Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVÜ- Trojaner Windows 7 32 bit

GVÜ- Trojaner Windows 7 32 bit


Log-Analyse und Auswertung: GVÜ- Trojaner Windows 7 32 bit

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 4 1 23 Letzte »
Alt 20.08.2013, 08:01   #1
terryly
 
GVÜ- Trojaner Windows 7 32 bit - Standard

GVÜ- Trojaner Windows 7 32 bit


Hallo allerseits, ich brauche bitte mal Eure Hilfe;

Mein Vater hat sich gestern diese "Seuche" auf seinem Laptop eingefangen und es erscheint die bekannte Seite.

Ich habe die Anleitungen schon befolgt und poste Euch mal die Logfiles:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2013 03
Ran by SYSTEM on 20-08-2013 08:48:29
Running from D:\
Windows 7 Ultimate (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7739936 2010-01-15] (Realtek Semiconductor)
HKLM\...\Run: [Apple_KbdMgr] - C:\Program Files\Boot Camp\Bootcamp.exe [526208 2011-08-15] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13826664 2010-01-05] (NVIDIA Corporation)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [630784 2012-09-13] (Brother Industries, Ltd.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe
HKU\Pippo\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [ 2011-06-04] (Acresso Corporation)
HKU\Pippo\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe [ 2013-08-17] (Valve Corporation) <===== ATTENTION
HKU\Pippo\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.1;_de;_rv:1.9.2.6)_Gecko/20100625_Firefox/3.6.6" -"hxxp://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp?pluginsInstalled=true&RT=1280141163462" [x]
HKU\Pippo\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Pippo\...\Command Processor: "C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe" <===== ATTENTION!
Startup: C:\Users\Pippo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [194432 2011-08-15] ()
S2 AppleTimeSrv; C:\Windows\system32\AppleTimeSrv.exe [99640 2010-01-16] (Apple Inc.)
S2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [296808 2011-06-04] (Nuance Communications, Inc.)
S2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

