|
Plagegeister aller Art und deren Bekämpfung: Avazutracking VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.06.2013, 15:14 | #1 | ||||
| Avazutracking Virus Hallo Scheinbar habe ich mir den avazutracking virus eingefangen. In unregelmäßigen abständen öffnet sich in meinem Browser ein Tab das mich auf irgendeine Seite weiterleiten will. Könnt ihr mir helfen das wieder los zu werden? Ich habe defogger, OTL und GMER bereits laufen lassen. Bei defogger bin ich mir nicht sicher ob das alles richtig lief. Defogger: Zitat:
OTL: Zitat:
Extras: Zitat:
Zitat:
|
20.06.2013, 15:20 | #2 |
/// the machine /// TB-Ausbilder | Avazutracking Virus Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
20.06.2013, 15:33 | #3 |
| Avazutracking Virus Servus Schrauber vielen Dank für die prompte Antwort
__________________Hier ist das FRST-Log: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-06-2013 Ran by Benedikt (administrator) on 20-06-2013 16:28:30 Running from C:\Users\Benedikt\Downloads Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe () C:\Windows\system32\PnkBstrA.exe (Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Eastman Kodak Company) C:\Program Files\Kodak\KODAK Share Button App\Listener.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Mozilla Corporation) C:\Program Files\firefox.exe (Mozilla Corporation) C:\Program Files\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" [74752 2012-06-20] (Nullsoft, Inc.) HKLM\...\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [356376 2012-11-16] (Kaspersky Lab ZAO) HKLM\...\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide [204136 2012-09-13] (Logitech Inc.) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC) HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] () HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.) HKCU\...\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-10-11] (Eastman Kodak Company) MountPoints2: J - J:\KODAK_Camera_Setup_App.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.retterspitz.de/willkommen HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com SearchScopes: HKCU - {92FA829A-F713-49B9-9CA8-408037C9FEC4} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=61BB70DF-B34A-48DB-822F-94894E9CF5B4&apn_sauid=15E67E30-34D9-4FD7-B155-A86E70D5D055 BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\2sthi553.default-1370976688492 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\2sthi553.default-1370976688492\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi ========================== Services (Whitelisted) ================= R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2012-11-16] (Kaspersky Lab ZAO) R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1435984 2013-05-15] (LogMeIn Inc.) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-04-08] () R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.) ==================== Drivers (Whitelisted) ==================== S1 2070810drv; C:\Windows\System32\DRIVERS\2070810drv.sys [489048 2012-10-31] (Kaspersky Lab) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [594528 2013-04-24] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-10-31] (Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-10-31] (Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-06-19] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-04-24] (Kaspersky Lab ZAO) U3 kxdyyaog; \??\C:\Users\Benedikt\AppData\Local\Temp\kxdyyaog.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-20 16:28 - 2013-06-20 16:28 - 00000000 ____D C:\FRST 2013-06-20 16:27 - 2013-06-20 16:28 - 01368263 ____A (Farbar) C:\Users\Benedikt\Downloads\FRST.exe 2013-06-20 16:00 - 2013-06-20 16:00 - 00017348 ____A C:\Users\Benedikt\Desktop\GMER Log.log 2013-06-20 14:46 - 2013-06-20 14:46 - 00069112 ____A C:\Users\Benedikt\Desktop\Extras.Txt 2013-06-20 14:41 - 2013-06-20 14:41 - 00377856 ____A C:\Users\Benedikt\Desktop\gmer_2.1.19163.exe 2013-06-20 14:40 - 2013-06-20 14:40 - 00069112 ____A C:\Users\Benedikt\Downloads\Extras.Txt 2013-06-20 14:40 - 2013-06-20 14:40 - 00065940 ____A C:\Users\Benedikt\Desktop\OTL.Txt 2013-06-20 14:39 - 2013-06-20 14:40 - 00065940 ____A C:\Users\Benedikt\Downloads\OTL.Txt 2013-06-20 14:29 - 2013-06-20 14:42 - 00000478 ____A C:\Users\Benedikt\Desktop\defogger_disable.log 2013-06-20 14:29 - 2013-06-20 14:29 - 00000000 ____A C:\Users\Benedikt\defogger_reenable 2013-06-20 14:26 - 2013-06-20 14:26 - 00602112 ____A (OldTimer Tools) C:\Users\Benedikt\Downloads\OTL.exe 2013-06-20 14:26 - 