 12:16 - 01370251 ____A (Farbar) C:\Users\kleine\Desktop\FRST.exe
2013-06-26 12:09 - 2013-06-26 12:11 - 00012162 ____A C:\Users\kleine\Desktop\SystemLook.txt
2013-06-26 12:04 - 2013-06-26 12:04 - 00139264 ____A C:\Users\kleine\Desktop\SystemLook.exe
2013-06-26 11:27 - 2013-06-26 11:27 - 00001616 ____A C:\Users\kleine\Desktop\JRT.txt
2013-06-26 11:26 - 2013-06-26 11:26 - 00000000 ____D C:\Windows\ERUNT
2013-06-26 11:26 - 2013-06-26 11:26 - 00000000 ____D C:\JRT
2013-06-26 11:21 - 2013-06-26 11:24 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\kleine\Desktop\JRT.exe
2013-06-26 11:10 - 2013-06-26 11:11 - 00012993 ____A C:\AdwCleaner[S1].txt
2013-06-26 11:08 - 2013-06-26 11:08 - 00648201 ____A C:\Users\kleine\Desktop\adwcleaner.exe
2013-06-25 22:42 - 2013-06-25 22:42 - 00012630 ____A C:\ComboFix.txt
2013-06-25 22:26 - 2013-06-25 22:42 - 00000000 ____D C:\ComboFix
2013-06-25 22:26 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-25 22:26 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-25 22:26 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-25 22:26 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-25 22:26 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-25 22:26 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-25 22:26 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-25 22:26 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-25 22:20 - 2013-06-25 22:20 - 00000000 ____D C:\Windows\System32\Drivers\VDD
2013-06-25 22:17 - 2013-06-25 22:17 - 05616264 ____A (Lavasoft Limited) C:\Users\kleine\Downloads\Adaware_Installer(1).exe
2013-06-25 22:06 - 2013-06-25 22:35 - 00003500 ____A C:\Windows\PFRO.log
2013-06-25 21:56 - 2013-06-25 22:42 - 00000000 ___AD C:\Qoobox
2013-06-25 21:55 - 2013-06-25 22:41 - 00000000 ____D C:\Windows\erdnt
2013-06-25 21:37 - 2013-06-25 21:37 - 05082330 ___RA (Swearware) C:\Users\kleine\Desktop\ComboFix.exe
2013-06-25 15:40 - 2013-06-25 15:40 - 00000000 ____D C:\FRST
2013-06-25 12:17 - 2013-06-25 12:17 - 00054738 ____A C:\Users\kleine\Desktop\gmer.txt
2013-06-25 09:19 - 2013-06-25 09:19 - 00103680 ____A (GMER) C:\awdiipod.sys
2013-06-25 09:16 - 2013-06-25 09:16 - 00080372 ____A C:\Users\kleine\Desktop\OTL.Txt
2013-06-25 09:04 - 2013-06-25 09:04 - 00000474 ____A C:\Users\kleine\Desktop\defogger_disable.log
2013-06-24 21:13 - 2013-04-11 11:06 - 00041584 ____A (ThreatTrack Security) C:\Windows\System32\Drivers\gfiark.sys
2013-06-24 21:04 - 2013-06-24 21:04 - 00152720 ____A C:\Windows\Minidump\Mini062413-02.dmp
2013-06-24 20:57 - 2013-06-24 21:04 - 212311210 ____A C:\Windows\MEMORY.DMP
2013-06-24 20:57 - 2013-06-24 21:04 - 00000000 ____D C:\Windows\Minidump
2013-06-24 20:57 - 2013-06-24 20:57 - 00154392 ____A C:\Windows\Minidump\Mini062413-01.dmp
2013-06-24 20:46 - 2013-06-24 20:46 - 00377856 ____A C:\Users\kleine\Desktop\gmer_2.1.19163.exe
2013-06-24 20:27 - 2013-06-24 20:27 - 00602112 ____A (OldTimer Tools) C:\Users\kleine\Desktop\OTL.exe
2013-06-24 19:52 - 2013-06-24 19:52 - 00000000 ____A C:\Users\kleine\defogger_reenable
2013-06-24 19:51 - 2013-06-24 19:51 - 00050477 ____A C:\Users\kleine\Desktop\Defogger.exe
2013-06-12 08:41 - 2013-05-17 05:50 - 01212928 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 08:41 - 2013-05-17 05:50 - 00916480 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 08:41 - 2013-05-17 05:50 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 08:41 - 2013-05-17 05:48 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-12 08:41 - 2013-05-17 05:46 - 06014464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 08:41 - 2013-05-17 05:46 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2013-06-12 08:41 - 2013-05-17 05:46 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 08:41 - 2013-05-17 05:45 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 08:41 - 2013-05-17 05:45 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-12 08:41 - 2013-05-17 05:45 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-12 08:41 - 2013-05-17 05:45 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 02004992 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 08:41 - 2013-05-17 05:44 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 08:41 - 2013-05-17 05:44 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 