Housebreaker

Member
  • Content Count

    20
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Housebreaker

  • Rank
    Member
  1. Housebreaker

    mein pc infiziert ?

    so alles erledigt hatte ja voher norton hab mir jetzt Emsisoft Anti-Malware gekauftdanke für deine mühe
  2. Housebreaker

    mein pc infiziert ?

    emis findet nix mehr alles sauber nach dem scan wollte mich aber herzlich bedanken für den tollen support hier
  3. Housebreaker

    mein pc infiziert ?

    ok ich mach nochmal einen scan eben
  4. Housebreaker

    mein pc infiziert ?

    es hat ja kein problem bestanden mit dem system was mich wundert also kann ich die funde entfernen ja
  5. Housebreaker

    mein pc infiziert ?

    hijackthis log online auswerten lassen da ist aber auch nix aussergewöhnliches zu finden lass gerade mal Malwarebytes Anti-Malware durchlaufen
  6. Housebreaker

    mein pc infiziert ?

    emsi scan
  7. Housebreaker

    mein pc infiziert ?

    ja müsste klappen kein pla warum mach denn scann eben mit emsi
  8. Housebreaker

    mein pc infiziert ?

    frische log nach dem fix scan
  9. Housebreaker

    mein pc infiziert ?

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-03-2014 Ran by pc at 2014-03-04 18:42:33 Run:1 Running from C:\Users\pc\Desktop\downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** ProxyServer: http=127.0.0.1:2384;https=127.0.0.1:2384 SearchScopes: HKLM-x32 - URL http://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1381528800000.000000&tguid=66920-6787-1381595823185-9B65C39A73A01BEC38970F5AD3B2F182&q={searchTerms} SearchScopes: HKLM-x32 - SuggestionsURL_JSON http://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=66920&gid=66920-6787-1381595823185-9B65C39A73A01BEC38970F5AD3B2F182&dbCode=1&command={searchTerms} SearchScopes: HKLM-x32 - TopResultURLFallback http://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1381528800000.000000&tguid=66920-6787-1381595823185-9B65C39A73A01BEC38970F5AD3B2F182&q={searchTerms} ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\TopResultURLFallback => Value deleted successfully. ==== End of Fixlog ====
  10. Housebreaker

    mein pc infiziert ?

    ok die scans mach ich nach dem essen hab jetzt erst feierabend
  11. Housebreaker

    mein pc infiziert ?

    ok macht ja nix bin ja froh wenn einer hilft ich schicke es per mail
  12. Housebreaker

    mein pc infiziert ?

    das log vom FRST soll ich das hier rein posten oder es dir per mail schicken
  13. Housebreaker

    mein pc infiziert ?

    # AdwCleaner v3.020 - Bericht erstellt am 03/03/2014 um 19:06:14 # Aktualisiert 27/02/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : pc - PC-PC # Gestartet von : C:\Users\pc\Desktop\downloads\adwcleaner.exe # Option : Suchen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v27.0.1 (de) [ Datei : C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\nfa3wygd.default-1392699234108\prefs.js ] ************************* AdwCleaner[R13].txt - [1200 octets] - [18/02/2014 03:45:24] AdwCleaner[R14].txt - [1261 octets] - [18/02/2014 04:13:19] AdwCleaner[R15].txt - [1322 octets] - [18/02/2014 04:24:19] AdwCleaner[R16].txt - [1393 octets] - [18/02/2014 05:08:56] AdwCleaner[R17].txt - [1110 octets] - [18/02/2014 05:12:30] AdwCleaner[R18].txt - [1185 octets] - [19/02/2014 17:31:59] AdwCleaner[R19].txt - [1247 octets] - [19/02/2014 22:31:03] AdwCleaner[R20].txt - [1308 octets] - [25/02/2014 00:04:00] AdwCleaner[R21].txt - [1372 octets] - [03/03/2014 14:20:35] AdwCleaner[R22].txt - [1430 octets] - [03/03/2014 17:06:58] AdwCleaner[R23].txt - [1289 octets] - [03/03/2014 19:06:14] AdwCleaner[s6].txt - [1407 octets] - [18/02/2014 05:09:43] ########## EOF - C:\AdwCleaner\AdwCleaner[R23].txt - [1410 octets] ##########
  14. Housebreaker

    mein pc infiziert ?

