| |
| |||||||
Log-Analyse und Auswertung: neuer Laptop mit windows8 infiziert mit TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.07.2013, 14:32
| #1 |
| |  neuer Laptop mit windows8 infiziert mit Trojaner Liebe Leute vom TrojanerBoard Ich bin PC Anfänger und bekam vor kurzem von meiner Familie einen Laptop zum Geburtstag. Wollte hauptsächlich skypen. Nichts Böses ahnend habe ich Freunde an meinen Laptop gelassen. Ich weiß nicht, was die gemacht haben, jedenfalls habe ichnun eine Menge Programme drauf, die ich nicht kenne und nicht weiß was ich damit soll und ausserdem kommen ständig Fehlermeldungen und Warnungen.... Ich bitte Euch mir zu helfen, meinen Laptop wieder sauber zu bekommen und alles Unnötige wieder loszuwerden. Im folgenden die Logfiles: Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.13.03 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16540 Sergej :: BEISPIEL-PC [Administrator] Schutz: Aktiviert 13.07.2013 14:07:59 MBAM-log-2013-07-13 (14-22-29).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 235230 Laufzeit: 6 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 2 C:\Users\Sergej\AppData\Roaming\WebCake\WebCakeDesktop.exe (PUP.WebCake) -> 8084 -> Keine Aktion durchgeführt. C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (PUP.WebCake) -> 2372 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 2 C:\Program Files (x86)\DealPly\DealPlyIE.dll (PUP.DealPly) -> Keine Aktion durchgeführt. C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (PUP.WebCake) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 17 HKCR\CLSID\{a6c63b7f-2171-47fa-ab34-e64c4737169d} (PUP.DealPly) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6C63B7F-2171-47FA-AB34-E64C4737169D} (PUP.DealPly) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6C63B7F-2171-47FA-AB34-E64C4737169D} (PUP.DealPly) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6C63B7F-2171-47FA-AB34-E64C4737169D} (PUP.DealPly) -> Keine Aktion durchgeführt. HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Keine Aktion durchgeführt. HKCR\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8} (PUP.WebCake) -> Keine Aktion durchgeführt. HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} (PUP.WebCake) -> Keine Aktion durchgeführt. HKCR\WebCakeIEClient.Layers.1 (PUP.WebCake) -> Keine Aktion durchgeführt. HKCR\WebCakeIEClient.Layers (PUP.WebCake) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Keine Aktion durchgeführt. HKCR\WebCakeIEClient.Api (PUP.WebCake) -> Keine Aktion durchgeführt. HKCR\WebCakeIEClient.Api.1 (PUP.WebCake) -> Keine Aktion durchgeführt. HKCR\AppID\WebCakeIEClient.DLL (PUP.WebCake) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh (PUP.WebCake) -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\WebCake Desktop Updater (PUP.WebCake) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WebCake Desktop (PUP.WebCake) -> Daten: "C:\Users\Sergej\AppData\Roaming\WebCake\WebCakeDesktop.exe" -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} (PUP.WebCake) -> Keine Aktion durchgeführt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache (PUP.WebCake) -> Keine Aktion durchgeführt. Infizierte Dateien: 9 C:\Program Files (x86)\DealPly\DealPlyIE.dll (PUP.DealPly) -> Keine Aktion durchgeführt. C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (PUP.WebCake) -> Keine Aktion durchgeführt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico (PUP.WebCake) -> Keine Aktion durchgeführt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat (PUP.WebCake) -> Keine Aktion durchgeführt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe (PUP.WebCake) -> Keine Aktion durchgeführt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll (PUP.WebCake) -> Keine Aktion durchgeführt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll (PUP.WebCake) -> Keine Aktion durchgeführt. C:\Users\Sergej\AppData\Roaming\WebCake\WebCakeDesktop.exe (PUP.WebCake) -> Keine Aktion durchgeführt. C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (PUP.WebCake) -> Keine Aktion durchgeführt. (Ende) defogger_disable by jpshortstuff (23.02.10.1) Log created at 23:59 on 13/07/2013 (Sergej) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21798 IconResource=%SystemRoot%\system32\imageres.dll,-184 OTL logfile created on: 14.07.2013 13:46:58 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sergej\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,88 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 66,73% Memory free 4,57 Gb Paging File | 3,07 Gb Available in Paging File | 67,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287,62 Gb Total Space | 255,93 Gb Free Space | 88,98% Space Free | Partition Type: NTFS Computer Name: BEISPIEL-PC | User Name: Sergej | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.14 00:58:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sergej\Downloads\OTL.exe PRC - [2013.07.13 14:18:47 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.07.11 12:36:22 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2013.07.11 12:36:22 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe PRC - [2013.07.11 12:36:22 | 000,152,240 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe PRC - [2013.05.24 13:13:32 | 006,563,184 | ---- | M] (Systweak) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe PRC - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.07.18 00:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.07.18 00:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2012.06.27 22:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.06.25 20:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.05.22 18:21:28 | 000,222,368 | ---- | M] () -- C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe ========== Modules (No Company Name) ========== MOD - [2013.07.13 14:18:47 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.07.11 12:36:22 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2013.07.11 12:36:22 | 000,521,392 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\log4cplusU.dll MOD - [2013.07.11 12:36:22 | 000,145,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\SiteSafety.dll MOD - [2013.05.24 13:13:32 | 001,730,928 | ---- | M] () -- C:\Program Files (x86)\Advanced System Protector\aspsys.dll MOD - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe MOD - [2013.05.23 11:09:01 | 002,521,040 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll MOD - [2013.02.17 13:05:53 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9c568999a0acf1b64d580553fe3b11f3\System.Web.Services.ni.dll MOD - [2013.02.17 13:05:42 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fe30f9017b763714b1372d77204cd3d0\System.Transactions.ni.dll MOD - [2013.02.17 13:05:41 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d9b1eab5c18e51eaf4acc4894df0f223\System.ServiceProcess.ni.dll MOD - [2013.02.17 13:05:28 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cf561d65486360afb324d26c80b9aac2\System.Configuration.ni.dll MOD - [2013.02.17 13:05:03 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\38b47b5452863bcadb6b731fe6c5198f\CustomMarshalers.ni.dll MOD - [2013.02.17 00:20:55 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll MOD - [2013.02.13 21:08:29 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2013.02.08 19:55:37 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll MOD - [2013.02.08 19:55:23 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8e9282974a23dfd1c27496da39f39472\System.Management.ni.dll MOD - [2013.02.08 19:55:22 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll MOD - [2013.02.08 19:55:20 | 006,656,512 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\9f2ef3b12133aba6b54bd22d3911109e\System.Data.ni.dll MOD - [2013.02.08 19:55:14 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\fb048f69c5b71baf063604bd1724b078\System.Core.ni.dll MOD - [2013.02.08 19:54:37 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll MOD - [2013.02.08 19:54:30 | 011,494,912 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll MOD - [2012.09.28 23:41:48 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2012.09.28 23:41:48 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2012.09.14 00:04:06 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.08.01 18:37:56 | 000,397,312 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll MOD - [2012.07.26 10:23:07 | 002,972,672 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012.07.26 10:23:07 | 000,970,752 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll MOD - [2012.07.26 10:23:07 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2012.07.26 10:23:07 | 000,258,048 | ---- | M] () -- C:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll MOD - [2012.07.26 10:23:07 | 000,069,120 | ---- | M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2012.07.25 12:03:14 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.11.06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.27 10:22:36 | 000,201,360 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService) SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.08.25 03:33:20 | 000,291,240 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Teco\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2012.07.28 19:20:44 | 000,458,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2012.07.28 00:35:00 | 000,053,384 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2012.04.21 00:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV - [2013.07.13 14:18:47 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.07.11 12:36:22 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0) SRV - [2013.06.14 00:57:48 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.31 13:19:28 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack) SRV - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.26 11:42:28 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.08.14 15:36:04 | 000,114,656 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.18 00:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.07.18 00:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2012.06.27 22:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.06.25 20:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.05.22 18:21:28 | 000,222,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe -- (Updater Service for AMZN) SRV - [2011.10.14 00:38:46 | 000,156,672 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe -- (GFNEXSrv) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013.03.02 12:57:46 | 000,283,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.01.22 10:52:08 | 000,075,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.12.26 11:42:14 | 005,332,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.08.14 18:39:30 | 000,447,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.08.14 18:39:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2012.08.13 22:31:42 | 001,496,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTWlanE) DRV:64bit: - [2012.08.13 22:31:42 | 001,496,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTL8192Ce) DRV:64bit: - [2012.07.31 22:28:54 | 000,028,632 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Thotkey.sys -- (Thotkey) DRV:64bit: - [2012.07.31 21:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.07.31 00:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.26 02:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2012.07.25 01:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2012.07.22 01:59:02 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2012.07.03 01:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.19 07:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.06.18 20:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2012.06.13 18:24:00 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2012.06.02 16:31:47 | 011,400,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNe64.sys -- (NETwNe64) DRV:64bit: - [2011.04.09 00:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\nuidfltr.sys -- (NuidFltr) DRV - [2009.09.12 00:11:46 | 000,014,344 | ---- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys -- (PEGAGFN) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} IE:64bit: - HKLM\..\SearchScopes\{6AF3F0C9-793F-4EA7-87D1-489A10347C0B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} IE - HKLM\..\SearchScopes\{6AF3F0C9-793F-4EA7-87D1-489A10347C0B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-479101278-746428876-1552860082-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=D4A72016D8651EF8 IE - HKU\S-1-5-21-479101278-746428876-1552860082-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com IE - HKU\S-1-5-21-479101278-746428876-1552860082-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.com/websearch/ref=bit_bds-p12_serp_ie_us_display?ie=UTF8&tagbase=bds-p12&tbrId=v1_abb-channel-12_b6fe384816384c589b20f3d4ab34cb94_39_1006___ie_sp_ IE - HKU\S-1-5-21-479101278-746428876-1552860082-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-479101278-746428876-1552860082-1001\..\SearchScopes,DefaultScope = {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} IE - HKU\S-1-5-21-479101278-746428876-1552860082-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=D4A72016D8651EF8 IE - HKU\S-1-5-21-479101278-746428876-1552860082-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={8369E5AD-47C9-48D8-ADBE-A8FA70627647}&mid=f8e61a49a41247d39dcfa11d94adf757-de3698de8da96a75e80bc71b1f5d9e2440283d80&lang=de&ds=AVG&pr=pr&d=2013-02-08 17:55:14&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-479101278-746428876-1552860082-1001\..\SearchScopes\{B0955698-EEC7-490F-898C-006B307E0BD9}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647&CUI=UN17319400671167384 IE - HKU\S-1-5-21-479101278-746428876-1552860082-1001\..\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}: "URL" = hxxp://www.amazon.com/websearch/ref=bit_bds-p12_serp_ie_us_display?ie=UTF8&tagbase=bds-p12&tbrId=v1_abb-channel-12_b6fe384816384c589b20f3d4ab34cb94_39_1006___ie_ds_&query={searchTerms} IE - HKU\S-1-5-21-479101278-746428876-1552860082-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.6.0.20130418072822 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.09 05:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sergej\AppData\Roaming\mozilla\Extensions [2013.07.11 13:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sergej\AppData\Roaming\mozilla\Firefox\Profiles\xfcgs317.default\extensions [2013.06.10 06:31:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Sergej\AppData\Roaming\mozilla\Firefox\Profiles\xfcgs317.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.07.11 13:01:25 | 000,248,009 | ---- | M] () (No name found) -- C:\Users\Sergej\AppData\Roaming\mozilla\firefox\profiles\xfcgs317.default\extensions\jid0-hjoQNmABq6jg91jHpQyvgJUouUP@jetpack.xpi [2013.06.09 05:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.06.10 06:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.13 14:18:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.06.09 05:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2013.06.09 05:40:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.06.09 05:40:23 | 000,000,000 | ---D | M] (GutscheinCodes.de GutscheinFinder) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\jid0-hjoQNmABq6jg91jHpQyvgJUouUP@jetpack O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O2 - BHO: (AlxHelper Class) - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search) O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Amazon Browser Bar) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-479101278-746428876-1552860082-1001\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe () O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe File not found O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [ToshibaDynamicIconUtility] C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba) O4 - HKLM..\Run: [TPUReg] C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe (Pegatron Corporation) O4 - HKLM..\Run: [TPUReg(x86)] "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes File not found O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-21-479101278-746428876-1552860082-1001..