08:41 - 2013-05-17 04:06 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-12 08:41 - 2013-05-17 02:20 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 08:41 - 2013-05-17 02:19 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 08:41 - 2013-05-17 02:18 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 08:41 - 2013-05-17 02:18 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-12 08:41 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 08:41 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 08:41 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 08:41 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 08:41 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 08:41 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 08:41 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 08:41 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 08:41 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 08:41 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 08:41 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-07 19:31 - 2013-06-07 19:31 - 21151576 ____A (Mozilla) C:\Users\kleine\Downloads\Firefox Setup 21.0(1).exe
2013-05-30 21:06 - 2013-05-30 21:06 - 00000680 ____A C:\Users\kleine\AppData\Local\d3d9caps.dat
2013-05-30 20:56 - 2013-06-04 19:50 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-29 10:16 - 2013-05-29 10:16 - 00000000 ____D C:\ProgramData\Synaptics
2013-05-29 10:10 - 2013-05-29 10:10 - 00000000 ____D C:\Users\kleine\AppData\Roaming\Synaptics
2013-05-29 09:55 - 2013-05-29 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2013-05-29 09:54 - 2013-05-29 09:54 - 00000818 ____A C:\Windows\setupact.log
2013-05-29 09:54 - 2013-05-29 09:54 - 00000000 ____A C:\Windows\setuperr.log
2013-05-29 09:52 - 2013-05-29 10:05 - 00004598 ____A C:\Windows\DPINST.LOG
2013-05-29 09:52 - 2013-05-29 09:52 - 00001350 ____A C:\Windows\Synaptics.log
2013-05-29 09:52 - 2013-02-25 23:28 - 00532208 ____A (Synaptics Incorporated) C:\Windows\System32\SynCOM.dll
2013-05-29 09:52 - 2013-02-25 23:28 - 00355056 ____A (Synaptics Incorporated) C:\Windows\System32\Drivers\SynTP.sys
2013-05-29 09:52 - 2013-02-25 23:28 - 00175856 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPAPI.dll
2013-05-29 09:52 - 2013-02-25 23:28 - 00143088 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPCo16.dll
2013-05-29 09:52 - 2011-09-14 19:11 - 01048576 ____A C:\Windows\System32\syndata.bin
2013-05-28 22:44 - 2013-05-28 22:44 - 03136368 ____A (Adobe Systems, Inc.) C:\Users\kleine\Downloads\install_flash_player_10_active_x(1).exe
2013-05-27 23:03 - 2013-06-25 22:21 - 00000000 ____D C:\Users\kleine\AppData\Roaming\LavasoftStatistics
2013-05-27 23:03 - 2013-06-25 22:16 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-05-27 22:58 - 2013-06-25 22:21 - 00001737 ____A C:\Users\kleine\Desktop\Ad-Aware Antivirus.lnk
2013-05-27 22:58 - 2013-06-25 22:20 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2013-05-27 22:58 - 2013-05-27 22:58 - 00000000 ____D C:\ProgramData\Lavasoft
2013-05-27 22:57 - 2013-06-25 22:35 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-05-27 22:57 - 2013-06-25 22:18 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\Users\kleine\AppData\Roaming\SecureSearch
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\Program Files\Toolbar Cleaner
2013-05-27 22:56 - 2013-06-25 22:17 - 00013560 ____A (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2013-05-27 22:56 - 2013-05-27 23:35 - 00000000 ____D C:\Users\kleine\AppData\Roaming\Ad-Aware Antivirus
2013-05-27 22:56 - 2013-05-27 22:56 - 05577352 ____A (Lavasoft Limited) C:\Users\kleine\Downloads\Adaware_Installer.exe
2013-05-27 22:37 - 2013-05-27 22:37 - 04433424 ____A (Systweak Inc                                                ) C:\Users\kleine\Downloads\rcpsetupdsnr_ds3273868.exe
2013-05-27 20:56 - 2013-06-08 09:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-27 20:55 - 2013-05-27 20:56 - 21151576 ____A (Mozilla) C:\Users\kleine\Downloads\Firefox Setup 21.0.exe
2013-05-27 09:01 - 2013-05-27 09:01 - 00104424 ____A C:\Users\kleine\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-27 08:59 - 2013-05-27 08:59 - 00394800 ____A C:\Windows\System32\FNTCACHE.DAT