S0 AppleHFS; C:\Windows\System32\Drivers\AppleHFS.sys [58200 2011-08-15] (Apple Inc.)
S0 AppleMNT; C:\Windows\System32\Drivers\AppleMNT.sys [15320 2011-08-15] (Apple Inc.)
S3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [10880 2011-01-31] (Apple Inc.)
S3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [29824 2011-01-31] (Apple Inc.)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-20] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-02-28] (Symantec Corporation)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-20] (Symantec Corporation)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130813.001\IDSvix86.sys [386720 2013-08-09] (Symantec Corporation)
S3 IRRemoteFlt; C:\Windows\System32\DRIVERS\IRFilter.sys [16512 2009-07-22] (Apple Inc.)
S2 KeyAgent; C:\Windows\system32\drivers\KeyAgent.sys [15064 2011-08-15] (Apple Inc.)
S3 KeyMagic; C:\Windows\System32\DRIVERS\KeyMagic.sys [26624 2011-06-02] (Apple Inc.)
S2 MacHALDriver; C:\Windows\system32\drivers\MacHALDriver.sys [12928 2010-11-11] (Apple Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130819.017\NAVENG.SYS [93272 2013-08-17] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130819.017\NAVEX15.SYS [1611992 2013-08-17] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-15] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-20] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-08-12] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [36512 2013-03-04] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-24] (Symantec Corporation)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 UacCtl2; system32\DRIVERS\uacctl2.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-17 11:28 - 2013-08-20 07:27 - 00001232 _____ C:\Windows\setupact.log
2013-08-17 11:28 - 2013-08-17 11:28 - 00408960 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-17 11:28 - 2013-08-17 11:28 - 00000000 _____ C:\Windows\setuperr.log
2013-08-17 10:29 - 2013-08-17 11:29 - 01084835 _____ C:\ProgramData\2433f433
2013-08-17 10:29 - 2013-08-17 11:29 - 01084811 _____ C:\Users\Pippo\AppData\Roaming\2433f433
2013-08-17 10:29 - 2013-08-17 11:29 - 01084807 _____ C:\Users\Pippo\AppData\Local\2433f433
2013-08-14 15:31 - 2013-08-14 15:32 - 00000000 ____D C:\Windows\System32\MRT
2013-08-14 15:27 - 2013-07-26 04:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-14 15:27 - 2013-07-26 04:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-14 15:27 - 2013-07-26 04:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-14 15:27 - 2013-07-26 04:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-14 15:27 - 2013-07-26 04:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-14 15:27 - 2013-07-26 04:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-14 15:27 - 2013-07-26 04:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-14 15:27 - 2013-07-26 04:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-14 15:27 - 2013-07-26 04:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-14 15:27 - 2013-07-26 04:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-14 15:27 - 2013-07-26 04:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-14 15:27 - 2013-07-26 04:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-14 15:27 - 2013-07-26 04:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-14 15:27 - 2013-07-26 03:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-14 15:27 - 2013-07-26 02:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-14 15:26 - 2013-07-26 04:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-14 12:53 - 2013-08-14 12:53 - 00001761 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-14 12:51 - 2013-08-14 12:52 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-14 12:51 - 2013-08-14 12:52 - 00000000 ____D C:\Program Files\iTunes
2013-08-14 12:51 - 2013-08-14 12:51 - 00000000 ____D C:\Program Files\iPod
2013-08-14 12:43 - 2013-08-14 12:43 - 00001823 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-14 12:43 - 2013-08-14 12:43 - 00000000 ____D C:\Program Files\QuickTime
2013-08-14 06:20 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-14 06:20 - 2013-07-09 06:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-08-14 06:20 - 2013-07-09 06:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-14 06:20 - 2013-07-09 05:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-14 06:20 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-14 06:20 - 2013-07-09 05:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-14 06:20 - 2013-07-09 05:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-14 06:20 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-14 06:20 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-14 06:20 - 2013-07-06 06:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-14 06:19 - 2013-07-19 02:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-14 06:19 - 2013-06-15 04:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-13 09:59 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-08-13 06:08 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-08-13 02:49 - 2013-08-13 02:49 - 00000000 __SHD C:\found.000
2013-08-13 02:04 - 2013-08-13 02:04 - 01441280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-08-13 02:04 - 2013-08-13 02:04 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-08-13 02:04 - 2013-08-13 02:04 - 00745472 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00719360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-08-13 02:04 - 2013-08-13 02:04 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00242200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00137216 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-08-13 02:04 - 2013-08-13 02:04 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-08-13 02:03 - 2013-08-13 02:03 - 03419136 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 02284544 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 01158144 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 01080832 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00906240 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00604160 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00364544 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00249856 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00207872 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00187392 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00161792 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-12 14:25 - 2013-08-12 14:25 - 04429440 _____ (Piriform Ltd) C:\Users\Pippo\Downloads\ccsetup404.exe
2013-08-12 13:54 - 2013-03-04 19:14 - 00036512 ____R (Symantec Corporation) C:\Windows\System32\Drivers\SymIMV.sys
2013-08-12 12:56 - 2013-06-05 04:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-08-12 12:56 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-08-12 12:56 - 2013-05-13 04:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-08-12 12:56 - 2013-05-13 04:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-08-12 12:56 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-08-12 12:56 - 2013-04-26 05:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-08-12 12:56 - 2013-04-26 00:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-08-12 12:56 - 2013-04-12 14:45 - 01211752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-08-12 12:56 - 2013-04-10 06:18 - 00728424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-08-12 12:56 - 2013-04-10 06:18 - 00218984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-08-12 12:56 - 2013-03-19 05:53 - 00186368 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-08-12 12:56 - 2013-03-19 05:48 - 00038912 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-08-12 12:56 - 2013-03-19 04:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-08-12 12:56 - 2013-03-19 03:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-08-12 12:56 - 2013-01-24 05:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-08-12 12:48 - 2013-02-27 06:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-08-12 12:48 - 2013-02-27 05:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-08-12 12:48 - 2013-02-27 05:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-08-12 12:48 - 2013-02-27 05:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-08-12 12:48 - 2013-02-27 05:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-08-12 12:44 - 2013-02-12 04:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023x.sys
2013-08-12 12:44 - 2013-02-12 04:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys

==================== One Month Modified Files and Folders =======

2013-08-20 07:35 - 2009-07-14 05:34 - 00015344 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-20 07:35 - 2009-07-14 05:34 - 00015344 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 07:32 - 2009-10-15 11:20 - 01507106 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-20 07:31 - 2013-02-23 11:00 - 01093981 _____ C:\Windows\WindowsUpdate.log
2013-08-20 07:27 - 2013-08-17 11:28 - 00001232 _____ C:\Windows\setupact.log
2013-08-18 12:34 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-08-17 11:29 - 2013-08-17 10:29 - 01084835 _____ C:\ProgramData\2433f433
2013-08-17 11:29 - 2013-08-17 10:29 - 01084811 _____ C:\Users\Pippo\AppData\Roaming\2433f433
2013-08-17 11:29 - 2013-08-17 10:29 - 01084807 _____ C:\Users\Pippo\AppData\Local\2433f433
2013-08-17 11:28 - 2013-08-17 11:28 - 00408960 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-17 11:28 - 2013-08-17 11:28 - 00000000 _____ C:\Windows\setuperr.log
2013-08-17 08:14 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-17 08:01 - 2010-07-01 07:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-17 08:00 - 2009-07-14 03:04 - 00000478 _____ C:\Windows\win.ini
2013-08-15 12:34 - 2009-10-15 10:06 - 00000000 ____D C:\Windows\Panther
2013-08-15 07:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-08-15 06:22 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-08-14 15:32 - 2013-08-14 15:31 - 00000000 ____D C:\Windows\System32\MRT
2013-08-14 15:31 - 2009-10-15 11:37 - 75778376 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-14 12:53 - 2013-08-14 12:53 - 00001761 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-14 12:52 - 2013-08-14 12:51 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-14 12:52 - 2013-08-14 12:51 - 00000000 ____D C:\Program Files\iTunes
2013-08-14 12:51 - 2013-08-14 12:51 - 00000000 ____D C:\Program Files\iPod
2013-08-14 12:51 - 2009-10-30 07:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-14 12:43 - 2013-08-14 12:43 - 00001823 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-14 12:43 - 2013-08-14 12:43 - 00000000 ____D C:\Program Files\QuickTime
2013-08-13 02:51 - 2011-02-28 10:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-13 02:49 - 2013-08-13 02:49 - 00000000 __SHD C:\found.000
2013-08-13 02:45 - 2009-07-14 09:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-13 02:45 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-TW
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-HK
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\tr-TR
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sv-SE
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ru-RU
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pt-PT
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pt-BR
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pl-PL
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nb-NO
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\hu-HU
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\fi-FI
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\el-GR
2013-08-13 02:04 - 2013-08-13 02:04 - 01441280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-08-13 02:04 - 2013-08-13 02:04 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-08-13 02:04 - 2013-08-13 02:04 - 00745472 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00719360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-08-13 02:04 - 2013-08-13 02:04 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00242200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00137216 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-08-13 02:04 - 2013-08-13 02:04 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-08-13 02:03 - 2013-08-13 02:03 - 03419136 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 02284544 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 01158144 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 01080832 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00906240 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00604160 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00364544 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00249856 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00207872 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00187392 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00161792 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-12 14:25 - 2013-08-12 14:25 - 04429440 _____ (Piriform Ltd) C:\Users\Pippo\Downloads\ccsetup404.exe
2013-08-12 13:56 - 2009-10-15 12:14 - 00000000 ____D C:\ProgramData\Norton
2013-08-12 13:55 - 2011-01-13 16:45 - 00000000 ____D C:\Windows\System32\Drivers\NIS
2013-08-12 13:53 - 2011-01-13 16:45 - 00002431 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-08-12 13:32 - 2011-01-13 16:45 - 00142496 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2013-08-12 13:32 - 2011-01-13 16:45 - 00007611 _____ C:\Windows\System32\Drivers\SYMEVENT.CAT
2013-08-12 13:28 - 2012-05-22 15:17 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-08-12 13:28 - 2012-05-22 15:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-08-12 13:13 - 2012-09-05 15:49 - 00000000 ____D C:\ProgramData\Browser Manager
2013-08-12 12:57 - 2010-10-19 13:03 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-07-26 04:13 - 2013-08-14 15:27 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-26 04:13 - 2013-08-14 15:27 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-26 04:13 - 2013-08-14 15:27 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-26 04:12 - 2013-08-14 15:27 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-26 04:12 - 2013-08-14 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-26 04:12 - 2013-08-14 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-26 04:12 - 2013-08-14 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-26 04:12 - 2013-08-14 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-26 04:12 - 2013-08-14 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-26 04:12 - 2013-08-14 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-26 04:12 - 2013-08-14 15:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-26 04:12 - 2013-08-14 15:26 - 14329344 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-26 04:11 - 2013-08-14 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-26 04:11 - 2013-08-14 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-26 03:49 - 2013-08-14 15:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-26 02:59 - 2013-08-14 15:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-25 09:57 - 2013-08-14 06:20 - 01620992 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL

Files to move or delete:
====================
C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe
C:\ProgramData\2665813.pad
C:\ProgramData\nvModes.dat

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-17 12:01:51

==================== Memory info =========================== 

Percentage of memory in use: 12%
Total physical RAM: 4076.36 MB
Available physical RAM: 3586.43 MB
Total Pagefile: 4074.64 MB
Available Pagefile: 3586.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.94 MB

==================== Drives ================================

Drive c: (BOOTCAMP) (Fixed) (Total:101.11 GB) (Free:65.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186 GB) (Disk ID: 4523A045)

Partition: GPT Partition TypePartition 2: (Not Active) - (Size=85 GB) - (Type=AF)
Partition 3: (Active) - (Size=101 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)


LastRegBack: 2013-08-12 16:52

==================== End Of Log ============================

Alt 20.08.2013, 08:29   #2
Aneri
/// Malwareteam
 
GVÜ- Trojaner Windows 7 32 bit - Standard

GVÜ- Trojaner Windows 7 32 bit




Mein Name ist Heiko und ich werde dir helfen.

