| |
| |||||||
Log-Analyse und Auswertung: Nach Trojaner-Entfernung hängt PC beim Start bei cmd.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.08.2013, 10:51
| #1 |
 |  Nach Trojaner-Entfernung hängt PC beim Start bei cmd.exe Hallo zusammen, ich habe vermutlich genau das gleiche Problem wie "norre" in folgendem Thread: http://www.trojaner-board.de/136734-...t-cmd-exe.html Bei meinem Win7 64bit-Sytsem hat AVG irgendetwas erkannt und automatisch entfernt. Nach der Entfernung startet mein PC nicht mehr: Nach dem Anmeldung erscheint ein DOS-Fenster mit CMD.EXE und er bleibt stehen (auch im Abgesicherten Modus). Im CMD-Fenster konnte eine exe-Datei mit kryptischem Namen nicht geöffnet werden. Diese Datei wurde vermutlich von AVG gelöscht. Den Eintrag habe ich in der Systemregistrierung gefunden und entfernt. Seit dem erscheint die "blanko"-CMD.exe bei Neustart und wartet auf neue Eingaben! Starte ich nun den Taskamanger und gebe als Task explorer.exe ein startet mein Desktop. In dem oben aufgeführten Thread habe ich ja bereits lesen können, wie hier vorgegangen wird. Also habe ich das gleich mal ausprobiert. Also poster ich folgend den Inhalt der FRST.txt Vielleicht kann mir hier jemand, evtl. "schrauber" entsprechenden Inhalt für die Fixlog.txt zukommen lassen? Herzlichen Dank vorab für die Hilfe! Gruß Leo Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-08-2013 03
Ran by SYSTEM on 20-08-2013 11:17:49
Running from H:\
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2012-04-06] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-07-12] (Adobe Systems Incorporated)
HKU\LeoDesign\...\Run: [1&1_1&1 Upload-Manager] - "d:\Programme\1&1 Upload-Manager\DAVSRV.EXE" /hide [x]
HKU\LeoDesign\...\Run: [Haufe.TimeManagement] - D:\Programme\zeitmanagement\Haufe.TimeManagement.exe [x]
HKU\LeoDesign\...\Run: [BackupSF] - D:\Programme\BackupSF\BackupSF.exe -h [x]
HKU\LeoDesign\...\Run: [Wunderlist] - C:\Program Files (x86)\Wunderlist2\Wunderlist.exe [12995168 2013-08-09] (6 Wunderkinder GmbH)
HKU\LeoDesign\...\Run: [SecretFolder] - C:\Program Files (x86)\SecretFolder\SecretFolder.exe [4143616 2013-07-11] (oh!soft)
HKU\LeoDesign\...\Run: [Volume2] - D:\Portable\Volume2\Volume2.exe [x]
HKU\LeoDesign\...\Winlogon: [Shell] cmd.exe [345088 2010-11-21] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\LeoDesign\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> D:\Portable\DropboxPortableAHK\DropboxPortableAHK.exe (No File)
Startup: C:\Users\LeoDesign\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> D:\Programme\Evernote\EvernoteClipper.exe (No File)
Startup: C:\Users\LeoDesign\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrayIt!.lnk
ShortcutTarget: TrayIt!.lnk -> D:\Portable\TrayIt\TrayIt!.exe (No File)
==================== Services (Whitelisted) =================
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S4 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [98576 2012-06-17] (SANDBOXIE L.T.D)
S2 WTService; C:\Windows\system32\atwtusb.exe [897536 2011-07-19] ()
S2 StarMoney 9.0 OnlineUpdate; d:\Programme\StarMoney\ouservice\StarMoneyOnlineUpdate.exe [x]
S2 TuneUp.UtilitiesSvc; "D:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe" [x]
==================== Drivers (Whitelisted) ====================
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
S2 hfFilter; C:\Windows\System32\drivers\hfFilter.sys [30600 2013-06-20] (oh!soft)
S3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [166576 2012-06-17] (SANDBOXIE L.T.D)
S3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [765288 2011-10-01] (Microsoft Corporation)
S3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [268648 2011-10-01] (Microsoft Corporation)
S3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [25960 2011-10-01] (Microsoft Corporation)
S3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [22376 2011-10-01] (Microsoft Corporation)
S1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [199752 2011-11-21] (1&1 Internet AG)
S3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider)
S3 DfSdkS;
S3 TuneUpUtilitiesDrv; \??\D:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-16 10:08 - 2013-08-16 19:52 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\Yrkedi
2013-08-16 10:08 - 2013-08-16 11:00 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\Ifap
2013-08-16 10:08 - 2013-08-16 10:08 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\Yfilcy
