| |
| |||||||
Log-Analyse und Auswertung: Trojane/Malware etc. , weißer Monitor nach Start !Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.05.2013, 18:51
| #1 |
 |  Trojane/Malware etc. , weißer Monitor nach Start ! Hallo ! Ich habe hier den PC meines Schwiegervaters. Problem(Bildschirm wird weiß nach start) ist allg. bekannt , allerdings kenne ich mich mit der log-file-Auswertung nicht aus. Zur Analyse wurde frst64.exe verwendet. Ich bitte daher um eure hilfe! Danke im voraus für eure Bemühungen! LG Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-05-2013
Ran by petzi12345 (administrator) on 27-05-2013 19:33:00
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Farbar) f:\FRST64.exe
==================== Registry (Whitelisted) ==================
HKCU\...\Run: [RebateInformer] C:\PROGRA~2\REBATE~1\REBATE~1.EXE /STARTUP [1318912 2012-08-31] (Inbox.com, Inc.)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\petzi12345\AppData\Roaming\skype.dat [118784 2013-05-26] () <==== ATTENTION
MountPoints2: F - F:\.\Autorun.exe AUTORUN=1
MountPoints2: {1b2ae6d9-991a-11df-9685-00269e8489e1} - F:\.\Autorun.exe AUTORUN=1
MountPoints2: {cf827c12-f33a-11df-b836-d60e60ee0497} - F:\.\Autorun.exe AUTORUN=1
MountPoints2: {e71a8a12-990e-11df-9518-00269e8489e1} - F:\.\Autorun.exe AUTORUN=1
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [281768 2010-11-30] (Avira GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [888488 2011-09-08] ({StringFileInfo_CompanyName})
HKLM-x32\...\Run: [InboxToolbar] "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP [1647312 2012-08-28] (Inbox.com, Inc.)
HKLM-x32\...\Run: [SiteRanker] "C:\Program Files (x86)\SiteRanker\SiteRankTray.exe" [320000 2012-08-16] (Crawler, LLC)
HKLM-x32\...\Run: [PCPowerSpeed] "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startup [374880 2013-04-11] (Crawler.com)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
Startup: C:\Users\petzi12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.inbox.com/homepage.aspx?tbid=80195&lng=de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cnnb
URLSearchHook: (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
HKLM SearchScopes: DefaultScope {8D23290D-7CD3-463D-8E0D-266E72770357} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5C58F98A-6704-4793-8078-26936D15D99B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM - {8D23290D-7CD3-463D-8E0D-266E72770357} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
SearchScopes: HKLM - {F5D8DF82-CFB4-46B1-9DEF-144B524A6DC2} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
HKLM-x32 SearchScopes: DefaultScope {8D23290D-7CD3-463D-8E0D-266E72770357} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {5C58F98A-6704-4793-8078-26936D15D99B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 - {8D23290D-7CD3-463D-8E0D-266E72770357} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
SearchScopes: HKLM-x32 - {F5D8DF82-CFB4-46B1-9DEF-144B524A6DC2} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
HKCU SearchScopes: DefaultScope {8D23290D-7CD3-463D-8E0D-266E72770357} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
SearchScopes: HKCU - {5C58F98A-6704-4793-8078-26936D15D99B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - {8D23290D-7CD3-463D-8E0D-266E72770357} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80195&lng=de
SearchScopes: HKCU - {F5D8DF82-CFB4-46B1-9DEF-144B524A6DC2} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: No Name - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~2\SITERA~1\SiteRank.dll (Crawler, LLC)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL (Omega Partners Ltd)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll (Inbox.com, Inc.)