\Run: [Hoolapp Android] "C:\Users\Sergej\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found O4 - Startup: C:\Users\Sergej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C8091E1-6928-4A23-8EC8-4AAB4621BB35}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.13 18:42:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.07.13 14:06:37 | 000,000,000 | ---D | C] -- C:\Users\Sergej\AppData\Roaming\Malwarebytes [2013.07.13 14:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.07.13 14:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.13 14:06:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.07.13 14:06:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.07.11 12:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2013.06.19 19:54:48 | 000,000,000 | ---D | C] -- C:\Users\Sergej\SyncFolder ========== Files - Modified Within 30 Days ========== [2013.07.14 13:38:00 | 000,000,318 | ---- | M] () -- C:\windows\tasks\Dealply.job [2013.07.14 13:19:55 | 001,745,416 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.07.14 13:19:55 | 000,753,134 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.07.14 13:19:55 | 000,710,244 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.07.14 13:19:55 | 000,155,826 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.07.14 13:19:55 | 000,132,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.07.14 13:15:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.07.14 13:14:37 | 000,001,426 | ---- | M] () -- C:\Users\Sergej\Desktop\Registry kostenlos entrümpeln!.lnk [2013.07.14 13:13:09 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.07.14 13:13:08 | 3336,331,264 | -HS- | M] () -- C:\hiberfil.sys [2013.07.14 12:57:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.07.13 23:57:58 | 000,000,000 | ---- | M] () -- C:\Users\Sergej\defogger_reenable [2013.07.13 15:02:13 | 000,000,302 | ---- | M] () -- C:\windows\tasks\RegClean Pro_DEFAULT.job [2013.07.13 14:06:34 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.11 12:36:22 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys [2013.06.19 19:54:49 | 000,001,643 | ---- | M] () -- C:\Users\Sergej\Desktop\Sync Folder.lnk ========== Files Created - No Company Name ========== [2013.07.13 23:57:58 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\defogger_reenable [2013.07.13 14:06:34 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.19 19:54:49 | 000,001,643 | ---- | C] () -- C:\Users\Sergej\Desktop\Sync Folder.lnk [2013.06.16 15:01:08 | 000,001,426 | ---- | C] () -- C:\Users\Sergej\Desktop\Registry kostenlos entrümpeln!.lnk [2013.02.08 23:04:17 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll [2012.12.26 11:42:16 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin [2012.12.26 11:42:12 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.11.30 20:39:57 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2012.08.06 06:36:22 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2012.07.25 22:22:56 | 000,733,840 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin [2012.07.25 22:22:56 | 000,492,340 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2012.04.20 23:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2013.06.09 05:34:14 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.15 14:05:18 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013.02.15 14:05:18 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2013.02.08 18:55:57 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\AVG2013 [2013.06.09 05:39:04 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\BabSolution [2013.06.09 05:37:49 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\Babylon [2013.06.09 05:38:26 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\Dealply [2013.06.09 05:38:19 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\HoolappForAndroid [2013.02.05 18:34:46 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\sMedio [2013.06.09 05:34:45 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\Systweak [2013.02.05 18:06:54 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\Toshiba [2013.02.08 18:55:21 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\TuneUp Software [2013.04.16 23:12:44 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\uTorrent [2013.07.13 17:05:21 | 000,000,000 | ---D | M] -- C:\Users\Sergej\AppData\Roaming\WebCake ========== Purity Check ========== < End of report > OTL Extras logfile created on: 14.07.2013 01:51:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sergej\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,88 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 56,70% Memory free 4,57 Gb Paging File | 2,74 Gb Available in Paging File | 60,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287,62 Gb Total Space | 255,61 Gb Free Space | 88,87% Space Free | Partition Type: NTFS Computer Name: BEISPIEL-PC | User Name: Sergej | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak) Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak) Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1EB29181-02C4-41F7-B5BA-F67183B510F9}" = lport=2869 | protocol=6 | dir=in | app=system | "{26A58B8A-702B-4582-A537-343EB145FC6E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2F964D0E-B7F2-498F-A868-49E0355B97B1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3BA68C32-E5C1-4215-99A4-00DCB4A1545B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3D3DA2FD-58D1-4318-B901-A684ECB32444}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{43B25A73-FB72-481E-8036-98A2B80FBA17}" = lport=139 | protocol=6 | dir=in | app=system | "{45415C1C-0FBE-4440-9E2C-7A05A4ABF164}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4C3AEDD9-774D-46FF-8537-E67A6F0BC5E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{53EAB84F-5B3C-4157-86B7-B16D3947509A}" = rport=137 | protocol=17 | dir=out | app=system | "{720B1482-5C30-4473-AFDD-DAFEED616CC9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7CEA4838-77E9-400E-A546-24C1196DD83C}" = rport=445 | protocol=6 | dir=out | app=system | "{85CBED3C-E3EE-4A0C-971F-3677F4B16958}" = rport=139 | protocol=6 | dir=out | app=system | "{87BD7EA0-831A-4380-9BED-F61493DCE1F8}" = lport=137 | protocol=17 | dir=in | app=system | "{9356B3FC-89AF-4BD8-A35A-F8F28BD8489E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{94E98A23-EB7B-4262-AA86-EA62D2681077}" = rport=10243 | protocol=6 | dir=out | app=system | "{A097BCC4-FCDD-44D8-AB4F-3D6412620F91}" = lport=10243 | protocol=6 | dir=in | app=system | "{A5737847-2F9A-4515-9164-523774F6B3A1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B7099463-85CA-493A-BDF6-340FF6E203ED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CC9F86B6-5C58-4621-8F7B-612409C3187C}" = rport=138 | protocol=17 | dir=out | app=system | "{D92BBB4B-E5AC-4305-B889-07751701C5F6}" = lport=445 | protocol=6 | dir=in | app=system | "{EB0ADD69-5054-4AF4-8281-A3926F7735D1}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{026E6B26-6170-4BA5-99C1-95E0AC60B321}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{06DF2791-47E1-4B2E-9444-04B4F80CA595}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{08556F04-EC11-40B1-AC5E-C6F4F19E2F53}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{09CF5D0B-39CD-4FCF-941D-3C3E316DEBC2}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{0E5A3B5F-041D-41CB-B8D7-522D572320F8}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{1366829B-E9A5-4238-BB8F-469C8BC6F5E4}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{1A539C39-524D-4DFE-9F71-6A98548D10B0}" = dir=out | name=skitch | "{1F86915F-9C82-43C3-9094-8B2089879F22}" = protocol=6 | dir=out | app=system | "{22D24A35-00F8-4DDC-A717-B7B23556D79A}" = dir=out | name=toshiba places | "{262871BE-D61E-4937-9C0B-D867B6DCBDBE}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{28EE584B-B325-4AD1-9A55-30A77AC42CED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2C28C349-F563-463A-8545-7C0D20A3B95E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{2ECF870A-2C8A-4BC2-8B2A-A6FAEE4F38E4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{31CCCB35-903B-45BD-B88F-B2A2AE205052}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{34AA01C9-0636-435C-92EA-01C65E9F255E}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{36624B97-B31D-4AF0-AA4C-F23CE3440D12}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe | "{36D8C785-5118-4354-BAFF-BDD59FD20AB4}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{4832272D-71E5-454B-A9CE-2E96A659D233}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{53B9BC36-A71C-49E6-97CE-84A279CF0B11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{550BAE16-FB19-4670-BEED-5DBC1904D787}" = dir=out | name=windows_ie_ac_001 | "{565AE877-DEF0-42F2-8CF4-7A3DCA7E222E}" = dir=in | name=toshiba media player by smedio truelink+ | "{596C81D4-9D6D-4CE1-9FC7-B4E715585CEB}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{5E494BBA-7F84-45C8-AB83-208B3621213C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{62D21028-0F9C-470F-87EC-CF7670F67D60}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{63BFAE2A-17DC-428A-A4A1-C7488D59FD7F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{66A761B5-6D46-4AAC-A0AC-078528591070}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{682F5CE3-F4CA-43A5-A9BA-894338C77FCD}" = dir=out | name=amazon for windows | "{68F3AECF-5E02-4A20-A32B-189E4B345481}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{6DC2CE93-6385-4A8C-AA9E-7EDFDE4F3A76}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{718F6051-DDEB-4F81-9945-81D061DB2235}" = dir=in | name=amazon for windows | "{7C41C974-5B13-4930-822A-A7AA8E353A57}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{7DC994F4-CA0D-4122-A98B-EBB1A537408A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7E78878B-9814-431C-BAE5-D5BF44E811F3}" = protocol=17 | dir=in | app=c:\users\sergej\appdata\roaming\utorrent\utorrent.exe | "{7F4C10F4-4A95-44C9-B201-933EEB5A2571}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{86B43163-5005-4D1A-BB0C-F9B25571042C}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{8D115207-0356-4F3D-91EA-117384346295}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{8DCCE572-253E-4093-B683-00FD1D272BED}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{8EC4EAD8-9E57-4DF2-AF89-84826FA69196}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{96A48C17-E79C-4CCB-91CF-BCE6EBE13625}" = dir=out | name=evernote | "{9BD9F9AF-D1D5-4094-BBC3-2DAFFB3A1D9E}" = dir=out | name=microsoft solitaire collection | "{A5286AD1-946D-4A66-896C-66C423B72AF6}" = protocol=6 | dir=in | app=c:\users\sergej\appdata\roaming\utorrent\utorrent.exe | "{AA6B1443-B465-45AA-823E-21161381C0EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AC630C85-5C3B-4E4D-8C73-36011FFC82E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B1F09020-642F-48ED-90EF-B17D000F2864}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe | "{B6D740C6-C25F-4255-9DB3-26CE9E1ADEAD}" = dir=in | name=evernote | "{B72BEB75-65ED-4485-9CD4-C9B86C523F20}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B775AC22-81EE-488B-B714-040BD5C0EA28}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C6D601C4-CD61-4800-BAB4-A13D31BDD528}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{C7029AA2-E558-464A-BB06-D4D0DC0AC050}" = dir=out | name=fresh paint | "{C9F00AF6-E6E7-428D-A1BE-B3A18EEA95AC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CC739E65-46A4-4DDD-A116-E4648CFC0C91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CD98F524-5574-4C3D-8C42-1A0F0AE619D5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D016E3E9-0C83-4B14-A1AD-46041EBCD792}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DD9C86CD-B7C1-4521-A05B-D3A3468C56CB}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{DF02CE99-04D5-4CFD-B9FA-42E144B110E8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E30D6A36-9A85-4092-BD02-AEA8F58D8E64}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{E850725C-7FB4-457D-A37B-D8932EA26C62}" = dir=out | name=toshiba media player by smedio truelink+ | "{EAFE3D3E-83BF-446F-B29E-DABC9AFDBEF4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F6DE5E62-6E92-4144-A78E-6FCD399813BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FCFD9942-144B-44BD-9D3B-9B9D6CA812E1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FFBB8209-C359-443A-B41E-1275FB755F15}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{16562A90-71BC-41A0-B890-D91B0C267120}" = TOSHIBA Function Key "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{5944B9D4-3C2A-48DE-931E-26B31714A2F7}" = TOSHIBA eco Utility "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{94F03B8E-CB73-4653-AFE9-79112C01FED2}" = Premium Sound HD "{95CCACF0-010D-45F0-82BF-858643D8BC02}" = TOSHIBA Desktop Assist "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor "{B8C8422F-01F1-4791-B084-047AAFF9BFCC}" = TOSHIBA Service Station "{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00 "{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}" = Toshiba Places Icon Utility "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client "{FF07604E-C860-40E9-A230-E37FA41F103A}" = TOSHIBA VIDEO PLAYER "Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center "MyPC Backup" = MyPC Backup "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0071820F-09B0-4998-8320-F89629DCBC99}" = Nero BackItUp "{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media "{05A55927-DB9B-4E26-BA44-828EBFF829F0}" = TOSHIBA System Settings "{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM) "{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM) "{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher "{1001266B-D4BB-46D9-B023-2612A8CE3A31}" = Nero BurnRights "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender "{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.1 "{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic "{1E6A96A1-2BAB-43EF-8087-30437593C66C}" = TOSHIBA System Driver "{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM) "{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM) "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player "{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}" = Toshiba Password Utility "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games) "{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience) "{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89505A66-35F0-4401-B3AD-D077051F8698}" = Qtrax Player "{8E7EABFA-BF37-4824-B792-4220C9E04233}" = Nero BurnRights Help (CHM) "{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007 "{90120000-001B-0000-0000-0000000FF1CE}_WORD_{DC634275-88D7-4D22-AD26-F2938A2DE3A1}" = "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = TOSHIBA Manuals "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver "{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player "{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent "{BA8958DC-ADD7-41E5-8436-5883C7E871C7}" = Nero 12 Essentials Toshiba "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components "{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM) "{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM) "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F76F5214-83A8-4030-80C9-1EF57391D72A}" = Toshiba TEMPRO "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package "00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon Browser Bar" = Amazon Browser Bar "AVG Secure Search" = AVG Security Toolbar "DealPly" = DealPly (remove only) "delta" = Delta toolbar "Delta Chrome Toolbar" = Delta Chrome Toolbar "InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}" = Toshiba Password Utility "Intel AppUp(SM) center 33268" = Intel AppUp(SM) center "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "RegClean Pro_is1" = RegClean Pro "uTorrent" = µTorrent "uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar "VLC media player" = VLC media player 2.0.5 "WildTangent toshiba Master Uninstall" = WildTangent Games "WinRAR archiver" = WinRAR 4.20 (32-Bit) "WORD" = Microsoft Office Word 2007 "WTA-3ae14f2c-48d4-48e3-85b4-be0b25a4f51f" = Bejeweled 3 "WTA-4ec09505-a014-445d-b315-db39fe179380" = Magic Academy "WTA-54a02dc0-6152-478c-9b7c-baed4dcd2fd6" = Peggle Nights "WTA-64ac0b84-c4b3-43bd-acda-d3283bc07ca5" = Chuzzle Deluxe "WTA-88409b28-08b0-42a0-ac16-1d6ceadc8363" = Polar Bowler "WTA-88da5b44-4bf8-4b76-a5f6-b68ff2c8f0d7" = Empress of the Deep - The Darkest Secret "WTA-8b2ce66a-e478-4f4e-84ff-702e850ab91d" = Island Tribe "WTA-e6417452-df21-4c82-ad53-aedb30704fc5" = Jewel Quest Solitaire 2 "WTA-f6f58a30-7bba-4ff2-9830-7813a35563c8" = Aloha TriPeaks "WTA-fbf8362f-4e0f-406a-b673-3c1d2907d6ac" = Virtual Villagers 4 - The Tree of Life "WTA-fedca21a-905d-40cc-a1b4-5dd20c42842f" = Plants vs. Zombies - Game of the Year ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "2895333232.portal.qtrax.com" = Qtrax Player "Dealply" = Dealply "Hoolapp For Android" = Hoolapp For Android ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 14.06.2013 14:26:12 | Computer Name = Beispiel-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000e7aa2 ID des fehlerhaften Prozesses: 0x120c Startzeit der fehlerhaften Anwendung: 0x01ce692ca2a4c9e0 Pfad der fehlerhaften Anwendung: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Pfad des fehlerhaften Moduls: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Berichtskennung: e39aff94-d51f-11e2-be8c-7054d2491ea4 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 14.06.2013 15:35:11 | Computer Name = Beispiel-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 17.06.2013 16:21:01 | Computer Name = Beispiel-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 18.06.2013 05:05:54 | Computer Name = Beispiel-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000e7aa2 ID des fehlerhaften Prozesses: 0x3058 Startzeit der fehlerhaften Anwendung: 0x01ce6c0308258e77 Pfad der fehlerhaften Anwendung: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Pfad des fehlerhaften Moduls: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Berichtskennung: 47aef73b-d7f6-11e2-be8c-7054d2491ea4 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 18.06.2013 07:15:34 | Computer Name = Beispiel-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000096 Fehleroffset: 0x000e7b63 ID des fehlerhaften Prozesses: 0x1258 Startzeit der fehlerhaften Anwendung: 0x01ce6c1526090b03 Pfad der fehlerhaften Anwendung: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Pfad des fehlerhaften Moduls: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Berichtskennung: 64cc8da1-d808-11e2-be8d-7054d2491ea4 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 18.06.2013 07:15:34 | Computer Name = Beispiel-PC | Source = Application Error | ID = 1005 Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder der Datenträger fehlt. Das Programm Hoolapp.exe wurde wegen dieses Fehlers geschlossen. Programm: Hoolapp.exe Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1. Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: 00000000 Datenträgertyp: 0 Error - 19.06.2013 13:51:33 | Computer Name = Beispiel-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000096 Fehleroffset: 0x000e7b63 ID des fehlerhaften Prozesses: 0x9d0 Startzeit der fehlerhaften Anwendung: 0x01ce6d15a1b52c68 Pfad der fehlerhaften Anwendung: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Pfad des fehlerhaften Moduls: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Berichtskennung: e0a5fc4f-d908-11e2-be8d-7054d2491ea4 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 19.06.2013 13:51:33 | Computer Name = Beispiel-PC | Source = Application Error | ID = 1005 Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder der Datenträger fehlt. Das Programm Hoolapp.exe wurde wegen dieses Fehlers geschlossen. Programm: Hoolapp.exe Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1. Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: 00000000 Datenträgertyp: 0 Error - 19.06.2013 14:20:08 | Computer Name = Beispiel-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000e7ad8 ID des fehlerhaften Prozesses: 0x12c0 Startzeit der fehlerhaften Anwendung: 0x01ce6d19a0256699 Pfad der fehlerhaften Anwendung: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Pfad des fehlerhaften Moduls: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Berichtskennung: dea888b5-d90c-11e2-be8e-7054d2491ea4 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 21.06.2013 15:09:17 | Computer Name = Beispiel-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000e7ad8 ID des fehlerhaften Prozesses: 0x1be0 Startzeit der fehlerhaften Anwendung: 0x01ce6eb2d1423b24 Pfad der fehlerhaften Anwendung: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Pfad des fehlerhaften Moduls: C:\Users\Sergej\AppData\Roaming\HoolappForAndroid\Hoolapp.exe Berichtskennung: 1123db87-daa6-11e2-be8e-7054d2491ea4 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: [ System Events ] Error - 10.06.2013 00:29:22 | Computer Name = Beispiel-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 14.06.2013 14:24:25 | Computer Name = Beispiel-PC | Source = Service Control Manager | ID = 7043 Description = Der Dienst AVGIDSAgent konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error - 14.06.2013 14:25:23 | Computer Name = Beispiel-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 14.06.2013 14:25:23 | Computer Name = Beispiel-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 18.06.2013 07:14:55 | Computer Name = Beispiel-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 18.06.2013 07:14:55 | Computer Name = Beispiel-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 19.06.2013 13:54:50 | Computer Name = Beispiel-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 19.06.2013 14:18:41 | Computer Name = Beispiel-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 19.06.2013 14:19:36 | Computer Name = Beispiel-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 19.06.2013 14:19:39 | Computer Name = Beispiel-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 < End of report > Gmer funktioniert nicht. Erscheint transparent nach dem öffnen und sofort ist die Maus verschwunden und das Ladezeichen bleibt starr und nichts mehr reagiert - nur ausschalten und neu starten..... Ich hoffe, ich habe soweit alles richtig gemacht und dass Ihr mir helfen könnt. Liebe Grüße und Danke im Vorraus Doma |