2013-08-14 10:26 - 2013-07-26 06:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-14 10:26 - 2013-07-26 06:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-14 10:26 - 2013-07-26 06:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-14 10:26 - 2013-07-26 06:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-14 10:26 - 2013-07-26 06:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-14 10:26 - 2013-07-26 06:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-14 10:26 - 2013-07-26 06:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-14 10:26 - 2013-07-26 06:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-14 10:26 - 2013-07-26 06:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-14 10:26 - 2013-07-26 06:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-14 10:26 - 2013-07-26 06:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-14 10:26 - 2013-07-26 06:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-14 10:26 - 2013-07-26 06:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-14 10:26 - 2013-07-26 06:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-14 10:26 - 2013-07-26 04:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-14 10:26 - 2013-07-26 04:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 10:26 - 2013-07-26 04:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 10:26 - 2013-07-26 04:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 10:26 - 2013-07-26 04:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 10:26 - 2013-07-26 04:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 10:26 - 2013-07-26 04:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 10:26 - 2013-07-26 04:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 10:26 - 2013-07-26 04:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 10:26 - 2013-07-26 04:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 10:26 - 2013-07-26 04:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 10:26 - 2013-07-26 04:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 10:26 - 2013-07-26 04:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 10:26 - 2013-07-26 04:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 10:26 - 2013-07-26 03:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 10:26 - 2013-07-26 03:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-14 10:26 - 2013-07-26 02:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 10:23 - 2013-08-14 10:25 - 00000000 ____D C:\Windows\System32\MRT
2013-08-14 07:13 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-14 07:13 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 07:13 - 2013-07-19 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-14 07:13 - 2013-07-19 02:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 07:13 - 2013-07-09 07:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-14 07:13 - 2013-07-09 06:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-14 07:13 - 2013-07-09 06:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-08-14 07:13 - 2013-07-09 06:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-14 07:13 - 2013-07-09 06:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-14 07:13 - 2013-07-09 06:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-14 07:13 - 2013-07-09 06:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-14 07:13 - 2013-07-09 06:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-14 07:13 - 2013-07-09 06:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 07:13 - 2013-07-09 06:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 07:13 - 2013-07-09 05:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 07:13 - 2013-07-09 05:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 07:13 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 07:13 - 2013-07-09 05:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 07:13 - 2013-07-09 05:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 07:13 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 07:13 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 07:13 - 2013-07-09 03:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 07:13 - 2013-07-09 03:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 07:13 - 2013-07-09 03:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 07:13 - 2013-07-09 03:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 07:13 - 2013-07-06 07:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-14 07:13 - 2013-06-15 05:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-11 19:08 - 2013-08-11 19:08 - 00000000 ____D C:\Users\LeoDesign\AppData\Local\DATA BECKER
2013-08-11 19:08 - 2013-08-11 19:08 - 00000000 ____D C:\Users\LeoDesign\AppData\Local\Chromium
2013-08-11 19:02 - 2013-08-11 19:08 - 00004096 _____ C:\Users\Public\Documents\0000476D.LCS
2013-08-11 19:02 - 2013-08-11 19:03 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\ProtectDisc
2013-08-09 18:13 - 2013-08-09 18:13 - 00000000 ____D C:\Program Files (x86)\Wunderlist2
2013-08-08 21:22 - 2013-08-08 21:22 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\chc