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.



Ich bedanke mich für deine Geduld
__________________

__________________
Alt 20.08.2013, 08:32   #3
terryly
 
GVÜ- Trojaner Windows 7 32 bit - Standard

GVÜ- Trojaner Windows 7 32 bit


super! Vielen, vielen Dank!
__________________
Alt 20.08.2013, 09:15   #4
Aneri
/// Malwareteam
 
GVÜ- Trojaner Windows 7 32 bit - Standard

GVÜ- Trojaner Windows 7 32 bit




Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
HKU\Pippo\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe [ 2013-08-17] (Valve Corporation) <===== ATTENTION
HKU\Pippo\...\Command Processor: "C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe" <===== ATTENTION!
C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Teile mir mit, ob das System nach einem Neustart wieder regulär startet.

Schritt 2

Sobald du in der regulären Oberfläche von Windows bist bitte folgenden Schritt ausführen:

Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus. Es wird nur eine FRST.txt erzeugt. Poste mir diese.
__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Alt 20.08.2013, 09:28   #5
terryly
 
GVÜ- Trojaner Windows 7 32 bit - Standard

GVÜ- Trojaner Windows 7 32 bit


also, ich soll ihn normal starten und dann schnell windows atste und r drücken.
Es ist ein altes macbook pro also drücke ich die cmd- taste und r. Problem ist, dass das eingabefeld gleich wieder verschwindet


Alt 20.08.2013, 09:40   #6
Aneri
/// Malwareteam
 
GVÜ- Trojaner Windows 7 32 bit - Standard

GVÜ- Trojaner Windows 7 32 bit


Nein, du erstellst die Datei auf dem gesunden Rechner

Sry die Anleitung ist hier etwas schlecht geschrieben. Dann packst du das Ding auf den USB Stick auf dem FRST ist (Achtung gleiches Verzeichnis).

Wenn du das erledigt hast steckste den Stick in den infizierten Rechner und machst alles so wie du es gemacht hast als du das erste Logfile erzeugt hast. Starte FRST und drücke auf Fix

Wenn alles klappt ist der Rechner nach dem Neustart "offen"
__________________
--> GVÜ- Trojaner Windows 7 32 bit

Alt 20.08.2013, 09:59   #7
terryly
 
GVÜ- Trojaner Windows 7 32 bit - Standard

GVÜ- Trojaner Windows 7 32 bit


hmmm, ok!
Also er ist jetzt "offener als vorher! Der Bildschirm ist schwarz, diese cmd eingabeauforderung bleibt offen; ich habe da jetzt mal notepad reingeschrieben, und es bleibt offen!

Vorher ist es gleich verschwunden...

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-08-2013 03
Ran by SYSTEM at 2013-08-20 10:47:26 Run:1
Running from D:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\...\Run: [qcgce2mrvjq91kkle7pnbb19m52fx] - C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe [ 2013-08-17] (Valve Corporation)
HKU\...\Command Procesor: "C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe"
C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe
*****************

HKU\HKU\...\Run: [qcgce2mrvjq91kkle7pnbb19m52fx] - C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe [ 2013-08-17] (Valve Corporation)\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kkle7pnbb19m52fx => Value not found.
C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe => Moved successfully.

==== End of Fixlog ====
In dem Eingabefeld steht jetzt: Der Befehl C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe ist entweder falsch geschrieben oder konnte nicht gefunden werden.

Alt 20.08.2013, 12:20   #8
Aneri
/// Malwareteam
 
GVÜ- Trojaner Windows 7 32 bit - Standard

GVÜ- Trojaner Windows 7 32 bit


Hi

bitte erstelle aus der Recovery Umgebung ein neues FRST Logfile.Poste es dann hier
__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Alt 20.08.2013, 14:02   #9
terryly
 