|
14.07.2013, 14:37
| #2 |
| /// the machine /// TB-Ausbilder    | neuer Laptop mit windows8 infiziert mit Trojaner hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
14.07.2013, 15:30
| #3 |
| | neuer Laptop mit windows8 infiziert mit Trojaner Hi - geklappt:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013
Ran by Sergej (administrator) on 14-07-2013 16:42:36
Running from C:\Users\Sergej\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
() C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Microsoft Corporation) C:\windows\system32\wwahost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\LiveComm.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Microsoft Corporation) C:\windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13196432 2012-09-27] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - %ProgramFiles%\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h [223245 2012-07-27] ()
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [x]
HKCU\...\Run: [Hoolapp Android] - "C:\Users\Sergej\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized [1209392 2013-01-18] ()
HKLM-x32\...\Run: [Intel AppUp(SM) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-08-02] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] - "C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe" [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [TPUReg(x86)] - "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes [x]
HKLM-x32\...\Run: [TPUReg] - "C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe" /Retimes [6884352 2012-08-23] (Pegatron Corporation)
HKLM-x32\...\Run: [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2236080 2013-07-14] ()
HKLM-x32\...\Run: [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll [2521040 2013-05-23] ()
Startup: C:\Users\Sergej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.com/websearch/ref=bit_bds-p12_serp_ie_us_display?ie=UTF8&tagbase=bds-p12&tbrId=v1_abb-channel-12_b6fe384816384c589b20f3d4ab34cb94_39_1006___ie_sp_
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKCU SearchScopes: DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.com/websearch/ref=bit_bds-p12_serp_ie_us_display?ie=UTF8&tagbase=bds-p12&tbrId=v1_abb-channel-12_b6fe384816384c589b20f3d4ab34cb94_39_1006___ie_ds_&query={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=D4A72016D8651EF8
SearchScopes: HKCU - {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={8369E5AD-47C9-48D8-ADBE-A8FA70627647}&mid=f8e61a49a41247d39dcfa11d94adf757-de3698de8da96a75e80bc71b1f5d9e2440283d80&lang=de&ds=AVG&pr=pr&d=2013-02-08 17:55:14&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {B0955698-EEC7-490F-898C-006B307E0BD9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647&CUI=UN17319400671167384
SearchScopes: HKCU - {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.com/websearch/ref=bit_bds-p12_serp_ie_us_display?ie=UTF8&tagbase=bds-p12&tbrId=v1_abb-channel-12_b6fe384816384c589b20f3d4ab34cb94_39_1006___ie_ds_&query={searchTerms}
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: uTorrentBar_DE Toolbar - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
BHO-x32: AlxHelper Class - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - uTorrentBar_DE Toolbar - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Sergej\AppData\Roaming\Mozilla\Firefox\Profiles\xfcgs317.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: Yahoo! Toolbar - C:\Users\Sergej\AppData\Roaming\Mozilla\Firefox\Profiles\xfcgs317.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: jid0-hjoQNmABq6jg91jHpQyvgJUouUP - C:\Users\Sergej\AppData\Roaming\Mozilla\Firefox\Profiles\xfcgs317.default\Extensions\jid0-hjoQNmABq6jg91jHpQyvgJUouUP@jetpack.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] C:\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
Chrome:
=======
CHR Extension: (DealPly Shopping ) - C:\Users\Sergej\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci\3.5.0.0_0
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-05-31] (Just Develop It)
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-14] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-09-27] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
R2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2012-05-22] ()
R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-11] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\system32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-06-27] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-14 16:38 - 2013-07-14 16:38 - 00000000 ____D C:\FRST
2013-07-14 16:37 - 2013-07-14 16:37 - 01777839 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64.exe
2013-07-14 16:22 - 2013-07-14 16:22 - 01218214 _____ (Farbar) C:\Users\Sergej\Downloads\FRST.exe
2013-07-14 16:10 - 2013-07-14 16:11 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(2).exe
2013-07-14 15:53 - 2013-07-14 15:53 - 00000983 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-14 15:52 - 2013-07-14 15:53 - 00003716 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-14 15:52 - 2013-07-14 15:52 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-07-14 15:51 - 2013-07-14 15:51 - 00000000 ____D C:\Program Files (x86)\AVG
2013-07-14 15:47 - 2013-07-14 15:49 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(1).exe
2013-07-14 13:13 - 2013-07-14 13:13 - 00003436 _____ C:\windows\System32\Tasks\BrowserDefendert
2013-07-14 13:08 - 2013-07-14 13:08 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163(1).exe
2013-07-14 02:31 - 2013-07-14 02:31 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163.exe
2013-07-14 01:10 - 2013-07-14 01:53 - 00074566 _____ C:\Users\Sergej\Downloads\Extras.Txt
2013-07-14 01:09 - 2013-07-14 13:52 - 00110344 _____ C:\Users\Sergej\Downloads\OTL.Txt
2013-07-14 00:58 - 2013-07-14 00:58 - 00602112 _____ (OldTimer Tools) C:\Users\Sergej\Downloads\OTL.exe
2013-07-13 23:57 - 2013-07-13 23:59 - 00000474 _____ C:\Users\Sergej\Downloads\defogger_disable.log
2013-07-13 23:57 - 2013-07-13 23:57 - 00000000 _____ C:\Users\Sergej\defogger_reenable
2013-07-13 23:54 - 2013-07-13 23:54 - 00050477 _____ C:\Users\Sergej\Downloads\Defogger.exe
2013-07-13 18:47 - 2013-07-13 18:48 - 104943936 _____ C:\Users\Sergej\Downloads\avira3737_free_antivirus_de.exe
2013-07-13 18:35 - 2013-07-13 18:37 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461.exe
2013-07-13 14:06 - 2013-07-13 14:06 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Malwarebytes
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-13 14:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-07-13 13:49 - 2013-07-13 13:49 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sergej\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-11 12:36 - 2013-07-14 15:53 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-06-27 00:46 - 2013-06-27 00:46 - 00248632 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgwfpa.sys
2013-06-19 19:55 - 2013-06-19 19:55 - 00004034 _____ C:\windows\System32\Tasks\LaunchApp
2013-06-19 19:54 - 2013-06-19 19:54 - 00001643 _____ C:\Users\Sergej\Desktop\Sync Folder.lnk
2013-06-19 19:54 - 2013-06-19 19:54 - 00000000 ____D C:\Users\Sergej\SyncFolder
2013-06-16 15:01 - 2013-07-14 15:01 - 00001426 _____ C:\Users\Sergej\Desktop\Registry kostenlos entrümpeln!.lnk
==================== One Month Modified Files and Folders =======
2013-07-14 16:38 - 2013-07-14 16:38 - 00000000 ____D C:\FRST
2013-07-14 16:38 - 2013-06-09 05:38 - 00000318 _____ C:\windows\Tasks\Dealply.job
2013-07-14 16:37 - 2013-07-14 16:37 - 01777839 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64.exe
2013-07-14 16:22 - 2013-07-14 16:22 - 01218214 _____ (Farbar) C:\Users\Sergej\Downloads\FRST.exe
2013-07-14 16:11 - 2013-07-14 16:10 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(2).exe
2013-07-14 16:06 - 2013-02-08 18:50 - 00000000 ____D C:\ProgramData\MFAData
2013-07-14 16:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-07-14 15:57 - 2013-06-09 06:03 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-14 15:53 - 2013-07-14 15:53 - 00000983 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-14 15:53 - 2013-07-14 15:52 - 00003716 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-14 15:53 - 2013-07-11 12:36 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-07-14 15:53 - 2013-02-08 18:54 - 00000000 ____D C:\ProgramData\AVG2013
2013-07-14 15:53 - 2013-02-08 18:50 - 00000000 ____D C:\Users\Sergej\AppData\Local\Avg2013
2013-07-14 15:52 - 2013-07-14 15:52 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-07-14 15:52 - 2013-02-08 18:54 - 00000000 ___HD C:\$AVG
2013-07-14 15:52 - 2012-07-26 10:12 - 00000000 ___HD C:\windows\ELAMBKUP
2013-07-14 15:51 - 2013-07-14 15:51 - 00000000 ____D C:\Program Files (x86)\AVG
2013-07-14 15:49 - 2013-07-14 15:47 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(1).exe
2013-07-14 15:02 - 2013-06-09 05:32 - 00000302 _____ C:\windows\Tasks\RegClean Pro_DEFAULT.job
2013-07-14 15:01 - 2013-06-16 15:01 - 00001426 _____ C:\Users\Sergej\Desktop\Registry kostenlos entrümpeln!.lnk
2013-07-14 15:01 - 2013-06-09 05:32 - 00003108 _____ C:\windows\System32\Tasks\RegClean Pro
2013-07-14 13:56 - 2013-02-05 18:11 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-479101278-746428876-1552860082-1001
2013-07-14 13:52 - 2013-07-14 01:09 - 00110344 _____ C:\Users\Sergej\Downloads\OTL.Txt
2013-07-14 13:19 - 2012-08-01 18:38 - 00753134 _____ C:\windows\system32\perfh007.dat
2013-07-14 13:19 - 2012-08-01 18:38 - 00155826 _____ C:\windows\system32\perfc007.dat
2013-07-14 13:19 - 2012-07-26 09:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-14 13:14 - 2013-06-09 05:35 - 00003120 _____ C:\windows\System32\Tasks\Advanced System Protector_startup
2013-07-14 13:13 - 2013-07-14 13:13 - 00003436 _____ C:\windows\System32\Tasks\BrowserDefendert
2013-07-14 13:13 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-14 13:08 - 2013-07-14 13:08 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163(1).exe
2013-07-14 02:31 - 2013-07-14 02:31 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163.exe
2013-07-14 01:53 - 2013-07-14 01:10 - 00074566 _____ C:\Users\Sergej\Downloads\Extras.Txt
2013-07-14 00:58 - 2013-07-14 00:58 - 00602112 _____ (OldTimer Tools) C:\Users\Sergej\Downloads\OTL.exe
2013-07-14 00:04 - 2012-09-11 07:42 - 00016426 _____ C:\windows\PFRO.log
2013-07-14 00:04 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-07-13 23:59 - 2013-07-13 23:57 - 00000474 _____ C:\Users\Sergej\Downloads\defogger_disable.log
2013-07-13 23:57 - 2013-07-13 23:57 - 00000000 _____ C:\Users\Sergej\defogger_reenable
2013-07-13 23:57 - 2013-02-05 18:03 - 00000000 ____D C:\Users\Sergej
2013-07-13 23:54 - 2013-07-13 23:54 - 00050477 _____ C:\Users\Sergej\Downloads\Defogger.exe
2013-07-13 18:48 - 2013-07-13 18:47 - 104943936 _____ C:\Users\Sergej\Downloads\avira3737_free_antivirus_de.exe
2013-07-13 18:37 - 2013-07-13 18:35 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461.exe
2013-07-13 17:05 - 2013-06-09 05:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-13 17:05 - 2013-06-09 05:38 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\WebCake
2013-07-13 17:05 - 2013-06-09 05:38 - 00000000 ____D C:\Program Files (x86)\WebCake
2013-07-13 16:34 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF
2013-07-13 14:18 - 2013-06-09 05:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-13 14:06 - 2013-07-13 14:06 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Malwarebytes
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-13 13:49 - 2013-07-13 13:49 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sergej\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-13 12:43 - 2013-02-05 18:02 - 01350728 _____ C:\windows\WindowsUpdate.log
2013-07-13 12:31 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-07-11 19:08 - 2013-02-08 22:28 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Skype
2013-07-11 12:38 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2013-07-11 12:36 - 2013-02-08 18:55 - 00045856 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2013-06-27 15:02 - 2013-05-18 09:07 - 00000000 ____D C:\Users\Sergej\AppData\Local\Nero
2013-06-27 00:46 - 2013-06-27 00:46 - 00248632 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgwfpa.sys
2013-06-21 22:19 - 2013-06-09 05:39 - 00003398 _____ C:\windows\System32\Tasks\EPUpdater
2013-06-19 19:55 - 2013-06-19 19:55 - 00004034 _____ C:\windows\System32\Tasks\LaunchApp
2013-06-19 19:55 - 2013-06-09 05:34 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-06-19 19:54 - 2013-06-19 19:54 - 00001643 _____ C:\Users\Sergej\Desktop\Sync Folder.lnk
2013-06-19 19:54 - 2013-06-19 19:54 - 00000000 ____D C:\Users\Sergej\SyncFolder
2013-06-14 22:13 - 2013-04-13 13:47 - 00000459 _____ C:\Users\Sergej\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2013-06-14 00:57 - 2013-06-09 06:03 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-11 14:01
==================== End Of Log ============================
--- --- --- Danke Dir für Deine Bemühung....  Geändert von Doma (14.07.2013 um 15:51 Uhr) |
|
14.07.2013, 18:48
| #4 |
| /// the machine /// TB-Ausbilder | neuer Laptop mit windows8 infiziert mit Trojaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.07.2013, 13:00
| #5 |
| | neuer Laptop mit windows8 infiziert mit Trojaner Hallo Schrauber hier die logfiles, die du "bestellt" hast. Die adware cleaner logfile habe ich zweimal erstellt. zu allererst und dann nochmal nach dem JRT. Ich habe allerdings die logfile vom ersten Mal nicht mehr gefunden und somit nochmal eins gemacht. Denke es ist ok?! Code:
ATTFilter # AdwCleaner v2.305 - Datei am 16/07/2013 um 13:29:39 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzer : Sergej - BEISPIEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sergej\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Advanced System Protector
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Sergej\AppData\Roaming\Mozilla\Firefox\Profiles\xfcgs317.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [25313 octets] - [15/07/2013 20:49:32]
AdwCleaner[S2].txt - [913 octets] - [16/07/2013 13:29:39]
########## EOF - C:\AdwCleaner[S2].txt - [972 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows 8 x64
Ran by Sergej on 16.07.2013 at 13:10:05,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
~~~ Registry Keys
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\clsid\{bb975e58-e769-4e5a-ba12-b765bc559ff3}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\clsid\{bb975e58-e769-4e5a-ba12-b765bc559ff3}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\distromatic
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\clsid\{bb975e58-e769-4e5a-ba12-b765bc559ff3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\clsid\{bb975e58-e769-4e5a-ba12-b765bc559ff3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\classes\clsid\{bb975e58-e769-4e5a-ba12-b765bc559ff3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\classes\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B0955698-EEC7-490F-898C-006B307E0BD9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}
~~~ Files
~~~ Folders
Failed to delete: [Folder] "C:\ProgramData\systweak"
Successfully deleted: [Folder] "C:\Users\Sergej\AppData\Roaming\systweak"
Failed to delete: [Folder] "C:\Program Files (x86)\advanced system protector"
~~~ FireFox
Successfully deleted: [File] "C:\Users\Sergej\AppData\Roaming\mozilla\firefox\profiles\xfcgs317.default\extensions\jid0-hjoQNmABq6jg91jHpQyvgJUouUP@jetpack.xpi"
Successfully deleted: [Folder] C:\Users\Sergej\AppData\Roaming\mozilla\firefox\profiles\xfcgs317.default\jetpack
