Housebreaker

Member
  • Content Count

    20
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Housebreaker

  • Rank
    Member
  1. so alles erledigt hatte ja voher norton hab mir jetzt Emsisoft Anti-Malware gekauftdanke für deine mühe
  2. emis findet nix mehr alles sauber nach dem scan wollte mich aber herzlich bedanken für den tollen support hier
  3. es hat ja kein problem bestanden mit dem system was mich wundert also kann ich die funde entfernen ja
  4. hijackthis log online auswerten lassen da ist aber auch nix aussergewöhnliches zu finden lass gerade mal Malwarebytes Anti-Malware durchlaufen
  5. ja müsste klappen kein pla warum mach denn scann eben mit emsi
  6. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-03-2014 Ran by pc at 2014-03-04 18:42:33 Run:1 Running from C:\Users\pc\Desktop\downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** ProxyServer: http=127.0.0.1:2384;https=127.0.0.1:2384 SearchScopes: HKLM-x32 - URL http://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1381528800000.000000&tguid=66920-6787-1381595823185-9B65C39A73A01BEC38970F5AD3B2F182&q={searchTerms} SearchScopes: HKLM-x32 - SuggestionsURL_JSON http://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=66920&gid=66920-6787-1381595823185-9B65C39A73A01BEC38970F5AD3B2F182&dbCode=1&command={searchTerms} SearchScopes: HKLM-x32 - TopResultURLFallback http://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1381528800000.000000&tguid=66920-6787-1381595823185-9B65C39A73A01BEC38970F5AD3B2F182&q={searchTerms} ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\TopResultURLFallback => Value deleted successfully. ==== End of Fixlog ====
  7. ok die scans mach ich nach dem essen hab jetzt erst feierabend
  8. ok macht ja nix bin ja froh wenn einer hilft ich schicke es per mail
  9. das log vom FRST soll ich das hier rein posten oder es dir per mail schicken
  10. # AdwCleaner v3.020 - Bericht erstellt am 03/03/2014 um 19:06:14 # Aktualisiert 27/02/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : pc - PC-PC # Gestartet von : C:\Users\pc\Desktop\downloads\adwcleaner.exe # Option : Suchen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v27.0.1 (de) [ Datei : C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\nfa3wygd.default-1392699234108\prefs.js ] ************************* AdwCleaner[R13].txt - [1200 octets] - [18/02/2014 03:45:24] AdwCleaner[R14].txt - [1261 octets] - [18/02/2014 04:13:19] AdwCleaner[R15].txt - [1322 octets] - [18/02/2014 04:24:19] AdwCleaner[R16].txt - [1393 octets] - [18/02/2014 05:08:56] AdwCleaner[R17].txt - [1110 octets] - [18/02/2014 05:12:30] AdwCleaner[R18].txt - [1185 octets] - [19/02/2014 17:31:59] AdwCleaner[R19].txt - [1247 octets] - [19/02/2014 22:31:03] AdwCleaner[R20].txt - [1308 octets] - [25/02/2014 00:04:00] AdwCleaner[R21].txt - [1372 octets] - [03/03/2014 14:20:35] AdwCleaner[R22].txt - [1430 octets] - [03/03/2014 17:06:58] AdwCleaner[R23].txt - [1289 octets] - [03/03/2014 19:06:14] AdwCleaner[s6].txt - [1407 octets] - [18/02/2014 05:09:43] ########## EOF - C:\AdwCleaner\AdwCleaner[R23].txt - [1410 octets] ##########
  11. ComboFix 14-03-03.02 - pc 03.03.2014 17:58:17.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4095.1859 [GMT 1:00] ausgeführt von:: c:\users\pc\Desktop\ComboFix.exe AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA} FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1} SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\1392120514.bdinstall.bin c:\programdata\1392120702.bdinstall.bin c:\users\pc\AppData\Roaming\siw_sdk.dll c:\users\pc\AUTORUN.INF c:\users\pc\Scania Black Panther .scs c:\windows\BACKUP.22313961.killproc.exe c:\windows\security\Database\tmp.edb . . ((((((((((((((((((((((( Dateien erstellt von 2014-02-03 bis 2014-03-03 )))))))))))))))))))))))))))))) . . 2014-03-03 17:07 . 2014-03-03 17:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-03 16:14 . 2014-03-03 16:16 -------- d-----w- C:\FRST 2014-02-27 23:54 . 2014-02-27 23:54 -------- d-----w- c:\users\pc\AppData\Local\Skype 2014-02-27 23:54 . 2014-02-27 23:54 -------- d-----w- c:\program files (x86)\Common Files\Skype 2014-02-27 23:54 . 