GVÜ- Trojaner Windows 7 32 bit - Standard

GVÜ- Trojaner Windows 7 32 bit



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2013 03
Ran by Pippo (administrator) on 20-08-2013 14:58:28
Running from D:\
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7739936 2010-01-15] (Realtek Semiconductor)
HKLM\...\Run: [Apple_KbdMgr] - C:\Program Files\Boot Camp\Bootcamp.exe [526208 2011-08-15] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13826664 2010-01-05] (NVIDIA Corporation)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [630784 2012-09-13] (Brother Industries, Ltd.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2011-06-04] (Acresso Corporation)
HKCU\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe [x] <===== ATTENTION
HKCU\...\Runonce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.1;_de;_rv:1.9.2.6)_Gecko/20100625_Firefox/3.6.6" -"hxxp://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp?pluginsInstalled=true&RT=1280141163462" [x]
HKCU\...\Winlogon: [Shell] cmd.exe [302592 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKCU\...\Command Processor: "C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe" <======= ATTENTION
MountPoints2: {d962e389-26e5-11e1-ad92-001ec28fc323} - F:\setup.exe
Startup: C:\Users\Pippo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.terminland.de/heinicke/intern/default.aspx?m=1422&sg=0&sw=0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
URLSearchHook: (No Name) - {462be121-2b54-4218-bf00-b9bf8135b23f} -  No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=400&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=400&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=112570&tt=270912_11_3912_8&babsrc=SP_ss&mntrId=9ada3f02000000000000001ec28fc323
SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=112570&tt=270912_11_3912_8&babsrc=SP_ss&mntrId=9ada3f02000000000000001ec28fc323
SearchScopes: HKCU - {1687F676-F971-410D-9227-8017E2C1BC03} URL = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.0.7\bh\BabylonToolbar.dll (Babylon BHO)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - No Name - {99079a25-328f-4bd4-be04-00955acaa0a7} -  No File
Toolbar: HKLM - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -No Name - {462BE121-2B54-4218-BF00-B9BF8135B23F} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default
FF user.js: detected! => C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\user.js
FF NewTab: user_pref("browser.newtab.url", "");
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\searchplugins\BabylonMngr.xml
FF SearchPlugin: C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\searchplugins\Search.xml
FF SearchPlugin: C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Pippo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Firefox Hotfix - C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\Extensions\firefox-hotfix@mozilla.org
FF Extension: firefox-hotfix - C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\Extensions\firefox-hotfix@mozilla.org.xpi
FF Extension: No Name - C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn\
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\

Chrome: 
=======
CHR Extension: () - C:\Users\Pippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.9.29524
CHR Extension: (YouTube) - C:\Users\Pippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Pippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (Norton Identity Protection) - C:\Users\Pippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0
CHR Extension: (Gmail) - C:\Users\Pippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files\1ClickDownload\oneclickdownloader11.crx

========================== Services (Whitelisted) =================

S2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [194432 2011-08-15] ()
S2 AppleTimeSrv; C:\Windows\system32\AppleTimeSrv.exe [99640 2010-01-16] (Apple Inc.)
S2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [296808 2011-06-04] (Nuance Communications, Inc.)
S2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R0 AppleHFS; C:\Windows\System32\Drivers\AppleHFS.sys [58200 2011-08-15] (Apple Inc.)
R0 AppleMNT; C:\Windows\System32\Drivers\AppleMNT.sys [15320 2011-08-15] (Apple Inc.)
R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [10880 2011-01-31] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [29824 2011-01-31] (Apple Inc.)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-20] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-20] (Symantec Corporation)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-20] (Symantec Corporation)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130813.001\IDSvix86.sys [386720 2013-08-09] (Symantec Corporation)
R3 IRRemoteFlt; C:\Windows\System32\DRIVERS\IRFilter.sys [16512 2009-07-22] (Apple Inc.)
S2 KeyAgent; C:\Windows\system32\drivers\KeyAgent.sys [15064 2011-08-15] (Apple Inc.)
R3 KeyMagic; C:\Windows\System32\DRIVERS\KeyMagic.sys [26624 2011-06-02] (Apple Inc.)
S2 MacHALDriver; C:\Windows\system32\drivers\MacHALDriver.sys [12928 2010-11-11] (Apple Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130819.017\NAVENG.SYS [93272 2013-08-17] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130819.017\NAVEX15.SYS [1611992 2013-08-17] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-15] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-08-12] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [36512 2013-03-04] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-24] (Symantec Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 UacCtl2; system32\DRIVERS\uacctl2.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-17 12:28 - 2013-08-20 10:50 - 00002139 _____ C:\Windows\setupact.log
2013-08-17 12:28 - 2013-08-17 12:28 - 00408960 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-17 12:28 - 2013-08-17 12:28 - 00000000 _____ C:\Windows\setuperr.log
2013-08-17 11:29 - 2013-08-17 12:29 - 01084835 _____ C:\ProgramData\2433f433
2013-08-17 11:29 - 2013-08-17 12:29 - 01084811 _____ C:\Users\Pippo\AppData\Roaming\2433f433
2013-08-17 11:29 - 2013-08-17 12:29 - 01084807 _____ C:\Users\Pippo\AppData\Local\2433f433
2013-08-14 16:31 - 2013-08-14 16:32 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 16:27 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 16:27 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 16:27 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 16:27 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 16:27 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 16:27 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 16:27 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 16:27 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 16:26 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 13:53 - 2013-08-14 13:53 - 00001761 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-14 13:51 - 2013-08-14 13:52 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-14 13:51 - 2013-08-14 13:52 - 00000000 ____D C:\Program Files\iTunes
2013-08-14 13:51 - 2013-08-14 13:51 - 00000000 ____D C:\Program Files\iPod
2013-08-14 13:43 - 2013-08-14 13:43 - 00001823 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-14 13:43 - 2013-08-14 13:43 - 00000000 ____D C:\Program Files\QuickTime
2013-08-14 07:20 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 07:20 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 07:20 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 07:20 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 07:20 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 07:20 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 07:20 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 07:20 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 07:20 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 07:20 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 07:19 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 07:19 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 10:59 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-08-13 07:08 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-13 03:49 - 2013-08-13 03:49 - 00000000 __SHD C:\found.000
2013-08-13 03:04 - 2013-08-13 03:04 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-13 03:04 - 2013-08-13 03:04 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-13 03:04 - 2013-08-13 03:04 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-13 03:04 - 2013-08-13 03:04 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-13 03:04 - 2013-08-13 03:04 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-13 03:03 - 2013-08-13 03:03 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-12 15:25 - 2013-08-12 15:25 - 04429440 _____ (Piriform Ltd) C:\Users\Pippo\Downloads\ccsetup404.exe
2013-08-12 14:54 - 2013-03-04 20:14 - 00036512 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys
2013-08-12 13:56 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-12 13:56 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-12 13:56 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-08-12 13:56 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-08-12 13:56 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-08-12 13:56 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-08-12 13:56 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-08-12 13:56 - 2013-04-12 15:45 - 01211752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-08-12 13:56 - 2013-04-10 07:18 - 00728424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-08-12 13:56 - 2013-04-10 07:18 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-08-12 13:56 - 2013-03-19 06:53 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-12 13:56 - 2013-03-19 06:48 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-08-12 13:56 - 2013-03-19 05:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-08-12 13:56 - 2013-03-19 04:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-08-12 13:56 - 2013-01-24 06:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-08-12 13:48 - 2013-02-27 07:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-08-12 13:48 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-08-12 13:48 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-08-12 13:48 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-08-12 13:48 - 2013-02-27 06:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-08-12 13:44 - 2013-02-12 05:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2013-08-12 13:44 - 2013-02-12 05:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys

==================== One Month Modified Files and Folders =======

2013-08-20 14:52 - 2013-02-23 12:00 - 01104753 _____ C:\Windows\WindowsUpdate.log
2013-08-20 14:28 - 2012-11-01 17:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-20 10:56 - 2009-07-14 06:34 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-20 10:56 - 2009-07-14 06:34 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 10:53 - 2009-10-15 12:20 - 01507106 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-20 10:50 - 2013-08-17 12:28 - 00002139 _____ C:\Windows\setupact.log
2013-08-20 10:49 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-20 09:48 - 2013-08-20 09:48 - 00000000 ____D C:\FRST
2013-08-18 13:34 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-08-17 12:29 - 2013-08-17 11:29 - 01084835 _____ C:\ProgramData\2433f433
2013-08-17 12:29 - 2013-08-17 11:29 - 01084811 _____ C:\Users\Pippo\AppData\Roaming\2433f433
2013-08-17 12:29 - 2013-08-17 11:29 - 01084807 _____ C:\Users\Pippo\AppData\Local\2433f433
2013-08-17 12:28 - 2013-08-17 12:28 - 00408960 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-17 12:28 - 2013-08-17 12:28 - 00000000 _____ C:\Windows\setuperr.log
2013-08-17 09:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-17 09:01 - 2010-07-01 08:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-17 09:00 - 2009-07-14 04:04 - 00000478 _____ C:\Windows\win.ini
2013-08-15 13:34 - 2009-10-15 11:06 - 00000000 ____D C:\Windows\Panther
2013-08-15 08:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-15 07:22 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-14 16:32 - 2013-08-14 16:31 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 16:31 - 2009-10-15 12:37 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 13:53 - 2013-08-14 13:53 - 00001761 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-14 13:52 - 2013-08-14 13:51 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-14 13:52 - 2013-08-14 13:51 - 00000000 ____D C:\Program Files\iTunes
2013-08-14 13:51 - 2013-08-14 13:51 - 00000000 ____D C:\Program Files\iPod
2013-08-14 13:51 - 2009-10-30 08:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-14 13:43 - 2013-08-14 13:43 - 00001823 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-14 13:43 - 2013-08-14 13:43 - 00000000 ____D C:\Program Files\QuickTime
2013-08-13 03:51 - 2011-02-28 11:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-13 03:49 - 2013-08-13 03:49 - 00000000 __SHD C:\found.000
2013-08-13 03:45 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-13 03:45 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-HK
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\tr-TR
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sv-SE
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ru-RU
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pl-PL
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nb-NO
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ko-KR
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ja-JP
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\it-IT
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\hu-HU
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fr-FR
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fi-FI
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\el-GR
2013-08-13 03:04 - 2013-08-13 03:04 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-13 03:04 - 2013-08-13 03:04 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-13 03:04 - 2013-08-13 03:04 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-13 03:04 - 2013-08-13 03:04 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-13 03:04 - 2013-08-13 03:04 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-13 03:03 - 2013-08-13 03:03 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-12 15:25 - 2013-08-12 15:25 - 04429440 _____ (Piriform Ltd) C:\Users\Pippo\Downloads\ccsetup404.exe
2013-08-12 14:56 - 2009-10-15 13:14 - 00000000 ____D C:\ProgramData\Norton
2013-08-12 14:55 - 2011-01-13 17:45 - 00000000 ____D C:\Windows\system32\Drivers\NIS
2013-08-12 14:53 - 2011-01-13 17:45 - 00002431 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-08-12 14:32 - 2011-01-13 17:45 - 00142496 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-08-12 14:32 - 2011-01-13 17:45 - 00007611 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-08-12 14:28 - 2012-05-22 16:17 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-12 14:28 - 2012-05-22 16:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-12 14:13 - 2012-09-05 16:49 - 00000000 ____D C:\ProgramData\Browser Manager
2013-08-12 13:57 - 2010-10-19 14:03 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-07-26 05:13 - 2013-08-14 16:27 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 05:13 - 2013-08-14 16:27 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 05:13 - 2013-08-14 16:27 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 05:12 - 2013-08-14 16:27 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 05:12 - 2013-08-14 16:26 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 05:11 - 2013-08-14 16:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 05:11 - 2013-08-14 16:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 04:49 - 2013-08-14 16:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 03:59 - 2013-08-14 16:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 10:57 - 2013-08-14 07:20 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