Emptied folder: C:\Users\Sergej\AppData\Roaming\mozilla\firefox\profiles\xfcgs317.default\minidumps [6 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.07.2013 at 13:14:56,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-07-2013 02 Ran by Sergej at 2013-07-16 13:40:02 Running from C:\Users\Sergej\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 2013 (Version: 2013.0.3349) µTorrent (x32 Version: 3.3.0.29082) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Advanced System Protector (x32 Version: 2.1.1000.10905) Aloha TriPeaks (x32 Version: 2.2.0.98) AVG 2013 (Version: 13.0.3204) AVG 2013 (Version: 13.0.3349) Bejeweled 3 (x32 Version: 2.2.0.98) Chuzzle Deluxe (x32 Version: 2.2.0.95) Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98) Hoolapp For Android (HKCU) Intel AppUp(SM) center (x32 Version: 3.6.1.33268.15) Intel(R) Management Engine Components (x32 Version: 8.1.0.1252) Intel(R) Processor Graphics (x32 Version: 9.17.10.2875) Intel(R) Rapid Storage Technology (x32 Version: 11.5.2.1001) Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149) Intel® Trusted Connect Service Client (Version: 1.24.388.1) Island Tribe (x32 Version: 2.2.0.98) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98) Magic Academy (x32 Version: 2.2.0.98) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Word 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft-Maus- und Tastatur-Center (Version: 2.1.177.0) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MyPC Backup (Version: ) Nero 12 Essentials Toshiba (x32 Version: 12.0.00400) Nero BackItUp (x32 Version: 12.0.1000) Nero BackItUp Help (CHM) (x32 Version: 12.0.3000) Nero Blu-ray Player (x32 Version: 12.0.12600) Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.3000) Nero BurnRights (x32 Version: 12.0.3000) Nero BurnRights Help (CHM) (x32 Version: 12.0.3000) Nero ControlCenter (x32 Version: 11.0.14800.0.48) Nero ControlCenter Help (CHM) (x32 Version: 12.0.3000) Nero Core Components (x32 Version: 11.0.17600.2.3) Nero Express (x32 Version: 12.0.14001) Nero Express Help (CHM) (x32 Version: 12.0.3000) Nero Kwik Media (x32 Version: 1.18.16800) Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000) Nero Kwik Themes Basic (x32 Version: 12.0.11500) Nero Launcher (x32 Version: 12.2.1000) Nero RescueAgent (x32 Version: 12.0.7002) Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000) Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0) Nero Update (x32 Version: 11.0.11800.31.0) Peggle Nights (x32 Version: 2.2.0.98) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98) Polar Bowler (x32 Version: 2.2.0.97) Premium Sound HD (Version: 1.12.4600) Prerequisite installer (x32 Version: 12.0.0002) Qtrax Player (HKCU) Qtrax Player (x32 Version: 01.001.0001) Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6738) Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.30136) Realtek WLAN Driver (x32 Version: 2.00.0020) Shared C Run-time for x64 (Version: 10.0.0) Skype™ 6.1 (x32 Version: 6.1.129) Synaptics Pointing Device Driver (Version: 16.2.10.3) TOSHIBA Desktop Assist (Version: 1.00.0007.00002) TOSHIBA eco Utility (Version: 2.0.0.6415) TOSHIBA Function Key (Version: 1.00.6425) TOSHIBA Manuals (x32 Version: 10.10) Toshiba Password Utility (x32 Version: 2.00.910) TOSHIBA PC Health Monitor (Version: 1.8.17.640104) Toshiba Places Icon Utility (Version: 2.1.1) TOSHIBA Recovery Media Creator (x32 Version: 2.2.0.54043005) TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.2.2.00) TOSHIBA Service Station (Version: 2.4.4) TOSHIBA System Driver (x32 Version: 1.00.0012) TOSHIBA System Settings (x32 Version: 1.00.0002.32002) Toshiba TEMPRO (x32 Version: 4.2.1) TOSHIBA VIDEO PLAYER (Version: 5.1.0.12-A) Update Installer for WildTangent Games App (x32) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1) VLC media player 2.0.5 (x32 Version: 2.0.5) Welcome App (Start-up experience) (x32 Version: 12.0.13000) WildTangent Games (x32 Version: 1.0.3.0) WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.37) WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0) ==================== Restore Points ========================= 14-06-2013 20:30:15 Geplanter Prüfpunkt 05-07-2013 05:39:29 Geplanter Prüfpunkt 13-07-2013 10:50:51 Geplanter Prüfpunkt 14-07-2013 13:51:21 Installed AVG 2013 14-07-2013 13:51:51 Installed AVG 2013 ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0C165814-CBDA-47F8-959E-28BD8B6E6CC5} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe [2013-01-24] (Microsoft Corporation) Task: {0CD45EEE-BA60-402C-83D0-7AE300826A81} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-08-14] (Toshiba Europe GmbH) Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation) Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler Task: {181AC821-16C5-43B8-8059-D13488821F54} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation) Task: {19E4FEC6-7000-44F4-ADB5-DC92E6DE0923} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance Task: {21835A2B-4E7D-4FE0-B329-EAC1665BBF5E} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe No File Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {25928ABC-61D6-4AF4-A936-BF20FA61043A} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe [2013-05-31] (MyPCBackup.com) Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem Task: {3D657EE0-DF5F-422D-8D6C-DF5BE9FBB2CE} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage Task: {456269DF-884D-4B5F-8C6F-5A5AAD6AEE15} - System32\Tasks\BrowserDefendert => C:\windows\system32\sc.exe [2012-07-26] (Microsoft Corporation) Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-26] (Microsoft Corporation) Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon Task: {56DD1F90-DF4B-474A-A715-881D05397D2C} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe No File Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance Task: {59B8EE18-AC55-426A-B921-46D67B95A03C} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\windows\system32\sc.exe [2012-07-26] (Microsoft Corporation) Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required Task: {6130D06D-359F-4C53-82D5-0B848D6296A1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation) Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation) Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance Task: {82C16E28-5264-4C6F-854F-B761A960B142} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-479101278-746428876-1552860082-500 Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode) Task: {8D63F59C-8736-49BB-B224-FD0B04E0D4AD} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation) Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic Task: {9EDF14CB-7542-4CF4-B326-DC8CC6072177} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-14] (Adobe Systems Incorporated) Task: {9F2447D0-87B6-42BD-BA6D-62B8747703CF} - System32\Tasks\EPUpdater => C:\Users\Sergej\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\System32\dism.exe [2012-07-26] (Microsoft Corporation) Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific Task: {BFD5A5CC-1AF3-4223-86D8-2D6221BBFAB2} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-14] (Synaptics Incorporated) Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork Task: {CDE39E3A-50A2-4D8E-BB80-FCDD0D991742} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-479101278-746428876-1552860082-1001 Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery Task: {DF920637-D5D0-45B0-8276-02B3BCF6109F} - System32\Tasks\Hoolapp Init => C:\Users\Sergej\AppData\Roaming\HOOLAP~1\Hoolapp.exe [2013-01-18] () Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation) Task: {E9C387A0-5036-4BB2-BEAE-6B2A2C9A0B94} - System32\Tasks\Hoolapp For Android => C:\Users\Sergej\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE [2013-01-18] () Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM Task: {EF9C5302-419C-433D-91DB-C2B4682670E1} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-28] (TOSHIBA Corporation) Task: {F3881AF7-DF26-4B7C-BD8D-9C5850CDF8A1} - System32\Tasks\DealPlyUpdate => C:\Program No File Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/16/2013 01:33:19 PM) (Source: Application Error) (User: ) Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder der Datenträger fehlt. Das Programm Hoolapp.exe wurde wegen dieses Fehlers geschlossen. Programm: Hoolapp.exe Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1. Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: 00000000 Datenträgertyp: 0 Error: (07/16/2013 01:33:19 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000096 Fehleroffset: 0x000e7aa2 ID des fehlerhaften Prozesses: 0x101c Startzeit der fehlerhaften Anwendung: 0xHoolapp.exe0 Pfad der fehlerhaften Anwendung: Hoolapp.exe1 Pfad des fehlerhaften Moduls: Hoolapp.exe2 Berichtskennung: Hoolapp.exe3 Vollständiger Name des fehlerhaften Pakets: Hoolapp.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Hoolapp.exe5 Error: (07/16/2013 01:32:47 PM) (Source: Application Error) (User: ) Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder der Datenträger fehlt. Das Programm Hoolapp.exe wurde wegen dieses Fehlers geschlossen. Programm: Hoolapp.exe Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1. Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: 00000000 Datenträgertyp: 0 Error: (07/16/2013 01:32:47 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000096 Fehleroffset: 0x000e7aa2 ID des fehlerhaften Prozesses: 0x7f4 Startzeit der fehlerhaften Anwendung: 0xHoolapp.exe0 Pfad der fehlerhaften Anwendung: Hoolapp.exe1 Pfad des fehlerhaften Moduls: Hoolapp.exe2 Berichtskennung: Hoolapp.exe3 Vollständiger Name des fehlerhaften Pakets: Hoolapp.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Hoolapp.exe5 Error: (07/15/2013 09:03:06 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: Hoolapp.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000e7ad8 ID des fehlerhaften Prozesses: 0x110c Startzeit der fehlerhaften Anwendung: 0xHoolapp.exe0 Pfad der fehlerhaften Anwendung: Hoolapp.exe1 Pfad des fehlerhaften Moduls: Hoolapp.exe2 Berichtskennung: Hoolapp.exe3 Vollständiger Name des fehlerhaften Pakets: Hoolapp.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Hoolapp.exe5 Error: (07/15/2013 04:57:37 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (07/14/2013 09:35:03 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (07/14/2013 01:14:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: BEISPIEL-PC) Description: Bei der Aktivierung der App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (07/14/2013 01:14:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: BEISPIEL-PC) Description: Bei der Aktivierung der App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (07/14/2013 01:14:24 PM) (Source: Application Hang) (User: ) Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: cb8 Startzeit: 01ce80833efbfeef Endzeit: 4294967295 Anwendungspfad: C:\windows\system32\wwahost.exe Berichts-ID: 86d1d315-ec76-11e2-be95-7054d2491ea4 Vollständiger Name des fehlerhaften Pakets: microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.WindowsLive.ModernPhotos System errors: ============= Error: (07/16/2013 01:31:31 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (07/15/2013 09:01:17 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (07/14/2013 01:13:17 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 14.07.2013 um 13:02:09 unerwartet heruntergefahren. Error: (07/14/2013 01:02:08 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 14.07.2013 um 12:50:41 unerwartet heruntergefahren. Error: (07/14/2013 00:50:41 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 14.07.2013 um 02:05:11 unerwartet heruntergefahren. Error: (07/14/2013 00:04:25 AM) (Source: DCOM) (User: BEISPIEL-PC) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (07/13/2013 05:06:03 PM) (Source: DCOM) (User: BEISPIEL-PC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}BEISPIEL-PCSergejS-1-5-21-479101278-746428876-1552860082-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (07/13/2013 05:05:42 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (07/13/2013 05:05:36 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "AVGIDSAgent" wurde mit dem folgenden dienstspezifischen Fehler beendet: %%3758213659 Error: (07/13/2013 05:05:36 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 41% Total physical RAM: 3977.22 MB Available physical RAM: 2325.66 MB Total Pagefile: 4681.22 MB Available Pagefile: 2910.47 MB Total Virtual: 8192 MB Available Virtual: 8191.77 MB ==================== Drives ================================ Drive c: (C:) (Fixed) (Total:287.62 GB) (Free:254.68 GB) NTFS (Disk=0 Partition=4) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 00000000) Partition: GPT Partition Type ==================== End Of Log ============================ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-07-2013 02
Ran by Sergej (administrator) on 16-07-2013 13:39:22
Running from C:\Users\Sergej\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) \\?\C:\windows\system32\wbem\WMIADAP.EXE
(Farbar) C:\Users\Sergej\Downloads\FRST64 (2).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13196432 2012-09-27] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - %ProgramFiles%\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h [223245 2012-07-27] ()
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [x]
HKCU\...\Run: [Hoolapp Android] - "C:\Users\Sergej\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized [1209392 2013-01-18] ()
HKLM-x32\...\Run: [Intel AppUp(SM) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-08-02] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] - "C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe" [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [TPUReg(x86)] - "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes [x]
HKLM-x32\...\Run: [TPUReg] - "C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe" /Retimes [6884352 2012-08-23] (Pegatron Corporation)
HKLM-x32\...\Run: [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll [4408368 2013-04-29] ()
Startup: C:\Users\Sergej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKCU SearchScopes: DefaultScope {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} URL =
SearchScopes: HKCU - {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} URL =
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Sergej\AppData\Roaming\Mozilla\Firefox\Profiles\xfcgs317.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: Yahoo! Toolbar - C:\Users\Sergej\AppData\Roaming\Mozilla\Firefox\Profiles\xfcgs317.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
Chrome:
=======
CHR Extension: (DealPly Shopping ) - C:\Users\Sergej\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci\3.5.0.0_0
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-05-31] (Just Develop It)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-14] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-09-27] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-11] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\system32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-06-27] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-16 13:38 - 2013-07-16 13:38 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (2).exe
2013-07-16 13:37 - 2013-07-16 13:37 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (1).exe
2013-07-16 13:29 - 2013-07-16 13:31 - 00001040 _____ C:\AdwCleaner[S2].txt
2013-07-16 13:14 - 2013-07-16 13:14 - 00002880 _____ C:\Users\Sergej\Desktop\JRT.txt
2013-07-16 13:10 - 2013-07-16 13:10 - 00000000 ____D C:\windows\ERUNT
2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511.exe
2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511(1).exe
2013-07-16 00:03 - 2013-07-16 00:03 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT.exe
2013-07-15 20:49 - 2013-07-15 20:50 - 00025313 _____ C:\AdwCleaner[S1].txt
2013-07-15 20:38 - 2013-07-15 20:38 - 00662345 _____ C:\Users\Sergej\Downloads\adwcleaner.exe
2013-07-14 16:38 - 2013-07-14 16:38 - 00000000 ____D C:\FRST
2013-07-14 16:37 - 2013-07-14 16:37 - 01777839 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64.exe
2013-07-14 16:22 - 2013-07-14 16:22 - 01218214 _____ (Farbar) C:\Users\Sergej\Downloads\FRST.exe
2013-07-14 16:10 - 2013-07-14 16:11 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(2).exe
2013-07-14 15:53 - 2013-07-14 15:53 - 00000983 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-14 15:52 - 2013-07-14 15:53 - 00003716 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-14 15:51 - 2013-07-14 15:51 - 00000000 ____D C:\Program Files (x86)\AVG
2013-07-14 15:47 - 2013-07-14 15:49 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(1).exe
2013-07-14 13:13 - 2013-07-14 13:13 - 00003436 _____ C:\windows\System32\Tasks\BrowserDefendert
2013-07-14 13:08 - 2013-07-14 13:08 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163(1).exe
2013-07-14 02:31 - 2013-07-14 02:31 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163.exe
2013-07-14 01:10 - 2013-07-14 01:53 - 00074566 _____ C:\Users\Sergej\Downloads\Extras.Txt
2013-07-14 01:09 - 2013-07-14 13:52 - 00110344 _____ C:\Users\Sergej\Downloads\OTL.Txt
2013-07-14 00:58 - 2013-07-14 00:58 - 00602112 _____ (OldTimer Tools) C:\Users\Sergej\Downloads\OTL.exe
2013-07-13 23:57 - 2013-07-13 23:59 - 00000474 _____ C:\Users\Sergej\Downloads\defogger_disable.log
2013-07-13 23:57 - 2013-07-13 23:57 - 00000000 _____ C:\Users\Sergej\defogger_reenable
2013-07-13 23:54 - 2013-07-13 23:54 - 00050477 _____ C:\Users\Sergej\Downloads\Defogger.exe
2013-07-13 18:47 - 2013-07-13 18:48 - 104943936 _____ C:\Users\Sergej\Downloads\avira3737_free_antivirus_de.exe
2013-07-13 18:35 - 2013-07-13 18:37 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461.exe
2013-07-13 14:06 - 2013-07-13 14:06 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Malwarebytes
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-13 14:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-07-13 13:49 - 2013-07-13 13:49 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sergej\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-27 00:46 - 2013-06-27 00:46 - 00248632 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgwfpa.sys
2013-06-19 19:55 - 2013-06-19 19:55 - 00004034 _____ C:\windows\System32\Tasks\LaunchApp
2013-06-19 19:54 - 2013-06-19 19:54 - 00001643 _____ C:\Users\Sergej\Desktop\Sync Folder.lnk
2013-06-19 19:54 - 2013-06-19 19:54 - 00000000 ____D C:\Users\Sergej\SyncFolder
2013-06-16 15:01 - 2013-07-14 15:01 - 00001426 _____ C:\Users\Sergej\Desktop\Registry kostenlos entrümpeln!.lnk
==================== One Month Modified Files and Folders =======
2013-07-16 13:38 - 2013-07-16 13:38 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (2).exe
2013-07-16 13:37 - 2013-07-16 13:37 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (1).exe
2013-07-16 13:37 - 2013-02-05 18:11 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-479101278-746428876-1552860082-1001
2013-07-16 13:32 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-16 13:31 - 2013-07-16 13:29 - 00001040 _____ C:\AdwCleaner[S2].txt
2013-07-16 13:31 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-07-16 13:14 - 2013-07-16 13:14 - 00002880 _____ C:\Users\Sergej\Desktop\JRT.txt
2013-07-16 13:12 - 2013-02-08 18:50 - 00000000 ____D C:\ProgramData\MFAData
2013-07-16 13:10 - 2013-07-16 13:10 - 00000000 ____D C:\windows\ERUNT
2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511.exe
2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511(1).exe
2013-07-16 13:08 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-07-16 03:57 - 2013-06-09 06:03 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-16 00:03 - 2013-07-16 00:03 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT.exe
2013-07-15 21:07 - 2012-08-01 18:38 - 00753134 _____ C:\windows\system32\perfh007.dat
2013-07-15 21:07 - 2012-08-01 18:38 - 00155826 _____ C:\windows\system32\perfc007.dat
2013-07-15 21:07 - 2012-07-26 09:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-15 20:50 - 2013-07-15 20:49 - 00025313 _____ C:\AdwCleaner[S1].txt
2013-07-15 20:38 - 2013-07-15 20:38 - 00662345 _____ C:\Users\Sergej\Downloads\adwcleaner.exe
2013-07-14 16:38 - 2013-07-14 16:38 - 00000000 ____D C:\FRST
2013-07-14 16:37 - 2013-07-14 16:37 - 01777839 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64.exe
2013-07-14 16:22 - 2013-07-14 16:22 - 01218214 _____ (Farbar) C:\Users\Sergej\Downloads\FRST.exe
2013-07-14 16:11 - 2013-07-14 16:10 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(2).exe
2013-07-14 15:53 - 2013-07-14 15:53 - 00000983 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-14 15:53 - 2013-07-14 15:52 - 00003716 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-14 15:53 - 2013-02-08 18:54 - 00000000 ____D C:\ProgramData\AVG2013
2013-07-14 15:53 - 2013-02-08 18:50 - 00000000 ____D C:\Users\Sergej\AppData\Local\Avg2013
2013-07-14 15:52 - 2013-02-08 18:54 - 00000000 ___HD C:\$AVG