BHO-x32: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - No File
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - No File
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll (Inbox.com, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [20992] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [20992] (Microsoft Corporation)
Winsock: Catalog9 13 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [232448] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [133288] (Avira GmbH)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [133288] (Avira GmbH)
Winsock: Catalog9-x64 13 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [133288] (Avira GmbH)
FireFox:
========
FF ProfilePath: C:\Users\petzi12345\AppData\Roaming\Mozilla\Firefox\Profiles\tck3ywne.default
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://google.at
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: AppGraffiti - C:\Users\petzi12345\AppData\Roaming\Mozilla\Firefox\Profiles\tck3ywne.default\Extensions\AppGraffiti@AppGraffiti.com
FF Extension: No Name - C:\Users\petzi12345\AppData\Roaming\Mozilla\Firefox\Profiles\tck3ywne.default\Extensions\inboxcomtoolbar@inbox.com
FF Extension: No Name - C:\Users\petzi12345\AppData\Roaming\Mozilla\Firefox\Profiles\tck3ywne.default\Extensions\toolbar@ask.com
==================== Services (Whitelisted) =================
S2 24x7HelpSvc; C:\Program Files (x86)\24x7Help\App24x7Svc.exe [394392 2012-09-02] (PCRx.com, LLC)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-05-02] (Avira GmbH)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-06-28] (Avira GmbH)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [428200 2011-06-28] (Avira GmbH)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-22] (IDT, Inc.)
S2 WTGService; C:\Program Files (x86)\3DataManager\WTGService.exe [296400 2009-02-27] ()
S2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]
==================== Drivers (Whitelisted) ====================
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-06-28] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-06-28] (Avira GmbH)
U4 eabfiltr;
S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-05-27 19:32 - 2013-05-27 19:32 - 00000000 ____D C:\FRST
2013-05-26 11:58 - 2013-05-27 19:00 - 00000004 ____A C:\Users\petzi12345\AppData\Roaming\skype.ini
2013-05-26 11:42 - 2013-05-26 11:42 - 00118784 ___RA C:\Users\petzi12345\AppData\Roaming\skype.dat
2013-05-26 11:28 - 2013-05-26 11:28 - 00000332 ____A C:\Windows\PFRO.log
2013-05-25 21:45 - 2013-05-25 21:45 - 00002185 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2013-05-25 21:43 - 2013-05-25 21:43 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-05-24 20:28 - 2013-05-24 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-21 01:57 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-21 01:57 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-21 01:57 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-21 01:57 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-21 01:57 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-21 01:57 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-21 01:57 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-21 01:57 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-21 01:57 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-21 01:57 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-21 01:57 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-21 01:57 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-21 01:57 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-21 01:57 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-21 01:57 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-21 01:57 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-21 01:57 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-21 01:57 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-21 01:57 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-21 01:57 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-15 17:43 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 17:43 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 17:43 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 17:43 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 17:43 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 17:43 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 17:43 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 17:43 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 17:43 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 17:43 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 17:43 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 17:43 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 17:43 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 17:43 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-01 14:15 - 2013-05-25 19:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-04-30 08:28 - 2013-02-15 08:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-30 08:28 - 2013-02-15 08:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-30 08:28 - 2013-02-15 08:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-30 08:28 - 2013-02-15 06:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-30 08:28 - 2013-02-15 06:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-30 08:28 - 2013-02-15 05:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-30 08:27 - 2013-04-12 16:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