2013-06-20 14:26 - 00050477 ____A C:\Users\Benedikt\Desktop\Defogger.exe 2013-06-16 13:45 - 2013-06-16 13:45 - 00000000 ____D C:\Users\Benedikt\AppData\Roaming\Fatshark 2013-06-13 01:43 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-13 01:43 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-13 01:43 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-13 01:43 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-13 01:43 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-13 01:43 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-13 01:40 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-13 01:40 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-13 01:40 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-13 01:40 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-13 01:40 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-13 01:40 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-13 01:40 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-13 01:40 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-13 01:40 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-13 01:40 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-12 22:26 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 22:26 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 22:26 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 22:26 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 22:26 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 22:26 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 22:26 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 22:26 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-06-12 22:26 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-06-12 22:26 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 22:26 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-12 22:26 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-05-23 02:38 - 2013-05-23 02:38 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-05-23 02:38 - 2013-05-23 02:38 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-05-23 02:38 - 2013-05-23 02:38 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-05-23 02:38 - 2013-05-23 02:38 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-05-23 02:36 - 2013-05-23 02:41 - 00009721 ____A C:\Windows\IE10_main.log 2013-05-22 17:32 - 2013-05-22 17:32 - 00000000 ____D C:\Program Files\LogMeIn Hamachi 2013-05-22 17:32 - 2009-03-18 18:35 - 00026176 ___AH (LogMeIn, Inc.) C:\Windows\System32\hamachi.sys ==================== One Month Modified Files and Folders ======== 2013-06-20 16:28 - 2013-06-20 16:28 - 00000000 ____D C:\FRST 2013-06-20 16:28 - 2013-06-20 16:27 - 01368263 ____A (Farbar) C:\Users\Benedikt\Downloads\FRST.exe 2013-06-20 16:21 - 2012-10-30 23:45 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-06-20 16:02 - 2012-10-30 22:11 - 01738471 ____A C:\Windows\WindowsUpdate.log 2013-06-20 16:00 - 2013-06-20 16:00 - 00017348 ____A C:\Users\Benedikt\Desktop\GMER Log.log 2013-06-20 15:59 - 2012-10-30 23:17 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-20 14:46 - 2013-06-20 14:46 - 00069112 ____A C:\Users\Benedikt\Desktop\Extras.Txt 2013-06-20 14:42 - 2013-06-20 14:29 - 00000478 ____A C:\Users\Benedikt\Desktop\defogger_disable.log 2013-06-20 14:41 - 2013-06-20 14:41 - 00377856 ____A C:\Users\Benedikt\Desktop\gmer_2.1.19163.exe 2013-06-20 14:40 - 2013-06-20 14:40 - 00069112 ____A C:\Users\Benedikt\Downloads\Extras.Txt 2013-06-20 14:40 - 2013-06-20 14:40 - 00065940 ____A C:\Users\Benedikt\Desktop\OTL.Txt 2013-06-20 14:40 - 2013-06-20 14:39 - 00065940 ____A C:\Users\Benedikt\Downloads\OTL.Txt 2013-06-20 14:29 - 2013-06-20 14:29 - 00000000 ____A C:\Users\Benedikt\defogger_reenable 2013-06-20 14:29 - 2012-10-30 22:22 - 00000000 ____D C:\users\Benedikt 2013-06-20 14:26 - 2013-06-20 14:26 - 00602112 ____A (OldTimer Tools) C:\Users\Benedikt\Downloads\OTL.exe 2013-06-20 14:26 - 2013-06-20 14:26 - 00050477 ____A C:\Users\Benedikt\Desktop\Defogger.exe 2013-06-20 14:17 - 2013-05-13 23:17 - 00000000 ____D C:\Users\Benedikt\AppData\Local\LogMeIn Hamachi 2013-06-20 12:43 - 2009-07-14 06:34 - 00025680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-20 12:43 - 2009-07-14 06:34 - 00025680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-20 12:35 - 2012-11-18 04:41 - 00000000 ____D C:\ProgramData\NVIDIA 2013-06-20 12:35 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-20 12:35 - 2009-07-14 06:39 - 00136026 ____A C:\Windows\setupact.log 2013-06-20 