2013-07-14 15:52 - 2012-07-26 10:12 - 00000000 ___HD C:\windows\ELAMBKUP
2013-07-14 15:51 - 2013-07-14 15:51 - 00000000 ____D C:\Program Files (x86)\AVG
2013-07-14 15:49 - 2013-07-14 15:47 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(1).exe
2013-07-14 15:01 - 2013-06-16 15:01 - 00001426 _____ C:\Users\Sergej\Desktop\Registry kostenlos entrümpeln!.lnk
2013-07-14 15:01 - 2013-06-09 05:32 - 00003108 _____ C:\windows\System32\Tasks\RegClean Pro
2013-07-14 13:52 - 2013-07-14 01:09 - 00110344 _____ C:\Users\Sergej\Downloads\OTL.Txt
2013-07-14 13:14 - 2013-06-09 05:35 - 00003120 _____ C:\windows\System32\Tasks\Advanced System Protector_startup
2013-07-14 13:13 - 2013-07-14 13:13 - 00003436 _____ C:\windows\System32\Tasks\BrowserDefendert
2013-07-14 13:08 - 2013-07-14 13:08 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163(1).exe
2013-07-14 02:31 - 2013-07-14 02:31 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163.exe
2013-07-14 01:53 - 2013-07-14 01:10 - 00074566 _____ C:\Users\Sergej\Downloads\Extras.Txt
2013-07-14 00:58 - 2013-07-14 00:58 - 00602112 _____ (OldTimer Tools) C:\Users\Sergej\Downloads\OTL.exe
2013-07-14 00:04 - 2012-09-11 07:42 - 00016426 _____ C:\windows\PFRO.log
2013-07-13 23:59 - 2013-07-13 23:57 - 00000474 _____ C:\Users\Sergej\Downloads\defogger_disable.log
2013-07-13 23:57 - 2013-07-13 23:57 - 00000000 _____ C:\Users\Sergej\defogger_reenable
2013-07-13 23:57 - 2013-02-05 18:03 - 00000000 ____D C:\Users\Sergej
2013-07-13 23:54 - 2013-07-13 23:54 - 00050477 _____ C:\Users\Sergej\Downloads\Defogger.exe
2013-07-13 18:48 - 2013-07-13 18:47 - 104943936 _____ C:\Users\Sergej\Downloads\avira3737_free_antivirus_de.exe
2013-07-13 18:37 - 2013-07-13 18:35 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461.exe
2013-07-13 17:05 - 2013-06-09 05:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-13 16:34 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF
2013-07-13 14:18 - 2013-06-09 05:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-13 14:06 - 2013-07-13 14:06 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Malwarebytes
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-13 13:49 - 2013-07-13 13:49 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sergej\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-13 12:43 - 2013-02-05 18:02 - 01350728 _____ C:\windows\WindowsUpdate.log
2013-07-13 12:31 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-07-11 19:08 - 2013-02-08 22:28 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Skype
2013-07-11 12:38 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2013-07-11 12:36 - 2013-02-08 18:55 - 00045856 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2013-06-27 15:02 - 2013-05-18 09:07 - 00000000 ____D C:\Users\Sergej\AppData\Local\Nero
2013-06-27 00:46 - 2013-06-27 00:46 - 00248632 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgwfpa.sys
2013-06-21 22:19 - 2013-06-09 05:39 - 00003398 _____ C:\windows\System32\Tasks\EPUpdater
2013-06-19 19:55 - 2013-06-19 19:55 - 00004034 _____ C:\windows\System32\Tasks\LaunchApp
2013-06-19 19:55 - 2013-06-09 05:34 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-06-19 19:54 - 2013-06-19 19:54 - 00001643 _____ C:\Users\Sergej\Desktop\Sync Folder.lnk
2013-06-19 19:54 - 2013-06-19 19:54 - 00000000 ____D C:\Users\Sergej\SyncFolder
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-11 14:01
==================== End Of Log ============================
Lieben Gruß und vielen Dank für deine Hilfe und deine gute Anleitung.....  |
|
16.07.2013, 13:36
| #6 |
| /// the machine /// TB-Ausbilder | neuer Laptop mit windows8 infiziert mit Trojaner Deinstalliere alles was du nicht brauchst und nicht kennst. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> neuer Laptop mit windows8 infiziert mit Trojaner |
|
16.07.2013, 20:31
| #7 |
| | neuer Laptop mit windows8 infiziert mit TrojanerCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1998a562dcc67c478ae47a8200143841
# engine=14415
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-16 05:53:49
# local_time=2013-07-16 07:53:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1043 16777213 100 87 24064 61131213 0 0
# compatibility_mode=5893 16776574 100 94 8111781 14586328 0 0
# scanned=176738
# found=1
# cleaned=0
# scan_time=13354
sh=67D181F0D9FEC6690C0AE4C606DEA14A5C0E6CDD ft=1 fh=3b21a895403b5dee vn="multiple threats" ac=I fn="C:\Users\Sergej\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UP0K99IA\WebCakesetup[1].exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.69 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` AVG AntiVirus Free Edition 2013 Windows Defender Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.7.700.224 Mozilla Firefox (22.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe ESET ESET Online Scanner OnlineScannerApp.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Ran by Sergej (administrator) on 16-07-2013 21:02:16 Running from C:\Users\Sergej\Downloads Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\windows\system32\WLANExt.exe () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Microsoft Corporation) C:\windows\system32\dashost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe () C:\Users\Sergej\Downloads\SecurityCheck.exe (Microsoft Corporation) C:\windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe (Farbar) C:\Users\Sergej\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] - [x] HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13196432 2012-09-27] (Realtek Semiconductor) HKLM\...\Run: [TCrdMain] - %ProgramFiles%\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] () HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation) HKLM\...\Run: [SRS Premium Sound HD] - "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h [223245 2012-07-27] () HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [x] HKCU\...\Run: [Hoolapp Android] - "C:\Users\Sergej\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized [1209392 2013-01-18] () HKLM-x32\...\Run: [Intel AppUp(SM) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-08-02] (Intel Corporation) HKLM-x32\...\Run: [ToshibaDynamicIconUtility] - "C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe" [1498624 2012-08-09] (Toshiba) HKLM-x32\...\Run: [TPUReg(x86)] - "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes [x] HKLM-x32\...\Run: [TPUReg] - "C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe" /Retimes [6884352 2012-08-23] (Pegatron Corporation) HKLM-x32\...\Run: [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.) AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll [4408368 2013-04-29] () Startup: C:\Users\Sergej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com HKCU SearchScopes: DefaultScope {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} URL = SearchScopes: HKCU - {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} URL = Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Sergej\AppData\Roaming\Mozilla\Firefox\Profiles\xfcgs317.default FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Extension: Yahoo! Toolbar - C:\Users\Sergej\AppData\Roaming\Mozilla\Firefox\Profiles\xfcgs317.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK Chrome: ======= CHR Extension: (DealPly Shopping ) - C:\Users\Sergej\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci\3.5.0.0_0 ==================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.) R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-05-31] (Just Develop It) R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-14] () R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-09-27] (Realtek Semiconductor) S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH) R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-11] (AVG Secure Search) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\system32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-06-27] (AVG Technologies CZ, s.r.o.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation) R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-12] (PEGATRON) S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation ) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-16 20:46 - 2013-07-16 20:46 - 00891022 _____ C:\Users\Sergej\Downloads\SecurityCheck.exe 2013-07-16 16:09 - 2013-07-16 16:09 - 00000000 ____D C:\Program Files (x86)\ESET 2013-07-16 15:44 - 2013-07-16 15:44 - 02347384 _____ (ESET) C:\Users\Sergej\Downloads\esetsmartinstaller_enu.exe 2013-07-16 13:40 - 2013-07-16 13:40 - 00026111 _____ C:\Users\Sergej\Downloads\Addition.txt 2013-07-16 13:38 - 2013-07-16 13:38 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (2).exe 2013-07-16 13:37 - 2013-07-16 13:37 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (1).exe 2013-07-16 13:29 - 2013-07-16 13:31 - 00001040 _____ C:\AdwCleaner[S2].txt 2013-07-16 13:14 - 2013-07-16 13:14 - 00002880 _____ C:\Users\Sergej\Desktop\JRT.txt 2013-07-16 13:10 - 2013-07-16 13:10 - 00000000 ____D C:\windows\ERUNT 2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511.exe 2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511(1).exe 2013-07-16 00:03 - 2013-07-16 00:03 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT.exe 2013-07-15 20:49 - 2013-07-15 20:50 - 00025313 _____ C:\AdwCleaner[S1].txt 2013-07-15 20:38 - 2013-07-15 20:38 - 00662345 _____ C:\Users\Sergej\Downloads\adwcleaner.exe 2013-07-14 16:38 - 2013-07-14 16:38 - 00000000 ____D C:\FRST 2013-07-14 16:37 - 2013-07-14 16:37 - 01777839 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64.exe 2013-07-14 16:22 - 2013-07-14 16:22 - 01218214 _____ (Farbar) C:\Users\Sergej\Downloads\FRST.exe 2013-07-14 16:10 - 2013-07-14 16:11 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(2).exe 2013-07-14 15:53 - 2013-07-14 15:53 - 00000983 _____ C:\Users\Public\Desktop\AVG 2013.lnk 2013-07-14 15:52 - 2013-07-14 15:53 - 00003716 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml 2013-07-14 15:51 - 2013-07-14 15:51 - 00000000 ____D C:\Program Files (x86)\AVG 2013-07-14 15:47 - 2013-07-14 15:49 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(1).exe 2013-07-14 13:13 - 2013-07-14 13:13 - 00003436 _____ C:\windows\System32\Tasks\BrowserDefendert 2013-07-14 13:08 - 2013-07-14 13:08 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163(1).exe 2013-07-14 02:31 - 2013-07-14 02:31 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163.exe 2013-07-14 01:10 - 2013-07-14 01:53 - 00074566 _____ C:\Users\Sergej\Downloads\Extras.Txt 2013-07-14 01:09 - 2013-07-14 13:52 - 00110344 _____ C:\Users\Sergej\Downloads\OTL.Txt 2013-07-14 00:58 - 2013-07-14 00:58 - 00602112 _____ (OldTimer Tools) C:\Users\Sergej\Downloads\OTL.exe 2013-07-13 23:57 - 2013-07-13 23:59 - 00000474 _____ C:\Users\Sergej\Downloads\defogger_disable.log 2013-07-13 23:57 - 2013-07-13 23:57 - 00000000 _____ C:\Users\Sergej\defogger_reenable 2013-07-13 23:54 - 2013-07-13 23:54 - 00050477 _____ C:\Users\Sergej\Downloads\Defogger.exe 2013-07-13 18:47 - 2013-07-13 18:48 - 104943936 _____ C:\Users\Sergej\Downloads\avira3737_free_antivirus_de.exe 2013-07-13 18:35 - 2013-07-13 18:37 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461.exe 2013-07-13 14:06 - 2013-07-13 14:06 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Malwarebytes 2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-13 14:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2013-07-13 13:49 - 2013-07-13 13:49 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sergej\Downloads\mbam-setup-1.75.0.1300.exe 2013-06-27 00:46 - 2013-06-27 00:46 - 00248632 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgwfpa.sys 2013-06-19 19:55 - 2013-06-19 19:55 - 00004034 _____ C:\windows\System32\Tasks\LaunchApp 2013-06-19 19:54 - 2013-06-19 19:54 - 00001643 _____ C:\Users\Sergej\Desktop\Sync Folder.lnk 2013-06-19 19:54 - 2013-06-19 19:54 - 00000000 ____D C:\Users\Sergej\SyncFolder 2013-06-16 15:01 - 2013-07-14 15:01 - 00001426 _____ C:\Users\Sergej\Desktop\Registry kostenlos entrümpeln!.lnk ==================== One Month Modified Files and Folders ======= 2013-07-16 21:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru 2013-07-16 20:57 - 2013-06-09 06:03 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-07-16 20:46 - 2013-07-16 20:46 - 00891022 _____ C:\Users\Sergej\Downloads\SecurityCheck.exe 2013-07-16 16:09 - 2013-07-16 16:09 - 00000000 ____D C:\Program Files (x86)\ESET 2013-07-16 15:44 - 2013-07-16 15:44 - 02347384 _____ (ESET) C:\Users\Sergej\Downloads\esetsmartinstaller_enu.exe 2013-07-16 13:44 - 2013-02-05 18:11 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-479101278-746428876-1552860082-1001 2013-07-16 13:40 - 2013-07-16 13:40 - 00026111 _____ C:\Users\Sergej\Downloads\Addition.txt 2013-07-16 13:39 - 2012-08-01 18:38 - 00753134 _____ C:\windows\system32\perfh007.dat 2013-07-16 13:39 - 2012-08-01 18:38 - 00155826 _____ C:\windows\system32\perfc007.dat 2013-07-16 13:39 - 2012-07-26 09:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI 2013-07-16 13:38 - 2013-07-16 13:38 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (2).exe 2013-07-16 13:37 - 2013-07-16 13:37 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (1).exe 2013-07-16 13:32 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-07-16 13:31 - 2013-07-16 13:29 - 00001040 _____ C:\AdwCleaner[S2].txt 2013-07-16 13:31 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI 2013-07-16 13:14 - 2013-07-16 13:14 - 00002880 _____ C:\Users\Sergej\Desktop\JRT.txt 2013-07-16 13:12 - 2013-02-08 18:50 - 00000000 ____D C:\ProgramData\MFAData 2013-07-16 13:10 - 2013-07-16 13:10 - 00000000 ____D C:\windows\ERUNT 2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511.exe 2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511(1).exe 2013-07-16 00:03 - 2013-07-16 00:03 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT.exe 2013-07-15 20:50 - 2013-07-15 20:49 - 00025313 _____ C:\AdwCleaner[S1].txt 2013-07-15 20:38 - 2013-07-15 20:38 - 00662345 _____ C:\Users\Sergej\Downloads\adwcleaner.exe 2013-07-14 16:38 - 2013-07-14 16:38 - 00000000 ____D C:\FRST 2013-07-14 16:37 - 2013-07-14 16:37 - 01777839 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64.exe 2013-07-14 16:22 - 2013-07-14 16:22 - 01218214 _____ (Farbar) C:\Users\Sergej\Downloads\FRST.exe 2013-07-14 16:11 - 2013-07-14 16:10 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(2).exe 2013-07-14 15:53 - 2013-07-14 15:53 - 00000983 _____ C:\Users\Public\Desktop\AVG 2013.lnk 2013-07-14 15:53 - 2013-07-14 15:52 - 00003716 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml 2013-07-14 15:53 - 2013-02-08 18:54 - 00000000 ____D C:\ProgramData\AVG2013 2013-07-14 15:53 - 2013-02-08 18:50 - 00000000 ____D C:\Users\Sergej\AppData\Local\Avg2013 2013-07-14 15:52 - 2013-02-08 18:54 - 00000000 ___HD C:\$AVG 2013-07-14 15:52 - 2012-07-26 10:12 - 00000000 ___HD C:\windows\ELAMBKUP 2013-07-14 15:51 - 2013-07-14 15:51 - 00000000 ____D C:\Program Files (x86)\AVG 2013-07-14 15:49 - 2013-07-14 15:47 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(1).exe 2013-07-14 15:01 - 2013-06-16 15:01 - 00001426 _____ C:\Users\Sergej\Desktop\Registry kostenlos entrümpeln!.lnk 2013-07-14 15:01 - 2013-06-09 05:32 - 00003108 _____ C:\windows\System32\Tasks\RegClean Pro 2013-07-14 13:52 - 2013-07-14 01:09 - 00110344 _____ C:\Users\Sergej\Downloads\OTL.Txt 2013-07-14 13:14 - 2013-06-09 05:35 - 00003120 _____ C:\windows\System32\Tasks\Advanced System Protector_startup 2013-07-14 13:13 - 2013-07-14 13:13 - 00003436 _____ C:\windows\System32\Tasks\BrowserDefendert 2013-07-14 13:08 - 2013-07-14 13:08 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163(1).exe 2013-07-14 02:31 - 2013-07-14 02:31 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163.exe 2013-07-14 01:53 - 2013-07-14 01:10 - 00074566 _____ C:\Users\Sergej\Downloads\Extras.Txt 2013-07-14 00:58 - 2013-07-14 00:58 - 00602112 _____ (OldTimer Tools) C:\Users\Sergej\Downloads\OTL.exe 2013-07-14 00:04 - 2012-09-11 07:42 - 00016426 _____ C:\windows\PFRO.log 2013-07-13 23:59 - 2013-07-13 23:57 - 00000474 _____ C:\Users\Sergej\Downloads\defogger_disable.log 2013-07-13 23:57 - 2013-07-13 23:57 - 00000000 _____ C:\Users\Sergej\defogger_reenable 2013-07-13 23:57 - 2013-02-05 18:03 - 00000000 ____D C:\Users\Sergej 2013-07-13 23:54 - 2013-07-13 23:54 - 00050477 _____ C:\Users\Sergej\Downloads\Defogger.exe 2013-07-13 18:48 - 2013-07-13 18:47 - 104943936 _____ C:\Users\Sergej\Downloads\avira3737_free_antivirus_de.exe 2013-07-13 18:37 - 2013-07-13 18:35 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461.exe 2013-07-13 17:05 - 2013-06-09 05:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-13 16:34 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF 2013-07-13 14:18 - 2013-06-09 05:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-13 14:06 - 2013-07-13 14:06 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Malwarebytes 2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-13 13:49 - 2013-07-13 13:49 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sergej\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-13 12:43 - 2013-02-05 18:02 - 01350728 _____ C:\windows\WindowsUpdate.log 2013-07-13 12:31 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent 2013-07-11 19:08 - 2013-02-08 22:28 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Skype 2013-07-11 12:38 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\ELAM 2013-07-11 12:36 - 2013-02-08 18:55 - 00045856 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys 2013-06-27 15:02 - 2013-05-18 09:07 - 00000000 ____D C:\Users\Sergej\AppData\Local\Nero 2013-06-27 00:46 - 2013-06-27 00:46 - 00248632 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgwfpa.sys 2013-06-21 22:19 - 2013-06-09 05:39 - 00003398 _____ C:\windows\System32\Tasks\EPUpdater 2013-06-19 19:55 - 2013-06-19 19:55 - 00004034 _____ C:\windows\System32\Tasks\LaunchApp 2013-06-19 19:55 - 2013-06-09 05:34 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-06-19 19:54 - 2013-06-19 19:54 - 00001643 _____ C:\Users\Sergej\Desktop\Sync Folder.lnk 2013-06-19 19:54 - 2013-06-19 19:54 - 00000000 ____D C:\Users\Sergej\SyncFolder ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-11 14:01 ==================== End Of Log Was meinst Du? Problem behoben? Vielen Dank für Deine Mühe. Gruß, Doma |
|
17.07.2013, 08:10
| #8 |
| /// the machine /// TB-Ausbilder | neuer Laptop mit windows8 infiziert mit Trojaner Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Hast Du denn noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.07.2013, 11:58
| #9 |
| | neuer Laptop mit windows8 infiziert mit Trojaner Hallo Schrauber Ich habe nun den Scan gemacht, aber die Verbindung zum Internet nicht getrennt. Hier aber die Kopie Code:
ATTFilter Getting user folders.
