|
Plagegeister aller Art und deren Bekämpfung: Bizcoaching TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.07.2013, 09:37 | #1 |
| Bizcoaching Trojaner Hallo ich bin neu hier und habe ein großes Problem mit meinem Rechner. Seit kurzem hab ich auf Internetexplorer und Firefox diesen Bizcoaching Trojaner. Ich versuch gerade meine Daten zu retten, was aber auch nicht funktioniert. Ich bin Fotograf und habe am Wochenende eine Hochzeit, die schnellstmöglich bearbeitet werden soll. Jetzt spinnt der Rechner. Wer kann mir helfen? Ich nutze Kaspersky Internetsecurity 2013 sowie den CC cleaner und seit gestern habe ich mal den avira de Cleaner durchlaufen lassen. Alles angeblich in Ordnung. Mein Internet ist auch seit dem sehr langsam und wird mit Werbung dieser buildathome.info Seiten bombardiert. |
09.07.2013, 09:39 | #2 |
/// the machine /// TB-Ausbilder | Bizcoaching Trojaner hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
09.07.2013, 09:57 | #3 |
| Bizcoaching Trojaner danke hier die FRST.txt:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2013 Ran by Daniel (administrator) on 09-07-2013 10:54:30 Running from C:\Users\Daniel\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe (DT Soft Ltd) D:\Progs\DAEMON Tools Lite\DTLite.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe ( ) C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe (Dropbox, Inc.) C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\klwtblfs.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe" [1464928 2012-06-26] (Microsoft Corporation) HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe" [2004584 2012-06-26] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, HKCU\...\Run: [AdobeBridge] [x] HKCU\...\Run: [DAEMON Tools Lite] "D:\Progs\DAEMON Tools Lite\DTLite.exe" -autorun [x] HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation) HKCU\...\Policies\system: [DisableLockWorkstation] 0 MountPoints2: {1d8a81d7-0307-11e1-b9ce-001f3f061ce5} - F:\start.exe MountPoints2: {c6a897e5-fa67-11e0-98cf-002522deafe1} - F:\pushinst.exe MountPoints2: {e7a55429-f749-11e0-a7a8-806e6f6e6963} - E:\SETUP.EXE /AUTORUN HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation) HKLM-x32\...\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin) HKLM-x32\...\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_16_Plus_Sonderedition\TrayServer.exe [90112 2008-08-07] (MAGIX AG) HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2012-11-13] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [MailCheck IE Broker] "C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [1519680 2013-06-27] (1und1 Mail und Media GmbH) Startup: C:\ProgramData\Start Menu\Programs\Startup\SpyderUtility.lnk ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe ( ) Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google HKCU SearchScopes: DefaultScope {09B4D125-41DB-4B99-9F5C-315F911EA5BC} URL = hxxp://www.google.de/search?q={searchTerms}&rlz= SearchScopes: HKCU - {09B4D125-41DB-4B99-9F5C-315F911EA5BC} URL = hxxp://www.google.de/search?q={searchTerms}&rlz= SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=42A8001F3F061CE5&affID=119556&tsp=4922 SearchScopes: HKCU - {75F1AA20-7F15-4845-9FB9-1C574E243DB0} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {7B0C4B16-36B6-408B-9144-841C7F695C96} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {7BB864AB-1388-4AB2-A947-60000A96A91B} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {AC260DFE-D290-41CB-9BBB-50BCDB3F0310} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files\MGTEK\Adblock IE\adblockie.dll (MGTEK) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: LyricsContainer - {463B0ED4-8AFA-404B-90E7-4063A0708050} - C:\Program Files (x86)\LyricsContainer\116.dll (RYD Software) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll (MGTEK) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) Toolbar: HKLM-x32 - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: msdaipp - No CLSID Value - Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler-x32: msdaipp - No CLSID Value - Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\59vn3xig.default FF user.js: detected! => C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\59vn3xig.default\user.js FF Homepage: Google FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF Plugin-x32: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\59vn3xig.default\Extensions\ich@maltegoetz.de FF Extension: DownloadHelper - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\59vn3xig.