|
Plagegeister aller Art und deren Bekämpfung: GVU Virus Windows 7 64bit abgesicherter modus funktioniert nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.07.2013, 07:18 | #1 |
| GVU Virus Windows 7 64bit abgesicherter modus funktioniert nicht Hallo zusammen. Ich habe ein Laptop Windows 7 mit 64bit und habe mir heute morgen den GVU Trojaner eingefangen. Ich habe nun ein riesiges Problem. Ich bin bis 18 Uhr auf der Arbeit und morgen früh treffen wir uns bei mir zum Musik hören weil wir zum Festival gehen und deshalb brauche ich eure dringende Hilfe. Ich habe hier schon etwas gelesen. Die Version des Trojaners weiß ich nicht. Die Eingabeaufforderung funktioniert leider nicht. Was kann ich tun? Kann leider erst wie gesagt heute Abend starten. Vielen dank vorab für eure Hilfe. Könnt ihr ein Programm empfehlen, welches zukünftig verhindert sich diesen Trojaner einzufangen? Habe bisher nur kostenlose virenscanner gehabt. Habe leider nicht so viel Ahnung von pcs. |
12.07.2013, 08:03 | #2 |
/// the machine /// TB-Ausbilder | GVU Virus Windows 7 64bit abgesicherter modus funktioniert nicht hi,
__________________Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ |
12.07.2013, 19:01 | #3 |
| GVU Virus Windows 7 64bit abgesicherter modus funktioniert nicht FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-07-2013 01 Ran by SYSTEM on 12-07-2013 19:55:18 Running from G:\ Windows 7 Home Premium (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9636896 2009-12-16] (Realtek Semiconductor) HKLM\...\Run: [Apoint] - %ProgramFiles%\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.) HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation) HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\odej0eq.bat [x ] () <=== ATTENTION HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-20] (Intel Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation) HKLM-x32\...\Run: [WinampAgent] - "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2012-06-28] (Nullsoft, Inc.) HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-09-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\weRWOlf\...\Run: [HHB6Tray] - C:\Program Files (x86)\DATA BECKER\Haushaltsbuch 6\hhb6tray.exe [1537360 2010-11-08] (DATA BECKER) HKU\weRWOlf\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\weRWOlf\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27306624 2011-12-19] (Gemalto N.V.) HKU\weRWOlf\...\Run: [OfficeSyncProcess] - "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation) HKU\weRWOlf\...\Run: [HP Officejet Pro 8600 (NET)] - "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN2AJB3JKZ05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 [2676584 2011-09-09] (Hewlett-Packard Co.) HKU\weRWOlf\...\Winlogon: [Shell] explorer.exe,C:\Users\weRWOlf\AppData\Roaming\cache.dat [73728 2011-11-17] () <==== ATTENTION AppInit_DLLs: [0 ] () AppInit_DLLs-x32: [0 ] () IMEO\bttray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\magic-i visual effects.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\mediencentersoftware.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\pmbbrowser.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\pmblauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\pmbmapview.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\utility.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\uwebcam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\vaiocare.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\windvd.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\weRWOlf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll (Hewlett-Packard Co.) BootExecute: autocheck autochk /r \??\I:autocheck autochk * ==================== Services (Whitelisted) ================= S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S4 MCSWASVR; C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [12800 2012-08-13] (Deutsche Telekom AG) S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) S4 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions) S4 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions) S4 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation) S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2072896 2011-10-12] (TuneUp Software) S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation) S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1359408 2013-03-26] (Sony Corporation) S2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-07-03] (Taiwan Shui Mu Chih Ching Technology Limited.) S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [386112 2013-07-04] (Wsys Co., Ltd.) S2 IpsosLSPService; C:\Program Files (x86)\IpsosLSPService\IpsosLSPService.exe [x] S2 otshot; C:\program files\otshot\ZalmanUpdateService.exe [x] ==================== Drivers (Whitelisted) ==================== S2 6077757b; C:\Windows\system32\drivers\regi.sys [14112 2007-04-17] (InterVideo) S2 6077757b; C:\Windows\system32\drivers\regi.sys [14112 2007-04-17] (InterVideo) S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] () S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-08-12] (Duplex Secure Ltd.) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-09-22] (TuneUp Software) S3 TVICHW64; C:\Windows\system32\DRIVERS\TVICHW64.SYS [21200 2010-11-19] (EnTech Taiwan) S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] () S1 xdbiguwk; \??\C:\Windows\system32\drivers\xdbiguwk.sys [x] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\system32\drivers\regi.sys 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 C:\Windows\system32\drivers\regi.sys 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 C:\Windows\system32\drivers\acedrv11.sys A3769020F7E8A70FD3E824C050F33306 C:\Windows\system32\drivers\acedrv11.sys A3769020F7E8A70FD3E824C050F33306 C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AF15BDA.sys 0517E1670A58213E3F206066CD209273 C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atikmdag.sys EA244A8B88DE8B5986BF3B7903B063AF C:\Windows\System32\DRIVERS\atikmpag.sys DCA6E341A4A7C31EA8A14C6166C9B249 C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\System32\DRIVERS\Apfiltr.sys 1661F9C9E4B0049FA0A5E30264375A87 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys C130BC4A51B1382B2BE8E44579EC4C0A C:\Windows\System32\Drivers\aswFsBlk.sys 0BAEFD3F648C6E7AB52990DD9565E4E2 C:\Windows\system32\drivers\aswMonFlt.sys FA562F34ED6633C66170B09182B4C049 C:\Windows\System32\Drivers\aswrdr2.sys 64E2BAB4096C13D2342BC4661C967E07 C:\Windows\System32\Drivers\aswRvrt.sys 5573AA70993A2BB81525B1C704B88763 C:\Windows\System32\Drivers\aswSnx.sys 8C0800CDB501CFC1164B286A0478DC10 C:\Windows\System32\Drivers\aswSP.sys 3815DB16CDA62190F5C0A65118F3D714 C:\Windows\System32\Drivers\aswTdi.sys 29DD8E458A84171202AA4979364C30C0 C:\Windows\System32\Drivers\aswVmm.sys 22F521108881DC59837F6FC614E0568F C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\athrx.sys 0ACC06FCF46F64ED4F11E57EE461C1F4 C:\Windows\System32\DRIVERS\atikmdag.sys EA244A8B88DE8B5986BF3B7903B063AF C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315 C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4 C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37 C:\Windows\System32\drivers\btusbflt.sys 6E04458E98DAF28826482E41A7A62DF5 C:\Windows\System32\drivers\btwaudio.sys 4BDBDB86ABBA924E029FB2683BE7C505 C:\Windows\System32\drivers\btwavdt.sys 5C849BD7C78791C5CEE9F4651D7FE38D C:\Windows\System32\DRIVERS\btwl2cap.sys 6149301DC3F81D6F9667A3FBAC410975 C:\Windows\System32\DRIVERS\btwrchid.sys 3E1991AFA851A36DC978B0A1B0535C8B C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys AAFCB52FE0037207FB6FBEA070D25EFE C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fssfltr.sys 53DAB1791917A72738539AD25C4EED7F C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\System32\drivers\iaStor.sys 073A606333B6F7BBF20AA856DF7F0997 C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\System32\DRIVERS\igdkmd64.sys 31D1AFF484D8A0906CF8D44251EC390F C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\system32\drivers\Impcd.sys 36FDF367A1DABFF903E2214023D71368 C:\Windows\System32\drivers\RTKVHD64.sys 0F144E5F46CB9043004B5E84AA4BCA6A C:\Windows\System32\DRIVERS\IntcDAud.sys 408B401CD7CDB075C7470B0FF7BA8D0B C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ivusb.sys BD5BF20EC242E003A2F570B8754A56D1 C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4 C:\Windows\System32\Drivers\ksecpkg.sys 7EFB9333E4ECCE6AE4AE9D777D9E553E C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\MpFilter.sys F8A10560B35C66F9DE212F03DAD5BFA7 C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\NisDrvWFP.sys 162100E0BC8377710F9D170631921C03 C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1 C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34 C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\system32\drivers\regi.sys 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 C:\Windows\system32\drivers\regi.sys 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932 C:\Windows\system32\drivers\rimssne64.sys 5CA4ABD888B602551B59BAA26941C167 C:\Windows\system32\drivers\risdsne64.sys BB6E138AEB351728959DA5E2731D8140 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\drivers\RtHDMIVX.sys 4E821C740A675F6D040BE41D59A62B1D C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\system32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0 C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\SFEP.sys 70F9C476B62DE4F2823E918A6C181ADE C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Sftfslh.sys C6CC9297BD53E5229653303E556AA539 C:\Windows\System32\DRIVERS\Sftplaylh.sys 390AA7BC52CEE43F6790CDEA1E776703 C:\Windows\System32\DRIVERS\Sftredirlh.sys 617E29A0B0A2807466560D4C4E338D3E C:\Windows\System32\DRIVERS\Sftvollh.sys 8F571F016FA1976F445147E9E6C8AE9B C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\Drivers\sptd.sys A15860E920B02C9A7CE8F3A6C2FF1E3A C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE C:\Windows\System32\DRIVERS\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys DCC94C51D27C7EC0DADECA8F64C94FCF C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\TVICHW64.SYS 1A006963644C7FDE5BE60036F3A43E68 C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24 C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31 C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\system32\drivers\usbser.sys 0F0C72A657C622286013788B886968AD C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50 C:\Windows\System32\DRIVERS\VClone.sys 84BB306B7863883018D7F3EB0C453BD5 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 C:\Windows\System32\DRIVERS\yk62x64.sys ==> MD5 is legit ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-12 19:51 - 2013-07-12 19:51 - 00000000 ____D C:\FRST 2013-07-12 04:55 - 2013-07-12 05:11 - 00000004 _____ C:\Users\weRWOlf\AppData\Roaming\cache.ini 2013-07-11 23:07 - 2013-06-12 00:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-11 23:07 - 2013-06-12 00:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-11 23:07 - 2013-06-12 00:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-11 23:07 - 2013-06-12 00:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-11 23:07 - 2013-06-12 00:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-11 23:07 - 2013-06-12 00:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-11 23:07 - 2013-06-12 00:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-11 23:07 - 2013-06-12 00:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-11 23:07 - 2013-06-12 00:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-11 23:07 - 2013-06-12 00:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-11 23:07 - 2013-06-12 00:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-11 23:07 - 2013-06-12 00:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-11 23:07 - 2013-06-12 00:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-11 23:07 - 2013-06-12 00:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-07-11 23:07 - 2013-06-12 00:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-07-11 23:07 - 2013-06-12 00:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-07-11 23:07 - 