Stopping running processes.
Emptying Temp folders.
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Sergej
->Temp folder emptied: 288858604 bytes
->Temporary Internet Files folder emptied: 253552682 bytes
->FireFox cache emptied: 25863197 bytes
->Flash cache emptied: 25814 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 252594455 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1190 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
Emptying RecycleBin. Do not interrupt.
RecycleBin emptied: 1467033600 bytes
Process complete!
Total Files Cleaned = 2.182,00 mb
Gruß Doma |
|
17.07.2013, 12:11
| #10 |
| /// the machine /// TB-Ausbilder | neuer Laptop mit windows8 infiziert mit Trojaner Ich aber, er is weg, ich will nur wissen ob Du noch irgendwelche Probleme merkst Lösch bitte AdwCleaner und lad ihn neu, lass laufen und poste das Logfile, zusammen mit einem frischen FRST log
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.07.2013, 16:04
| #11 |
| | neuer Laptop mit windows8 infiziert mit Trojaner Vielen vlelen Dank!!!! )))Ich freu mich sehr! Es kommen auch keine Meldungen mehr über vorhandene Bedrohungen. Hier die logfile von adw.cleaner und eine frische frst...! FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by Sergej (administrator) on 17-07-2013 15:09:30
Running from C:\Users\Sergej\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\windows\system32\wwahost.exe
(Microsoft Corporation) C:\Windows\System32\CredentialUIBroker.exe
() C:\Users\Sergej\Downloads\adwcleaner.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe
(Farbar) C:\Users\Sergej\Downloads\FRST64 (4).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-27] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip [223245 2012-07-27] ()
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [x]
HKCU\...\Run: [Hoolapp Android] - "C:\Users\Sergej\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized [x]
HKLM-x32\...\Run: [Intel AppUp(SM) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-08-02] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] - "C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe" [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [TPUReg(x86)] - "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes [x]
HKLM-x32\...\Run: [TPUReg] - "C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe" /Retimes [6884352 2012-08-23] (Pegatron Corporation)
HKLM-x32\...\Run: [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll [4408368 2013-04-29] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKLM - {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - DefaultScope {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} URL =
SearchScopes: HKCU - {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} URL =
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Sergej\AppData\Roaming\Mozilla\Firefox\Profiles\xfcgs317.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Yahoo! Toolbar - C:\Users\Sergej\AppData\Roaming\Mozilla\Firefox\Profiles\xfcgs317.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
Chrome:
=======
CHR Extension: (DealPly Shopping ) - C:\Users\Sergej\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci\3.5.0.0_0
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-14] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-09-27] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-11] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\system32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-06-27] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-17 15:09 - 2013-07-17 15:09 - 01778209 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (4).exe
2013-07-17 15:07 - 2013-07-17 15:07 - 01778209 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (3).exe
2013-07-17 14:56 - 2013-07-17 14:56 - 00001024 _____ C:\AdwCleaner[R1].txt
2013-07-17 14:53 - 2013-07-17 14:53 - 00662345 _____ C:\Users\Sergej\Downloads\adwcleaner.exe
2013-07-17 12:36 - 2013-07-17 12:36 - 00448512 _____ (OldTimer Tools) C:\Users\Sergej\Downloads\TFC.exe
2013-07-16 20:46 - 2013-07-16 20:46 - 00891022 _____ C:\Users\Sergej\Downloads\SecurityCheck.exe
2013-07-16 16:09 - 2013-07-16 16:09 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-16 15:44 - 2013-07-16 15:44 - 02347384 _____ (ESET) C:\Users\Sergej\Downloads\esetsmartinstaller_enu.exe
2013-07-16 13:40 - 2013-07-16 13:40 - 00026111 _____ C:\Users\Sergej\Downloads\Addition.txt
2013-07-16 13:38 - 2013-07-16 13:38 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (2).exe
2013-07-16 13:37 - 2013-07-16 13:37 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (1).exe
2013-07-16 13:29 - 2013-07-16 13:31 - 00001040 _____ C:\AdwCleaner[S2].txt
2013-07-16 13:14 - 2013-07-16 13:14 - 00002880 _____ C:\Users\Sergej\Desktop\JRT.txt
2013-07-16 13:10 - 2013-07-16 13:10 - 00000000 ____D C:\windows\ERUNT
2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511.exe
2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511(1).exe
2013-07-16 00:03 - 2013-07-16 00:03 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT.exe
2013-07-15 20:49 - 2013-07-15 20:50 - 00025313 _____ C:\AdwCleaner[S1].txt
2013-07-14 16:38 - 2013-07-14 16:38 - 00000000 ____D C:\FRST
2013-07-14 16:37 - 2013-07-14 16:37 - 01777839 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64.exe
2013-07-14 16:22 - 2013-07-14 16:22 - 01218214 _____ (Farbar) C:\Users\Sergej\Downloads\FRST.exe
2013-07-14 16:10 - 2013-07-14 16:11 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(2).exe
2013-07-14 15:53 - 2013-07-14 15:53 - 00000983 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-14 15:52 - 2013-07-14 15:53 - 00003716 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-14 15:51 - 2013-07-14 15:51 - 00000000 ____D C:\Program Files (x86)\AVG
2013-07-14 15:47 - 2013-07-14 15:49 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(1).exe
2013-07-14 13:13 - 2013-07-14 13:13 - 00003436 _____ C:\windows\System32\Tasks\BrowserDefendert
2013-07-14 13:08 - 2013-07-14 13:08 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163(1).exe
2013-07-14 02:31 - 2013-07-14 02:31 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163.exe
2013-07-14 01:10 - 2013-07-14 01:53 - 00074566 _____ C:\Users\Sergej\Downloads\Extras.Txt
2013-07-14 01:09 - 2013-07-14 13:52 - 00110344 _____ C:\Users\Sergej\Downloads\OTL.Txt
2013-07-14 00:58 - 2013-07-14 00:58 - 00602112 _____ (OldTimer Tools) C:\Users\Sergej\Downloads\OTL.exe
2013-07-13 23:57 - 2013-07-13 23:59 - 00000474 _____ C:\Users\Sergej\Downloads\defogger_disable.log
2013-07-13 23:57 - 2013-07-13 23:57 - 00000000 _____ C:\Users\Sergej\defogger_reenable
2013-07-13 23:54 - 2013-07-13 23:54 - 00050477 _____ C:\Users\Sergej\Downloads\Defogger.exe
2013-07-13 18:47 - 2013-07-13 18:48 - 104943936 _____ C:\Users\Sergej\Downloads\avira3737_free_antivirus_de.exe
2013-07-13 18:35 - 2013-07-13 18:37 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461.exe
2013-07-13 14:06 - 2013-07-13 14:06 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Malwarebytes
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-13 14:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-07-13 13:49 - 2013-07-13 13:49 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sergej\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-27 00:46 - 2013-06-27 00:46 - 00248632 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgwfpa.sys
2013-06-19 19:55 - 2013-06-19 19:55 - 00004034 _____ C:\windows\System32\Tasks\LaunchApp
2013-06-19 19:54 - 2013-06-19 19:54 - 00000000 ____D C:\Users\Sergej\SyncFolder
==================== One Month Modified Files and Folders =======
2013-07-17 15:09 - 2013-07-17 15:09 - 01778209 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (4).exe
2013-07-17 15:07 - 2013-07-17 15:07 - 01778209 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (3).exe
2013-07-17 15:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-07-17 14:57 - 2013-06-09 06:03 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-17 14:56 - 2013-07-17 14:56 - 00001024 _____ C:\AdwCleaner[R1].txt
2013-07-17 14:53 - 2013-07-17 14:53 - 00662345 _____ C:\Users\Sergej\Downloads\adwcleaner.exe
2013-07-17 14:27 - 2013-02-05 18:11 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-479101278-746428876-1552860082-1001
2013-07-17 14:25 - 2013-02-05 18:03 - 00000000 ____D C:\Users\Sergej
2013-07-17 14:22 - 2013-06-09 05:34 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-07-17 14:22 - 2013-02-05 18:05 - 00000000 ___RD C:\Users\Sergej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-17 14:18 - 2012-11-30 20:53 - 00000000 ____D C:\ProgramData\WildTangent
2013-07-17 12:36 - 2013-07-17 12:36 - 00448512 _____ (OldTimer Tools) C:\Users\Sergej\Downloads\TFC.exe
2013-07-17 12:32 - 2013-02-08 18:50 - 00000000 ____D C:\ProgramData\MFAData
2013-07-16 21:51 - 2013-06-09 05:38 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\HoolappForAndroid
2013-07-16 21:47 - 2013-02-09 00:27 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\uTorrent
2013-07-16 20:46 - 2013-07-16 20:46 - 00891022 _____ C:\Users\Sergej\Downloads\SecurityCheck.exe
2013-07-16 16:09 - 2013-07-16 16:09 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-16 15:44 - 2013-07-16 15:44 - 02347384 _____ (ESET) C:\Users\Sergej\Downloads\esetsmartinstaller_enu.exe
2013-07-16 13:40 - 2013-07-16 13:40 - 00026111 _____ C:\Users\Sergej\Downloads\Addition.txt
2013-07-16 13:39 - 2012-08-01 18:38 - 00753134 _____ C:\windows\system32\perfh007.dat
2013-07-16 13:39 - 2012-08-01 18:38 - 00155826 _____ C:\windows\system32\perfc007.dat
2013-07-16 13:39 - 2012-07-26 09:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-16 13:38 - 2013-07-16 13:38 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (2).exe
2013-07-16 13:37 - 2013-07-16 13:37 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (1).exe
2013-07-16 13:32 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-16 13:31 - 2013-07-16 13:29 - 00001040 _____ C:\AdwCleaner[S2].txt
2013-07-16 13:31 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-07-16 13:14 - 2013-07-16 13:14 - 00002880 _____ C:\Users\Sergej\Desktop\JRT.txt
2013-07-16 13:10 - 2013-07-16 13:10 - 00000000 ____D C:\windows\ERUNT
2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511.exe
2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511(1).exe
2013-07-16 00:03 - 2013-07-16 00:03 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT.exe
2013-07-15 20:50 - 2013-07-15 20:49 - 00025313 _____ C:\AdwCleaner[S1].txt
2013-07-14 16:38 - 2013-07-14 16:38 - 00000000 ____D C:\FRST
2013-07-14 16:37 - 2013-07-14 16:37 - 01777839 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64.exe
2013-07-14 16:22 - 2013-07-14 16:22 - 01218214 _____ (Farbar) C:\Users\Sergej\Downloads\FRST.exe
2013-07-14 16:11 - 2013-07-14 16:10 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(2).exe
2013-07-14 15:53 - 2013-07-14 15:53 - 00000983 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-14 15:53 - 2013-07-14 15:52 - 00003716 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-14 15:53 - 2013-02-08 18:54 - 00000000 ____D C:\ProgramData\AVG2013
2013-07-14 15:53 - 2013-02-08 18:50 - 00000000 ____D C:\Users\Sergej\AppData\Local\Avg2013
2013-07-14 15:52 - 2013-02-08 18:54 - 00000000 ___HD C:\$AVG
2013-07-14 15:52 - 2012-07-26 10:12 - 00000000 ___HD C:\windows\ELAMBKUP
2013-07-14 15:51 - 2013-07-14 15:51 - 00000000 ____D C:\Program Files (x86)\AVG
2013-07-14 15:49 - 2013-07-14 15:47 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(1).exe
2013-07-14 15:01 - 2013-06-16 15:01 - 00001426 _____ C:\Users\Sergej\Desktop\Registry kostenlos entrümpeln!.lnk
2013-07-14 15:01 - 2013-06-09 05:32 - 00003108 _____ C:\windows\System32\Tasks\RegClean Pro
2013-07-14 13:52 - 2013-07-14 01:09 - 00110344 _____ C:\Users\Sergej\Downloads\OTL.Txt
2013-07-14 13:14 - 2013-06-09 05:35 - 00003120 _____ C:\windows\System32\Tasks\Advanced System Protector_startup
2013-07-14 13:13 - 2013-07-14 13:13 - 00003436 _____ C:\windows\System32\Tasks\BrowserDefendert
2013-07-14 13:08 - 2013-07-14 13:08 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163(1).exe
2013-07-14 02:31 - 2013-07-14 02:31 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163.exe
2013-07-14 01:53 - 2013-07-14 01:10 - 00074566 _____ C:\Users\Sergej\Downloads\Extras.Txt
2013-07-14 00:58 - 2013-07-14 00:58 - 00602112 _____ (OldTimer Tools) C:\Users\Sergej\Downloads\OTL.exe
2013-07-14 00:04 - 2012-09-11 07:42 - 00016426 _____ C:\windows\PFRO.log
2013-07-13 23:59 - 2013-07-13 23:57 - 00000474 _____ C:\Users\Sergej\Downloads\defogger_disable.log
2013-07-13 23:57 - 2013-07-13 23:57 - 00000000 _____ C:\Users\Sergej\defogger_reenable
2013-07-13 23:54 - 2013-07-13 23:54 - 00050477 _____ C:\Users\Sergej\Downloads\Defogger.exe
2013-07-13 18:48 - 2013-07-13 18:47 - 104943936 _____ C:\Users\Sergej\Downloads\avira3737_free_antivirus_de.exe
2013-07-13 18:37 - 2013-07-13 18:35 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461.exe
2013-07-13 17:05 - 2013-06-09 05:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-13 16:34 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF
2013-07-13 14:18 - 2013-06-09 05:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-13 14:06 - 2013-07-13 14:06 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Malwarebytes
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-13 13:49 - 2013-07-13 13:49 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sergej\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-13 12:43 - 2013-02-05 18:02 - 01350728 _____ C:\windows\WindowsUpdate.log
2013-07-13 12:31 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-07-11 19:08 - 2013-02-08 22:28 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Skype
2013-07-11 12:38 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2013-07-11 12:36 - 2013-02-08 18:55 - 00045856 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2013-06-27 15:02 - 2013-05-18 09:07 - 00000000 ____D C:\Users\Sergej\AppData\Local\Nero
2013-06-27 00:46 - 2013-06-27 00:46 - 00248632 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgwfpa.sys
2013-06-21 22:19 - 2013-06-09 05:39 - 00003398 _____ C:\windows\System32\Tasks\EPUpdater
2013-06-19 19:55 - 2013-06-19 19:55 - 00004034 _____ C:\windows\System32\Tasks\LaunchApp
2013-06-19 19:54 - 2013-06-19 19:54 - 00000000 ____D C:\Users\Sergej\SyncFolder
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-11 14:01
==================== End Of Log ============================
--- --- --- --- --- --- ************************* AdwCleaner[R1].txt - [776 octets] - [17/07/2013 14:56:10] AdwCleaner[S1].txt - [25313 octets] - [15/07/2013 20:49:32] AdwCleaner[S2].txt - [1040 octets] - [16/07/2013 13:29:39] ########## EOF - C:\AdwCleaner[R1].txt - [956 octets] ########## Code:
ATTFilter # AdwCleaner v2.305 - Datei am 17/07/2013 um 14:56:10 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzer : Sergej - BEISPIEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sergej\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Program Files (x86)\Common Files\AVG Secure Search
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Sergej\AppData\Roaming\Mozilla\Firefox\Profiles\xfcgs317.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [776 octets] - [17/07/2013 14:56:10]
AdwCleaner[S1].txt - [25313 octets] - [15/07/2013 20:49:32]