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\59vn3xig.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\59vn3xig.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF HKLM-x32\...\Firefox\Extensions: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF HKCU\...\Firefox\Extensions: [Lyrics@LyricsContainer.co] C:\Program Files (x86)\LyricsContainer\116.xpi FF Extension: No Name - C:\Program Files (x86)\LyricsContainer\116.xpi ==================== Services (Whitelisted) ================= R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-13] (Kaspersky Lab ZAO) R2 SystemStore; C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [14848 2012-04-24] () ==================== Drivers (Whitelisted) ==================== S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-29] (DT Soft Ltd) R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-22] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-11-01] (Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-11-01] (Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-17] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO) S3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [15360 2011-06-02] (Datacolor) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-09 10:50 - 2013-07-09 10:50 - 01776219 ____A (Farbar) C:\Users\Daniel\Desktop\FRST64.exe 2013-07-09 10:50 - 2013-07-09 10:50 - 00000000 ____D C:\FRST 2013-07-08 20:42 - 2013-07-08 20:54 - 00000000 ____D C:\Users\Daniel\Desktop\Flyer 2013-07-08 19:51 - 2013-07-08 19:51 - 00002076 ____A C:\Users\Daniel\Desktop\Entfernen des Avira DE-Cleaners.lnk 2013-07-08 19:51 - 2013-07-08 19:51 - 00002005 ____A C:\Users\Daniel\Desktop\Avira DE-Cleaner.lnk 2013-07-02 14:18 - 2013-07-02 14:18 - 00000000 ____D C:\Program Files\WEB.DE MailCheck 2013-07-02 14:18 - 2013-07-02 14:18 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck 2013-07-01 15:18 - 2013-07-01 15:18 - 00000000 ____D C:\ProgramData\UUdb 2013-06-28 15:05 - 2013-07-09 10:54 - 00000410 ____A C:\Windows\Tasks\LyricsContainer Update.job 2013-06-28 15:05 - 2013-06-28 15:05 - 00000000 ____D C:\Program Files (x86)\LyricsContainer 2013-06-27 19:22 - 2013-06-27 19:47 - 00000000 ____D C:\Users\Daniel\Desktop\Neuer Ordner 2013-06-24 15:38 - 2013-06-24 15:58 - 727355664 ____A C:\Users\Daniel\Desktop\IMG_4735.tif 2013-06-23 20:34 - 2013-06-23 20:35 - 165193972 ____A C:\Users\Daniel\Desktop\IMG_0639.tif 2013-06-23 18:39 - 2013-06-23 18:39 - 00000000 ____D C:\Program Files\MGTEK 2013-06-23 18:39 - 2013-06-23 18:39 - 00000000 ____D C:\Program Files\Common Files\MGTEK 2013-06-23 18:39 - 2013-06-23 18:39 - 00000000 ____D C:\Program Files (x86)\MGTEK 2013-06-23 18:37 - 2013-06-24 15:01 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\PerformerSoft 2013-06-23 18:37 - 2013-06-23 18:42 - 00000000 ____D C:\Users\Daniel\AppData\Local\MGTEK 2013-06-23 18:37 - 2013-06-23 18:37 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\File Scout 2013-06-23 18:37 - 2013-06-23 18:37 - 00000000 ____D C:\ProgramData\IBUpdaterService 2013-06-23 18:37 - 2012-12-19 15:53 - 00019632 ____A (PerformerSoft LLC) C:\Windows\System32\roboot64.exe 2013-06-23 18:36 - 2013-06-23 18:36 - 00000000 ____D C:\ProgramData\MGTEK 2013-06-23 18:20 - 2013-06-23 18:20 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\GrabPro 2013-06-23 18:13 - 2013-06-24 15:02 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.6 2013-06-23 18:13 - 2013-06-23 18:13 - 00000000 ____D C:\Program Files (x86)\Delta 2013-06-23 18:12 - 2013-06-28 15:05 - 00000000 ____D C:\Program Files (x86)\CoolLyrics 2013-06-22 00:02 - 2013-06-22 00:02 - 44517724 ____A C:\Users\Daniel\Desktop\IMG_406a9.tif 2013-06-20 18:40 - 2013-06-20 18:40 - 00000411 ____A C:\Users\Daniel\Desktop\Neues