2013-06-12 00:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-07-11 23:07 - 2013-06-12 00:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-07-11 23:07 - 2013-06-12 00:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-07-11 23:07 - 2013-06-12 00:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-07-11 23:07 - 2013-06-12 00:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-07-11 23:07 - 2013-06-12 00:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-07-11 23:07 - 2013-06-12 00:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-07-11 23:07 - 2013-06-12 00:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-07-11 23:07 - 2013-06-12 00:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-07-11 23:07 - 2013-06-12 00:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-07-11 23:07 - 2013-06-12 00:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-07-11 23:07 - 2013-06-11 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-11 23:07 - 2013-06-11 23:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-07-11 23:07 - 2013-06-07 04:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-07-11 23:07 - 2013-06-07 03:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-11 18:55 - 2013-06-04 07:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll 2013-07-11 18:55 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-11 18:55 - 2013-05-06 07:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-07-11 18:55 - 2013-05-06 05:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-11 18:54 - 2013-06-05 04:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-07-11 18:54 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-11 18:54 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-07-07 15:23 - 2013-07-07 15:39 - 36736021 _____ C:\Users\weRWOlf\Downloads\Tocotronic - 1995 - Nach Der Verlorenen Zeit.rar 2013-07-07 10:29 - 2013-07-07 10:29 - 00000137 _____ C:\Users\weRWOlf\Downloads\oa5hv6or715017e9.js 2013-07-07 06:47 - 2013-07-07 06:48 - 00029172 _____ C:\AdwCleaner[S1].txt 2013-07-07 06:47 - 2013-07-07 06:47 - 00030386 _____ C:\AdwCleaner[R2].txt 2013-07-07 06:46 - 2013-07-07 06:46 - 00030325 _____ C:\AdwCleaner[R1].txt 2013-07-05 20:11 - 2013-07-05 20:11 - 00009435 _____ C:\Users\weRWOlf\Desktop\Sitzordnung.xlsx 2013-07-03 18:42 - 2013-07-12 04:28 - 00000000 ____D C:\Program Files (x86)\WinZipper 2013-07-03 18:42 - 2013-07-06 10:06 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\WinZipper 2013-07-03 18:37 - 2013-07-04 15:49 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\Adobe 2013-06-29 08:20 - 2013-06-29 08:20 - 00157234 _____ C:\Users\weRWOlf\Downloads\RouterReconnect_1.3.zip 2013-06-29 08:07 - 2013-07-12 04:32 - 00000000 ____D C:\ProgramData\eSafe 2013-06-29 08:04 - 2013-06-29 08:22 - 00081488 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\weRWOlf\Downloads\WebInstaller.exe 2013-06-28 12:23 - 2013-06-28 12:23 - 00000175 _____ C:\Windows\System32\Drivers\aswVmm.sys.sum 2013-06-27 13:53 - 2013-06-27 13:53 - 00000000 ____D C:\Program Files (x86)\GUM318B.tmp 2013-06-26 21:04 - 2013-06-28 12:23 - 00000175 _____ C:\Windows\System32\Drivers\aswSP.sys.sum 2013-06-26 21:04 - 2013-06-28 12:23 - 00000175 _____ C:\Windows\System32\Drivers\aswSnx.sys.sum 2013-06-22 13:49 - 2013-06-22 13:50 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\becker 2013-06-12 19:20 - 2013-05-13 06:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 19:20 - 2013-05-13 06:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 19:20 - 2013-05-13 06:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 19:20 - 2013-05-13 06:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 19:20 - 2013-05-13 05:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 19:20 - 2013-05-13 05:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 19:20 - 2013-05-13 05:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 19:20 - 2013-05-13 04:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 19:20 - 2013-05-13 04:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 19:20 - 2013-05-13 04:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 19:20 - 2013-05-10 06:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 19:20 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 19:20 - 2013-05-08 07:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 19:20 - 2013-04-26 06:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 19:20 - 2013-04-26 05:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 19:20 - 2013-04-26 00:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-12 19:20 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-12 19:20 - 2013-04-17 07:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-12 19:20 - 2013-03-31 23:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll ==================== One Month Modified Files and Folders ======= 2013-07-12 19:51 - 2013-07-12 19:51 - 00000000 ____D C:\FRST 2013-07-12 05:11 - 2013-07-12 04:55 - 00000004 _____ C:\Users\weRWOlf\AppData\Roaming\cache.ini 2013-07-12 05:09 - 2012-12-29 22:00 - 00043915 _____ C:\Windows\setupact.log 2013-07-12 05:09 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-12 04:58 - 2010-07-09 15:20 - 01243186 _____ C:\Windows\WindowsUpdate.log 2013-07-12 04:55 - 2013-03-16 17:54 - 00000000 ____D C:\Users\weRWOlf\Desktop\Hochzeit 2013-07-12 04:42 - 2013-04-03 16:36 - 00000000 ____D C:\Users\weRWOlf\Documents\Outlook-Dateien 2013-07-12 04:35 - 2009-07-14 05:45 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-12 04:35 - 2009-07-14 05:45 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-12 04:34 - 2010-07-20 17:07 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{58CAA574-C1A7-4E04-ACB1-12BC52DE988A} 2013-07-12 04:32 - 2013-06-29 08:07 - 00000000 ____D C:\ProgramData\eSafe 2013-07-12 04:28 - 2013-07-03 18:42 - 00000000 ____D C:\Program Files (x86)\WinZipper 2013-07-12 04:28 - 2010-09-16 19:57 - 00000437 _____ C:\Windows\System32\Drivers\etc\hosts.ics 2013-07-12 04:26 - 2013-03-16 16:54 - 00000342 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job 2013-07-12 04:25 - 2009-07-14 05:45 - 00453512 _____ C:\Windows\System32\FNTCACHE.DAT 2013-07-12 04:24 - 2012-05-11 20:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-12 04:24 - 2012-05-11 20:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-12 04:24 - 2010-05-20 03:02 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-12 04:24 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-12 04:24 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-11 23:15 - 2010-10-23 10:47 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-11 23:13 - 2010-07-10 01:14 - 00700476 _____ C:\Windows\System32\perfh007.dat 2013-07-11 23:13 - 2010-07-10 01:14 - 00149422 _____ C:\Windows\System32\perfc007.dat 2013-07-11 23:13 - 2009-07-14 06:13 - 01644936 _____ C:\Windows\System32\PerfStringBackup.INI 2013-07-11 23:09 - 2010-07-20 20:10 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-07-11 22:58 - 2010-08-14 10:29 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\UseNeXT 2013-07-11 22:58 - 2010-08-08 17:15 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\SoftGrid Client 2013-07-11 22:48 - 2010-08-14 10:29 - 00000000 ____D C:\Users\weRWOlf\Documents\UseNeXT 2013-07-11 22:22 - 2012-03-29 22:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-11 19:05 - 2010-08-04 20:38 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\Winamp 2013-07-11 18:41 - 2013-05-23 19:33 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-07-10 19:33 - 2013-05-25 08:55 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\vlc 2013-07-08 13:39 - 2013-01-09 21:31 - 00019950 _____ C:\Windows\PFRO.log 2013-07-07 15:39 - 2013-07-07 15:23 - 36736021 _____ C:\Users\weRWOlf\Downloads\Tocotronic - 1995 - Nach Der Verlorenen Zeit.rar 2013-07-07 10:29 - 2013-07-07 10:29 - 00000137 _____ C:\Users\weRWOlf\Downloads\oa5hv6or715017e9.js 2013-07-07 06:48 - 2013-07-07 06:47 - 00029172 _____ C:\AdwCleaner[S1].txt 2013-07-07 06:47 - 2013-07-07 06:47 - 00030386 _____ C:\AdwCleaner[R2].txt 2013-07-07 06:46 - 2013-07-07 06:46 - 00030325 _____ C:\AdwCleaner[R1].txt 2013-07-06 10:06 - 2013-07-03 18:42 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\WinZipper 2013-07-05 20:11 - 2013-07-05 20:11 - 00009435 _____ C:\Users\weRWOlf\Desktop\Sitzordnung.xlsx 2013-07-04 15:49 - 2013-07-03 18:37 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\Adobe 2013-07-03 18:43 - 2012-06-28 15:05 - 00003312 _____ C:\Windows\System32\Tasks\4859 2013-07-03 18:43 - 2012-06-28 15:05 - 00003212 _____ C:\Windows\System32\Tasks\0 2013-07-03 18:42 - 2011-06-11 01:58 - 00773800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll 2013-07-03 18:42 - 2011-06-11 01:58 - 00421032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll 2013-07-03 18:23 - 2012-03-29 22:04 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-07-03 18:23 - 2012-03-29 22:04 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-07-03 18:23 - 2011-06-04 18:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-03 18:23 - 2010-07-24 11:18 - 00000000 ____D C:\Users\weRWOlf\AppData\Local\Adobe 2013-07-02 17:42 - 2012-01-20 12:34 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\Origin 2013-07-02 17:42 - 2012-01-20 12:33 - 00000000 ____D C:\ProgramData\Origin 2013-07-02 17:09 - 2012-10-25 14:19 - 00000000 ____D C:\Program Files (x86)\Origin 2013-07-02 17:09 - 2012-01-20 12:33 - 00000000 ____D C:\Users\weRWOlf\AppData\Local\Origin 2013-07-02 16:35 - 2013-02-28 19:10 - 00660931 _____ C:\test.xml 2013-06-29 08:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF 2013-06-29 08:22 - 2013-06-29 08:04 - 00081488 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\weRWOlf\Downloads\WebInstaller.exe 2013-06-29 08:20 - 2013-06-29 08:20 - 00157234 _____ C:\Users\weRWOlf\Downloads\RouterReconnect_1.3.zip 2013-06-29 08:07 - 2010-07-20 17:03 - 00119032 _____ C:\Users\weRWOlf\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-29 07:19 - 2013-05-25 14:01 - 00014174 _____ C:\Users\weRWOlf\Desktop\Leihgabe_Simmi.xlsx 2013-06-29 07:15 - 2010-07-20 19:18 - 00000000 ____D C:\Update 2013-06-28 17:03 - 2010-07-20 19:17 - 00000000 ____D C:\Users\weRWOlf\AppData\Local\Google 2013-06-28 12:31 - 2010-05-20 00:01 - 00000000 ____D C:\ProgramData\Sony Corporation 2013-06-28 12:23 - 2013-06-28 12:23 - 00000175 _____ C:\Windows\System32\Drivers\aswVmm.sys.sum 2013-06-28 12:23 - 2013-06-26 21:04 - 00000175 _____ C:\Windows\System32\Drivers\aswSP.sys.sum 2013-06-28 12:23 - 2013-06-26 21:04 - 00000175 _____ C:\Windows\System32\Drivers\aswSnx.sys.sum 2013-06-28 12:23 - 2013-05-23 19:33 - 01030952 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2013-06-28 12:23 - 2013-05-23 19:33 - 00378944 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2013-06-28 12:23 - 2013-05-23 19:33 - 00189936 _____ C:\Windows\System32\Drivers\aswVmm.sys 2013-06-27 13:53 - 2013-06-27 13:53 - 00000000 ____D C:\Program Files (x86)\GUM318B.tmp 2013-06-25 21:33 - 2010-08-08 17:14 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\TP 2013-06-22 13:50 - 2013-06-22 13:49 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\becker 2013-06-16 10:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-06-12 00:43 - 2013-07-11 23:07 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-12 00:43 - 2013-07-11 23:07 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 00:43 - 2013-07-11 23:07 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 00:43 - 2013-07-11 23:07 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-12 00:43 - 2013-07-11 23:07 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 00:43 - 2013-07-11 23:07 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 00:43 - 2013-07-11 23:07 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 00:42 - 2013-07-11 23:07 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-12 00:42 - 2013-07-11 23:07 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-12 00:42 - 2013-07-11 23:07 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-12 00:42 - 2013-07-11 23:07 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-12 00:42 - 2013-07-11 23:07 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-12 