02:24 - 2012-10-31 00:09 - 00000000 ____D C:\Program Files\Steam 2013-06-20 02:24 - 2012-10-30 22:38 - 00000000 ____D C:\Users\Benedikt\AppData\Roaming\Skype 2013-06-19 16:03 - 2012-10-31 00:44 - 00000000 ____D C:\Users\Benedikt\AppData\Roaming\Winamp 2013-06-19 14:01 - 2012-06-08 12:38 - 00044000 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kltdi.sys 2013-06-16 13:45 - 2013-06-16 13:45 - 00000000 ____D C:\Users\Benedikt\AppData\Roaming\Fatshark 2013-06-14 21:50 - 2013-03-04 17:57 - 00000000 ____D C:\Program Files\War Thunder 2013-06-14 02:00 - 2010-11-20 23:01 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-13 19:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache 2013-06-13 12:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE 2013-06-13 01:41 - 2012-12-23 13:57 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-12 19:59 - 2012-10-30 23:17 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-06-12 19:59 - 2012-10-30 23:17 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-06-08 15:31 - 2012-10-30 22:44 - 00000000 ____D C:\Program Files\Common Files\Steam 2013-06-08 13:42 - 2013-06-13 01:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 13:40 - 2013-06-13 01:43 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 13:40 - 2013-06-13 01:43 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 13:40 - 2013-06-13 01:43 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 13:40 - 2013-06-13 01:43 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 13:13 - 2013-06-13 01:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-07 23:49 - 2013-04-08 21:45 - 00280792 ____A C:\Windows\System32\PnkBstrB.xtr 2013-06-07 23:49 - 2013-04-08 21:43 - 00139112 ____A C:\Windows\System32\Drivers\PnkBstrK.sys 2013-06-07 23:49 - 2013-04-08 21:42 - 00280792 ____A C:\Windows\System32\PnkBstrB.exe 2013-06-07 23:47 - 2013-04-08 21:42 - 00280856 ____A C:\Windows\System32\PnkBstrB.ex0 2013-06-07 12:45 - 2009-07-14 06:53 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-05 21:49 - 2013-03-23 15:29 - 00000000 ____D C:\Users\Benedikt\AppData\Local\Spotify 2013-06-05 21:35 - 2013-03-23 15:28 - 00000000 ____D C:\Users\Benedikt\AppData\Roaming\Spotify 2013-05-27 23:14 - 2013-03-04 17:57 - 00000000 ____D C:\Users\Benedikt\Documents\My Games 2013-05-27 13:55 - 2012-11-29 21:36 - 00000000 ____D C:\ProgramData\Skype 2013-05-23 02:41 - 2013-05-23 02:36 - 00009721 ____A C:\Windows\IE10_main.log 2013-05-23 02:38 - 2013-05-23 02:38 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-05-23 02:38 - 2013-05-23 02:38 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-05-23 02:38 - 2013-05-23 02:38 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-05-23 02:38 - 2013-05-23 02:38 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-05-23 02:38 - 2013-05-23 02:38 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-05-22 17:32 - 2013-05-22 17:32 - 00000000 ____D C:\Program Files\LogMeIn Hamachi ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-13 19:00 ==================== End Of Log ============================ --- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-06-2013 Ran by Benedikt at 2013-06-20 16:29:08 Run: Running from C:\Users\Benedikt\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= AC3Filter 2.6.0b (Version: 2.6.0b) Adobe AIR (Version: 3.5.0.600) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03) Amazon MP3-Downloader 1.0.17 (Version: 1.0.17) Cambridge Grammar of English CameraHelperMsi (Version: 13.51.815.0) Citavi (Version: 3.3.0.0) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DivX Setup (Version: 2.6.1.41) erLT (Version: 1.20.138.34) Java 7 Update 21 (Version: 7.0.210) Java Auto Updater (Version: 2.1.9.5) Kaspersky Anti-Virus 2013 (Version: 13.0.1.4190) KODAK Share-Tastenanwendung (Version: 4.05.0000.0000) Logitech Webcam-Software (Version: 2.51) LogMeIn Hamachi (Version: 2.1.0.362) LWS Facebook (Version: 13.50.854.0) LWS Gallery (Version: 13.51.827.0) LWS Help_main (Version: 13.51.828.0) LWS Launcher (Version: 13.51.828.0) LWS Motion Detection (Version: 13.51.815.0) LWS Pictures And Video (Version: 13.51.815.0) LWS Twitter (Version: 13.30.1346.0) LWS Webcam Software (Version: 13.51.815.0) LWS WLM Plugin (Version: 1.30.1201.0) LWS YouTube Plugin (Version: 13.31.1038.0) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (Version: 11.0.51106.1) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106) Mozilla Firefox 18.0.2 (x86 de) (Version: 18.0.2) Mozilla Maintenance Service (Version: 