Textdokument (5).txt 2013-06-19 21:15 - 2013-06-19 21:21 - 00000000 ____D C:\Users\Daniel\Desktop\Neuer Ordner (3) 2013-06-19 21:06 - 2013-06-19 21:06 - 00000878 ____A C:\Users\Public\Desktop\Freemake Video Converter.lnk 2013-06-19 21:06 - 2013-06-19 21:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\OpenCandy 2013-06-19 21:06 - 2013-06-19 21:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Babylon 2013-06-19 21:06 - 2013-06-19 21:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\BabSolution 2013-06-19 21:06 - 2013-06-19 21:06 - 00000000 ____D C:\ProgramData\Babylon 2013-06-19 15:30 - 2013-07-09 10:53 - 00529760 ____A C:\Windows\setupact.log 2013-06-19 15:30 - 2013-07-04 16:35 - 00000000 ____A C:\Windows\setuperr.log 2013-06-18 20:42 - 2013-06-18 20:44 - 21461201 ____A C:\Users\Daniel\Desktop\IMG_9796.CR2 2013-06-15 10:17 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-15 10:17 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-15 10:17 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-15 10:17 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-15 10:17 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-15 10:17 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-15 10:17 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-15 10:17 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-15 10:17 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-15 10:17 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-15 10:17 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-15 10:17 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-13 16:26 - 2013-06-13 16:43 - 00000000 ____D C:\Users\Daniel\Desktop\westerhever 2013-06-12 22:00 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 22:00 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 22:00 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 22:00 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 22:00 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-12 22:00 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-12 22:00 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 22:00 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-12 22:00 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 22:00 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 22:00 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 22:00 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 22:00 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 22:00 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-12 22:00 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-12 22:00 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 22:00 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-12 22:00 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-12 22:00 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-12 15:41 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 15:41 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 15:41 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 15:41 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 15:41 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 15:41 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 15:41 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 15:41 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 15:41 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 15:41 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 15:41 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 15:41 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 15:41 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 15:41 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 15:41 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 15:41 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-12 15:41 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-12 15:41 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-12 15:41 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll ==================== One Month Modified Files and Folders ======= 2013-07-09 10:54 - 2013-06-28 15:05 - 00000410 ____A