2014-02-27 23:54 -------- d-----r- c:\program files (x86)\Skype 2014-02-26 16:15 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll 2014-02-26 16:15 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll 2014-02-21 16:04 . 2014-02-21 16:04 35368 ----a-w- c:\windows\system32\drivers\oanet.sys 2014-02-19 22:40 . 2014-02-20 12:39 -------- d-----w- c:\programdata\OnlineArmor 2014-02-19 22:40 . 2014-02-19 22:40 -------- d-----w- c:\users\pc\AppData\Roaming\OnlineArmor 2014-02-19 22:39 . 2013-10-11 02:41 62008 ----a-w- c:\windows\SysWow64\drivers\oahlp64.sys 2014-02-19 22:39 . 2013-10-11 02:40 52360 ----a-w- c:\windows\SysWow64\drivers\OAmon.sys 2014-02-19 22:39 . 2013-10-11 02:40 64720 ----a-w- c:\windows\SysWow64\drivers\OADriver.sys 2014-02-19 22:39 . 2014-02-24 16:10 -------- d-----w- c:\program files (x86)\Online Armor 2014-02-19 21:55 . 2014-02-19 21:55 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2014-02-19 21:55 . 2014-02-08 16:18 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2014-02-18 05:16 . 2014-02-18 05:16 -------- d-----w- c:\users\pc\AppData\Local\NVIDIA Corporation 2014-02-18 05:14 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll 2014-02-18 05:14 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll 2014-02-18 05:14 . 2010-05-26 10:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll 2014-02-18 05:14 . 2010-05-26 10:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll 2014-02-18 05:14 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll 2014-02-18 05:14 . 2010-05-26 10:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll 2014-02-18 05:14 . 2013-12-10 02:15 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll 2014-02-18 05:14 . 2013-12-10 02:14 1100248 ----a-w- c:\windows\system32\nvspcap64.dll 2014-02-18 05:14 . 2014-02-19 21:47 -------- d-----w- c:\users\pc\AppData\Local\NVIDIA 2014-02-18 05:13 . 2014-02-19 21:55 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2014-02-18 05:10 . 2014-02-08 18:34 15740232 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2014-02-18 05:10 . 2014-02-08 18:34 14669032 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2014-02-18 05:10 . 2013-12-19 20:33 1884448 ----a-w- c:\windows\system32\nvdispco6433221.dll 2014-02-18 05:10 . 2013-12-19 20:33 1511712 ----a-w- c:\windows\system32\nvdispgenco6433221.dll 2014-02-18 05:10 . 2013-12-05 08:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2014-02-18 05:10 . 2013-12-05 08:42 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll 2014-02-18 05:10 . 2013-12-05 08:42 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2014-02-18 05:10 . 2014-02-08 18:34 2713728 ----a-w- c:\windows\SysWow64\nvapi.dll 2014-02-18 03:40 . 2014-02-18 03:51 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2014-02-18 03:40 . 2014-02-18 03:40 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-02-18 02:44 . 2014-03-03 16:07 -------- d-----w- C:\AdwCleaner 2014-02-15 13:07 . 2014-02-15 13:07 -------- d-----w- c:\users\pc\AppData\Local\HDGraph.com 2014-02-14 21:32 . 2014-02-16 12:27 -------- d-----w- c:\users\pc\AppData\Local\Razer 2014-02-14 21:32 . 2014-02-14 21:32 -------- d-----w- c:\programdata\Razer 2014-02-14 19:57 . 2014-02-14 19:57 -------- d-----w- c:\windows\Migration 2014-02-14 19:53 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll 2014-02-14 19:53 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys 2014-02-14 19:53 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys 2014-02-14 19:53 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll 2014-02-14 19:53 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll 2014-02-14 19:53 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll 2014-02-14 19:53 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll 2014-02-14 18:30 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll 2014-02-14 18:30 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll 2014-02-14 18:30 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2014-02-14 18:30 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-02-13 18:22 . 