Files to move or delete:
====================
C:\ProgramData\2665813.pad
C:\ProgramData\nvModes.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 17:52

==================== End Of Log ============================
--- --- ---
Alt 20.08.2013, 15:58   #10
Aneri
/// Malwareteam
 
GVÜ- Trojaner Windows 7 32 bit - Standard

GVÜ- Trojaner Windows 7 32 bit


so dann bitte nochmal wie vorher und achte darauf, dass der Fix komplett identsich ist wie in der Codebox; am besten kopierst du über den Knopf "Alles auswählen" oben am Codefenster.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKCU\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe [x] <===== ATTENTION
HKCU\...\Winlogon: [Shell] cmd.exe [302592 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKCU\...\Command Processor: "C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe" <======= ATTENTION
C:\ProgramData\2665813.pad
C:\ProgramData\nvModes.dat

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Teile mir mit ob Windows danach normal startet.
__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Alt 21.08.2013, 07:04   #11
terryly
 
GVÜ- Trojaner Windows 7 32 bit - Standard

GVÜ- Trojaner Windows 7 32 bit


Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-08-2013 03
Ran by SYSTEM at 2013-08-21 07:58:47 Run:4
Running from D:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKCU\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe [x] <===== ATTENTION
HKCU\...\Winlogon: [Shell] cmd.exe [302592 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKCU\...\Command Processor: "C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe" <======= ATTENTION
C:\ProgramData\2665813.pad
C:\ProgramData\nvModes.dat
         
*****************

HKCU\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe [x] <===== ATTENTION => Error: The entry should be fixed outside recovery mode.
HKCU\...\Winlogon: [Shell] cmd.exe [302592 2010-11-20] (Microsoft Corporation) <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
HKCU\...\Command Processor: "C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe" <======= ATTENTION => Error: The entry should be fixed outside recovery mode.
"C:\ProgramData\2665813.pad" => File/Directory not found.
"C:\ProgramData\nvModes.dat" => File/Directory not found.

==== End of Fixlog ====
startet noch nicht normal; nur cmd.exe ist offen, sonst alles schwarz!

Alt 21.08.2013, 07:50   #12
Aneri
/// Malwareteam
 
GVÜ- Trojaner Windows 7 32 bit - Standard

GVÜ- Trojaner Windows 7 32 bit


das ganze nochmal aus dem safemode bitte
__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Alt 21.08.2013, 08:06   #13
terryly
 
GVÜ- Trojaner Windows 7 32 bit - Standard

GVÜ- Trojaner Windows 7 32 bit


hmmm, die Maus (Touchpad) funktioniert in dem Modus nicht. Ich kann das Passwort nicht eingeben :-(
Tastatur funktioniert auch nicht

jetzt geht's!