    ComboFix 14-03-03.02 - pc 03.03.2014 17:58:17.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4095.1859 [GMT 1:00] ausgeführt von:: c:\users\pc\Desktop\ComboFix.exe AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA} FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1} SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\1392120514.bdinstall.bin c:\programdata\1392120702.bdinstall.bin c:\users\pc\AppData\Roaming\siw_sdk.dll c:\users\pc\AUTORUN.INF c:\users\pc\Scania Black Panther .scs c:\windows\BACKUP.22313961.killproc.exe c:\windows\security\Database\tmp.edb . . ((((((((((((((((((((((( Dateien erstellt von 2014-02-03 bis 2014-03-03 )))))))))))))))))))))))))))))) . . 2014-03-03 17:07 . 2014-03-03 17:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-03 16:14 . 2014-03-03 16:16 -------- d-----w- C:\FRST 2014-02-27 23:54 . 2014-02-27 23:54 -------- d-----w- c:\users\pc\AppData\Local\Skype 2014-02-27 23:54 . 2014-02-27 23:54 -------- d-----w- c:\program files (x86)\Common Files\Skype 2014-02-27 23:54 . 2014-02-27 23:54 -------- d-----r- c:\program files (x86)\Skype 2014-02-26 16:15 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll 2014-02-26 16:15 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll 2014-02-21 16:04 . 2014-02-21 16:04 35368 ----a-w- c:\windows\system32\drivers\oanet.sys 2014-02-19 22:40 . 2014-02-20 12:39 -------- d-----w- c:\programdata\OnlineArmor 2014-02-19 22:40 . 2014-02-19 22:40 -------- d-----w- c:\users\pc\AppData\Roaming\OnlineArmor 2014-02-19 22:39 . 2013-10-11 02:41 62008 ----a-w- c:\windows\SysWow64\drivers\oahlp64.sys 2014-02-19 22:39 . 2013-10-11 02:40 52360 ----a-w- c:\windows\SysWow64\drivers\OAmon.sys 2014-02-19 22:39 . 2013-10-11 02:40 64720 ----a-w- c:\windows\SysWow64\drivers\OADriver.sys 2014-02-19 22:39 . 2014-02-24 16:10 -------- d-----w- c:\program files (x86)\Online Armor 2014-02-19 21:55 . 2014-02-19 21:55 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2014-02-19 21:55 . 2014-02-08 16:18 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2014-02-18 05:16 . 2014-02-18 05:16 -------- d-----w- c:\users\pc\AppData\Local\NVIDIA Corporation 2014-02-18 05:14 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll 2014-02-18 05:14 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll 2014-02-18 05:14 . 2010-05-26 10:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll 2014-02-18 05:14 . 2010-05-26 10:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll 2014-02-18 05:14 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll 2014-02-18 05:14 . 2010-05-26 10:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll 2014-02-18 05:14 . 2013-12-10 02:15 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll 2014-02-18 05:14 . 2013-12-10 02:14 1100248 ----a-w- c:\windows\system32\nvspcap64.dll 2014-02-18 05:14 . 2014-02-19 21:47 -------- d-----w- c:\users\pc\AppData\Local\NVIDIA 2014-02-18 05:13 . 2014-02-19 21:55 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2014-02-18 05:10 . 2014-02-08 18:34 15740232 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2014-02-18 05:10 . 2014-02-08 18:34 14669032 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2014-02-18 05:10 . 2013-12-19 20:33 1884448 ----a-w- c:\windows\system32\nvdispco6433221.dll 2014-02-18 05:10 . 2013-12-19 20:33 1511712 ----a-w- c:\windows\system32\nvdispgenco6433221.dll 2014-02-18 05:10 . 2013-12-05 08:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2014-02-18 05:10 . 2013-12-05 08:42 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll 2014-02-18 05:10 . 2013-12-05 08:42 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2014-02-18 05:10 . 2014-02-08 18:34 2713728 ----a-w- c:\windows\SysWow64\nvapi.dll 2014-02-18 03:40 . 2014-02-18 03:51 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2014-02-18 03:40 . 2014-02-18 03:40 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-02-18 02:44 . 2014-03-03 16:07 -------- d-----w- C:\AdwCleaner 2014-02-15 13:07 . 2014-02-15 13:07 -------- d-----w- c:\users\pc\AppData\Local\HDGraph.com 2014-02-14 21:32 . 2014-02-16 12:27 -------- d-----w- c:\users\pc\AppData\Local\Razer 2014-02-14 21:32 . 2014-02-14 21:32 -------- d-----w- c:\programdata\Razer 2014-02-14 19:57 . 