18.0.2) NVIDIA 3D Vision Controller-Treiber 314.22 (Version: 314.22) NVIDIA 3D Vision Treiber 314.22 (Version: 314.22) NVIDIA Grafiktreiber 314.22 (Version: 314.22) NVIDIA Install Application (Version: 2.1002.115.743) NVIDIA PhysX (Version: 9.12.1031) NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031) NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1422) NVIDIA Systemsteuerung 314.22 (Version: 314.22) NVIDIA Update 1.12.12 (Version: 1.12.12) NVIDIA Update Components (Version: 1.12.12) PunkBuster Services (Version: 0.992) Rising Storm Beta Rising Storm/Red Orchestra 2 Multiplayer Skype™ 6.3 (Version: 6.3.107) Spotify (Version: 0.9.0.133.gd18ed589) Steam (Version: 1.0.0.0) System Shock 2 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) War of the Roses: Kingmaker War Thunder Launcher 1.0.1.164 Wargame: AirLand Battle Winamp (Version: 5.63 ) Winamp Erkennungs-Plug-in (Version: 1.0.0.1) Windows-Treiberpaket - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (Version: 01/29/2010 1.4.1.0) WinRAR 4.20 (32-Bit) (Version: 4.20.0) World of Tanks ==================== Restore Points ========================= 12-06-2013 23:40:03 Windows Update 16-06-2013 11:43:57 DirectX wurde installiert 18-06-2013 10:51:40 Windows Update ==================== Scheduled Tasks (whitelisted) ============= Task: {00C8E031-7145-4142-931B-37473E1EC10A} - System32\Tasks\WPD\SqmUpload_S-1-5-21-459463795-2216133518-3428011660-1001 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {3D29E1BD-7D91-4AD7-8FD1-9766DD45BE1B} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files\Kodak\KODAK Share Button App\Listener.exe [2012-10-11] (Eastman Kodak Company) Task: {58384151-70DC-4788-827D-139E3D92EAB9} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {858D2C5C-8572-4590-842B-469077F8DE22} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated) Task: {DA9ED933-FA95-450F-BE76-B7EF66430841} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation) ==================== Faulty Device Manager Devices ============= Name: H:\ Description: USB SM Reader Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: G:\ Description: USB CF Reader Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: I:\ Description: USB MS Reader Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: F:\ Description: USB SD Reader Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (06/20/2013 02:45:13 PM) (Source: Application Hang) (User: ) Description: Programm gmer_2.1.19163.exe, Version 2.1.19163.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: cbc Startzeit: 01ce6db3efb8e8fb Endzeit: 16 Anwendungspfad: C:\Users\Benedikt\Downloads\gmer_2.1.19163.exe Berichts-ID: 37aea3fd-d9a7-11e2-b838-0015587603e4 Error: (06/20/2013 00:37:29 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2013 01:45:14 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/18/2013 08:46:36 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/18/2013 00:48:13 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/17/2013 07:50:41 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/17/2013 00:27:26 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/16/2013 01:43:56 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {9984c96c-b464-409e-9d4e-7bbb4ec00627} Error: (06/16/2013 00:53:48 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/15/2013 01:33:46 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (06/20/2013 00:37:55 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (06/20/2013 00:37:55 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (06/20/2013 00:35:54 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 2070810drv Error: (06/19/2013 01:45:37 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (06/19/2013 01:45:37 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (06/19/2013 01:43:36 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 2070810drv Error: (06/18/2013 08:46:57 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (06/18/2013 08:46:57 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (06/18/2013 08:44:56 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 2070810drv Error: (06/18/2013 00:48:37 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Microsoft Office Sessions: ========================= Error: (06/20/2013 02:45:13 PM) (Source: Application Hang)(User: ) Description: gmer_2.1.19163.exe2.1.19163.0cbc01ce6db3efb8e8fb16C:\Users\Benedikt\Downloads\gmer_2.1.19163.exe37aea3fd-d9a7-11e2-b838-0015587603e4 Error: (06/20/2013 00:37:29 