==================== One Month Modified Files and Folders =======
2013-05-27 19:32 - 2013-05-27 19:32 - 00000000 ____D C:\FRST
2013-05-27 19:07 - 2009-08-21 21:10 - 00654150 ____A C:\Windows\System32\perfh007.dat
2013-05-27 19:07 - 2009-08-21 21:10 - 00130022 ____A C:\Windows\System32\perfc007.dat
2013-05-27 19:07 - 2009-07-14 07:13 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-27 19:01 - 2013-03-25 14:50 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-27 19:01 - 2011-11-27 18:19 - 01696827 ____A C:\Windows\WindowsUpdate.log
2013-05-27 19:00 - 2013-05-26 11:58 - 00000004 ____A C:\Users\petzi12345\AppData\Roaming\skype.ini
2013-05-27 19:00 - 2009-07-14 06:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-27 19:00 - 2009-07-14 06:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-27 18:53 - 2013-03-05 17:56 - 00006160 ____A C:\Windows\setupact.log
2013-05-27 18:53 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-26 23:05 - 2010-07-27 01:36 - 00000000 ____D C:\ProgramData\Recovery
2013-05-26 22:38 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-26 11:42 - 2013-05-26 11:42 - 00118784 ___RA C:\Users\petzi12345\AppData\Roaming\skype.dat
2013-05-26 11:30 - 2010-07-27 03:01 - 00000000 ____D C:\Users\petzi12345\AppData\Roaming\3DataManager
2013-05-26 11:29 - 2012-09-03 12:53 - 00000000 ____D C:\Program Files (x86)\SiteRanker
2013-05-26 11:29 - 2012-09-03 12:53 - 00000000 ____D C:\Program Files (x86)\RebateInformer
2013-05-26 11:28 - 2013-05-26 11:28 - 00000332 ____A C:\Windows\PFRO.log
2013-05-26 11:28 - 2012-05-04 20:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-25 21:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2013-05-25 21:45 - 2013-05-25 21:45 - 00002185 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2013-05-25 21:45 - 2009-08-21 11:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-25 21:45 - 2009-08-21 11:21 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-05-25 21:44 - 2010-07-27 02:39 - 00000000 ____D C:\Users\petzi12345\AppData\Roaming\hpqlog
2013-05-25 21:43 - 2013-05-25 21:43 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-05-25 21:42 - 2009-07-17 01:15 - 00000000 ____D C:\SwSetup
2013-05-25 19:08 - 2013-05-01 14:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-05-24 20:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-05-24 20:28 - 2013-05-24 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-24 20:06 - 2012-09-03 12:53 - 00000000 ____D C:\Users\petzi12345\AppData\Roaming\PCPowerSpeed
2013-05-21 14:57 - 2009-07-14 06:45 - 00376600 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-21 02:05 - 2010-08-04 00:42 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-07 16:24 - 2012-09-03 12:53 - 00000000 ____D C:\Program Files (x86)\PCPowerSpeed
2013-05-02 02:06 - 2010-09-26 16:21 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
Other Malware:
===========
C:\Users\petzi12345\AppData\Roaming\skype.dat
C:\Users\petzi12345\AppData\Roaming\skype.ini
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-05-2013
Ran by petzi12345 (administrator) on 27-05-2013 19:40:48
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Farbar) f:\FRST64.exe
==================== Registry (Whitelisted) ==================
HKCU\...\Run: [RebateInformer] C:\PROGRA~2\REBATE~1\REBATE~1.EXE /STARTUP [1318912 2012-08-31] (Inbox.com, Inc.)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\petzi12345\AppData\Roaming\skype.dat [118784 2013-05-26] () <==== ATTENTION
MountPoints2: F - F:\.\Autorun.exe AUTORUN=1
MountPoints2: {1b2ae6d9-991a-11df-9685-00269e8489e1} - F:\.\Autorun.exe AUTORUN=1
MountPoints2: {cf827c12-f33a-11df-b836-d60e60ee0497} - F:\.\Autorun.exe AUTORUN=1
MountPoints2: {e71a8a12-990e-11df-9518-00269e8489e1} - F:\.\Autorun.exe AUTORUN=1
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [281768 2010-11-30] (Avira GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [888488 2011-09-08] ({StringFileInfo_CompanyName})
HKLM-x32\...\Run: [InboxToolbar] "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP [1647312 2012-08-28] (Inbox.com, Inc.)