2014-02-14 19:57 -------- d-----w- c:\windows\Migration 2014-02-14 19:53 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll 2014-02-14 19:53 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys 2014-02-14 19:53 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys 2014-02-14 19:53 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll 2014-02-14 19:53 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll 2014-02-14 19:53 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll 2014-02-14 19:53 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll 2014-02-14 18:30 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll 2014-02-14 18:30 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll 2014-02-14 18:30 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2014-02-14 18:30 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-02-13 18:22 . 2012-09-27 11:00 264192 ----a-w- c:\windows\system32\tmffbcpl.dll 2014-02-13 18:22 . 2012-09-27 10:57 41472 ----a-w- c:\windows\system32\tmffbdrv.dll 2014-02-13 18:22 . 2006-05-16 14:07 99840 ----a-w- c:\windows\system32\_IsRes.dll 2014-02-13 18:22 . 2007-04-05 14:37 208304 ----a-w- c:\windows\system32\isrt.dll 2014-02-13 18:22 . 2014-02-13 18:22 -------- d-----w- c:\program files (x86)\Thrustmaster 2014-02-13 18:22 . 2012-09-27 10:59 238592 ----a-w- c:\windows\SysWow64\tmffbcpl.dll 2014-02-13 18:22 . 2012-09-27 10:57 35840 ----a-w- c:\windows\SysWow64\tmffbdrv.dll 2014-02-13 18:22 . 2014-02-13 18:22 -------- d-----w- c:\users\pc\AppData\Roaming\InstallShield 2014-02-12 19:20 . 2014-02-12 19:20 -------- d-----w- c:\program files (x86)\AnVir Task Manager Free 2014-02-12 13:26 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll 2014-02-12 13:26 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-02-12 07:58 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll 2014-02-11 12:08 . 2014-02-11 12:08 -------- d-----w- c:\programdata\Bitdefender 2014-02-11 12:08 . 2014-02-11 12:12 -------- d-----w- c:\program files\Bitdefender 2014-02-05 18:34 . 2014-02-18 05:03 -------- d-----w- c:\users\pc\AppData\Roaming\Panda Security 2014-02-05 18:33 . 2014-02-18 16:44 -------- d-----w- c:\programdata\Panda Security 2014-02-05 18:33 . 2014-02-18 16:44 -------- d-----w- c:\program files (x86)\Panda Security 2014-02-05 16:07 . 2014-02-05 16:07 -------- d-----w- c:\windows\SysWow64\wbem\Logs 2014-02-04 22:40 . 2014-02-05 00:08 -------- d-----w- c:\programdata\G Data 2014-02-04 22:30 . 2011-03-24 14:36 431176 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2014-02-04 22:15 . 2014-02-04 22:15 -------- d-----w- c:\users\pc\AppData\Roaming\ProductData 2014-02-04 22:15 . 2014-02-04 22:24 -------- d-----w- c:\programdata\IObit 2014-02-04 22:15 . 2014-02-25 15:00 -------- d-----w- c:\programdata\ProductData 2014-02-04 22:15 . 2014-02-04 22:15 -------- d-----w- c:\program files (x86)\IObit 2014-02-04 21:52 . 2014-02-04 21:52 -------- d-----w- c:\users\pc\AppData\Roaming\VIPRE 2014-02-04 21:52 . 2014-02-04 21:52 -------- d-----w- c:\users\pc\AppData\Local\VIPRE 2014-02-04 19:09 . 2014-02-04 19:17 -------- d-----w- c:\users\pc\AppData\Roaming\FreeFixer 2014-02-04 19:09 . 2014-02-04 19:15 -------- d-----w- c:\users\pc\AppData\Local\FreeFixer 2014-02-04 19:09 . 2014-02-04 19:17 -------- d-----w- c:\program files\FreeFixer 2014-02-02 22:11 . 2014-02-02 22:11 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-02-02 22:11 . 2014-02-02 22:11 -------- d-----w- c:\program files (x86)\Java . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-16 06:23 . 2013-05-14 23:45 88567024 ----a-w- c:\windows\system32\MRT.exe 2014-02-08 18:34 . 2013-05-14 23:08 61216 ----a-w- c:\windows\system32\OpenCL.dll 2014-02-08 18:34 . 2013-05-14 23:08 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll 2014-02-08 18:34 . 2013-02-25 22:32 3090184 ----a-w- c:\windows\system32\nvapi64.dll 2014-02-08 18:34 . 2009-07-13 21:59 18257576 ----a-w- c:\windows\system32\nvwgf2umx.dll 2014-02-08 17:42 . 2013-05-14 23:08 3498272 ----a-w- c:\windows\system32\nvsvc64.dll 2014-02-08 17:42 . 2013-05-14 23:08 6712608 ----a-w- c:\windows\system32\nvcpl.dll 2014-02-08 17:42 . 2013-05-14 23:08 923936 ----a-w- c:\windows\system32\nvvsvc.exe 2014-02-08 17:42 . 2013-05-14 23:08 63776 ----a-w- c:\windows\system32\nvshext.dll 2014-02-08 17:42 . 2013-05-14 23:08 2559776 ----a-w- c:\windows\system32\nvsvcr.dll 2014-02-08 17:42 . 2013-05-14 23:08 386336 ----a-w- c:\windows\system32\nvmctray.dll 2013-12-12 08:13 . 2013-05-14 14:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-12 08:13 . 2013-05-14 14:29 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-20 22:33 . 2013-06-20 22:33 39789 ----a-w- c:\program files\uninst-mp3gain.exe 2005-01-08 23:58 . 