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2013 01:45:14 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/18/2013 08:46:36 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/18/2013 00:48:13 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/17/2013 07:50:41 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/17/2013 00:27:26 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/16/2013 01:43:56 PM) (Source: VSS)(User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {9984c96c-b464-409e-9d4e-7bbb4ec00627} Error: (06/16/2013 00:53:48 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/15/2013 01:33:46 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-06-19 17:16:59.397 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-19 17:16:59.397 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-19 17:16:59.381 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-19 17:16:59.381 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-19 17:16:59.366 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-19 17:16:59.366 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-19 17:16:59.319 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-19 17:16:59.319 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-19 17:16:59.288 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-19 17:16:59.288 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 45% Total physical RAM: 3326.49 MB Available physical RAM: 1827.89 MB Total Pagefile: 6651.27 MB Available Pagefile: 4937.4 MB Total Virtual: 2499.88 MB Available Virtual: 2355.63 MB ==================== Drives ================================ Drive c: (Aquado) (Fixed) (Total:232.88 GB) (Free:36.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 896E9190) Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
20.06.2013, 18:10 | #4 |
/// the machine /// TB-Ausbilder | Avazutracking Virus Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST Log. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
20.06.2013, 21:00 | #5 |
| Avazutracking Virus So ich habe mal alles durchlaufen lassen der AdwCleaner Code:
ATTFilter # AdwCleaner v2.303 - Datei am 20/06/2013 um 19:16:56 erstellt # Aktualisiert am 08/06/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzer : Benedikt - PC-BENEDIKT # Bootmodus : Normal # Ausgeführt unter : C:\Users\Benedikt\Downloads\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\ProgramData\Ask Ordner Gefunden : C:\Users\Benedikt\AppData\LocalLow\boost_interprocess Ordner Gefunden : C:\Users\Benedikt\AppData\Roaming\OpenCandy Ordner Gefunden : C:\Users\Benedikt\AppData\Roaming\pdfforge ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\Conduit ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v18.0.2 (de) Datei : C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\2sthi553.default-1370976688492\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R2].txt - [1032 octets] - [20/06/2013 19:16:56] AdwCleaner[S1].txt - [4211 octets] - [30/07/2012 15:56:13] ########## EOF - C:\AdwCleaner[R2].txt - [1152 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Professional x86 Ran by Benedikt on 20.06.2013 at 19:20:42,63 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{92FA829A-F713-49B9-9CA8-408037C9FEC4} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Benedikt\AppData\Roaming\opencandy" Successfully deleted: [Folder] "C:\Users\Benedikt\AppData\Roaming\pdfforge" Successfully deleted: [Folder] "C:\Users\Benedikt\appdata\locallow\boost_interprocess" Successfully deleted: [Folder] "C:\ProgramData\ask" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 20.06.2013 at 19:22:33,66 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=319d80cf85bd9b4bbd1126e6b203de74 # engine=14115 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-06-20 07:53:40 # local_time=2013-06-20 09:53:40 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 9582 123389211 0 0 # scanned=163384 # found=2 # cleaned=0 # scan_time=8675 sh=1CF2BFC9ABCC4DBC0EECFC8E7D886568A4FAD11B ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OCD trojan" ac=I fn="C:\Users\Benedikt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\65619ae7-157172cd" sh=8AF55DC32DD64D199196C0440E7D6B3428A40CF8 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OCF trojan" ac=I fn="C:\Users\Benedikt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\ec770f0-3eb3750e" Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED! FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-06-2013 Ran by Benedikt (administrator) on 20-06-2013 22:09:10 Running from C:\Users\Benedikt\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe () C:\Windows\system32\PnkBstrA.exe (Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Eastman Kodak Company) C:\Program Files\Kodak\KODAK Share Button App\Listener.