C:\Windows\Tasks\LyricsContainer Update.job 2013-07-09 10:53 - 2013-06-19 15:30 - 00529760 ____A C:\Windows\setupact.log 2013-07-09 10:53 - 2013-02-01 16:23 - 00000000 ___RD C:\Users\Daniel\Dropbox 2013-07-09 10:53 - 2013-02-01 16:21 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox 2013-07-09 10:53 - 2011-10-15 20:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-07-09 10:53 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-09 10:50 - 2013-07-09 10:50 - 01776219 ____A (Farbar) C:\Users\Daniel\Desktop\FRST64.exe 2013-07-09 10:50 - 2013-07-09 10:50 - 00000000 ____D C:\FRST 2013-07-09 10:40 - 2013-04-08 14:31 - 01049052 ____A C:\Windows\WindowsUpdate.log 2013-07-09 10:19 - 2012-04-17 16:26 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-09 10:10 - 2011-04-12 09:43 - 00696620 ____A C:\Windows\System32\perfh007.dat 2013-07-09 10:10 - 2011-04-12 09:43 - 00147916 ____A C:\Windows\System32\perfc007.dat 2013-07-09 10:10 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-09 08:11 - 2009-07-14 06:45 - 00021840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-09 08:11 - 2009-07-14 06:45 - 00021840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-09 08:04 - 2009-07-14 06:45 - 05137744 ____A C:\Windows\System32\FNTCACHE.DAT 2013-07-08 22:05 - 2011-10-15 17:38 - 00163384 ____A C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT 2013-07-08 20:54 - 2013-07-08 20:42 - 00000000 ____D C:\Users\Daniel\Desktop\Flyer 2013-07-08 19:51 - 2013-07-08 19:51 - 00002076 ____A C:\Users\Daniel\Desktop\Entfernen des Avira DE-Cleaners.lnk 2013-07-08 19:51 - 2013-07-08 19:51 - 00002005 ____A C:\Users\Daniel\Desktop\Avira DE-Cleaner.lnk 2013-07-05 16:39 - 2013-05-12 19:48 - 00000000 ____D C:\Users\Daniel\Desktop\meine hp bilder 2013-07-04 16:35 - 2013-06-19 15:30 - 00000000 ____A C:\Windows\setuperr.log 2013-07-04 16:33 - 2012-08-09 20:15 - 00000000 ____D C:\Windows\Minidump 2013-07-02 14:18 - 2013-07-02 14:18 - 00000000 ____D C:\Program Files\WEB.DE MailCheck 2013-07-02 14:18 - 2013-07-02 14:18 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck 2013-07-01 15:18 - 2013-07-01 15:18 - 00000000 ____D C:\ProgramData\UUdb 2013-07-01 15:18 - 2013-04-15 21:08 - 00000000 ____D C:\Program Files (x86)\1und1Softwareaktualisierung 2013-06-28 15:05 - 2013-06-28 15:05 - 00000000 ____D C:\Program Files (x86)\LyricsContainer 2013-06-28 15:05 - 2013-06-23 18:12 - 00000000 ____D C:\Program Files (x86)\CoolLyrics 2013-06-27 19:47 - 2013-06-27 19:22 - 00000000 ____D C:\Users\Daniel\Desktop\Neuer Ordner 2013-06-26 19:28 - 2013-04-22 20:20 - 00000000 ____D C:\Users\Daniel\Desktop\orginal dateien für gallerie 2013-06-25 17:42 - 2013-01-03 19:07 - 00000000 ____D C:\Users\Daniel\Desktop\meine schönsten bilder von hamburg 2013-06-24 15:58 - 2013-06-24 15:38 - 727355664 ____A C:\Users\Daniel\Desktop\IMG_4735.tif 2013-06-24 15:02 - 2013-06-23 18:13 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.6 2013-06-24 15:02 - 2011-10-27 15:20 - 00000000 ____D C:\Users\Daniel\AppData\Local\Google 2013-06-24 15:02 - 2011-10-27 15:20 - 00000000 ____D C:\Program Files (x86)\Google 2013-06-24 15:01 - 2013-06-23 18:37 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\PerformerSoft 2013-06-23 20:35 - 2013-06-23 20:34 - 165193972 ____A C:\Users\Daniel\Desktop\IMG_0639.tif 2013-06-23 18:42 - 2013-06-23 18:37 - 00000000 ____D C:\Users\Daniel\AppData\Local\MGTEK 2013-06-23 18:39 - 2013-06-23 18:39 - 00000000 ____D C:\Program Files\MGTEK 2013-06-23 18:39 - 2013-06-23 18:39 - 00000000 ____D C:\Program Files\Common Files\MGTEK 2013-06-23 18:39 - 2013-06-23 18:39 - 00000000 ____D C:\Program Files (x86)\MGTEK 2013-06-23 18:37 - 2013-06-23 18:37 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\File Scout 2013-06-23 18:37 - 2013-06-23 18:37 - 00000000 ____D C:\ProgramData\IBUpdaterService 2013-06-23 18:36 - 2013-06-23 18:36 - 00000000 ____D C:\ProgramData\MGTEK 2013-06-23 18:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF 2013-06-23 18:20 - 2013-06-23 18:20 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\GrabPro 2013-06-23 18:13 - 2013-06-23 18:13 - 00000000 ____D C:\Program Files (x86)\Delta 