00:42 - 2013-07-11 23:07 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-12 00:26 - 2013-07-11 23:07 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 00:26 - 2013-07-11 23:07 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-12 00:26 - 2013-07-11 23:07 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 00:25 - 2013-07-11 23:07 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-12 00:25 - 2013-07-11 23:07 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-12 00:25 - 2013-07-11 23:07 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 00:25 - 2013-07-11 23:07 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-12 00:25 - 2013-07-11 23:07 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 00:25 - 2013-07-11 23:07 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 00:25 - 2013-07-11 23:07 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-12 00:25 - 2013-07-11 23:07 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-12 00:25 - 2013-07-11 23:07 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-12 00:25 - 2013-07-11 23:07 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 00:25 - 2013-07-11 23:07 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll Files to move or delete: ==================== C:\ProgramData\rundll32.exe C:\ProgramData\odej0eq.bat C:\ProgramData\odej0eq.pad C:\ProgramData\odej0eq.reg ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-07-10 20:09:54 Restore point made on: 2013-07-11 22:59:40 Restore point made on: 2013-07-12 04:58:29 ==================== BCD ================================ Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=Y: description Windows Boot Manager locale de-DE inherit {globalsettings} default {default} resumeobject {4380e4c2-8bb8-11df-a480-54424964c4a1} displayorder {default} toolsdisplayorder {memdiag} timeout 30 Windows-Startladeprogramm ------------------------- Bezeichner {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale de-DE inherit {bootloadersettings} recoverysequence {current} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {4380e4c2-8bb8-11df-a480-54424964c4a1} nx OptIn Windows-Startladeprogramm ------------------------- Bezeichner {current} device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{4380e4c5-8bb8-11df-a480-54424964c4a1} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{4380e4c5-8bb8-11df-a480-54424964c4a1} systemroot \windows nx OptIn winpe Yes Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {4380e4c2-8bb8-11df-a480-54424964c4a1} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=Y: path \boot\memtest.exe description Windows Memory Diagnostic locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems Yes Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger„teoptionen -------------- Bezeichner {4380e4c5-8bb8-11df-a480-54424964c4a1} description Ramdisk Options ramdisksdidevice partition=E: ramdisksdipath \Recovery\WindowsRE\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 3950.07 MB Available physical RAM: 3311.53 MB Total Pagefile: 3948.21 MB Available Pagefile: 3307.59 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:453.95 GB) (Free:201.41 GB) NTFS (Disk=0 Partition=3) Drive e: (Recovery) (Fixed) (Total:11.71 GB) (Free:0.79 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)] Drive g: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 436D42C1) Partition 1: (Not Active) - (Size=12 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 964 MB) (Disk ID: 91F72D24) Partition 1: (Not Active) - (Size=964 MB) - (Type=06) LastRegBack: 2013-07-05 14:36 ==================== End Of Log ============================ --- --- --- Eine zusätzliche Info. Nach der Ausführung von frst64.exe kommt beim Starten des Laptops ein weißer Bildschirm. Brauche dringend bis morgen eine Lösung um zumindest auf den Desktop zugreifen zu können. |
12.07.2013, 20:53 | #4 |
/// the machine /// TB-Ausbilder | GVU Virus Windows 7 64bit abgesicherter modus funktioniert nicht Da haste Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\odej0eq.bat [x ] () <=== ATTENTION HKU\weRWOlf\...\Winlogon: [Shell] explorer.exe,C:\Users\weRWOlf\AppData\Roaming\cache.dat [73728 2011-11-17] () <==== ATTENTION AppInit_DLLs: [0 ] () AppInit_DLLs-x32: [0 ] () 2013-07-12 04:55 - 2013-07-12 05:11 - 00000004 _____ C:\Users\weRWOlf\AppData\Roaming\cache.ini 2013-07-07 10:29 - 2013-07-07 10:29 - 00000137 _____ C:\Users\weRWOlf\Downloads\oa5hv6or715017e9.js C:\ProgramData\rundll32.exe C:\ProgramData\odej0eq.bat C:\ProgramData\odej0eq.pad C:\ProgramData\odej0eq.reg C:\Users\weRWOlf\AppData\Roaming\cache.dat
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. neu booten, freuen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
12.07.2013, 21:04 | #5 |
| GVU Virus Windows 7 64bit abgesicherter modus funktioniert nichtCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-07-2013 01 Ran by SYSTEM at 2013-07-12 21:58:52 Run:1 Running from G:\ Boot Mode: Recovery ============================================== HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully. HKU\weRWOlf\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully. C:\Users\weRWOlf\AppData\Roaming\cache.ini => Moved successfully. C:\Users\weRWOlf\Downloads\oa5hv6or715017e9.js => Moved successfully. C:\ProgramData\rundll32.exe => Moved successfully. C:\ProgramData\odej0eq.bat => Moved successfully. C:\ProgramData\odej0eq.pad => Moved successfully. C:\ProgramData\odej0eq.reg => Moved successfully. C:\Users\weRWOlf\AppData\Roaming\cache.dat => Moved successfully. ==== End of Fixlog ==== |
12.07.2013, 21:05 | #6 |
/// the machine /// TB-Ausbilder | GVU Virus Windows 7 64bit abgesicherter modus funktioniert nicht trommelwirbel........
__________________ --> GVU Virus Windows 7 64bit abgesicherter modus funktioniert nicht |
12.07.2013, 21:10 | #7 |
| GVU Virus Windows 7 64bit abgesicherter modus funktioniert nicht *g* Hört sich so an als ob ich fertig bin. Aber ich frage einfach mal nicht nach. Soll ich ja nicht. *g* |
12.07.2013, 21:11 | #8 |
/// the machine /// TB-Ausbilder | GVU Virus Windows 7 64bit abgesicherter modus funktioniert nicht wer sagt du sollst nit? Ich will nur wissen ob das Ding wieder bootet, einer mehr auf meiner one-fix-wonder Liste Danach machen wir noch Kontrollscans im normalen Modus.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
12.07.2013, 21:31 | #9 |
| GVU Virus Windows 7 64bit abgesicherter modus funktioniert nicht läuft alles wieder normal. |
12.07.2013, 21:35 | #10 |
/// the machine /// TB-Ausbilder | GVU Virus Windows 7 64bit abgesicherter modus funktioniert nicht Dann jetzt Kontrollscans Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
12.07.2013, 22:17 | #11 |
| GVU Virus Windows 7 64bit abgesicherter modus funktioniert nichtCode:
ATTFilter # AdwCleaner v2.305 - Datei am 12/07/2013 um 22:59:45 erstellt # Aktualisiert am 11/07/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : weRWOlf - WERWOLF-VAIO # Bootmodus : Normal # Ausgeführt unter : C:\Users\weRWOlf\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Gelöscht mit Neustart : C:\ProgramData\eSafe Ordner Gelöscht : C:\Users\weRWOlf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\performersoft llc Schlüssel Gelöscht : HKLM\Software\delta-homesSoftware Schlüssel Gelöscht : HKLM\Software\eSafeSecControl Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE} ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v [Version kann nicht ermittelt werden] Datei : C:\Users\weRWOlf\AppData\Roaming\Mozilla\Firefox\Profiles\fleoz171.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\weRWOlf\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [30325 octets] - [07/07/2013 07:46:09] AdwCleaner[R2].txt - [30386 octets] - [07/07/2013 07:47:35] AdwCleaner[S1].txt - [29172 octets] - [07/07/2013 07:47:59] AdwCleaner[S2].txt - [1657 octets] - [12/07/2013 22:59:45] ########## EOF - C:\AdwCleaner[S2].txt - [1717 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.0.7 (07.11.2013:1) OS: Windows 7 Home Premium x64 Ran by weRWOlf on 12.07.2013 at 23:04:20,28 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{0afd55c8-adf8-4a33-a6e1-dedb7a36aeb4} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\esafeseccontrol Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{391E6782-8148-4504-A315-85BA8BC5D6C7} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{435B5392-A007-4662-82C1-4991B5991DA3} ~~~ Files Successfully deleted: [File] C:\Windows\syswow64\sho1A07.tmp ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\esafe" Successfully deleted: [Folder] "C:\Users\weRWOlf\AppData\Roaming\goforfiles" Successfully deleted: [Folder] "C:\Users\weRWOlf\appdata\locallow\datamngr" Successfully deleted: [Folder] "C:\Program Files (x86)\goforfiles" Successfully deleted: [Folder] "C:\Program Files (x86)\otshot" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 12.07.2013 at 23:09:44,50 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-07-2013 01 Ran by weRWOlf (administrator) on 12-07-2013 23:13:15 Running from C:\Users\weRWOlf\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (DATA BECKER) C:\Program Files (x86)\DATA BECKER\Haushaltsbuch 6\hhb6tray.exe (Gemalto N.V.) C:\Users\weRWOlf\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9636896 2009-12-16] (Realtek Semiconductor) HKLM\...\Run: [Apoint] - %ProgramFiles%\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.) HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation) HKCU\...\Run: [HHB6Tray] - C:\Program Files (x86)\DATA BECKER\Haushaltsbuch 6\hhb6tray.exe [1537360 2010-11-08] (DATA BECKER) HKCU\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\weRWOlf\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27306624 2011-12-19] (Gemalto N.V.) HKCU\...\Run: [OfficeSyncProcess] - "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation) HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN2AJB3JKZ05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 [2676584 2011-09-09] (Hewlett-Packard Co.) HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 MountPoints2: {72223716-a6ee-11df-b88f-f07bcbe54609} - H:\LaunchU3.exe -a MountPoints2: {b893b740-c18a-11df-9a9c-f07bcbe54609} - D:\teaser.exe HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-21] (Intel Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation) HKLM-x32\...\Run: [WinampAgent] - "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2012-06-28] (Nullsoft, Inc.) HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-09-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) IMEO\bttray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\magic-i visual effects.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\mediencentersoftware.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\pmbbrowser.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\pmblauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\pmbmapview.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\utility.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\uwebcam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\vaiocare.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\windvd.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\weRWOlf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll (Hewlett-Packard Co.) BootExecute: autocheck autochk /r \??\I:autocheck autochk * ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SearchScopes: HKCU - {35EF758C-4A27-455C-BC79-4C5A97406E83} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} SearchScopes: HKCU - {3F179A0F-1339-41F7-8FF4-3FF72145AB05} URL = hxxp://de.shopping.com/?linkin_id=8056363 BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: PAYBACK Toolbar Browserhilfsobjekt - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) Toolbar: HKLM - No Name - !{32099AAC-C132-4136-9E9A-4E364A424E17} - No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - PAYBACK Toolbar - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) Toolbar: HKLM-x32 - No Name - !{32099AAC-C132-4136-9E9A-4E364A424E17} - No File Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}: [NameServer]192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\weRWOlf\AppData\Roaming\Mozilla\Firefox\Profiles\fleoz171.