HKLM-x32\...\Run: [SiteRanker] "C:\Program Files (x86)\SiteRanker\SiteRankTray.exe" [320000 2012-08-16] (Crawler, LLC)
HKLM-x32\...\Run: [PCPowerSpeed] "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startup [374880 2013-04-11] (Crawler.com)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
Startup: C:\Users\petzi12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.inbox.com/homepage.aspx?tbid=80195&lng=de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cnnb
URLSearchHook: (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
HKLM SearchScopes: DefaultScope {8D23290D-7CD3-463D-8E0D-266E72770357} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5C58F98A-6704-4793-8078-26936D15D99B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM - {8D23290D-7CD3-463D-8E0D-266E72770357} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
SearchScopes: HKLM - {F5D8DF82-CFB4-46B1-9DEF-144B524A6DC2} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
HKLM-x32 SearchScopes: DefaultScope {8D23290D-7CD3-463D-8E0D-266E72770357} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {5C58F98A-6704-4793-8078-26936D15D99B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 - {8D23290D-7CD3-463D-8E0D-266E72770357} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
SearchScopes: HKLM-x32 - {F5D8DF82-CFB4-46B1-9DEF-144B524A6DC2} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
HKCU SearchScopes: DefaultScope {8D23290D-7CD3-463D-8E0D-266E72770357} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
SearchScopes: HKCU - {5C58F98A-6704-4793-8078-26936D15D99B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - {8D23290D-7CD3-463D-8E0D-266E72770357} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80195&lng=de
SearchScopes: HKCU - {F5D8DF82-CFB4-46B1-9DEF-144B524A6DC2} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: No Name - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~2\SITERA~1\SiteRank.dll (Crawler, LLC)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL (Omega Partners Ltd)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll (Inbox.com, Inc.)
BHO-x32: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - No File
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - No File
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll (Inbox.com, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [20992] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [20992] (Microsoft Corporation)
Winsock: Catalog9 13 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [232448] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [133288] (Avira GmbH)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [133288] (Avira GmbH)
Winsock: Catalog9-x64 13 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [133288] (Avira GmbH)
FireFox:
========
FF ProfilePath: C:\Users\petzi12345\AppData\Roaming\Mozilla\Firefox\Profiles\tck3ywne.default
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://google.at
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: AppGraffiti - C:\Users\petzi12345\AppData\Roaming\Mozilla\Firefox\Profiles\tck3ywne.default\Extensions\AppGraffiti@AppGraffiti.com
FF Extension: No Name - C:\Users\petzi12345\AppData\Roaming\Mozilla\Firefox\Profiles\tck3ywne.default\Extensions\inboxcomtoolbar@inbox.com
FF Extension: No Name - C:\Users\petzi12345\AppData\Roaming\Mozilla\Firefox\Profiles\tck3ywne.default\Extensions\toolbar@ask.com
==================== Services (Whitelisted) =================
S2 24x7HelpSvc; C:\Program Files (x86)\24x7Help\App24x7Svc.exe [394392 2012-09-02] (PCRx.com, LLC)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-05-02] (Avira GmbH)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-06-28] (Avira GmbH)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [428200 2011-06-28] (Avira GmbH)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-22] (IDT, Inc.)
S2 WTGService; C:\Program Files (x86)\3DataManager\WTGService.exe [296400 2009-02-27] ()
S2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]
==================== Drivers (Whitelisted) ====================
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-06-28] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-06-28] (Avira GmbH)
U4 eabfiltr;
S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-05-27 19:32 - 2013-05-27 19:32 - 00000000 ____D C:\FRST
2013-05-26 11:58 - 2013-05-27 19:00 - 00000004 ____A C:\Users\petzi12345\AppData\Roaming\skype.ini
2013-05-26 11:42 - 2013-05-26 11:42 - 00118784 ___RA C:\Users\petzi12345\AppData\Roaming\skype.dat
2013-05-26 11:28 - 2013-05-26 11:28 - 00000332 ____A C:\Windows\PFRO.log
2013-05-25 21:45 - 2013-05-25 21:45 - 00002185 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2013-05-25 21:43 - 2013-05-25 21:43 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-05-24 20:28 - 2013-05-24 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-21 01:57 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-21 01:57 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-21 01:57 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-21 01:57 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-21 01:57 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-21 01:57 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-21 01:57 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-21 01:57 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-21 01:57 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-21 01:57 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-21 01:57 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-21 01:57 