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-08-2013 03
Ran by Pippo at 2013-08-21 09:04:09 Run:5
Running from D:\
Boot Mode: Safe Mode (minimal)

==============================================

Content of fixlist:
*****************
HKCU\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe [x] <===== ATTENTION
HKCU\...\Winlogon: [Shell] cmd.exe [302592 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKCU\...\Command Processor: "C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe" <======= ATTENTION
C:\ProgramData\2665813.pad
C:\ProgramData\nvModes.dat
         
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon => Key deleted successfully.
HKCU\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
"C:\ProgramData\2665813.pad" => File/Directory not found.
"C:\ProgramData\nvModes.dat" => File/Directory not found.

==== End of Fixlog ====
cmd.exe ist offen, Bildschirm schwarz, wenn man normal startet

Alt 21.08.2013, 08:07   #14
Aneri
/// Malwareteam
 
GVÜ- Trojaner Windows 7 32 bit - Standard

GVÜ- Trojaner Windows 7 32 bit


wunderbar, Neustart bitte und sag mir ob du ins System kommst, dann machen wir weiter
__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Alt 21.08.2013, 08:14   #15
terryly
 
GVÜ- Trojaner Windows 7 32 bit - Standard

GVÜ- Trojaner Windows 7 32 bit


also im abgesicherten Modus ist der Bildschirm schwarz und cmd.exe ist offen

im normalen Modus auch schwarz und cmd exe offen

Antwort
Seite 1 von 4 1 23 Letzte »

Themen zu GVÜ- Trojaner Windows 7 32 bit
32 bit, adobe, association, browser, ccsetup, crypt, desktop, explorer, explorer.exe, farbar, farbar recovery scan tool, logfiles, microsoft, norton internet security, nvidia, realtek, registry, scan, security, services.exe, svchost.exe, symantec, system, system32, temp, trojaner, windows, windows 7 32 bit, windows xp, winlogon, winlogon.exe


« "Ihavenet"-Virenbefall bei Windows XP | avast beim aufstarten infiziert von win32:malware-gen »


Ähnliche Themen: GVÜ- Trojaner Windows 7 32 bit


  1. Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002
    Log-Analyse und Auswertung - 11.09.2015 (60)
  2. Windows 7: Trojaner - Windows Updates, Firewall defekt
    Log-Analyse und Auswertung - 20.03.2015 (24)
  3. Windows 7: Nach BKA Trojaner Fehlermeldung beim Starten, Windows Sicherheitscenter kann nicht gestartet werden
    Log-Analyse und Auswertung - 18.11.2014 (9)
  4. Windows-Verschlüsselungs-Trojaner unter Windows 7 auf einem MAC
    Log-Analyse und Auswertung - 14.06.2012 (3)
  5. windows verschlüsselungs Flirtfever-Trojaner, Windows XP
    Log-Analyse und Auswertung - 13.06.2012 (1)
  6. Nach BKA Trojaner, Windows Firewall deaktiviert sich (Windows XP)
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  7. Willkomen bei Windows Update, Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 06.06.2012 (1)
  8. UKash Windows Secure Trojaner mit Windows XP eingefangen
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  9. Windows Notfall Sicherheits Update Center - Windows XP Trojaner
    Log-Analyse und Auswertung - 21.05.2012 (2)
  10. Windows-Verschlüsselungs-Trojaner unter Windows XP
    Log-Analyse und Auswertung - 16.05.2012 (9)
  11. Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (19)
  12. Windows-Verschlüsselungs Trojaner Windows 7 Starter
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (10)
  13. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  14. "Willkommen bei Windows Update Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 27.04.2012 (3)
  15. 'Windows Security Center' Trojaner - Windows-Benutzer gesperrt !
    Log-Analyse und Auswertung - 16.03.2012 (5)
  16. Windows Vista Home Premium 32-Bit Trojaner Windows gesperrt 50€ zahlen.
    Log-Analyse und Auswertung - 23.01.2012 (1)
  17. Trojaner Fake.AV c:\Users\Sexgott\AppData\Roaming\microsoft\Windows\start menu\Programs\windows reco
    Mülltonne - 28.04.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVÜ- Trojaner Windows 7 32 bit - Hallo allerseits, ich brauche bitte mal Eure Hilfe; Mein Vater hat sich gestern diese "Seuche" auf seinem Laptop eingefangen und es erscheint die bekannte Seite. Ich habe die Anleitungen schon - GVÜ- Trojaner Windows 7 32 bit...
Archiv
Du betrachtest: GVÜ- Trojaner Windows 7 32 bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131