2013-06-22 12:11 - 2013-04-22 20:40 - 00000000 ____D C:\ProgramData\hps 2013-06-22 00:02 - 2013-06-22 00:02 - 44517724 ____A C:\Users\Daniel\Desktop\IMG_406a9.tif 2013-06-21 15:01 - 2011-10-30 23:15 - 00000000 ____D C:\Program Files\Google 2013-06-20 18:40 - 2013-06-20 18:40 - 00000411 ____A C:\Users\Daniel\Desktop\Neues Textdokument (5).txt 2013-06-19 21:21 - 2013-06-19 21:15 - 00000000 ____D C:\Users\Daniel\Desktop\Neuer Ordner (3) 2013-06-19 21:06 - 2013-06-19 21:06 - 00000878 ____A C:\Users\Public\Desktop\Freemake Video Converter.lnk 2013-06-19 21:06 - 2013-06-19 21:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\OpenCandy 2013-06-19 21:06 - 2013-06-19 21:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Babylon 2013-06-19 21:06 - 2013-06-19 21:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\BabSolution 2013-06-19 21:06 - 2013-06-19 21:06 - 00000000 ____D C:\ProgramData\Babylon 2013-06-19 21:06 - 2013-02-17 22:17 - 00000000 ____D C:\ProgramData\Freemake 2013-06-18 20:44 - 2013-06-18 20:42 - 21461201 ____A C:\Users\Daniel\Desktop\IMG_9796.CR2 2013-06-18 14:49 - 2011-10-15 18:18 - 00000000 ____D C:\Windows\Panther 2013-06-17 16:20 - 2011-12-29 20:14 - 00001158 ____A C:\Users\Daniel\AppData\Roaming\ShiftN.ini 2013-06-17 16:02 - 2012-06-08 12:38 - 00054368 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kltdi.sys 2013-06-16 16:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-06-13 16:43 - 2013-06-13 16:26 - 00000000 ____D C:\Users\Daniel\Desktop\westerhever 2013-06-12 22:01 - 2009-07-14 04:34 - 00000499 ____A C:\Windows\win.ini 2013-06-12 22:00 - 2011-10-15 18:06 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-12 16:19 - 2012-04-17 16:26 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 16:19 - 2011-10-15 18:48 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-10 17:04 - 2011-11-18 12:25 - 00000788 ____A C:\Users\Public\Desktop\CCleaner.lnk 2013-06-10 17:04 - 2011-10-17 20:39 - 00000000 ____D C:\Program Files\CCleaner 2013-06-10 15:41 - 2013-02-01 16:23 - 00001029 ____A C:\Users\Daniel\Desktop\Dropbox.lnk ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-03 14:47 ==================== End Of Log ============================ Addition.txt :FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2013 Ran by Daniel at 2013-07-09 10:54:46 Running from C:\Users\Daniel\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adblock IE 2.2 (Version: 2.2.1524) Adobe AIR (x32 Version: 3.7.0.1530) Adobe Download Assistant (x32 Version: 1.2.5) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Photoshop CS6 (x32 Version: 13.0) Adobe Photoshop Lightroom 4.4 64-bit (Version: 4.4.1) Adobe Reader X (10.1.1) - Deutsch (x32 Version: 10.1.1) AutoUpdate (x32 Version: 1.1) AVM FRITZ!WLAN (x32) Broadcom Gigabit NetLink Controller (Version: 14.6.1.3) CCleaner (Version: 4.02) CDBurnerXP (x32 Version: 4.5.1.4003) Color Efex Pro 4 (x32 Version: 4.0.0.2) Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000) D3DX10 (x32 Version: 15.4.2368.0902) DAEMON Tools Lite (x32 Version: 4.45.4.0314) dBpoweramp Music Converter (x32 Version: Release 14.4) Delta toolbar (x32 Version: 1.8.21.5) Designer 2.0 (x32 Version: 7.9.4) Dfine 2.0 (x32 Version: 2.1.1.0) DivX Codec (x32 Version: 6.5.1) DivX Content Uploader (x32 Version: 1.1.0) DivX Player (x32 Version: 6.4.2) DivX Web Player (x32 Version: 1.3.0) Dropbox (HKCU Version: 2.0.22) Etron USB3.0 Host Controller (x32 Version: 0.96) FLV Player 2.0 (build 25) (x32 Version: 2.0 (build 25)) Freemake Video Converter Version 4.0.1 (x32 Version: 4.0.1) HDR Efex Pro (x32 Version: 1.2.0.0) Intel(R) Management Engine Components (x32 Version: 7.0.0.1144) Intel(R) Processor Graphics (x32 Version: 8.15.10.2372) Intel(R) Rapid Storage Technology (x32 Version: 10.6.0.1002) Java 7 Update 21 (x32 Version: 7.0.210) Java Auto Updater (x32 Version: 2.1.9.5) Java(TM) 6 Update 29 (x32 Version: 6.0.290) Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190) LyricsContainer (x32) MAGIX Screenshare (x32 Version: 4.3.6.1987) MAGIX Speed 2 (MSI) (x32 Version: 6.0.1.4) MAGIX Video deluxe 16 Plus Sonderedition (x32 Version: 9.0.5.10) Mein