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-21 01:57 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-21 01:57 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-21 01:57 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-21 01:57 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-21 01:57 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-21 01:57 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-21 01:57 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-21 01:57 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-21 01:57 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-15 17:43 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 17:43 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 17:43 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 17:43 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 17:43 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 17:43 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 17:43 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 17:43 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 17:43 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 17:43 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 17:43 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 17:43 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 17:43 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 17:43 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-01 14:15 - 2013-05-25 19:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-04-30 08:28 - 2013-02-15 08:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-30 08:28 - 2013-02-15 08:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-30 08:28 - 2013-02-15 08:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-30 08:28 - 2013-02-15 06:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-30 08:28 - 2013-02-15 06:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-30 08:28 - 2013-02-15 05:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-30 08:27 - 2013-04-12 16:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
==================== One Month Modified Files and Folders =======
2013-05-27 19:32 - 2013-05-27 19:32 - 00000000 ____D C:\FRST
2013-05-27 19:07 - 2009-08-21 21:10 - 00654150 ____A C:\Windows\System32\perfh007.dat
2013-05-27 19:07 - 2009-08-21 21:10 - 00130022 ____A C:\Windows\System32\perfc007.dat
2013-05-27 19:07 - 2009-07-14 07:13 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-27 19:01 - 2013-03-25 14:50 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-27 19:01 - 2011-11-27 18:19 - 01696827 ____A C:\Windows\WindowsUpdate.log
2013-05-27 19:00 - 2013-05-26 11:58 - 00000004 ____A C:\Users\petzi12345\AppData\Roaming\skype.ini
2013-05-27 19:00 - 2009-07-14 06:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-27 19:00 - 2009-07-14 06:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-27 18:53 - 2013-03-05 17:56 - 00006160 ____A C:\Windows\setupact.log
2013-05-27 18:53 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-26 23:05 - 2010-07-27 01:36 - 00000000 ____D C:\ProgramData\Recovery
2013-05-26 22:38 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-26 11:42 - 2013-05-26 11:42 - 00118784 ___RA C:\Users\petzi12345\AppData\Roaming\skype.dat
2013-05-26 11:30 - 2010-07-27 03:01 - 00000000 ____D C:\Users\petzi12345\AppData\Roaming\3DataManager
2013-05-26 11:29 - 2012-09-03 12:53 - 00000000 ____D C:\Program Files (x86)\SiteRanker
2013-05-26 11:29 - 2012-09-03 12:53 - 00000000 ____D C:\Program Files (x86)\RebateInformer
2013-05-26 11:28 - 2013-05-26 11:28 - 00000332 ____A C:\Windows\PFRO.log
2013-05-26 11:28 - 2012-05-04 20:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-25 21:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2013-05-25 21:45 - 2013-05-25 21:45 - 00002185 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2013-05-25 21:45 - 2009-08-21 11:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-25 21:45 - 2009-08-21 11:21 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-05-25 21:44 - 2010-07-27 02:39 - 00000000 ____D C:\Users\petzi12345\AppData\Roaming\hpqlog
2013-05-25 21:43 - 2013-05-25 21:43 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-05-25 21:42 - 2009-07-17 01:15 - 00000000 ____D C:\SwSetup
2013-05-25 19:08 - 2013-05-01 14:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-05-24 20:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-05-24 20:28 - 2013-05-24 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-24 20:06 - 2012-09-03 12:53 - 00000000 ____D C:\Users\petzi12345\AppData\Roaming\PCPowerSpeed
2013-05-21 14:57 - 2009-07-14 06:45 - 00376600 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-21 02:05 - 2010-08-04 00:42 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-07 16:24 - 2012-09-03 12:53 - 00000000 ____D C:\Program Files (x86)\PCPowerSpeed
2013-05-02 02:06 - 2010-09-26 16:21 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
Other Malware:
===========
C:\Users\petzi12345\AppData\Roaming\skype.dat
C:\Users\petzi12345\AppData\Roaming\skype.ini
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Last Boot: 2013-05-24 20:43
==================== End Of Log ============================
|
| Themen zu Trojane/Malware etc. , weißer Monitor nach Start ! |
| administrator, adobe, antivir, avg, avira, avira searchfree toolbar, bildschirm, desktop, explorer, farbar, farbar recovery scan tool, flash player, frst.txt, frst64.exe, helper, home, installation, malware, monitor, mozilla, pdf, plug-in, registry, scan, services.exe, software, svchost.exe, symantec, system, winlogon.exe |
Baum-Darstellung