2012-09-27 11:00 264192 ----a-w- c:\windows\system32\tmffbcpl.dll 2014-02-13 18:22 . 2012-09-27 10:57 41472 ----a-w- c:\windows\system32\tmffbdrv.dll 2014-02-13 18:22 . 2006-05-16 14:07 99840 ----a-w- c:\windows\system32\_IsRes.dll 2014-02-13 18:22 . 2007-04-05 14:37 208304 ----a-w- c:\windows\system32\isrt.dll 2014-02-13 18:22 . 2014-02-13 18:22 -------- d-----w- c:\program files (x86)\Thrustmaster 2014-02-13 18:22 . 2012-09-27 10:59 238592 ----a-w- c:\windows\SysWow64\tmffbcpl.dll 2014-02-13 18:22 . 2012-09-27 10:57 35840 ----a-w- c:\windows\SysWow64\tmffbdrv.dll 2014-02-13 18:22 . 2014-02-13 18:22 -------- d-----w- c:\users\pc\AppData\Roaming\InstallShield 2014-02-12 19:20 . 2014-02-12 19:20 -------- d-----w- c:\program files (x86)\AnVir Task Manager Free 2014-02-12 13:26 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll 2014-02-12 13:26 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-02-12 07:58 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll 2014-02-11 12:08 . 2014-02-11 12:08 -------- d-----w- c:\programdata\Bitdefender 2014-02-11 12:08 . 2014-02-11 12:12 -------- d-----w- c:\program files\Bitdefender 2014-02-05 18:34 . 2014-02-18 05:03 -------- d-----w- c:\users\pc\AppData\Roaming\Panda Security 2014-02-05 18:33 . 2014-02-18 16:44 -------- d-----w- c:\programdata\Panda Security 2014-02-05 18:33 . 2014-02-18 16:44 -------- d-----w- c:\program files (x86)\Panda Security 2014-02-05 16:07 . 2014-02-05 16:07 -------- d-----w- c:\windows\SysWow64\wbem\Logs 2014-02-04 22:40 . 2014-02-05 00:08 -------- d-----w- c:\programdata\G Data 2014-02-04 22:30 . 2011-03-24 14:36 431176 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2014-02-04 22:15 . 2014-02-04 22:15 -------- d-----w- c:\users\pc\AppData\Roaming\ProductData 2014-02-04 22:15 . 2014-02-04 22:24 -------- d-----w- c:\programdata\IObit 2014-02-04 22:15 . 2014-02-25 15:00 -------- d-----w- c:\programdata\ProductData 2014-02-04 22:15 . 2014-02-04 22:15 -------- d-----w- c:\program files (x86)\IObit 2014-02-04 21:52 . 2014-02-04 21:52 -------- d-----w- c:\users\pc\AppData\Roaming\VIPRE 2014-02-04 21:52 . 2014-02-04 21:52 -------- d-----w- c:\users\pc\AppData\Local\VIPRE 2014-02-04 19:09 . 2014-02-04 19:17 -------- d-----w- c:\users\pc\AppData\Roaming\FreeFixer 2014-02-04 19:09 . 2014-02-04 19:15 -------- d-----w- c:\users\pc\AppData\Local\FreeFixer 2014-02-04 19:09 . 2014-02-04 19:17 -------- d-----w- c:\program files\FreeFixer 2014-02-02 22:11 . 2014-02-02 22:11 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-02-02 22:11 . 2014-02-02 22:11 -------- d-----w- c:\program files (x86)\Java . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-16 06:23 . 2013-05-14 23:45 88567024 ----a-w- c:\windows\system32\MRT.exe 2014-02-08 18:34 . 2013-05-14 23:08 61216 ----a-w- c:\windows\system32\OpenCL.dll 2014-02-08 18:34 . 2013-05-14 23:08 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll 2014-02-08 18:34 . 2013-02-25 22:32 3090184 ----a-w- c:\windows\system32\nvapi64.dll 2014-02-08 18:34 . 2009-07-13 21:59 18257576 ----a-w- c:\windows\system32\nvwgf2umx.dll 2014-02-08 17:42 . 2013-05-14 23:08 3498272 ----a-w- c:\windows\system32\nvsvc64.dll 2014-02-08 17:42 . 2013-05-14 23:08 6712608 ----a-w- c:\windows\system32\nvcpl.dll 2014-02-08 17:42 . 2013-05-14 23:08 923936 ----a-w- c:\windows\system32\nvvsvc.exe 2014-02-08 17:42 . 2013-05-14 23:08 63776 ----a-w- c:\windows\system32\nvshext.dll 2014-02-08 17:42 . 2013-05-14 23:08 2559776 ----a-w- c:\windows\system32\nvsvcr.dll 2014-02-08 17:42 . 2013-05-14 23:08 386336 ----a-w- c:\windows\system32\nvmctray.dll 2013-12-12 08:13 . 2013-05-14 14:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-12 08:13 . 2013-05-14 14:29 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-20 22:33 . 2013-06-20 22:33 39789 ----a-w- c:\program files\uninst-mp3gain.exe 2005-01-08 23:58 . 2005-01-08 23:58 131127 ----a-w- c:\program files\mp3gain.exe 2005-01-08 20:45 . 2005-01-08 20:45 630841 ----a-w- c:\program files\MP3GainGUI.