==================== One Month Modified Files and Folders ========

2013-06-26 21:36 - 2013-06-26 21:36 - 00890988 ____A C:\Users\kleine\Desktop\SecurityCheck.exe
2013-06-26 21:15 - 2012-04-21 19:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-26 21:06 - 2006-11-02 14:47 - 00004784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-26 21:06 - 2006-11-02 14:47 - 00004784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-26 20:58 - 2009-02-08 15:35 - 02013328 ____A C:\Windows\WindowsUpdate.log
2013-06-26 19:35 - 2013-06-26 19:35 - 00000000 ____D C:\Program Files\ESET
2013-06-26 19:29 - 2013-06-26 19:29 - 02347384 ____A (ESET) C:\Users\kleine\Desktop\esetsmartinstaller_enu.exe
2013-06-26 19:28 - 2009-02-16 15:18 - 00000416 ___AH C:\Windows\Tasks\SupBackGroundTask.job
2013-06-26 19:07 - 2013-06-26 19:07 - 00000000 ____D C:\Users\kleine\AppData\Local\adawarebp
2013-06-26 19:06 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-26 13:09 - 2008-09-12 21:41 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-06-26 13:09 - 2006-11-02 15:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-26 12:16 - 2013-06-26 12:16 - 01370251 ____A (Farbar) C:\Users\kleine\Desktop\FRST.exe
2013-06-26 12:11 - 2013-06-26 12:09 - 00012162 ____A C:\Users\kleine\Desktop\SystemLook.txt
2013-06-26 12:04 - 2013-06-26 12:04 - 00139264 ____A C:\Users\kleine\Desktop\SystemLook.exe
2013-06-26 11:27 - 2013-06-26 11:27 - 00001616 ____A C:\Users\kleine\Desktop\JRT.txt
2013-06-26 11:26 - 2013-06-26 11:26 - 00000000 ____D C:\Windows\ERUNT
2013-06-26 11:26 - 2013-06-26 11:26 - 00000000 ____D C:\JRT
2013-06-26 11:24 - 2013-06-26 11:21 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\kleine\Desktop\JRT.exe
2013-06-26 11:11 - 2013-06-26 11:10 - 00012993 ____A C:\AdwCleaner[S1].txt
2013-06-26 11:10 - 2008-12-23 20:47 - 00000000 ____D C:\ProgramData\ICQ
2013-06-26 11:08 - 2013-06-26 11:08 - 00648201 ____A C:\Users\kleine\Desktop\adwcleaner.exe
2013-06-25 22:42 - 2013-06-25 22:42 - 00012630 ____A C:\ComboFix.txt
2013-06-25 22:42 - 2013-06-25 22:26 - 00000000 ____D C:\ComboFix
2013-06-25 22:42 - 2013-06-25 21:56 - 00000000 ___AD C:\Qoobox
2013-06-25 22:42 - 2006-11-02 13:18 - 00000000 __RHD C:\users\Default
2013-06-25 22:42 - 2006-11-02 13:18 - 00000000 ___RD C:\users\Public
2013-06-25 22:41 - 2013-06-25 21:55 - 00000000 ____D C:\Windows\erdnt
2013-06-25 22:36 - 2006-11-02 12:23 - 00000215 ____A C:\Windows\system.ini
2013-06-25 22:35 - 2013-06-25 22:06 - 00003500 ____A C:\Windows\PFRO.log
2013-06-25 22:35 - 2013-05-27 22:57 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-06-25 22:33 - 2008-12-17 01:53 - 00000000 ____D C:\users\kleine
2013-06-25 22:21 - 2013-05-27 23:03 - 00000000 ____D C:\Users\kleine\AppData\Roaming\LavasoftStatistics
2013-06-25 22:21 - 2013-05-27 22:58 - 00001737 ____A C:\Users\kleine\Desktop\Ad-Aware Antivirus.lnk
2013-06-25 22:20 - 2013-06-25 22:20 - 00000000 ____D C:\Windows\System32\Drivers\VDD