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @java.com/DTPlugin,version=1.6.0_45 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @protectdisc.com/NPPDLicenseHelper - C:\Users\weRWOlf\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\weRWOlf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: ftdownloader - C:\Users\weRWOlf\AppData\Roaming\Mozilla\Firefox\Profiles\fleoz171.default\Extensions\ftdownloader@ftdownloader.com.xpi FF Extension: torntv - C:\Users\weRWOlf\AppData\Roaming\Mozilla\Firefox\Profiles\fleoz171.default\Extensions\torntv@torntv.com.xpi FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "hxxp://www.google.com/" CHR DefaultSearchURL: (Claro Search) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR DefaultSuggestURL: (Claro Search) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} ==================== Services (Whitelisted) ================= S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S4 MCSWASVR; C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [12800 2012-08-13] (Deutsche Telekom AG) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) S4 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions) S4 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions) S4 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2072896 2011-10-12] (TuneUp Software) S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation) R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1359408 2013-03-26] (Sony Corporation) R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-07-03] (Taiwan Shui Mu Chih Ching Technology Limited.) S2 IpsosLSPService; C:\Program Files (x86)\IpsosLSPService\IpsosLSPService.exe [x] S2 otshot; C:\program files\otshot\ZalmanUpdateService.exe [x] S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [x] ==================== Drivers (Whitelisted) ==================== R2 6077757b; C:\Windows\system32\drivers\regi.sys [14112 2007-04-17] (InterVideo) R2 6077757b; C:\Windows\system32\drivers\regi.sys [14112 2007-04-17] (InterVideo) R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] () R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-08-12] (Duplex Secure Ltd.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-09-22] (TuneUp Software) S3 TVICHW64; C:\Windows\system32\DRIVERS\TVICHW64.SYS [21200 2010-11-19] (EnTech Taiwan) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] () S1 xdbiguwk; \??\C:\Windows\system32\drivers\xdbiguwk.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-12 23:09 - 2013-07-12 23:09 - 00002371 _____ C:\Users\weRWOlf\Desktop\JRT.txt 2013-07-12 23:04 - 2013-07-12 23:04 - 00000000 ____D C:\Windows\ERUNT 2013-07-12 23:02 - 2013-07-12 23:02 - 00001784 _____ C:\Users\weRWOlf\Desktop\AdwCleaner[S2].txt 2013-07-12 22:59 - 2013-07-12 23:00 - 00001784 _____ C:\AdwCleaner[S2].txt 2013-07-12 22:55 - 2013-07-12 22:55 - 00559306 _____ (Oleg N. Scherbakov) C:\Users\weRWOlf\Desktop\JRT.exe 2013-07-12 22:51 - 2013-07-12 22:51 - 00662345 _____ C:\Users\weRWOlf\Desktop\adwcleaner.exe 2013-07-12 21:28 - 2013-07-12 23:12 - 00027949 _____ C:\Users\weRWOlf\Desktop\Addition.txt 2013-07-12 21:27 - 2013-07-12 21:27 - 01777811 _____ (Farbar) C:\Users\weRWOlf\Downloads\FRST64.exe 2013-07-12 21:26 - 2013-07-12 19:49 - 01778143 _____ (Farbar) C:\Users\weRWOlf\Desktop\FRST64.exe 2013-07-12 20:51 - 2013-07-12 20:51 - 00000000 ____D C:\FRST 2013-07-12 00:07 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-12 00:07 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-12 00:07 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-12 00:07 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-12 00:07 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-12 00:07 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-12 00:07 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-12 00:07 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-12 00:07 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-12 00:07 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-12 00:07 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-12 00:07 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-12 00:07 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-12 00:07 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-12 00:07 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-12 00:07 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-12 00:07 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-12 00:07 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-12 00:07 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-12 00:07 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-12 00:07 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-12 00:07 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-12 00:07 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-12 00:07 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-12 00:07 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-12 00:07 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-12 00:07 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-12 00:07 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-12 00:07 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-12 00:07 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-12 00:07 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-11 19:55 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-11 19:55 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-11 19:55 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-11 19:55 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-11 19:54 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-11 19:54 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-11 19:54 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-07 16:23 - 2013-07-07 16:39 - 36736021 _____ C:\Users\weRWOlf\Downloads\Tocotronic - 1995 - Nach Der Verlorenen Zeit.rar 2013-07-07 07:47 - 2013-07-07 07:48 - 00029172 _____ C:\AdwCleaner[S1].txt 2013-07-07 07:47 - 2013-07-07 07:47 - 00030386 _____ C:\AdwCleaner[R2].txt 2013-07-07 07:46 - 2013-07-07 07:46 - 00030325 _____ C:\AdwCleaner[R1].txt 2013-07-05 21:11 - 2013-07-05 21:11 - 00009435 _____ C:\Users\weRWOlf\Desktop\Sitzordnung.xlsx 2013-07-03 19:42 - 2013-07-12 22:03 - 00000000 ____D C:\Program Files (x86)\WinZipper 2013-07-03 19:42 - 2013-07-06 11:06 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\WinZipper 2013-07-03 19:37 - 2013-07-04 16:49 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\Adobe 2013-06-29 09:20 - 2013-06-29 09:20 - 00157234 _____ C:\Users\weRWOlf\Downloads\RouterReconnect_1.3.zip 2013-06-29 09:04 - 2013-06-29 09:22 - 00081488 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\weRWOlf\Downloads\WebInstaller.exe 2013-06-28 13:23 - 2013-06-28 13:23 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-06-27 14:53 - 2013-06-27 14:53 - 00000000 ____D C:\Program Files (x86)\GUM318B.tmp 2013-06-26 22:04 - 2013-06-28 13:23 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum 2013-06-26 22:04 - 2013-06-28 13:23 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-06-22 14:49 - 2013-06-22 14:50 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\becker 2013-06-12 20:20 - 2013-05-13 07:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-06-12 20:20 - 2013-05-13 07:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-06-12 20:20 - 2013-05-13 07:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-06-12 20:20 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll 2013-06-12 20:20 - 2013-05-13 06:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 20:20 - 2013-05-13 06:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 20:20 - 2013-05-13 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 20:20 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2013-06-12 20:20 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 20:20 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 20:20 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2013-06-12 20:20 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 20:20 - 2013-05-08 08:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-06-12 20:20 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2013-06-12 20:20 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 20:20 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-12 20:20 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-12 20:20 - 2013-04-17 08:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2013-06-12 20:20 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll ==================== One Month Modified Files and Folders ======= 2013-07-12 23:12 - 2013-07-12 21:28 - 00027949 _____ C:\Users\weRWOlf\Desktop\Addition.txt 2013-07-12 23:10 - 2009-07-14 06:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-12 23:10 - 2009-07-14 06:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-12 23:09 - 2013-07-12 23:09 - 00002371 _____ C:\Users\weRWOlf\Desktop\JRT.txt 2013-07-12 23:07 - 2010-07-09 16:20 - 01318494 _____ C:\Windows\WindowsUpdate.log 2013-07-12 23:04 - 2013-07-12 23:04 - 00000000 ____D C:\Windows\ERUNT 2013-07-12 23:03 - 2010-09-16 20:57 - 00000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2013-07-12 23:02 - 2013-07-12 23:02 - 00001784 _____ C:\Users\weRWOlf\Desktop\AdwCleaner[S2].txt 2013-07-12 23:02 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-12 23:01 - 2012-12-29 23:00 - 00044251 _____ C:\Windows\setupact.log 2013-07-12 23:00 - 2013-07-12 22:59 - 00001784 _____ C:\AdwCleaner[S2].txt 2013-07-12 22:55 - 2013-07-12 22:55 - 00559306 _____ (Oleg N. Scherbakov) C:\Users\weRWOlf\Desktop\JRT.exe 2013-07-12 22:52 - 2010-08-14 11:29 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\UseNeXT 2013-07-12 22:51 - 2013-07-12 22:51 - 00662345 _____ C:\Users\weRWOlf\Desktop\adwcleaner.exe 2013-07-12 22:44 - 2010-08-14 11:29 - 00000000 ____D C:\Users\weRWOlf\Documents\UseNeXT 2013-07-12 22:38 - 2010-08-04 21:38 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\Winamp 2013-07-12 22:26 - 2013-03-16 17:54 - 00000342 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job 2013-07-12 22:22 - 2012-03-29 23:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-12 22:13 - 2012-03-29 23:04 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-07-12 22:13 - 2012-03-29 23:04 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-07-12 22:13 - 2011-06-04 19:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-12 22:13 - 2010-07-10 02:14 - 00700476 _____ C:\Windows\system32\perfh007.dat 2013-07-12 22:13 - 2010-07-10 02:14 - 00149422 _____ C:\Windows\system32\perfc007.dat 2013-07-12 22:13 - 2009-07-14 07:13 - 01622944 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-12 22:11 - 2013-04-03 17:36 - 00000000 ____D C:\Users\weRWOlf\Documents\Outlook-Dateien 2013-07-12 22:03 - 2013-07-03 19:42 - 00000000 ____D C:\Program Files (x86)\WinZipper 2013-07-12 22:01 - 2013-05-23 20:33 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-07-12 21:27 - 2013-07-12 21:27 - 01777811 _____ (Farbar) C:\Users\weRWOlf\Downloads\FRST64.exe 2013-07-12 20:51 - 2013-07-12 20:51 - 00000000 ____D C:\FRST 2013-07-12 20:50 - 2010-07-20 18:07 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{58CAA574-C1A7-4E04-ACB1-12BC52DE988A} 2013-07-12 19:49 - 2013-07-12 21:26 - 01778143 _____ (Farbar) C:\Users\weRWOlf\Desktop\FRST64.exe 2013-07-12 05:55 - 2013-03-16 18:54 - 00000000 ____D C:\Users\weRWOlf\Desktop\Hochzeit 2013-07-12 05:25 - 2009-07-14 06:45 - 00453512 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-12 05:24 - 2012-05-11 21:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-12 05:24 - 2012-05-11 21:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-12 05:24 - 2010-05-20 04:02 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-12 05:24 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-12 05:24 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-12 00:15 - 2010-10-23 11:47 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-12 00:09 - 2010-07-20 21:10 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-07-11 23:58 - 2010-08-08 18:15 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\SoftGrid Client 2013-07-10 20:33 - 2013-05-25 09:55 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\vlc 2013-07-08 14:39 - 2013-01-09 22:31 - 00019950 _____ C:\Windows\PFRO.log 2013-07-07 16:39 - 2013-07-07 16:23 - 36736021 _____ C:\Users\weRWOlf\Downloads\Tocotronic - 1995 - Nach Der Verlorenen Zeit.rar 2013-07-07 07:48 - 2013-07-07 07:47 - 00029172 _____ C:\AdwCleaner[S1].txt 2013-07-07 07:48 - 2010-07-20 18:06 - 00000999 _____ C:\Users\weRWOlf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-07-07 07:47 - 2013-07-07 07:47 - 00030386 _____ C:\AdwCleaner[R2].txt 2013-07-07 07:46 - 2013-07-07 07:46 - 00030325 _____ C:\AdwCleaner[R1].txt 2013-07-06 11:06 - 2013-07-03 19:42 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\WinZipper 2013-07-05 21:11 - 2013-07-05 21:11 - 00009435 _____ C:\Users\weRWOlf\Desktop\Sitzordnung.xlsx 2013-07-04 16:49 - 2013-07-03 19:37 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\Adobe 2013-07-03 19:43 - 2012-06-28 16:05 - 00003312 _____ C:\Windows\System32\Tasks\4859 2013-07-03 19:43 - 2012-06-28 16:05 - 00003212 _____ C:\Windows\System32\Tasks\0 2013-07-03 19:42 - 2011-06-11 02:58 - 00773800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll 2013-07-03 19:42 - 2011-06-11 02:58 - 00421032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll 2013-07-03 19:23 - 2010-07-24 12:18 - 00000000 ____D C:\Users\weRWOlf\AppData\Local\Adobe 2013-07-02 18:42 - 2012-01-20 13:34 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\Origin 2013-07-02 18:42 - 2012-01-20 13:33 - 00000000 ____D C:\ProgramData\Origin 2013-07-02 18:09 - 2012-10-25 15:19 - 00000000 ____D C:\Program Files (x86)\Origin 2013-07-02 18:09 - 2012-01-20 13:33 - 00000000 ____D C:\Users\weRWOlf\AppData\Local\Origin 2013-07-02 17:35 - 2013-02-28 20:10 - 00660931 _____ C:\test.xml 2013-06-29 09:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-06-29 09:22 - 2013-06-29 09:04 - 00081488 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\weRWOlf\Downloads\WebInstaller.exe 2013-06-29 09:20 - 2013-06-29 09:20 - 00157234 _____ C:\Users\weRWOlf\Downloads\RouterReconnect_1.3.zip 2013-06-29 09:07 - 2010-07-20 18:03 - 00119032 _____ C:\Users\weRWOlf\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-29 08:19 - 2013-05-25 15:01 - 00014174 _____ C:\Users\weRWOlf\Desktop\Leihgabe_Simmi.xlsx 2013-06-29 08:15 - 2010-07-20 20:18 - 00000000 ____D C:\Update 2013-06-28 18:03 - 2010-07-20 20:17 - 00000000 ____D C:\Users\weRWOlf\AppData\Local\Google 2013-06-28 13:31 - 2010-05-20 01:01 - 00000000 ____D C:\ProgramData\Sony Corporation 2013-06-28 13:23 - 2013-06-28 13:23 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-06-28 13:23 - 2013-06-26 22:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum 2013-06-28 13:23 - 2013-06-26 22:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-06-28 13:23 - 2013-05-23 20:33 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-06-28 13:23 - 2013-05-23 20:33 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-06-28 13:23 - 2013-05-23 20:33 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-06-27 14:53 - 2013-06-27 14:53 - 00000000 ____D C:\Program Files (x86)\GUM318B.tmp 2013-06-25 22:33 - 2010-08-08 18:14 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\TP 2013-06-22 14:50 - 2013-06-22 14:49 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\becker 2013-06-16 11:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-06-12 01:43 - 2013-07-12 00:07 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-12 01:43 - 2013-07-12 00:07 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 01:43 - 2013-07-12 00:07 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 01:43 - 2013-07-12 00:07 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-12 01:43 - 2013-07-12 00:07 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 01:43 - 2013-07-12 00:07 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 01:43 - 2013-07-12 00:07 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 01:42 - 2013-07-12 00:07 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-12 01:42 - 2013-07-12 00:07 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-12 01:42 - 2013-07-12 00:07 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-12 01:42 - 2013-07-12 00:07 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-12 01:42 - 2013-07-12 00:07 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-12 01:42 - 2013-07-12 00:07 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-12 01:26 - 2013-07-12 00:07 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-06-12 01:26 - 2013-07-12 00:07 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-06-12 01:26 - 2013-07-12 00:07 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-06-12 01:25 - 2013-07-12 00:07 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-06-12 01:25 - 2013-07-12 00:07 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-06-12 01:25 - 2013-07-12 00:07 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-06-12 01:25 - 2013-07-12 00:07 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-06-12 01:25 - 2013-07-12 00:07 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-06-12 01:25 - 2013-07-12 00:07 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-06-12 01:25 - 2013-07-12 00:07 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-06-12 01:25 - 2013-07-12 00:07 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-06-12 01:25 - 2013-07-12 00:07 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-06-12 01:25 - 2013-07-12 00:07 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-06-12 01:25 - 2013-07-12 00:07 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-06-12 00:51 - 2013-07-12 00:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-12 00:50 - 2013-07-12 00:07 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-05 15:36 ==================== End Of Log ============================ |
13.07.2013, 10:12 | #12 |
/// the machine /// TB-Ausbilder | GVU Virus Windows 7 64bit abgesicherter modus funktioniert nicht Noch nen Onlinescan und wir sollten durch sein ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.07.2013, 19:09 | #13 |
| GVU Virus Windows 7 64bit abgesicherter modus funktioniert nicht ESET hat wohl einiges gefunden Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=3f15bb750fec984bb60789acf4f3210c # engine=14391 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-14 03:26:01 # local_time=2013-07-14 05:26:01 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=774 16777213 85 91 251065 150525433 0 0 # compatibility_mode=5893 16776574 100 94 216072 125445411 0 0 # scanned=475452 # found=21 # cleaned=0 # scan_time=11390 sh=2B5091F1C36033F9D90860A993C030D2DA959F31 ft=1 fh=dfe2e82b77d0c9e2 vn="Win32/Injector.AJJW trojan" ac=I fn="C:\FRST\Quarantine\cache.dat" sh=183BA49CCEBEF136AA1A82F79BE0CC286ACE977B ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\FRST\Quarantine\odej0eq.bat" sh=9341F995766E40E7B13150298135E8342887A207 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\weRWOlf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\9270480-7d88b848" sh=C314CBDA2605CC97ECD11256FCF18F3FF811E228 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\weRWOlf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\568df58f-499bf479" sh=06B5B3630C90401D738A828CEEE6B6486E589319 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-1493.CG trojan" ac=I fn="C:\Users\weRWOlf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\7289bacf-73ad5e70" sh=F9569162B9705A9926E25D3ACA51E7B69C22A827 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.CK trojan" ac=I fn="C:\Users\weRWOlf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\553dc151-7214bf40" sh=A9ABFB9261DF31FADD8E49592F942281A71E7D37 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\weRWOlf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\227d629c-1f2af40b" sh=BE8EC5DD4D197CD966AADB9FB4396A63175BD8D1 ft=1 fh=e1c4da5c767a55d8 vn="a variant of Win32/Kryptik.BDCZ trojan" ac=I fn="C:\Users\weRWOlf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\3daa191f-634efb5d" sh=C314CBDA2605CC97ECD11256FCF18F3FF811E228 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\weRWOlf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\9b719f-50a50291" sh=9219317093C79C952BBE73B804A2E442ED922059 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\weRWOlf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\35693d20-685bc281" sh=A9ABFB9261DF31FADD8E49592F942281A71E7D37 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\weRWOlf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\388527c4-4b3601e9" sh=9EC89FF7A3D0E6949EF8AC4CF79794CB3C207351 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\weRWOlf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\369a7a8-43317a58" sh=98F4F80E1E9E88B5ED20F7462B4C98DEA1BDCBC5 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\weRWOlf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\7fde59e8-7936fa11" sh=7FA38455F0F7376D1D1F85592DE78CD4CC2E8FCE ft=0 fh=0000000000000000 vn="Java/Agent.DW trojan" ac=I fn="C:\Users\weRWOlf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\fdc1168-55e592e3" sh=9955393384E5BB686F452109579DEC11A9526D49 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OLC trojan" ac=I fn="C:\Users\weRWOlf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\42f6e833-1de9565c" sh=A9ABFB9261DF31FADD8E49592F942281A71E7D37 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\weRWOlf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\6ac8beb5-73313fda" sh=A9ABFB9261DF31FADD8E49592F942281A71E7D37 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\weRWOlf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\5c41be3b-6aa4b4e1" sh=9219317093C79C952BBE73B804A2E442ED922059 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\weRWOlf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\42a6be06-512a9f9d" sh=88A14ED55E2F374663E60795DEC7B31A82D510EF ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\weRWOlf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2ec0b3e-61095f72" sh=039735CD3ADC8168D93F351CCFDD769BBC8EDEDE ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\weRWOlf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\76100a3f-54c3a92e" sh=80012B06AB716D693830F176F0F5B5A9DA63C7EC ft=1 fh=9d84ddb8bced7ea6 vn="a variant of Win32/Adware.Ezula.AK application" ac=I fn="C:\Users\weRWOlf\AppData\Roaming\ZalmanInstaller_otshot\otshotcomponent0.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.69 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Microsoft Security Essentials Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` TuneUp Utilities 2012 TuneUp Utilities Language Pack (de-DE) Java(TM) 6 Update 37 Java version out of Date! Adobe Flash Player 11.8.800.94 Adobe Reader 10.1.7 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013 Ran by weRWOlf (administrator) on 14-07-2013 20:04:50 Running from C:\Users\weRWOlf\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe (DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (DATA BECKER) C:\Program Files (x86)\DATA BECKER\Haushaltsbuch 6\hhb6tray.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Gemalto N.V.) C:\Users\weRWOlf\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (PAYBACK GmbH) C:\Users\weRWOlf\AppData\LocalLow\PaybackToolbar32\bin\PaybackWorker_1_0_2\PaybackWorker.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\Admload.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\bin\HPNetworkCommunicator.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9636896 2009-12-16] (Realtek Semiconductor) HKLM\...\Run: [Apoint] - %ProgramFiles%\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.) HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation) HKCU\...\Run: [HHB6Tray] - C:\Program Files (x86)\DATA BECKER\Haushaltsbuch 6\hhb6tray.exe [1537360 2010-11-08] (DATA BECKER) HKCU\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\weRWOlf\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27306624 2011-12-19] (Gemalto N.V.) HKCU\...