AdwCleaner[S2].txt - [1040 octets] - [16/07/2013 13:29:39]
########## EOF - C:\AdwCleaner[R1].txt - [956 octets] ##########
Lieben Gruß, Doma Code:
ATTFilter # AdwCleaner v2.305 - Datei am 17/07/2013 um 14:56:10 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzer : Sergej - BEISPIEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sergej\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Program Files (x86)\Common Files\AVG Secure Search
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Sergej\AppData\Roaming\Mozilla\Firefox\Profiles\xfcgs317.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [776 octets] - [17/07/2013 14:56:10]
AdwCleaner[S1].txt - [25313 octets] - [15/07/2013 20:49:32]
AdwCleaner[S2].txt - [1040 octets] - [16/07/2013 13:29:39]
########## EOF - C:\AdwCleaner[R1].txt - [956 octets] ##########
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by Sergej (administrator) on 17-07-2013 15:09:30
Running from C:\Users\Sergej\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\windows\system32\wwahost.exe
(Microsoft Corporation) C:\Windows\System32\CredentialUIBroker.exe
() C:\Users\Sergej\Downloads\adwcleaner.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe
(Farbar) C:\Users\Sergej\Downloads\FRST64 (4).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-27] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip [223245 2012-07-27] ()
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [x]
HKCU\...\Run: [Hoolapp Android] - "C:\Users\Sergej\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized [x]
HKLM-x32\...\Run: [Intel AppUp(SM) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-08-02] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] - "C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe" [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [TPUReg(x86)] - "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes [x]
HKLM-x32\...\Run: [TPUReg] - "C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe" /Retimes [6884352 2012-08-23] (Pegatron Corporation)
HKLM-x32\...\Run: [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll [4408368 2013-04-29] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKLM - {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - DefaultScope {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} URL =
SearchScopes: HKCU - {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} URL =
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Sergej\AppData\Roaming\Mozilla\Firefox\Profiles\xfcgs317.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Yahoo! Toolbar - C:\Users\Sergej\AppData\Roaming\Mozilla\Firefox\Profiles\xfcgs317.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
Chrome:
=======
CHR Extension: (DealPly Shopping ) - C:\Users\Sergej\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci\3.5.0.0_0
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-14] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-09-27] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-11] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\system32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-06-27] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-17 15:09 - 2013-07-17 15:09 - 01778209 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (4).exe
2013-07-17 15:07 - 2013-07-17 15:07 - 01778209 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (3).exe
2013-07-17 14:56 - 2013-07-17 14:56 - 00001024 _____ C:\AdwCleaner[R1].txt
2013-07-17 14:53 - 2013-07-17 14:53 - 00662345 _____ C:\Users\Sergej\Downloads\adwcleaner.exe
2013-07-17 12:36 - 2013-07-17 12:36 - 00448512 _____ (OldTimer Tools) C:\Users\Sergej\Downloads\TFC.exe
2013-07-16 20:46 - 2013-07-16 20:46 - 00891022 _____ C:\Users\Sergej\Downloads\SecurityCheck.exe
2013-07-16 16:09 - 2013-07-16 16:09 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-16 15:44 - 2013-07-16 15:44 - 02347384 _____ (ESET) C:\Users\Sergej\Downloads\esetsmartinstaller_enu.exe
2013-07-16 13:40 - 2013-07-16 13:40 - 00026111 _____ C:\Users\Sergej\Downloads\Addition.txt
2013-07-16 13:38 - 2013-07-16 13:38 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (2).exe
2013-07-16 13:37 - 2013-07-16 13:37 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (1).exe
2013-07-16 13:29 - 2013-07-16 13:31 - 00001040 _____ C:\AdwCleaner[S2].txt
2013-07-16 13:14 - 2013-07-16 13:14 - 00002880 _____ C:\Users\Sergej\Desktop\JRT.txt
2013-07-16 13:10 - 2013-07-16 13:10 - 00000000 ____D C:\windows\ERUNT
2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511.exe
2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511(1).exe
2013-07-16 00:03 - 2013-07-16 00:03 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT.exe
2013-07-15 20:49 - 2013-07-15 20:50 - 00025313 _____ C:\AdwCleaner[S1].txt
2013-07-14 16:38 - 2013-07-14 16:38 - 00000000 ____D C:\FRST
2013-07-14 16:37 - 2013-07-14 16:37 - 01777839 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64.exe
2013-07-14 16:22 - 2013-07-14 16:22 - 01218214 _____ (Farbar) C:\Users\Sergej\Downloads\FRST.exe
2013-07-14 16:10 - 2013-07-14 16:11 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(2).exe
2013-07-14 15:53 - 2013-07-14 15:53 - 00000983 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-14 15:52 - 2013-07-14 15:53 - 00003716 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-14 15:51 - 2013-07-14 15:51 - 00000000 ____D C:\Program Files (x86)\AVG
2013-07-14 15:47 - 2013-07-14 15:49 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(1).exe
2013-07-14 13:13 - 2013-07-14 13:13 - 00003436 _____ C:\windows\System32\Tasks\BrowserDefendert
2013-07-14 13:08 - 2013-07-14 13:08 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163(1).exe
2013-07-14 02:31 - 2013-07-14 02:31 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163.exe
2013-07-14 01:10 - 2013-07-14 01:53 - 00074566 _____ C:\Users\Sergej\Downloads\Extras.Txt
2013-07-14 01:09 - 2013-07-14 13:52 - 00110344 _____ C:\Users\Sergej\Downloads\OTL.Txt
2013-07-14 00:58 - 2013-07-14 00:58 - 00602112 _____ (OldTimer Tools) C:\Users\Sergej\Downloads\OTL.exe
2013-07-13 23:57 - 2013-07-13 23:59 - 00000474 _____ C:\Users\Sergej\Downloads\defogger_disable.log
2013-07-13 23:57 - 2013-07-13 23:57 - 00000000 _____ C:\Users\Sergej\defogger_reenable
2013-07-13 23:54 - 2013-07-13 23:54 - 00050477 _____ C:\Users\Sergej\Downloads\Defogger.exe
2013-07-13 18:47 - 2013-07-13 18:48 - 104943936 _____ C:\Users\Sergej\Downloads\avira3737_free_antivirus_de.exe
2013-07-13 18:35 - 2013-07-13 18:37 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461.exe
2013-07-13 14:06 - 2013-07-13 14:06 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Malwarebytes
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-13 14:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-07-13 13:49 - 2013-07-13 13:49 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sergej\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-27 00:46 - 2013-06-27 00:46 - 00248632 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgwfpa.sys
2013-06-19 19:55 - 2013-06-19 19:55 - 00004034 _____ C:\windows\System32\Tasks\LaunchApp
2013-06-19 19:54 - 2013-06-19 19:54 - 00000000 ____D C:\Users\Sergej\SyncFolder
==================== One Month Modified Files and Folders =======
2013-07-17 15:09 - 2013-07-17 15:09 - 01778209 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (4).exe
2013-07-17 15:07 - 2013-07-17 15:07 - 01778209 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (3).exe
2013-07-17 15:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-07-17 14:57 - 2013-06-09 06:03 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-17 14:56 - 2013-07-17 14:56 - 00001024 _____ C:\AdwCleaner[R1].txt
2013-07-17 14:53 - 2013-07-17 14:53 - 00662345 _____ C:\Users\Sergej\Downloads\adwcleaner.exe
2013-07-17 14:27 - 2013-02-05 18:11 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-479101278-746428876-1552860082-1001
2013-07-17 14:25 - 2013-02-05 18:03 - 00000000 ____D C:\Users\Sergej
2013-07-17 14:22 - 2013-06-09 05:34 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-07-17 14:22 - 2013-02-05 18:05 - 00000000 ___RD C:\Users\Sergej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-17 14:18 - 2012-11-30 20:53 - 00000000 ____D C:\ProgramData\WildTangent
2013-07-17 12:36 - 2013-07-17 12:36 - 00448512 _____ (OldTimer Tools) C:\Users\Sergej\Downloads\TFC.exe
2013-07-17 12:32 - 2013-02-08 18:50 - 00000000 ____D C:\ProgramData\MFAData
2013-07-16 21:51 - 2013-06-09 05:38 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\HoolappForAndroid
2013-07-16 21:47 - 2013-02-09 00:27 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\uTorrent
2013-07-16 20:46 - 2013-07-16 20:46 - 00891022 _____ C:\Users\Sergej\Downloads\SecurityCheck.exe
2013-07-16 16:09 - 2013-07-16 16:09 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-16 15:44 - 2013-07-16 15:44 - 02347384 _____ (ESET) C:\Users\Sergej\Downloads\esetsmartinstaller_enu.exe
2013-07-16 13:40 - 2013-07-16 13:40 - 00026111 _____ C:\Users\Sergej\Downloads\Addition.txt
2013-07-16 13:39 - 2012-08-01 18:38 - 00753134 _____ C:\windows\system32\perfh007.dat
2013-07-16 13:39 - 2012-08-01 18:38 - 00155826 _____ C:\windows\system32\perfc007.dat
2013-07-16 13:39 - 2012-07-26 09:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-16 13:38 - 2013-07-16 13:38 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (2).exe
2013-07-16 13:37 - 2013-07-16 13:37 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (1).exe
2013-07-16 13:32 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-16 13:31 - 2013-07-16 13:29 - 00001040 _____ C:\AdwCleaner[S2].txt
2013-07-16 13:31 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-07-16 13:14 - 2013-07-16 13:14 - 00002880 _____ C:\Users\Sergej\Desktop\JRT.txt
2013-07-16 13:10 - 2013-07-16 13:10 - 00000000 ____D C:\windows\ERUNT
2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511.exe
2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511(1).exe
2013-07-16 00:03 - 2013-07-16 00:03 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT.exe
2013-07-15 20:50 - 2013-07-15 20:49 - 00025313 _____ C:\AdwCleaner[S1].txt
2013-07-14 16:38 - 2013-07-14 16:38 - 00000000 ____D C:\FRST
2013-07-14 16:37 - 2013-07-14 16:37 - 01777839 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64.exe
2013-07-14 16:22 - 2013-07-14 16:22 - 01218214 _____ (Farbar) C:\Users\Sergej\Downloads\FRST.exe
2013-07-14 16:11 - 2013-07-14 16:10 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(2).exe
2013-07-14 15:53 - 2013-07-14 15:53 - 00000983 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-14 15:53 - 2013-07-14 15:52 - 00003716 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-14 15:53 - 2013-02-08 18:54 - 00000000 ____D C:\ProgramData\AVG2013
2013-07-14 15:53 - 2013-02-08 18:50 - 00000000 ____D C:\Users\Sergej\AppData\Local\Avg2013
2013-07-14 15:52 - 2013-02-08 18:54 - 00000000 ___HD C:\$AVG
2013-07-14 15:52 - 2012-07-26 10:12 - 00000000 ___HD C:\windows\ELAMBKUP
2013-07-14 15:51 - 2013-07-14 15:51 - 00000000 ____D C:\Program Files (x86)\AVG
2013-07-14 15:49 - 2013-07-14 15:47 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(1).exe
2013-07-14 15:01 - 2013-06-16 15:01 - 00001426 _____ C:\Users\Sergej\Desktop\Registry kostenlos entrümpeln!.lnk
2013-07-14 15:01 - 2013-06-09 05:32 - 00003108 _____ C:\windows\System32\Tasks\RegClean Pro
2013-07-14 13:52 - 2013-07-14 01:09 - 00110344 _____ C:\Users\Sergej\Downloads\OTL.Txt
2013-07-14 13:14 - 2013-06-09 05:35 - 00003120 _____ C:\windows\System32\Tasks\Advanced System Protector_startup
2013-07-14 13:13 - 2013-07-14 13:13 - 00003436 _____ C:\windows\System32\Tasks\BrowserDefendert
2013-07-14 13:08 - 2013-07-14 13:08 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163(1).exe
2013-07-14 02:31 - 2013-07-14 02:31 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163.exe
2013-07-14 01:53 - 2013-07-14 01:10 - 00074566 _____ C:\Users\Sergej\Downloads\Extras.Txt
2013-07-14 00:58 - 2013-07-14 00:58 - 00602112 _____ (OldTimer Tools) C:\Users\Sergej\Downloads\OTL.exe
2013-07-14 00:04 - 2012-09-11 07:42 - 00016426 _____ C:\windows\PFRO.log
2013-07-13 23:59 - 2013-07-13 23:57 - 00000474 _____ C:\Users\Sergej\Downloads\defogger_disable.log
2013-07-13 23:57 - 2013-07-13 23:57 - 00000000 _____ C:\Users\Sergej\defogger_reenable
2013-07-13 23:54 - 2013-07-13 23:54 - 00050477 _____ C:\Users\Sergej\Downloads\Defogger.exe
2013-07-13 18:48 - 2013-07-13 18:47 - 104943936 _____ C:\Users\Sergej\Downloads\avira3737_free_antivirus_de.exe
2013-07-13 18:37 - 2013-07-13 18:35 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461.exe
2013-07-13 17:05 - 2013-06-09 05:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-13 16:34 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF
2013-07-13 14:18 - 2013-06-09 05:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-13 14:06 - 2013-07-13 14:06 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Malwarebytes
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-13 13:49 - 2013-07-13 13:49 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sergej\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-13 12:43 - 2013-02-05 18:02 - 01350728 _____ C:\windows\WindowsUpdate.log
2013-07-13 12:31 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-07-11 19:08 - 2013-02-08 22:28 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Skype
2013-07-11 12:38 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2013-07-11 12:36 - 2013-02-08 18:55 - 00045856 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2013-06-27 15:02 - 2013-05-18 09:07 - 00000000 ____D C:\Users\Sergej\AppData\Local\Nero
2013-06-27 00:46 - 2013-06-27 00:46 - 00248632 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgwfpa.sys
2013-06-21 22:19 - 2013-06-09 05:39 - 00003398 _____ C:\windows\System32\Tasks\EPUpdater
2013-06-19 19:55 - 2013-06-19 19:55 - 00004034 _____ C:\windows\System32\Tasks\LaunchApp
2013-06-19 19:54 - 2013-06-19 19:54 - 00000000 ____D C:\Users\Sergej\SyncFolder
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-11 14:01
==================== End Of Log ============================
--- --- --- --- --- --- Lieber Schrauber, falls dies nun doppelt beantwortet ist, sorry, aber anscheinend hat die letzte Sendung nicht geklappt. Also ganz herzlichst Dankeschön  für deine kompetente Unterstützung. Ich glaube auch der Virus ist weg. Echt  super!!!Vielleicht hast du noch einen abschließenden Tip für mich...? Was soll ich z.B. unbedingt wieder löschen von den Programmen ? Alles Gute Gruß, Doma Code:
ATTFilter # AdwCleaner v2.305 - Datei am 17/07/2013 um 14:56:10 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzer : Sergej - BEISPIEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sergej\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Program Files (x86)\Common Files\AVG Secure Search
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Sergej\AppData\Roaming\Mozilla\Firefox\Profiles\xfcgs317.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [776 octets] - [17/07/2013 14:56:10]
AdwCleaner[S1].txt - [25313 octets] - [15/07/2013 20:49:32]
AdwCleaner[S2].txt - [1040 octets] - [16/07/2013 13:29:39]
########## EOF - C:\AdwCleaner[R1].txt - [956 octets] ##########
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by Sergej (administrator) on 17-07-2013 15:09:30
Running from C:\Users\Sergej\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\windows\system32\wwahost.exe