2013-06-25 22:20 - 2013-05-27 22:58 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2013-06-25 22:18 - 2013-05-27 22:57 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-06-25 22:18 - 2013-05-24 10:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-25 22:17 - 2013-06-25 22:17 - 05616264 ____A (Lavasoft Limited) C:\Users\kleine\Downloads\Adaware_Installer(1).exe
2013-06-25 22:17 - 2013-05-27 22:56 - 00013560 ____A (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2013-06-25 22:16 - 2013-05-27 23:03 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-06-25 22:05 - 2008-12-17 02:15 - 00000420 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{E5DAD495-48D4-4D94-969F-72B8E436802B}.job
2013-06-25 21:37 - 2013-06-25 21:37 - 05082330 ___RA (Swearware) C:\Users\kleine\Desktop\ComboFix.exe
2013-06-25 15:40 - 2013-06-25 15:40 - 00000000 ____D C:\FRST
2013-06-25 12:17 - 2013-06-25 12:17 - 00054738 ____A C:\Users\kleine\Desktop\gmer.txt
2013-06-25 09:19 - 2013-06-25 09:19 - 00103680 ____A (GMER) C:\awdiipod.sys
2013-06-25 09:16 - 2013-06-25 09:16 - 00080372 ____A C:\Users\kleine\Desktop\OTL.Txt
2013-06-25 09:04 - 2013-06-25 09:04 - 00000474 ____A C:\Users\kleine\Desktop\defogger_disable.log
2013-06-25 08:58 - 2010-06-24 10:14 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-06-24 21:04 - 2013-06-24 21:04 - 00152720 ____A C:\Windows\Minidump\Mini062413-02.dmp
2013-06-24 21:04 - 2013-06-24 20:57 - 212311210 ____A C:\Windows\MEMORY.DMP
2013-06-24 21:04 - 2013-06-24 20:57 - 00000000 ____D C:\Windows\Minidump
2013-06-24 20:57 - 2013-06-24 20:57 - 00154392 ____A C:\Windows\Minidump\Mini062413-01.dmp
2013-06-24 20:46 - 2013-06-24 20:46 - 00377856 ____A C:\Users\kleine\Desktop\gmer_2.1.19163.exe
2013-06-24 20:27 - 2013-06-24 20:27 - 00602112 ____A (OldTimer Tools) C:\Users\kleine\Desktop\OTL.exe
2013-06-24 19:52 - 2013-06-24 19:52 - 00000000 ____A C:\Users\kleine\defogger_reenable
2013-06-24 19:51 - 2013-06-24 19:51 - 00050477 ____A C:\Users\kleine\Desktop\Defogger.exe
2013-06-18 11:21 - 2012-12-08 20:11 - 00000000 ____D C:\Users\kleine\Desktop\Fotos
2013-06-18 11:21 - 2009-02-18 19:57 - 00000000 ____D C:\Users\kleine\Desktop\Corvin
2013-06-13 12:29 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:26 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 08:42 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-13 05:58 - 2013-05-26 10:26 - 00031816 ____A C:\Windows\Launcher.exe
2013-06-12 12:15 - 2012-04-21 19:22 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 12:15 - 2011-09-21 16:19 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-08 20:24 - 2008-12-18 13:01 - 00000000 ____D C:\Users\kleine\AppData\Local\Adobe
2013-06-08 09:12 - 2013-05-27 20:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-07 19:32 - 2010-02-23 23:55 - 00000846 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-07 19:31 - 2013-06-07 19:31 - 21151576 ____A (Mozilla) C:\Users\kleine\Downloads\Firefox Setup 21.0(1).exe