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Mozilla Corporation) C:\Program Files\firefox.exe (Mozilla Corporation) C:\Program Files\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" [74752 2012-06-20] (Nullsoft, Inc.) HKLM\...\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [356376 2012-11-16] (Kaspersky Lab ZAO) HKLM\...\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide [204136 2012-09-13] (Logitech Inc.) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC) HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] () HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.) HKCU\...\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-10-11] (Eastman Kodak Company) HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 MountPoints2: J - J:\KODAK_Camera_Setup_App.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.retterspitz.de/willkommen HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\2sthi553.default-1370976688492 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\2sthi553.default-1370976688492\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi ========================== Services (Whitelisted) ================= R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2012-11-16] (Kaspersky Lab ZAO) R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1435984 2013-05-15] (LogMeIn Inc.) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-04-08] () R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.) ==================== Drivers (Whitelisted) ==================== S1 2070810drv; C:\Windows\System32\DRIVERS\2070810drv.sys [489048 2012-10-31] (Kaspersky Lab) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [594528 2013-04-24] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-10-31] (Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-10-31] (Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-06-19] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-04-24] (Kaspersky Lab ZAO) U3 kxdyyaog; \??\C:\Users\Benedikt\AppData\Local\Temp\kxdyyaog.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-20 22:02 - 2013-06-20 22:02 - 00890839 ____A C:\Users\Benedikt\Downloads\SecurityCheck.exe 2013-06-20 21:57 - 2013-06-20 21:57 - 00890839 ____A C:\Users\Benedikt\Desktop\SecurityCheck.exe 2013-06-20 21:56 - 2013-06-20 21:56 - 00000000 ____A C:\cookies.sqlite 2013-06-20 19:25 - 2013-06-20 19:25 - 02347384 ____A (ESET) C:\Users\Benedikt\Downloads\esetsmartinstaller_enu.exe 2013-06-20 19:20 - 2013-06-20 19:20 - 00000000 ____D C:\Windows\ERUNT 2013-06-20 19:20 - 2013-06-20 19:20 - 00000000 ____D C:\JRT 2013-06-20 19:18 - 2013-06-20 19:19 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Benedikt\Desktop\JRT.exe 2013-06-20 19:16 - 2013-06-20 19:17 - 00001221 ____A C:\AdwCleaner[R2].txt 2013-06-20 19:13 - 2013-06-20 19:13 - 00648201 ____A C:\Users\Benedikt\Desktop\adwcleaner.exe 2013-06-20 16:30 - 2013-06-20 16:30 - 00025718 ____A C:\Users\Benedikt\Downloads\FRST.txt 2013-06-20 16:29 - 2013-06-20 16:30 - 00020620 ____A C:\Users\Benedikt\Downloads\Addition.txt 2013-06-20 16:28 - 2013-06-20 16:28 - 00000000 ____D C:\FRST 2013-06-20 16:27 - 2013-06-20 16:28 - 01368263 ____A (Farbar) C:\Users\Benedikt\Desktop\FRST.exe 2013-06-20 14:41 - 2013-06-20 14:41 - 00377856 ____A C:\Users\Benedikt\Desktop\gmer_2.1.19163.exe 2013-06-20 14:40 - 2013-06-20 14:40 - 00069112 ____A C:\Users\Benedikt\Downloads\Extras.Txt 2013-06-20 14:39 - 2013-06-20 14:40 - 00065940 ____A C:\Users\Benedikt\Downloads\OTL.Txt 2013-06-20 14:29 - 2013-06-20 14:29 - 00000000 ____A C:\Users\Benedikt\defogger_reenable 2013-06-20 14:26 - 2013-06-20 14:26 - 00602112 ____A (OldTimer Tools) C:\Users\Benedikt\Desktop\OTL.exe 2013-06-20 14:26 - 2013-06-20 14:26 - 00050477 ____A C:\Users\Benedikt\Desktop\Defogger.exe 2013-06-16 13:45 - 2013-06-16 13:45 - 00000000 ____D C:\Users\Benedikt\AppData\Roaming\Fatshark 2013-06-13 01:43 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-13 01:43 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-13 01:43 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-13 01:43 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-13 01:43 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-13 01:43 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-13 