(Microsoft Corporation) C:\Windows\System32\CredentialUIBroker.exe
() C:\Users\Sergej\Downloads\adwcleaner.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe
(Farbar) C:\Users\Sergej\Downloads\FRST64 (4).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-27] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip [223245 2012-07-27] ()
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [x]
HKCU\...\Run: [Hoolapp Android] - "C:\Users\Sergej\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized [x]
HKLM-x32\...\Run: [Intel AppUp(SM) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-08-02] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] - "C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe" [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [TPUReg(x86)] - "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes [x]
HKLM-x32\...\Run: [TPUReg] - "C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe" /Retimes [6884352 2012-08-23] (Pegatron Corporation)
HKLM-x32\...\Run: [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll [4408368 2013-04-29] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKLM - {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - DefaultScope {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} URL =
SearchScopes: HKCU - {6AF3F0C9-793F-4EA7-87D1-489A10347C0B} URL =
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Sergej\AppData\Roaming\Mozilla\Firefox\Profiles\xfcgs317.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Yahoo! Toolbar - C:\Users\Sergej\AppData\Roaming\Mozilla\Firefox\Profiles\xfcgs317.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
Chrome:
=======
CHR Extension: (DealPly Shopping ) - C:\Users\Sergej\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci\3.5.0.0_0
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-14] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-09-27] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-11] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\system32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-06-27] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-17 15:09 - 2013-07-17 15:09 - 01778209 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (4).exe
2013-07-17 15:07 - 2013-07-17 15:07 - 01778209 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (3).exe
2013-07-17 14:56 - 2013-07-17 14:56 - 00001024 _____ C:\AdwCleaner[R1].txt
2013-07-17 14:53 - 2013-07-17 14:53 - 00662345 _____ C:\Users\Sergej\Downloads\adwcleaner.exe
2013-07-17 12:36 - 2013-07-17 12:36 - 00448512 _____ (OldTimer Tools) C:\Users\Sergej\Downloads\TFC.exe
2013-07-16 20:46 - 2013-07-16 20:46 - 00891022 _____ C:\Users\Sergej\Downloads\SecurityCheck.exe
2013-07-16 16:09 - 2013-07-16 16:09 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-16 15:44 - 2013-07-16 15:44 - 02347384 _____ (ESET) C:\Users\Sergej\Downloads\esetsmartinstaller_enu.exe
2013-07-16 13:40 - 2013-07-16 13:40 - 00026111 _____ C:\Users\Sergej\Downloads\Addition.txt
2013-07-16 13:38 - 2013-07-16 13:38 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (2).exe
2013-07-16 13:37 - 2013-07-16 13:37 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (1).exe
2013-07-16 13:29 - 2013-07-16 13:31 - 00001040 _____ C:\AdwCleaner[S2].txt
2013-07-16 13:14 - 2013-07-16 13:14 - 00002880 _____ C:\Users\Sergej\Desktop\JRT.txt
2013-07-16 13:10 - 2013-07-16 13:10 - 00000000 ____D C:\windows\ERUNT
2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511.exe
2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511(1).exe
2013-07-16 00:03 - 2013-07-16 00:03 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT.exe
2013-07-15 20:49 - 2013-07-15 20:50 - 00025313 _____ C:\AdwCleaner[S1].txt
2013-07-14 16:38 - 2013-07-14 16:38 - 00000000 ____D C:\FRST
2013-07-14 16:37 - 2013-07-14 16:37 - 01777839 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64.exe
2013-07-14 16:22 - 2013-07-14 16:22 - 01218214 _____ (Farbar) C:\Users\Sergej\Downloads\FRST.exe
2013-07-14 16:10 - 2013-07-14 16:11 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(2).exe
2013-07-14 15:53 - 2013-07-14 15:53 - 00000983 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-14 15:52 - 2013-07-14 15:53 - 00003716 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-14 15:51 - 2013-07-14 15:51 - 00000000 ____D C:\Program Files (x86)\AVG
2013-07-14 15:47 - 2013-07-14 15:49 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(1).exe
2013-07-14 13:13 - 2013-07-14 13:13 - 00003436 _____ C:\windows\System32\Tasks\BrowserDefendert
2013-07-14 13:08 - 2013-07-14 13:08 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163(1).exe
2013-07-14 02:31 - 2013-07-14 02:31 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163.exe
2013-07-14 01:10 - 2013-07-14 01:53 - 00074566 _____ C:\Users\Sergej\Downloads\Extras.Txt
2013-07-14 01:09 - 2013-07-14 13:52 - 00110344 _____ C:\Users\Sergej\Downloads\OTL.Txt
2013-07-14 00:58 - 2013-07-14 00:58 - 00602112 _____ (OldTimer Tools) C:\Users\Sergej\Downloads\OTL.exe
2013-07-13 23:57 - 2013-07-13 23:59 - 00000474 _____ C:\Users\Sergej\Downloads\defogger_disable.log
2013-07-13 23:57 - 2013-07-13 23:57 - 00000000 _____ C:\Users\Sergej\defogger_reenable
2013-07-13 23:54 - 2013-07-13 23:54 - 00050477 _____ C:\Users\Sergej\Downloads\Defogger.exe
2013-07-13 18:47 - 2013-07-13 18:48 - 104943936 _____ C:\Users\Sergej\Downloads\avira3737_free_antivirus_de.exe
2013-07-13 18:35 - 2013-07-13 18:37 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461.exe
2013-07-13 14:06 - 2013-07-13 14:06 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Malwarebytes
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-13 14:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-07-13 13:49 - 2013-07-13 13:49 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sergej\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-27 00:46 - 2013-06-27 00:46 - 00248632 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgwfpa.sys
2013-06-19 19:55 - 2013-06-19 19:55 - 00004034 _____ C:\windows\System32\Tasks\LaunchApp
2013-06-19 19:54 - 2013-06-19 19:54 - 00000000 ____D C:\Users\Sergej\SyncFolder
==================== One Month Modified Files and Folders =======
2013-07-17 15:09 - 2013-07-17 15:09 - 01778209 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (4).exe
2013-07-17 15:07 - 2013-07-17 15:07 - 01778209 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (3).exe
2013-07-17 15:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-07-17 14:57 - 2013-06-09 06:03 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-17 14:56 - 2013-07-17 14:56 - 00001024 _____ C:\AdwCleaner[R1].txt
2013-07-17 14:53 - 2013-07-17 14:53 - 00662345 _____ C:\Users\Sergej\Downloads\adwcleaner.exe
2013-07-17 14:27 - 2013-02-05 18:11 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-479101278-746428876-1552860082-1001
2013-07-17 14:25 - 2013-02-05 18:03 - 00000000 ____D C:\Users\Sergej
2013-07-17 14:22 - 2013-06-09 05:34 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-07-17 14:22 - 2013-02-05 18:05 - 00000000 ___RD C:\Users\Sergej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-17 14:18 - 2012-11-30 20:53 - 00000000 ____D C:\ProgramData\WildTangent
2013-07-17 12:36 - 2013-07-17 12:36 - 00448512 _____ (OldTimer Tools) C:\Users\Sergej\Downloads\TFC.exe
2013-07-17 12:32 - 2013-02-08 18:50 - 00000000 ____D C:\ProgramData\MFAData
2013-07-16 21:51 - 2013-06-09 05:38 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\HoolappForAndroid
2013-07-16 21:47 - 2013-02-09 00:27 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\uTorrent
2013-07-16 20:46 - 2013-07-16 20:46 - 00891022 _____ C:\Users\Sergej\Downloads\SecurityCheck.exe
2013-07-16 16:09 - 2013-07-16 16:09 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-16 15:44 - 2013-07-16 15:44 - 02347384 _____ (ESET) C:\Users\Sergej\Downloads\esetsmartinstaller_enu.exe
2013-07-16 13:40 - 2013-07-16 13:40 - 00026111 _____ C:\Users\Sergej\Downloads\Addition.txt
2013-07-16 13:39 - 2012-08-01 18:38 - 00753134 _____ C:\windows\system32\perfh007.dat
2013-07-16 13:39 - 2012-08-01 18:38 - 00155826 _____ C:\windows\system32\perfc007.dat
2013-07-16 13:39 - 2012-07-26 09:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-16 13:38 - 2013-07-16 13:38 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (2).exe
2013-07-16 13:37 - 2013-07-16 13:37 - 01778135 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64 (1).exe
2013-07-16 13:32 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-16 13:31 - 2013-07-16 13:29 - 00001040 _____ C:\AdwCleaner[S2].txt
2013-07-16 13:31 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-07-16 13:14 - 2013-07-16 13:14 - 00002880 _____ C:\Users\Sergej\Desktop\JRT.txt
2013-07-16 13:10 - 2013-07-16 13:10 - 00000000 ____D C:\windows\ERUNT
2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511.exe
2013-07-16 13:08 - 2013-07-16 13:08 - 00559035 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT511(1).exe
2013-07-16 00:03 - 2013-07-16 00:03 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Sergej\Downloads\JRT.exe
2013-07-15 20:50 - 2013-07-15 20:49 - 00025313 _____ C:\AdwCleaner[S1].txt
2013-07-14 16:38 - 2013-07-14 16:38 - 00000000 ____D C:\FRST
2013-07-14 16:37 - 2013-07-14 16:37 - 01777839 _____ (Farbar) C:\Users\Sergej\Downloads\FRST64.exe
2013-07-14 16:22 - 2013-07-14 16:22 - 01218214 _____ (Farbar) C:\Users\Sergej\Downloads\FRST.exe
2013-07-14 16:11 - 2013-07-14 16:10 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(2).exe
2013-07-14 15:53 - 2013-07-14 15:53 - 00000983 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-14 15:53 - 2013-07-14 15:52 - 00003716 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-14 15:53 - 2013-02-08 18:54 - 00000000 ____D C:\ProgramData\AVG2013
2013-07-14 15:53 - 2013-02-08 18:50 - 00000000 ____D C:\Users\Sergej\AppData\Local\Avg2013
2013-07-14 15:52 - 2013-02-08 18:54 - 00000000 ___HD C:\$AVG
2013-07-14 15:52 - 2012-07-26 10:12 - 00000000 ___HD C:\windows\ELAMBKUP
2013-07-14 15:51 - 2013-07-14 15:51 - 00000000 ____D C:\Program Files (x86)\AVG
2013-07-14 15:49 - 2013-07-14 15:47 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461(1).exe
2013-07-14 15:01 - 2013-06-16 15:01 - 00001426 _____ C:\Users\Sergej\Desktop\Registry kostenlos entrümpeln!.lnk
2013-07-14 15:01 - 2013-06-09 05:32 - 00003108 _____ C:\windows\System32\Tasks\RegClean Pro
2013-07-14 13:52 - 2013-07-14 01:09 - 00110344 _____ C:\Users\Sergej\Downloads\OTL.Txt
2013-07-14 13:14 - 2013-06-09 05:35 - 00003120 _____ C:\windows\System32\Tasks\Advanced System Protector_startup
2013-07-14 13:13 - 2013-07-14 13:13 - 00003436 _____ C:\windows\System32\Tasks\BrowserDefendert
2013-07-14 13:08 - 2013-07-14 13:08 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163(1).exe
2013-07-14 02:31 - 2013-07-14 02:31 - 00377856 _____ C:\Users\Sergej\Downloads\gmer_2.1.19163.exe
2013-07-14 01:53 - 2013-07-14 01:10 - 00074566 _____ C:\Users\Sergej\Downloads\Extras.Txt
2013-07-14 00:58 - 2013-07-14 00:58 - 00602112 _____ (OldTimer Tools) C:\Users\Sergej\Downloads\OTL.exe
2013-07-14 00:04 - 2012-09-11 07:42 - 00016426 _____ C:\windows\PFRO.log
2013-07-13 23:59 - 2013-07-13 23:57 - 00000474 _____ C:\Users\Sergej\Downloads\defogger_disable.log
2013-07-13 23:57 - 2013-07-13 23:57 - 00000000 _____ C:\Users\Sergej\defogger_reenable
2013-07-13 23:54 - 2013-07-13 23:54 - 00050477 _____ C:\Users\Sergej\Downloads\Defogger.exe
2013-07-13 18:48 - 2013-07-13 18:47 - 104943936 _____ C:\Users\Sergej\Downloads\avira3737_free_antivirus_de.exe
2013-07-13 18:37 - 2013-07-13 18:35 - 140002992 _____ (AVG Technologies) C:\Users\Sergej\Downloads\avg_free_x86_all_2013_3349a6461.exe
2013-07-13 17:05 - 2013-06-09 05:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-13 16:34 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF
2013-07-13 14:18 - 2013-06-09 05:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-13 14:06 - 2013-07-13 14:06 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Malwarebytes
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-13 14:06 - 2013-07-13 14:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-13 13:49 - 2013-07-13 13:49 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sergej\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-13 12:43 - 2013-02-05 18:02 - 01350728 _____ C:\windows\WindowsUpdate.log
2013-07-13 12:31 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-07-11 19:08 - 2013-02-08 22:28 - 00000000 ____D C:\Users\Sergej\AppData\Roaming\Skype
2013-07-11 12:38 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2013-07-11 12:36 - 2013-02-08 18:55 - 00045856 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2013-06-27 15:02 - 2013-05-18 09:07 - 00000000 ____D C:\Users\Sergej\AppData\Local\Nero
2013-06-27 00:46 - 2013-06-27 00:46 - 00248632 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgwfpa.sys
2013-06-21 22:19 - 2013-06-09 05:39 - 00003398 _____ C:\windows\System32\Tasks\EPUpdater
2013-06-19 19:55 - 2013-06-19 19:55 - 00004034 _____ C:\windows\System32\Tasks\LaunchApp
2013-06-19 19:54 - 2013-06-19 19:54 - 00000000 ____D C:\Users\Sergej\SyncFolder
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-11 14:01
==================== End Of Log ============================
--- --- --- Lieber Schrauber ich freu mich riesig, der Virus ist weg!!! Ganz herzlichen Dank Dir für Deine kompetente Hlfe. Echt super !!! Respekt!!! Gibts noch eine Kontrolle? Und darf ich mich wieder an dich wenden wenn ich ein Problem habe mit dem LT? Alles Gute Ganz liebe Grüße Doma |
|
18.07.2013, 07:18
| #12 |
| /// the machine /// TB-Ausbilder | neuer Laptop mit windows8 infiziert mit Trojaner Klar darfst Du das Fertig und aufräumen Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.07.2013, 13:22
| #13 |
| | neuer Laptop mit windows8 infiziert mit Trojaner Hallo Schrauber! Ganz herzlichen Dank für deine wertvollen Tips. Werde sie mir alle zu Herzen nehmen und vor allem auf den LT laden. Ich freu mich sehr dass ich mich an Dich wenden darf wenn was ist, so hoff ich doch dass das so schnell nicht mehr nötig sein wird !!! Dieses DelFix ist wirklich genial!. Hab ich gemacht und alles ist weg! Wie stell ich sicher mit windows 8 dass das System automatisch updatet??? Du beschreibst xp, vista und w7.... So denn nochmals ganz ganz vielen Dank für deine Hilfe. Ich danke Dir auch für Deine guten Wünsche.... Dir wünsche ich alles alles Liebe und Gute! Liebe Grüße Doma |
|
18.07.2013, 13:46
| #14 |
| /// the machine /// TB-Ausbilder | neuer Laptop mit windows8 infiziert mit Trojaner Gern Geschehen Windows 8 automatische Updates aktivieren - aktivieren, automatische Updates aktivieren, Updates, win8, Windows 8 - Windows 8 - Windows 8 Tipps, Optimieren, Tricks schau mal hier
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu neuer Laptop mit windows8 infiziert mit Trojaner |
| autorun, avg, avg secure search, avg security toolbar, bho, browser, browserdefendert, cid, cpu, delta chrome toolbar, error, festplatte, firefox, flash player, format, google, helper, homepage, iexplore.exe, install.exe, mozilla, nicht möglich, plug-in, problem, pup.dealply, qtrax, realtek, regclean, regclean pro, registry, rundll, secure search, security, software, svchost.exe, systweak, tarma, trojaner, visual studio, vtoolbarupdater, wildtangent games, windows |
Linear-Darstellung