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\pc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\pc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\pc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "XFast USB"="c:\program files (x86)\XFast USB\XFastUsb.exe" [2013-05-03 4878912] "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe" [2014-02-19 4330432] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalMachineRun"= 0 (0x0) "DisableLocalMachineRunOnce"= 0 (0x0) "DisableCurrentUserRun"= 0 (0x0) "DisableCurrentUserRunOnce"= 0 (0x0) "NoFile"= 0 (0x0) "HideClock"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . R1 oahlpXX;Online Armor helper driver;c:\windows\syswow64\drivers\oahlp64.sys;c:\windows\syswow64\drivers\oahlp64.sys [x] R2 CGVPNCliService;CyberGhost VPN 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 EncDisk;EncDisk;c:\program files (x86)\TrustPort\DiskProtection\bin\EncDsk.sys;c:\program files (x86)\TrustPort\DiskProtection\bin\EncDsk.sys [x] R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 SvcOnlineArmor;Online Armor;c:\program files (x86)\Online Armor\oasrv.exe;c:\program files (x86)\Online Armor\oasrv.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\5476.tmp;c:\windows\SYSNATIVE\5476.tmp [x] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x] R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys;c:\windows\SYSNATIVE\DRIVERS\Prot6Flt.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x] S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [x] S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [x] S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x] S1 OADevice;OADriver;c:\windows\SysWow64\Drivers\OADriver.sys;c:\windows\SysWow64\Drivers\OADriver.sys [x] S1 OAmon;OAmon;c:\windows\SysWOW64\Drivers\OAmon.sys;c:\windows\SysWOW64\Drivers\OAmon.sys [x] S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys;c:\windows\SYSNATIVE\Drivers\uim_vimx64.sys [x] S2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x] S2 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files (x86)\Comodo\IceDragon\icedragon_updater.exe;c:\program files (x86)\Comodo\IceDragon\icedragon_updater.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 OAcat;Online Armor Helper Service;c:\program files (x86)\Online Armor\OAcat.exe;c:\program files (x86)\Online Armor\OAcat.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x] S3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2014-03-03 c:\windows\Tasks\GlaryInitialize 3.job - c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-07-22 07:32] . 2013-09-22 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2013-07-14 14:51] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}] 2014-02-04 22:15 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\pc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\pc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\pc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\pc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248] "@OnlineArmor GUI"="c:\program files (x86)\Online Armor\oaui.exe" [2013-10-11 7558464] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyServer = http=127.0.0.1:2384;https=127.0.0.1:2384 uInternet Settings,ProxyOverride = <-loopback> TCP: DhcpNameServer = 80.69.102.158 80.69.103.78 FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\nfa3wygd.default-1392699234108\ FF - prefs.js: network.proxy.type - 0 . . ------- Dateityp-Verknüpfung ------- . inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %* txtfile=%SystemRoot%\SysWow64\notepad.exe %1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . SafeBoot-CleanHlp SafeBoot-CleanHlp.sys SafeBoot-BsScanner HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\5476.tmp" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-3217920020-880358770-3282324879-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2014-03-03 18:19:34 ComboFix-quarantined-files.txt 2014-03-03 17:19 . Vor Suchlauf: 12 Verzeichnis(se), 66,071,683,072 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 65,765,662,720 Bytes frei . - - End Of File - - 37C717EAD14DE583169218FA2AC46FF7 A36C5E4F47E84449FF07ED3517B43A31 hier das log danke erstmal für deine mühe
  12. instaliert hab ich nix neues ok ich mach das log eben