2005-01-08 23:58 131127 ----a-w- c:\program files\mp3gain.exe 2005-01-08 20:45 . 2005-01-08 20:45 630841 ----a-w- c:\program files\MP3GainGUI.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\pc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\pc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\pc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "XFast USB"="c:\program files (x86)\XFast USB\XFastUsb.exe" [2013-05-03 4878912] "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe" [2014-02-19 4330432] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalMachineRun"= 0 (0x0) "DisableLocalMachineRunOnce"= 0 (0x0) "DisableCurrentUserRun"= 0 (0x0) "DisableCurrentUserRunOnce"= 0 (0x0) "NoFile"= 0 (0x0) "HideClock"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . R1 oahlpXX;Online Armor helper driver;c:\windows\syswow64\drivers\oahlp64.sys;c:\windows\syswow64\drivers\oahlp64.sys [x] R2 CGVPNCliService;CyberGhost VPN 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 EncDisk;EncDisk;c:\program files (x86)\TrustPort\DiskProtection\bin\EncDsk.sys;c:\program files (x86)\TrustPort\DiskProtection\bin\EncDsk.sys [x] R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 SvcOnlineArmor;Online Armor;c:\program files (x86)\Online Armor\oasrv.exe;c:\program files (x86)\Online Armor\oasrv.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\5476.tmp;c:\windows\SYSNATIVE\5476.tmp [x] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x] R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys;c:\windows\SYSNATIVE\DRIVERS\Prot6Flt.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x] S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [x] S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [x] S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x] S1 OADevice;OADriver;c:\windows\SysWow64\Drivers\OADriver.sys;c:\windows\SysWow64\Drivers\OADriver.sys [x] S1 OAmon;OAmon;c:\windows\SysWOW64\Drivers\OAmon.sys;c:\windows\SysWOW64\Drivers\OAmon.sys [x] S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys;c:\windows\SYSNATIVE\Drivers\uim_vimx64.sys [x] S2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x] S2 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files (x86)\Comodo\IceDragon\icedragon_updater.exe;c:\program files (x86)\Comodo\IceDragon\icedragon_updater.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 OAcat;Online Armor Helper Service;c:\program files (x86)\Online Armor\OAcat.exe;c:\program files (x86)\Online Armor\OAcat.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x] S3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2014-03-03 c:\windows\Tasks\GlaryInitialize 3.job - c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-07-22 07:32] . 2013-09-22 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2013-07-14 14:51] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}] 2014-02-04 22:15 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\pc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\pc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\pc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\pc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248] "@OnlineArmor GUI"="c:\program files (x86)\Online Armor\oaui.exe" [2013-10-11 7558464] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyServer = http=127.0.0.1:2384;https=127.0.0.1:2384 uInternet Settings,ProxyOverride = <-loopback> TCP: DhcpNameServer = 80.69.102.158 80.69.103.78 FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\nfa3wygd.default-1392699234108\ FF - prefs.js: network.proxy.type - 0 . . ------- Dateityp-Verknüpfung ------- . inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %* txtfile=%SystemRoot%\SysWow64\notepad.exe %1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . SafeBoot-CleanHlp SafeBoot-CleanHlp.sys SafeBoot-BsScanner HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\5476.tmp" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-3217920020-880358770-3282324879-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2014-03-03 18:19:34 ComboFix-quarantined-files.txt 2014-03-03 17:19 . Vor Suchlauf: 12 Verzeichnis(se), 66,071,683,072 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 65,765,662,720 Bytes frei . - - End Of File - - 37C717EAD14DE583169218FA2AC46FF7 A36C5E4F47E84449FF07ED3517B43A31 hier das log danke erstmal für deine mühe
  15. Housebreaker

    mein pc infiziert ?

    instaliert hab ich nix neues ok ich mach das log eben