CEWE FOTOBUCH (x32 Version: 5.0.1) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003) Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1) Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000) Microsoft-Maus- und Tastatur-Center (Version: 1.1.500.0) Mozilla Firefox 20.0.1 (x86 de) (x32 Version: 20.0.1) Mozilla Firefox 21.0 (x86 de) (HKCU Version: 21.0) MSVCRT (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) ock App Charger v1.0.4 Pano2VR - Garden Gnome Software (x32) PDF Settings CS6 (x32 Version: 11.0) PTGui Pro 9.1 (x32) Recuva (Version: 1.41) Sharpener Pro 3.0 (x32 Version: 3.0.1.0) ShiftN 3.6.1 (x32 Version: 3.6.1) Silver Efex Pro 2 (x32 Version: 2.0.0.0) Spyder4Pro (x32) TeamViewer 7 (x32 Version: 7.0.13989) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) VLC media player 1.1.11 (x32 Version: 1.1.11) WEB.DE MailCheck für Internet Explorer (x32 Version: 2.3.0.1) WEB.DE Softwareaktualisierung (x32 Version: 3.0.0.54) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3538.0513) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3538.0513) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) WinRAR ==================== Restore Points ========================= 01-07-2013 13:18:26 Windows-Sicherung 02-07-2013 12:22:34 Windows Update 07-07-2013 20:01:00 Windows-Sicherung 08-07-2013 20:48:24 Avira DE-Cleaner - 08.07.2013 22:48 09-07-2013 08:40:06 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2011-11-03 20:25 - 00001379 ___SH C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 activate.adobe.com 127.0.0.1 activate.adobe.com:443 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 192.150.18.108 127.0.0.1 adobeereg.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate.adobe.com ==================== Scheduled Tasks (whitelisted) ============= Task: {292C07AC-E96E-4663-AAC6-D02512B9711A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd) Task: {330974A5-8370-4947-8C38-378C2773E05F} - System32\Tasks\0 => C:\program files\internet explorer\iexplore.exe [2013-05-17] (Microsoft Corporation) Task: {466A4A99-926A-44FF-AFAD-B28C02AE8E9D} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation) Task: {4F686DBA-95DA-4DDF-A589-F3705971E271} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated) Task: {609CCD98-536C-4D29-AB98-B2CBB9DFC8EC} - System32\Tasks\4770 => C:\Windows\System32\wscript.exe [2009-07-14] (Microsoft Corporation) Task: {73312DB8-D120-4BF1-8461-DBAEF55E73DB} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft) Task: {7CC0D8A6-6EF8-4B3E-A332-5EBDFADFE4BB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {8D2289FC-D19A-4CC2-BFF8-5616A7C7DBE4} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {A6107385-7158-406C-9249-C2A1D7522B1B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation) Task: {BA8DD23C-2974-4DB2-AADC-581F33171DFD} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2013-05-28] (1&1 Mail & Media GmbH) Task: {BF1EA172-64C8-4F16-8FF9-843977403F74} - System32\Tasks\LyricsContainer Update => C:\Program Files (x86)\LyricsContainer\LrcsCtrUpdr.exe [2013-06-22] (RYD Software) Task: {D997F116-6647-43DB-B5E0-0EF23EB7334D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation) Task: {E6F4FB6B-8313-4F7A-9B3D-18391E308FE7} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {FF098F32-D4CB-4466-A65A-919B88A61C33} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\LyricsContainer Update.job => C:\Program Files (x86)\LyricsContainer\LrcsCtrUpdr.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/09/2013 08:05:46 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/08/2013 09:48:54 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2013 09:52:32 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/05/2013 04:18:20 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/05/2013 08:17:10 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/05/2013 08:15:27 AM) (Source: Windows Search Service) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (07/05/2013 08:15:27 AM) (Source: Windows Search Service) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (07/05/2013 08:15:27 AM) (Source: Windows Search