2013-06-04 19:50 - 2013-05-30 20:56 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-04 19:50 - 2009-10-16 22:14 - 00000000 ____D C:\ProgramData\Apple Computer
2013-05-30 21:06 - 2013-05-30 21:06 - 00000680 ____A C:\Users\kleine\AppData\Local\d3d9caps.dat
2013-05-30 21:05 - 2009-10-16 22:17 - 00000000 ____D C:\Users\kleine\AppData\Roaming\Apple Computer
2013-05-29 10:16 - 2013-05-29 10:16 - 00000000 ____D C:\ProgramData\Synaptics
2013-05-29 10:10 - 2013-05-29 10:10 - 00000000 ____D C:\Users\kleine\AppData\Roaming\Synaptics
2013-05-29 10:05 - 2013-05-29 09:52 - 00004598 ____A C:\Windows\DPINST.LOG
2013-05-29 09:55 - 2013-05-29 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2013-05-29 09:54 - 2013-05-29 09:54 - 00000818 ____A C:\Windows\setupact.log
2013-05-29 09:54 - 2013-05-29 09:54 - 00000000 ____A C:\Windows\setuperr.log
2013-05-29 09:52 - 2013-05-29 09:52 - 00001350 ____A C:\Windows\Synaptics.log
2013-05-28 22:44 - 2013-05-28 22:44 - 03136368 ____A (Adobe Systems, Inc.) C:\Users\kleine\Downloads\install_flash_player_10_active_x(1).exe
2013-05-28 22:43 - 2008-09-12 05:57 - 00000000 ____D C:\ProgramData\Adobe
2013-05-27 23:35 - 2013-05-27 22:56 - 00000000 ____D C:\Users\kleine\AppData\Roaming\Ad-Aware Antivirus
2013-05-27 22:58 - 2013-05-27 22:58 - 00000000 ____D C:\ProgramData\Lavasoft
2013-05-27 22:58 - 2006-11-02 13:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\Users\kleine\AppData\Roaming\SecureSearch
2013-05-27 22:57 - 2013-05-27 22:57 - 00000000 ____D C:\Program Files\Toolbar Cleaner
2013-05-27 22:56 - 2013-05-27 22:56 - 05577352 ____A (Lavasoft Limited) C:\Users\kleine\Downloads\Adaware_Installer.exe
2013-05-27 22:37 - 2013-05-27 22:37 - 04433424 ____A (Systweak Inc                                                ) C:\Users\kleine\Downloads\rcpsetupdsnr_ds3273868.exe
2013-05-27 20:56 - 2013-05-27 20:55 - 21151576 ____A (Mozilla) C:\Users\kleine\Downloads\Firefox Setup 21.0.exe
2013-05-27 09:01 - 2013-05-27 09:01 - 00104424 ____A C:\Users\kleine\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-27 08:59 - 2013-05-27 08:59 - 00394800 ____A C:\Windows\System32\FNTCACHE.DAT

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-26 19:13

==================== End Of Log ============================
--- --- ---

--- --- ---

corvin 26.06.2013 20:56
Liste der Anhänge anzeigen (Anzahl: 1)
Der Softwareupdater kommt nicht mehr. Allerdings diese Fehlermeldung (Anhang).
Kann ich alle Programme entfernen (inkl. LOG)?
Was war mit meinem Rechner los?

schrauber 27.06.2013 07:59
Java, Adobe und Fireofx bitte updaten.

Scan mit SystemLook

Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    :filefind
    *Browser Updater*
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.


Nen Haufen Adware und Kram war drauf :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:48 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19