01:40 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-13 01:40 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-13 01:40 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-13 01:40 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-13 01:40 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-13 01:40 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-13 01:40 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-13 01:40 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-13 01:40 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-13 01:40 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-12 22:26 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 22:26 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 22:26 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 22:26 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 22:26 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 22:26 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 22:26 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 22:26 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-06-12 22:26 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-06-12 22:26 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 22:26 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-12 22:26 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-05-23 02:38 - 2013-05-23 02:38 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-05-23 02:38 - 2013-05-23 02:38 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-05-23 02:38 - 2013-05-23 02:38 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-05-23 02:38 - 2013-05-23 02:38 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-05-23 02:36 - 2013-05-23 02:41 - 00009721 ____A C:\Windows\IE10_main.log 2013-05-22 17:32 - 2013-05-22 17:32 - 00000000 ____D C:\Program Files\LogMeIn Hamachi 2013-05-22 17:32 - 2009-03-18 18:35 - 00026176 ___AH (LogMeIn, Inc.) C:\Windows\System32\hamachi.sys ==================== One Month Modified Files and Folders ======== 2013-06-20 22:02 - 2013-06-20 22:02 - 00890839 ____A C:\Users\Benedikt\Downloads\SecurityCheck.exe 2013-06-20 21:59 - 2012-10-30 23:17 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-20 21:57 - 2013-06-20 21:57 - 00890839 ____A C:\Users\Benedikt\Desktop\SecurityCheck.exe 2013-06-20 21:57 - 2012-10-30 22:38 - 00000000 ____D C:\Users\Benedikt\AppData\Roaming\Skype 2013-06-20 21:56 - 2013-06-20 21:56 - 00000000 ____A C:\cookies.sqlite 2013-06-20 21:56 - 2012-10-30 23:45 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-06-20 20:48 - 2012-10-30 22:11 - 01738794 ____A C:\Windows\WindowsUpdate.log 2013-06-20 19:25 - 2013-06-20 19:25 - 02347384 ____A (ESET) C:\Users\Benedikt\Downloads\esetsmartinstaller_enu.exe 2013-06-20 19:20 - 2013-06-20 19:20 - 00000000 ____D C:\Windows\ERUNT 2013-06-20 19:20 - 2013-06-20 19:20 - 00000000 ____D C:\JRT 2013-06-20 19:19 - 2013-06-20 19:18 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Benedikt\Desktop\JRT.exe 2013-06-20 19:17 - 2013-06-20 19:16 - 00001221 ____A C:\AdwCleaner[R2].txt 2013-06-20 19:15 - 2012-10-31 00:09 - 00000000 ____D C:\Program Files\Steam 2013-06-20 19:13 - 2013-06-20 19:13 - 00648201 ____A C:\Users\Benedikt\Desktop\adwcleaner.exe 2013-06-20 16:33 - 2009-07-14 06:34 - 00025680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-20 16:33 - 2009-07-14 06:34 - 00025680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-20 16:30 - 2013-06-20 16:30 - 00025718 ____A C:\Users\Benedikt\Downloads\FRST.txt 2013-06-20 16:30 - 2013-06-20 16:29 - 00020620 ____A C:\Users\Benedikt\Downloads\Addition.txt 2013-06-20 16:28 - 2013-06-20 16:28 - 00000000 ____D C:\FRST 2013-06-20 16:28 - 2013-06-20 16:27 - 01368263 ____A (Farbar) C:\Users\Benedikt\Desktop\FRST.exe 2013-06-20 14:41 - 2013-06-20 14:41 - 00377856 ____A C:\Users\Benedikt\Desktop\gmer_2.1.19163.exe 2013-06-20 14:40 - 2013-06-20 14:40 - 00069112 ____A C:\Users\Benedikt\Downloads\Extras.Txt 2013-06-20 14:40 - 2013-06-20 14:39 - 00065940 ____A C:\Users\Benedikt\Downloads\OTL.Txt 2013-06-20 14:29 - 2013-06-20 14:29 - 00000000 ____A C:\Users\Benedikt\defogger_reenable 2013-06-20 14:29 - 2012-10-30 22:22 - 00000000 ____D C:\users\Benedikt 2013-06-20 14:26 - 2013-06-20 14:26 - 00602112 ____A (OldTimer Tools) C:\Users\Benedikt\Desktop\OTL.exe 2013-06-20 14:26 - 2013-06-20 14:26 - 00050477 ____A C:\Users\Benedikt\Desktop\Defogger.exe 2013-06-20 14:17 - 2013-05-13 23:17 - 00000000 ____D C:\Users\Benedikt\AppData\Local\LogMeIn