Service) (User: ) Description: Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (07/05/2013 08:15:27 AM) (Source: Windows Search Service) (User: ) Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Error: (07/05/2013 08:15:27 AM) (Source: Windows Search Service) (User: ) Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) System errors: ============= Error: (07/09/2013 10:53:20 AM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 09.07.2013 um 10:50:51 unerwartet heruntergefahren. Error: (07/09/2013 10:11:38 AM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR6 gefunden. Error: (07/09/2013 10:09:39 AM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR6 gefunden. Error: (07/09/2013 10:09:38 AM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR6 gefunden. Error: (07/09/2013 10:09:38 AM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR6 gefunden. Error: (07/09/2013 10:09:37 AM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR6 gefunden. Error: (07/09/2013 10:09:37 AM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR6 gefunden. Error: (07/08/2013 02:59:41 PM) (Source: Disk) (User: ) Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2. Error: (07/05/2013 08:15:57 AM) (Source: Service Control Manager) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (07/05/2013 08:15:27 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Microsoft Office Sessions: ========================= Error: (07/09/2013 10:55:10 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2013 08:05:46 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/08/2013 09:48:54 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2013 09:52:32 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/05/2013 04:18:20 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/05/2013 08:17:10 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/05/2013 08:15:27 AM) (Source: Windows Search Service)(User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (07/05/2013 08:15:27 AM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (07/05/2013 08:15:27 AM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (07/05/2013 08:15:27 AM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Search.TripoliIndexer CodeIntegrity Errors: =================================== Date: 2013-07-08 18:47:56.678 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 18:47:56.678 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 18:47:56.678 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 18:47:56.678 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 18:47:56.678 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 18:47:56.678 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-05 10:13:37.475 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-05 10:13:37.475 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-05 10:13:37.475 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-05 10:13:37.459 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 16104.56 MB Available physical RAM: 13772.87 MB Total Pagefile: 32207.3 MB Available Pagefile: 29724.66 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:111.69 GB) (Free:9 GB) NTFS (Disk=0 Partition=2) Drive d: (Daten) (Fixed) (Total:1863.01 GB) (Free:609.07 GB) NTFS (Disk=1 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 49A0D496) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 32EAD54F) Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS) ==================== End Of Log ============================ |
09.07.2013, 10:45 | #4 | |
/// the machine /// TB-Ausbilder | Bizcoaching TrojanerZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
09.07.2013, 10:52 | #5 |
| Bizcoaching Trojaner alles klar mach ich fertig |
09.07.2013, 10:55 | #6 |
/// the machine /// TB-Ausbilder | Bizcoaching Trojaner ok
__________________ --> Bizcoaching Trojaner |
Themen zu Bizcoaching Trojaner |
angeblich, avira, bombardiert, cc cleaner, cleaner, daten, explorer, firefox, gestern, großes, interne, internetexplorer, internetsecurity, kaspersky, langsam, neu, problem, retten, security, sehr langsam, seite, seiten, spinn, spinnt, trojaner, werbung, woche |