\Run: [OfficeSyncProcess] - "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation) HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN2AJB3JKZ05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 [2676584 2011-09-09] (Hewlett-Packard Co.) MountPoints2: {72223716-a6ee-11df-b88f-f07bcbe54609} - H:\LaunchU3.exe -a MountPoints2: {b893b740-c18a-11df-9a9c-f07bcbe54609} - D:\teaser.exe HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-21] (Intel Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation) HKLM-x32\...\Run: [WinampAgent] - "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2012-06-28] (Nullsoft, Inc.) HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-09-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) IMEO\bttray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\magic-i visual effects.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\mediencentersoftware.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\pmbbrowser.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\pmblauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\pmbmapview.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\utility.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\uwebcam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\vaiocare.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\windvd.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\weRWOlf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll (Hewlett-Packard Co.) BootExecute: autocheck autochk /r \??\I:autocheck autochk * ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SearchScopes: HKCU - {35EF758C-4A27-455C-BC79-4C5A97406E83} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} SearchScopes: HKCU - {3F179A0F-1339-41F7-8FF4-3FF72145AB05} URL = hxxp://de.shopping.com/?linkin_id=8056363 BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: PAYBACK Toolbar Browserhilfsobjekt - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) Toolbar: HKLM - No Name - !{32099AAC-C132-4136-9E9A-4E364A424E17} - No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - PAYBACK Toolbar - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) Toolbar: HKLM-x32 - No Name - !{32099AAC-C132-4136-9E9A-4E364A424E17} - No File Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}: [NameServer]192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\weRWOlf\AppData\Roaming\Mozilla\Firefox\Profiles\fleoz171.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @java.com/DTPlugin,version=1.6.0_45 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @protectdisc.com/NPPDLicenseHelper - C:\Users\weRWOlf\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\weRWOlf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: ftdownloader - C:\Users\weRWOlf\AppData\Roaming\Mozilla\Firefox\Profiles\fleoz171.default\Extensions\ftdownloader@ftdownloader.com.xpi FF Extension: torntv - C:\Users\weRWOlf\AppData\Roaming\Mozilla\Firefox\Profiles\fleoz171.default\Extensions\torntv@torntv.com.xpi FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "hxxp://www.google.com/" CHR DefaultSearchURL: (Claro Search) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR DefaultSuggestURL: (Claro Search) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Extension: (TheBflix) - C:\Users\weRWOlf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdjfcdinekpfcedakhpngcnaamhiihn\5.0_0 ==================== Services (Whitelisted) ================= S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S4 MCSWASVR; C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [12800 2012-08-13] (Deutsche Telekom AG) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) S4 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions) S4 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions) S4 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2072896 2011-10-12] (TuneUp Software) S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation) R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1359408 2013-03-26] (Sony Corporation) R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-07-03] (Taiwan Shui Mu Chih Ching Technology Limited.) S2 IpsosLSPService; C:\Program Files (x86)\IpsosLSPService\IpsosLSPService.exe [x] S2 otshot; C:\program files\otshot\ZalmanUpdateService.exe [x] S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [x] ==================== Drivers (Whitelisted) ==================== R2 6077757b; C:\Windows\system32\drivers\regi.sys [14112 2007-04-17] (InterVideo) R2 6077757b; C:\Windows\system32\drivers\regi.sys [14112 2007-04-17] (InterVideo) R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] () R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-08-12] (Duplex Secure Ltd.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-09-22] (TuneUp Software) S3 TVICHW64; C:\Windows\system32\DRIVERS\TVICHW64.SYS [21200 2010-11-19] (EnTech Taiwan) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] () S1 xdbiguwk; \??\C:\Windows\system32\drivers\xdbiguwk.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-14 20:04 - 2013-07-14 20:04 - 01777839 _____ (Farbar) C:\Users\weRWOlf\Desktop\FRST64.exe 2013-07-14 20:01 - 2013-07-14 20:01 - 00001130 _____ C:\Users\weRWOlf\Desktop\checkup.txt 2013-07-14 19:55 - 2013-07-14 19:55 - 00891022 _____ C:\Users\weRWOlf\Downloads\SecurityCheck.exe 2013-07-13 00:28 - 2013-07-13 00:47 - 95454472 _____ C:\Users\weRWOlf\Downloads\092003.zip 2013-07-12 23:04 - 2013-07-12 23:04 - 00000000 ____D C:\Windows\ERUNT 2013-07-12 22:59 - 2013-07-12 23:00 - 00001784 _____ C:\AdwCleaner[S2].txt 2013-07-12 20:51 - 2013-07-12 20:51 - 00000000 ____D C:\FRST 2013-07-12 00:07 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-12 00:07 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-12 00:07 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-12 00:07 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-12 00:07 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-12 00:07 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-12 00:07 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-12 00:07 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-12 00:07 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-12 00:07 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-12 00:07 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-12 00:07 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-12 00:07 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-12 00:07 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-12 00:07 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-12 00:07 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-12 00:07 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-12 00:07 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-12 00:07 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-12 00:07 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-12 00:07 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-12 00:07 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-12 00:07 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-12 00:07 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-12 00:07 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-12 00:07 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-12 00:07 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-12 00:07 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-12 00:07 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-12 00:07 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-12 00:07 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-11 19:55 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-11 19:55 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-11 19:55 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-11 19:55 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-11 19:54 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-11 19:54 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-11 19:54 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-07 16:23 - 2013-07-07 16:39 - 36736021 _____ C:\Users\weRWOlf\Downloads\Tocotronic - 1995 - Nach Der Verlorenen Zeit.rar 2013-07-07 07:47 - 2013-07-07 07:48 - 00029172 _____ C:\AdwCleaner[S1].txt 2013-07-07 07:47 - 2013-07-07 07:47 - 00030386 _____ C:\AdwCleaner[R2].txt 2013-07-07 07:46 - 2013-07-07 07:46 - 00030325 _____ C:\AdwCleaner[R1].txt 2013-07-05 21:11 - 2013-07-13 11:09 - 00009437 _____ C:\Users\weRWOlf\Desktop\Sitzordnung.xlsx 2013-07-03 19:42 - 2013-07-12 22:03 - 00000000 ____D C:\Program Files (x86)\WinZipper 2013-07-03 19:42 - 2013-07-06 11:06 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\WinZipper 2013-07-03 19:37 - 2013-07-04 16:49 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\Adobe 2013-06-29 09:20 - 2013-06-29 09:20 - 00157234 _____ C:\Users\weRWOlf\Downloads\RouterReconnect_1.3.zip 2013-06-29 09:04 - 2013-06-29 09:22 - 00081488 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\weRWOlf\Downloads\WebInstaller.exe 2013-06-28 13:23 - 2013-06-28 13:23 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-06-27 14:53 - 2013-06-27 14:53 - 00000000 ____D C:\Program Files (x86)\GUM318B.tmp 2013-06-26 22:04 - 2013-06-28 13:23 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum 2013-06-26 22:04 - 2013-06-28 13:23 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-06-22 14:49 - 2013-06-22 14:50 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\becker ==================== One Month Modified Files and Folders ======= 2013-07-14 20:04 - 2013-07-14 20:04 - 01777839 _____ (Farbar) C:\Users\weRWOlf\Desktop\FRST64.exe 2013-07-14 20:01 - 2013-07-14 20:01 - 00001130 _____ C:\Users\weRWOlf\Desktop\checkup.txt 2013-07-14 19:57 - 2013-04-03 17:36 - 00000000 ____D C:\Users\weRWOlf\Documents\Outlook-Dateien 2013-07-14 19:55 - 2013-07-14 19:55 - 00891022 _____ C:\Users\weRWOlf\Downloads\SecurityCheck.exe 2013-07-14 19:50 - 2013-03-16 18:54 - 00000000 ____D C:\Users\weRWOlf\Desktop\Hochzeit 2013-07-14 19:33 - 2010-07-09 16:20 - 01504520 _____ C:\Windows\WindowsUpdate.log 2013-07-14 19:26 - 2013-03-16 17:54 - 00000342 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job 2013-07-14 19:22 - 2012-03-29 23:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-14 17:20 - 2012-12-29 23:00 - 00045147 _____ C:\Windows\setupact.log 2013-07-14 14:37 - 2010-07-20 18:07 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{58CAA574-C1A7-4E04-ACB1-12BC52DE988A} 2013-07-14 14:14 - 2010-07-10 02:14 - 00700476 _____ C:\Windows\system32\perfh007.dat 2013-07-14 14:14 - 2010-07-10 02:14 - 00149422 _____ C:\Windows\system32\perfc007.dat 2013-07-14 14:14 - 2009-07-14 07:13 - 01622944 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-14 08:21 - 2009-07-14 06:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-14 08:21 - 2009-07-14 06:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-14 08:14 - 2010-09-16 20:57 - 00000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2013-07-14 08:13 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-13 22:45 - 2010-08-04 21:38 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\Winamp 2013-07-13 12:31 - 2010-08-14 11:29 - 00000000 ____D C:\Users\weRWOlf\Documents\UseNeXT 2013-07-13 11:09 - 2013-07-05 21:11 - 00009437 _____ C:\Users\weRWOlf\Desktop\Sitzordnung.xlsx 2013-07-13 05:42 - 2010-08-14 11:29 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\UseNeXT 2013-07-13 00:47 - 2013-07-13 00:28 - 95454472 _____ C:\Users\weRWOlf\Downloads\092003.zip 2013-07-12 23:04 - 2013-07-12 23:04 - 00000000 ____D C:\Windows\ERUNT 2013-07-12 23:00 - 2013-07-12 22:59 - 00001784 _____ C:\AdwCleaner[S2].txt 2013-07-12 22:13 - 2012-03-29 23:04 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-07-12 22:13 - 2012-03-29 23:04 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-07-12 22:13 - 2011-06-04 19:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-12 22:03 - 2013-07-03 19:42 - 00000000 ____D C:\Program Files (x86)\WinZipper 2013-07-12 22:01 - 2013-05-23 20:33 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-07-12 20:51 - 2013-07-12 20:51 - 00000000 ____D C:\FRST 2013-07-12 05:25 - 2009-07-14 06:45 - 00453512 