Hamachi 2013-06-20 12:35 - 2012-11-18 04:41 - 00000000 ____D C:\ProgramData\NVIDIA 2013-06-20 12:35 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-20 12:35 - 2009-07-14 06:39 - 00136026 ____A C:\Windows\setupact.log 2013-06-19 16:03 - 2012-10-31 00:44 - 00000000 ____D C:\Users\Benedikt\AppData\Roaming\Winamp 2013-06-19 14:01 - 2012-06-08 12:38 - 00044000 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kltdi.sys 2013-06-16 13:45 - 2013-06-16 13:45 - 00000000 ____D C:\Users\Benedikt\AppData\Roaming\Fatshark 2013-06-14 21:50 - 2013-03-04 17:57 - 00000000 ____D C:\Program Files\War Thunder 2013-06-14 02:00 - 2010-11-20 23:01 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-13 19:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache 2013-06-13 12:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE 2013-06-13 01:41 - 2012-12-23 13:57 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-12 19:59 - 2012-10-30 23:17 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-06-12 19:59 - 2012-10-30 23:17 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-06-08 15:31 - 2012-10-30 22:44 - 00000000 ____D C:\Program Files\Common Files\Steam 2013-06-08 13:42 - 2013-06-13 01:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 13:40 - 2013-06-13 01:43 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 13:40 - 2013-06-13 01:43 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 13:40 - 2013-06-13 01:43 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 13:40 - 2013-06-13 01:43 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 13:13 - 2013-06-13 01:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-07 23:49 - 2013-04-08 21:45 - 00280792 ____A C:\Windows\System32\PnkBstrB.xtr 2013-06-07 23:49 - 2013-04-08 21:43 - 00139112 ____A C:\Windows\System32\Drivers\PnkBstrK.sys 2013-06-07 23:49 - 2013-04-08 21:42 - 00280792 ____A C:\Windows\System32\PnkBstrB.exe 2013-06-07 23:47 - 2013-04-08 21:42 - 00280856 ____A C:\Windows\System32\PnkBstrB.ex0 2013-06-07 12:45 - 2009-07-14 06:53 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-05 21:49 - 2013-03-23 15:29 - 00000000 ____D C:\Users\Benedikt\AppData\Local\Spotify 2013-06-05 21:35 - 2013-03-23 15:28 - 00000000 ____D C:\Users\Benedikt\AppData\Roaming\Spotify 2013-05-27 23:14 - 2013-03-04 17:57 - 00000000 ____D C:\Users\Benedikt\Documents\My Games 2013-05-27 13:55 - 2012-11-29 21:36 - 00000000 ____D C:\ProgramData\Skype 2013-05-23 02:41 - 2013-05-23 02:36 - 00009721 ____A C:\Windows\IE10_main.log 2013-05-23 02:38 - 2013-05-23 02:38 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-05-23 02:38 - 2013-05-23 02:38 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-05-23 02:38 - 2013-05-23 02:38 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-05-23 02:38 - 2013-05-23 02:38 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-05-23 02:38 - 2013-05-23 02:38 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-05-23 02:38 - 2013-05-23 02:38 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-05-23 02:38 - 2013-05-23 02:38 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-05-22 17:32 - 2013-05-22 17:32 - 00000000 ____D C:\Program Files\LogMeIn Hamachi ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-13 19:00 ==================== End Of Log ============================ Geändert von Spade (20.06.2013 um 21:12 Uhr) |
21.06.2013, 09:06 | #6 |
/// the machine /// TB-Ausbilder | Avazutracking Virus Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Noch Probleme?
__________________ --> Avazutracking Virus |
21.06.2013, 19:47 | #7 |
| Avazutracking Virus Servus Schrauber, Hab das jetzt durchlaufen lassen sieht nicht so aus als wäre da noch etwas. Gibt es eine Möglichkeit das zu überprüfen? Nocheinmal den ESET scanner laufen lassen? |
21.06.2013, 20:01 | #8 |
/// the machine /// TB-Ausbilder | Avazutracking Virus Nee brauchst nit, alles gut Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.06.2013, 12:06 | #9 |
| Avazutracking Virus Ok vielen Dank für die Hilfe sieht so aus als hätte sich alles erledigt |
22.06.2013, 13:22 | #10 |
/// the machine /// TB-Ausbilder | Avazutracking Virus Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Avazutracking Virus |
adobe reader xi, bho, browser, desktop, error, festplatte, firefox, flash player, format, home, install.exe, kaspersky, logfile, mozilla, nicht möglich, object, plug-in, problem, programm, registry, rundll, scan, security, senden, software, storm, svchost.exe, tastatur, virus, wargame, windows |