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-12 05:24 - 2012-05-11 21:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-12 05:24 - 2012-05-11 21:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-12 05:24 - 2010-05-20 04:02 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-12 05:24 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-12 05:24 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-12 00:15 - 2010-10-23 11:47 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-12 00:09 - 2010-07-20 21:10 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-07-11 23:58 - 2010-08-08 18:15 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\SoftGrid Client 2013-07-10 20:33 - 2013-05-25 09:55 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\vlc 2013-07-08 14:39 - 2013-01-09 22:31 - 00019950 _____ C:\Windows\PFRO.log 2013-07-07 16:39 - 2013-07-07 16:23 - 36736021 _____ C:\Users\weRWOlf\Downloads\Tocotronic - 1995 - Nach Der Verlorenen Zeit.rar 2013-07-07 07:48 - 2013-07-07 07:47 - 00029172 _____ C:\AdwCleaner[S1].txt 2013-07-07 07:48 - 2010-07-20 18:06 - 00000999 _____ C:\Users\weRWOlf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-07-07 07:47 - 2013-07-07 07:47 - 00030386 _____ C:\AdwCleaner[R2].txt 2013-07-07 07:46 - 2013-07-07 07:46 - 00030325 _____ C:\AdwCleaner[R1].txt 2013-07-06 11:06 - 2013-07-03 19:42 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\WinZipper 2013-07-04 16:49 - 2013-07-03 19:37 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\Adobe 2013-07-03 19:43 - 2012-06-28 16:05 - 00003312 _____ C:\Windows\System32\Tasks\4859 2013-07-03 19:43 - 2012-06-28 16:05 - 00003212 _____ C:\Windows\System32\Tasks\0 2013-07-03 19:42 - 2011-06-11 02:58 - 00773800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll 2013-07-03 19:42 - 2011-06-11 02:58 - 00421032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll 2013-07-03 19:23 - 2010-07-24 12:18 - 00000000 ____D C:\Users\weRWOlf\AppData\Local\Adobe 2013-07-02 18:42 - 2012-01-20 13:34 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\Origin 2013-07-02 18:42 - 2012-01-20 13:33 - 00000000 ____D C:\ProgramData\Origin 2013-07-02 18:09 - 2012-10-25 15:19 - 00000000 ____D C:\Program Files (x86)\Origin 2013-07-02 18:09 - 2012-01-20 13:33 - 00000000 ____D C:\Users\weRWOlf\AppData\Local\Origin 2013-07-02 17:35 - 2013-02-28 20:10 - 00660931 _____ C:\test.xml 2013-06-29 09:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-06-29 09:22 - 2013-06-29 09:04 - 00081488 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\weRWOlf\Downloads\WebInstaller.exe 2013-06-29 09:20 - 2013-06-29 09:20 - 00157234 _____ C:\Users\weRWOlf\Downloads\RouterReconnect_1.3.zip 2013-06-29 09:07 - 2010-07-20 18:03 - 00119032 _____ C:\Users\weRWOlf\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-29 08:19 - 2013-05-25 15:01 - 00014174 _____ C:\Users\weRWOlf\Desktop\Leihgabe_Simmi.xlsx 2013-06-29 08:15 - 2010-07-20 20:18 - 00000000 ____D C:\Update 2013-06-28 18:03 - 2010-07-20 20:17 - 00000000 ____D C:\Users\weRWOlf\AppData\Local\Google 2013-06-28 13:31 - 2010-05-20 01:01 - 00000000 ____D C:\ProgramData\Sony Corporation 2013-06-28 13:23 - 2013-06-28 13:23 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-06-28 13:23 - 2013-06-26 22:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum 2013-06-28 13:23 - 2013-06-26 22:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-06-28 13:23 - 2013-05-23 20:33 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-06-28 13:23 - 2013-05-23 20:33 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-06-28 13:23 - 2013-05-23 20:33 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-06-27 14:53 - 2013-06-27 14:53 - 00000000 ____D C:\Program Files (x86)\GUM318B.tmp 2013-06-25 22:33 - 2010-08-08 18:14 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\TP 2013-06-22 14:50 - 2013-06-22 14:49 - 00000000 ____D C:\Users\weRWOlf\AppData\Roaming\becker 2013-06-16 11:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-14 12:56 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2013 Ran by weRWOlf at 2013-07-14 20:05:19 Running from C:\Users\weRWOlf\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 3 Tor (HKCU) Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620) Alps Pointing-device for VAIO ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.85) ArcSoft WebCam Companion 3 (x32 Version: 3.0.21.278) ATI Catalyst Install Manager (Version: 3.0.769.0) avast! Free Antivirus (x32 Version: 8.0.1489.0) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2010.0920.2143.37117) Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0920.2143.37117) Catalyst Control Center Graphics Full New (x32 Version: 2010.0920.2143.37117) Catalyst Control Center Graphics Light (x32 Version: 2010.0920.2143.37117) Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0920.2143.37117) Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0920.2143.37117) Catalyst Control Center InstallProxy (x32 Version: 2010.0113.2257.41150) Catalyst Control Center InstallProxy (x32 Version: 2010.0920.2143.37117) Catalyst Control Center Localization All (x32 Version: 2010.0920.2143.37117) CCC Help Chinese Standard (x32 Version: 2010.0920.2142.37117) CCC Help Chinese Traditional (x32 Version: 2010.0920.2142.37117) CCC Help Czech (x32 Version: 2010.0920.2142.37117) CCC Help Danish (x32 Version: 2010.0920.2142.37117) CCC Help Dutch (x32 Version: 2010.0920.2142.37117) CCC Help English (x32 Version: 2010.0920.2142.37117) CCC Help Finnish (x32 Version: 2010.0920.2142.37117) CCC Help French (x32 Version: 2010.0920.2142.37117) CCC Help German (x32 Version: 2010.0920.2142.37117) CCC Help Greek (x32 Version: 2010.0920.2142.37117) CCC Help Hungarian (x32 Version: 2010.0920.2142.37117) CCC Help Italian (x32 Version: 2010.0920.2142.37117) CCC Help Japanese (x32 Version: 2010.0920.2142.37117) CCC Help Korean (x32 Version: 2010.0920.2142.37117) CCC Help Norwegian (x32 Version: 2010.0920.2142.37117) CCC Help Polish (x32 Version: 2010.0920.2142.37117) CCC Help Portuguese (x32 Version: 2010.0920.2142.37117) CCC Help Russian (x32 Version: 2010.0920.2142.37117) CCC Help Spanish (x32 Version: 2010.0920.2142.37117) CCC Help Swedish (x32 Version: 2010.0920.2142.37117) CCC Help Thai (x32 Version: 2010.0920.2142.37117) CCC Help Turkish (x32 Version: 2010.0920.2142.37117) ccc-core-static (x32 Version: 2010.0920.2143.37117) ccc-utility64 (Version: 2010.0920.2143.37117) Corel WinDVD (x32 Version: 10.0.5.804) DATA BECKER Haushaltsbuch 6 (x32 Version: 6.0.0.4) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Direct MP3 Joiner version 4.0.0.0 (x32 Version: 4.0.0.0) dows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800) Einstellungen für VAIO-Inhaltsüberwachung (x32 Version: 2.6.0.11050) Evernote (x32 Version: 3.5.0.545) FUSSBALL MANAGER 13 (x32 Version: 1.0.2.0) GIMP 2.8.2 (Version: 2.8.2) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358) Google Update Helper (x32 Version: 1.3.21.123) High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0) Hooligans - Storm over Europe (x32) HP FWUpdateEDO2 (x32 Version: 1.2.0.0) HP Officejet Pro 8600 - Grundlegende Software für das Gerät (Version: 25.0.619.0) HP Officejet Pro 8600 Hilfe (x32 Version: 140.0.2.2) HP Photo Creations (x32 Version: 1.0.0.11352) HP Update (x32 Version: 5.003.000.004) HPDiagnosticAlert (x32 Version: 1.00.0000) I.R.I.S. OCR (x32 Version: 12.3.4.0) Indeo® Software (x32) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Management Engine Components (x32 Version: 6.0.0.1179) Intel(R) Rapid Storage Technology (x32 Version: 9.5.4.1001) Intel(R) Turbo Boost Technology Driver (x32 Version: 01.00.01.1002) Java Auto Updater (x32 Version: 2.0.7.2) Java(TM) 6 Update 37 (x32 Version: 6.0.370) Java(TM) 6 Update 45 (64-bit) (Version: 6.0.450) Junk Mail filter update (x32 Version: 14.0.8117.416) Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0) MakeMKV v1.7.10 (x32 Version: v1.7.10) McAfee Security Scan Plus (x32 Version: 3.0.318.3) Media Gallery (Version: 1.4.0.16250) Mediencenter Assistent (Version: 2.7.0.1451) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (x32 Version: 2.0.48.0) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42) Microsoft Security Client (Version: 4.2.0223.1) Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0) Microsoft Security Essentials (Version: 4.2.223.1) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft SQL Server Compact 3.5 SP1 English (x32 Version: 3.5.5692.0) Microsoft SQL Server Compact 3.5 SP1 x64 English (Version: 3.5.5692.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727) Microsoft Visual J# 2.0 Redistributable Package (x32) mp3splt (x32) mp3splt-gtk (x32) MSVC80_x64_v2 (Version: 1.0.3.0) MSVC80_x86_v2 (x32 Version: 1.0.3.0) MSVCRT (x32 Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MusicStation (x32 Version: 2.0.4.1199) Nero 10 Menu TemplatePack Basic (x32 Version: 10.0.10600.6.0) Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0) Nero Burning ROM 10 (x32 Version: 10.0.11100.10.100) Nero Control Center 10 (x32 Version: 10.0.12000.1.4) Nero Core Components 10 (x32 Version: 2.0.13700.0.1) Nero Dolby Files 10 (x32 Version: 2.0.11000.0.10) Nero Multimedia Suite 10 (x32 Version: 10.0.11200) Origin (x32 Version: 9.0.11.77) PAYBACK Toolbar 1.1 (x32 Version: 1.1.2) PMB (x32 Version: 5.0.00.10260) PMB VAIO Edition Plug-in (Version: 1.5.10.05300) PMB VAIO Edition Plug-in (x32 Version: 1.5.10.06150) Protect Disc License Helper 1.0.125 (IE) (HKCU Version: 1.0.125) ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14) Quick Web Access (x32 Version: 1.4.7.0) Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.5992) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5992) Remote Control USB Driver (x32 Version: 2.3.2.317) Roxio Central Audio (x32 Version: 3.8.0) Roxio Central Copy (x32 Version: 3.8.0) Roxio Central Core (x32 Version: 3.8.0) Roxio Central Data (x32 Version: 3.8.0) Roxio Central Tools (x32 Version: 3.8.0) Roxio Easy Media Creator 10 LJ (x32 Version: 10.3) Roxio Easy Media Creator Home (x32 Version: 10.3.183) SanDiskSecureAccess_Manager.exe (HKCU Version: 1.0.0) Setting Utility Series (x32 Version: 5.1.0.11200) Setup_msm_VCMS_x64 (Version: 2.6.0.06040) Setup_msm_VOFS_x64 (Version: 2.3.0.09270) Setup_VEP_x64_Contain_SSDB (Version: 3.9.0.09270) SOHLib Merge Module (x32 Version: 2.2.0.11240) Sony Home Network Library (x32 Version: 2.0.1.10160) Sony Home Network Library (x32 Version: 2.2.0.11240) Steuer 2011 (x32 Version: 19.00.7304) Steuer 2012 (x32 Version: 20.00.8137) Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (Version: 25.0.619.0) TuneUp Utilities 2012 (x32 Version: 12.0.2012.114) TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.2012.114) Unity Web Player (HKCU Version: ) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft Office 2010 (KB2494150) (x32) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553092) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) UseNeXT by Tangysoft (x32) VAIO - Media Gallery (x32 Version: 1.4.3.16250) VAIO - PMB VAIO Edition Guide (x32 Version: 1.5.00.03020) VAIO - PMB VAIO Edition Plug-in (x32 Version: 1.6.10.11160) VAIO BD Menu Data (x32 Version: 3.3.00.05300) VAIO Care (x32 Version: 6.4.2.11150) VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.9.20.08110) VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.6.0.09250) VAIO Content Metadata Intelligent Network Service Manager (Version: 3.9.20.08110) VAIO Content Metadata Manager Settings (Version: 3.9.20.08110) VAIO Content Metadata XML Interface Library (Version: 3.9.20.08110) VAIO Control Center (x32 Version: 4.1.1.07160) VAIO Data Restore Tool (x32 Version: 1.2.0.09150) VAIO DVD Menu Data (x32 Version: 2.4.00.05300) VAIO Energie Verwaltung (x32 Version: 5.0.0.11300) VAIO Entertainment Platform (x32 Version: 3.9.0.11160) VAIO Event Service (x32 Version: 5.1.0.12010) VAIO Gate (x32 Version: 2.4.1.09230) VAIO Gate Default (x32 Version: 1.0.0.10290) VAIO Hardware Diagnostics (x32 Version: 3.9.1) VAIO Marketing Tools (x32) VAIO Media plus (x32 Version: 2.0.1.10160) VAIO Media plus Opening Movie (x32 Version: 1.2.0.09100) VAIO Movie Story Template Data (x32 Version: 2.0.00.09240) VAIO Movie Story Template Data (x32 Version: 2.5.00.05300) VAIO Original Funktion Einstellungen (x32 Version: 2.3.0.11240) VAIO Personalization Manager (Version: 3.0.2.05260) VAIO Premium Partners (x32 Version: 1.0) VAIO screensaver (x32 Version: 1.0.0.0) VAIO Smart Network (x32 Version: 3.3.1.08110) VAIO Update (x32 Version: 6.2.1.03260) VAIO Wallpaper Contents (x32 Version: 2.0.0.06010) VAIO-Support für Übertragungen (x32 Version: 1.1.2.06030) VLC media player 2.0.7 (x32 Version: 2.0.7) VU5x64 (Version: 1.1.0) VU5x86 (x32 Version: 1.0.0) VU5x86 (x32 Version: 1.1.0) WIDCOMM Bluetooth Software (Version: 6.2.1.500) Winamp (x32 Version: 5.63 ) Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1) Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) (Version: 09/09/2009 6.2.0.9405) Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5) Windows Live Call (x32 Version: 14.0.8117.0416) Windows Live Communications Platform (x32 Version: 14.0.8117.416) Windows Live Essentials (x32 Version: 14.0.8117.0416) Windows Live Essentials (x32 Version: 14.0.8117.416) Windows Live Family Safety (Version: 14.0.8118.427) Windows Live Fotogalerie (x32 Version: 14.0.8117.416) Windows Live Mail (x32 Version: 14.0.8117.0416) Windows Live Sync (x32 Version: 14.0.8117.416) Windows Live Writer (x32 Version: 14.0.8117.0416) Windows Live-Uploadtool (x32 Version: 14.0.8014.1029) WinRAR 4.20 (64-Bit) (Version: 4.20.0) WinZipper (x32 Version: 1.4.8) ==================== Restore Points ========================= 10-07-2013 19:09:29 Windows Update 11-07-2013 21:59:20 Windows Update 12-07-2013 03:58:10 Wiederherstellungsvorgang ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05EBBC7F-73B4-4270-871E-B51FF057F586} - System32\Tasks\User_Feed_Synchronization-{58CAA574-C1A7-4E04-ACB1-12BC52DE988A} => C:\Windows\system32\msfeedssync.exe [2013-05-07] (Microsoft Corporation) Task: {19F3A1F4-B46D-41F4-B5CD-795E2BA6B047} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03] (Google Inc.) Task: {28E85E0B-6364-4DF0-A445-875F9D99E418} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-03-26] (Sony Corporation) Task: {31F608F4-A04C-4F3C-A57D-46DB47A1825E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {34334E46-406F-496E-9F28-5AA33A4AC829} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {366F5398-D5F9-41C6-9427-86C446CDDAC0} - System32\Tasks\0 => C:\program files\internet explorer\iexplore.exe [2013-06-12] (Microsoft Corporation) Task: {4E421493-6C20-4100-B113-C3C79A2B305D} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation) Task: {4FDB7D45-5EE8-4CAE-8440-5A2D781F0267} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2009-11-30] (Sony Corporation) Task: {546E4271-39DF-4BE7-B437-90267EF638F1} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2009-11-30] (Sony Corporation) Task: {58CB0F79-98D3-4500-B70E-3FB49842908D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: {5F323350-8EFD-4836-A56A-2D8945B14BDE} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2011-10-12] (TuneUp Software) Task: {66E05B45-2324-4BC6-9051-4631D5D80A6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03] (Google Inc.) Task: {68274A24-7C9D-436D-A0F1-21B016EC5597} - System32\Tasks\4859 => C:\Windows\System32\wscript.exe [2009-07-14] (Microsoft Corporation) Task: {76BDEBCA-823C-4346-8E1D-1E05C97CDE66} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {83F773EB-E0BF-472A-AACC-30AD59F6F56F} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File Task: {9CF5A704-9B0B-4AAA-8E4E-347CDE1EFA38} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2011-03-24] (Hewlett-Packard) Task: {A4180873-2546-4B79-AE9B-873894E201A4} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation) Task: {A784571A-A175-465A-9171-686307D0F11E} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation) Task: {AC937670-4714-4BC5-9043-EA856C873D7B} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe No File Task: {B0B16520-B99F-47B9-8987-675D8C2D169D} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation) Task: {B47F0F85-1AD0-4182-98DD-084DB7704E02} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation) Task: {B780FEB2-7652-4364-A27B-6BB777316C0C} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2009-11-30] (Sony Corporation) Task: {B7819FD9-DE0B-4E4B-B6FE-3DB2FC3FF7C6} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation) Task: {BEF23E67-F3A7-48A7-B6B8-A4836AD2E353} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-09-23] (Sony Corporation) Task: {C068E1A3-984D-45EF-9D2F-8296E0743CB9} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-09-23] (Sony Corporation) Task: {C5B9A585-C3A7-4776-A093-0AB90B5DD3D6} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-09-23] (Sony Corporation) Task: {CE919C86-747D-4EDD-A872-85C55849339B} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.) Task: {D0E8987B-F3BB-4D25-ABCF-978065CD6CFA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3330122392-3877850404-2663580084-1000 Task: {D52D2EDD-53C0-4E25-A547-656BF2E45878} - System32\Tasks\User_Feed_Synchronization-{0E626F3C-8A24-4FFB-84FD-07195C3D7244} => C:\Windows\system32\msfeedssync.exe [2013-05-07] (Microsoft Corporation) Task: {E33F4B83-07DB-4964-8404-2F22D8925CCA} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-03-26] (Sony Corporation) Task: {E49CE23A-4862-43A2-8937-E637BB5931B7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12] (Adobe Systems Incorporated) Task: {F546A102-D8CA-48DE-B0E7-201D350517BC} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-03-16] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe ==================== Faulty Device Manager Devices ============= Name: regi Description: regi Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: regi Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (07/14/2013 07:46:00 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/14/2013 02:15:01 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/14/2013 01:00:27 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"1". Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/14/2013 11:17:17 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: dbhhb6.exe, Version: 6.0.0.4, Zeitstempel: 0x4ced3c45 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x74f34f0d ID des fehlerhaften Prozesses: 0x2a94 Startzeit der fehlerhaften Anwendung: 0xdbhhb6.exe0 Pfad der fehlerhaften Anwendung: dbhhb6.exe1 Pfad des fehlerhaften Moduls: dbhhb6.exe2 Berichtskennung: dbhhb6.exe3 Error: (07/14/2013 08:17:22 AM) (Source: CVHSVC) (User: ) Description: Nur zur Information. (Stream product id=0x0066): Streaming Failed Error: (07/14/2013 08:16:52 AM) (Source: CVHSVC) (User: ) Description: Nur zur Information. Too many failures while downloading ranges: 2 Error: (07/13/2013 10:39:14 PM) (Source: CVHSVC) (User: ) Description: Nur zur Information. (Stream product id=0x0066): Streaming Failed Error: (07/13/2013 10:38:44 PM) (Source: CVHSVC) (User: ) Description: Nur zur Information. Too many failures while downloading ranges: 2 System errors: ============= Error: (07/14/2013 05:20:30 PM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (07/14/2013 04:49:45 PM) (Source: ipnathlp) (User: ) Description: 0 Error: (07/14/2013 02:14:41 PM) (Source: ipnathlp) (User: ) Description: 0 Error: (07/14/2013 00:18:43 PM) (Source: ipnathlp) (User: ) Description: 0 Error: (07/14/2013 10:48:18 AM) (Source: ipnathlp) (User: ) Description: 0 Error: (07/14/2013 10:03:01 AM) (Source: ipnathlp) (User: ) Description: 0 Error: (07/14/2013 08:57:50 AM) (Source: ipnathlp) (User: ) Description: 0 Error: (07/14/2013 08:13:30 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "regi" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/14/2013 08:13:30 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "otshot" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/14/2013 08:13:30 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "IpsosLSPService" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (07/14/2013 07:46:00 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (07/14/2013 02:15:01 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\weRWOlf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZHQ7P8W\esetsmartinstaller_enu.exe Error: (07/14/2013 01:00:27 PM) (Source: SideBySide)(User: ) Description: UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"c:\program files (x86)\windows live\messenger\wlcsdk.exe Error: (07/14/2013 11:17:17 AM) (Source: Application Error)(User: ) Description: dbhhb6.exe6.0.0.44ced3c45unknown0.0.0.000000000c000041d74f34f0d2a9401ce80729fe547c2C:\Program Files (x86)\DATA BECKER\Haushaltsbuch 6\dbhhb6.exeunknown2d815270-ec66-11e2-a7f1-f07bcbe54609 Error: (07/14/2013 08:17:22 AM) (Source: CVHSVC)(User: ) Description: (Stream product id=0x0066): Streaming Failed Error: (07/14/2013 08:16:52 AM) (Source: CVHSVC)(User: ) Description: Too many failures while downloading ranges: 2 Error: (07/13/2013 10:39:14 PM) (Source: CVHSVC)(User: ) Description: (Stream product id=0x0066): Streaming Failed Error: (07/13/2013 10:38:44 PM) (Source: CVHSVC)(User: ) Description: Too many failures while downloading ranges: 2 CodeIntegrity Errors: =================================== Date: 2013-01-05 11:01:02.419 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-05 11:01:02.279 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-05 11:01:01.979 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-05 11:01:01.949 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-05 11:01:01.899 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-05 11:01:01.839 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-12-29 21:14:25.454 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-12-29 21:14:25.423 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-12-29 21:14:25.392 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-12-29 21:14:25.361 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 48% Total physical RAM: 3950.07 MB Available physical RAM: 2029.16 MB Total Pagefile: 7898.32 MB Available Pagefile: 5362.79 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:453.95 GB) (Free:210.49 GB) NTFS (Disk=0 Partition=3) Drive d: () (Fixed) (Total:2794.39 GB) (Free:1677.11 GB) NTFS (Disk=3 Partition=2) Drive h: () (Removable) (Total:0.94 GB) (Free:0.75 GB) FAT (Disk=4 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 436D42C1) Partition 1: (Not Active) - (Size=12 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 3. ======================================================== Disk: 4 (Size: 964 MB) (Disk ID: 91F72D24) Partition 1: (Not Active) - (Size=964 MB) - (Type=06) ==================== End Of Log ============================ |
14.07.2013, 19:11 | #14 |
/// the machine /// TB-Ausbilder | GVU Virus Windows 7 64bit abgesicherter modus funktioniert nicht Java und Adobe updaten. Funde von ESET nur im Cache oder schon in Quarantäne. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.07.2013, 21:20 | #15 |
| GVU Virus Windows 7 64bit abgesicherter modus funktioniert nichtCode:
ATTFilter Getting user folders. Stopping running processes. Emptying Temp folders. User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: weRWOlf ->Temp folder emptied: 86815017 bytes ->Temporary Internet Files folder emptied: 3362316877 bytes ->Java cache emptied: 13090511 bytes ->FireFox cache emptied: 45048583 bytes ->Google Chrome cache emptied: 10069946 bytes ->Flash cache emptied: 3502 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 90123376 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 4982165 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43409035 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 745 bytes Emptying RecycleBin. Do not interrupt. RecycleBin emptied: 1090528 bytes Process complete! Total Files Cleaned = 3.488,00 mb |
Themen zu GVU Virus Windows 7 64bit abgesicherter modus funktioniert nicht |
ahnung, brauche, eingabeaufforderung, empfehlen, funktioniert, funktioniert nicht, heute, hören, kostenlose, laptop, modus, morgen, musik, pcs, programm, scan, scanner, trojaner, verhindert, version, virenscan, virenscanner, virus, windows, windows 7 |