2013-08-01 17:23 - 2013-08-01 17:23 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-07-31 13:23 - 2013-07-31 13:23 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-07-31 13:23 - 2013-06-21 01:07 - 00203672 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2013-07-31 13:23 - 2013-06-21 01:07 - 00103448 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2013-07-30 12:06 - 2013-07-30 12:06 - 00000440 _____ C:\Desktop.lnk
2013-07-22 09:55 - 2013-07-22 09:55 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\HDRsoft
==================== One Month Modified Files and Folders =======
2013-08-20 10:11 - 2013-07-09 17:36 - 00019307 _____ C:\Windows\setupact.log
2013-08-20 10:11 - 2012-04-06 02:34 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-20 10:11 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-20 10:11 - 2009-07-14 03:34 - 00000514 _____ C:\Windows\win.ini
2013-08-20 10:10 - 2012-04-06 01:20 - 01501476 _____ C:\Windows\WindowsUpdate.log
2013-08-20 10:04 - 2009-07-14 05:45 - 00021680 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-20 10:04 - 2009-07-14 05:45 - 00021680 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 10:03 - 2011-04-12 08:43 - 00699860 _____ C:\Windows\System32\perfh007.dat
2013-08-20 10:03 - 2011-04-12 08:43 - 00149742 _____ C:\Windows\System32\perfc007.dat
2013-08-20 10:03 - 2009-07-14 06:13 - 01622188 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-20 09:26 - 2012-04-06 01:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-20 08:41 - 2012-04-06 01:20 - 00000000 ____D C:\users\LeoDesign
2013-08-20 08:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-08-20 07:48 - 2012-06-12 23:36 - 00000000 ____D C:\ProgramData\MFAData
2013-08-20 01:00 - 2012-05-04 20:36 - 00000000 ____D C:\Users\LeoDesign\AppData\Local\Adobe
2013-08-19 22:23 - 2013-04-11 22:02 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0801BCE7-DFEA-4B4A-BC33-A638DCEC01FC}
2013-08-19 18:39 - 2013-04-16 01:02 - 00000228 _____ C:\Windows\HFIT.hff
2013-08-19 18:14 - 2013-04-16 01:02 - 00000000 ____D C:\Program Files (x86)\SecretFolder
2013-08-18 18:18 - 2012-10-16 17:27 - 00000000 ____D C:\ProgramData\firebird
2013-08-18 13:07 - 2009-07-14 05:45 - 05317320 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-17 17:19 - 2012-06-11 01:19 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\vlc
2013-08-16 21:45 - 2013-04-12 13:25 - 00001456 _____ C:\Users\LeoDesign\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-08-16 19:52 - 2013-08-16 10:08 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\Yrkedi
2013-08-16 11:03 - 2012-05-05 00:19 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\SoftGrid Client
2013-08-16 11:00 - 2013-08-16 10:08 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\Ifap
2013-08-16 10:08 - 2013-08-16 10:08 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\Yfilcy
2013-08-15 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 19:30 - 2012-04-06 01:36 - 00152224 _____ C:\Users\LeoDesign\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-14 10:25 - 2013-08-14 10:23 - 00000000 ____D C:\Windows\System32\MRT
2013-08-14 10:23 - 2012-05-04 21:36 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-11 22:36 - 2012-05-07 23:55 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\Mozilla
2013-08-11 19:08 - 2013-08-11 19:08 - 00000000 ____D C:\Users\LeoDesign\AppData\Local\DATA BECKER
2013-08-11 19:08 - 2013-08-11 19:08 - 00000000 ____D C:\Users\LeoDesign\AppData\Local\Chromium
2013-08-11 19:08 - 2013-08-11 19:02 - 00004096 _____ C:\Users\Public\Documents\0000476D.LCS
2013-08-11 19:03 - 2013-08-11 19:02 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\ProtectDisc
2013-08-09 18:13 - 2013-08-09 18:13 - 00000000 ____D C:\Program Files (x86)\Wunderlist2
2013-08-09 18:13 - 2013-07-11 23:12 - 00002495 _____ C:\Users\Public\Desktop\Wunderlist.lnk
2013-08-09 18:13 - 2013-07-11 23:09 - 00000000 ____D C:\ProgramData\Package Cache
2013-08-08 21:41 - 2012-04-06 01:38 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\Adobe
2013-08-08 21:22 - 2013-08-08 21:22 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\chc
2013-08-08 18:54 - 2012-10-10 23:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-08 07:36 - 2012-05-07 23:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-01 17:23 - 2013-08-01 17:23 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-07-31 13:23 - 2013-07-31 13:23 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-07-31 13:23 - 2012-05-04 22:55 - 00000000 ____D C:\Users\LeoDesign\AppData\Local\Downloaded Installations
2013-07-30 12:06 - 2013-07-30 12:06 - 00000440 _____ C:\Desktop.lnk
2013-07-27 13:16 - 2012-09-11 17:32 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\Simfy
2013-07-26 06:13 - 2013-08-14 10:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-26 06:13 - 2013-08-14 10:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-26 06:13 - 2013-08-14 10:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-26 06:12 - 2013-08-14 10:26 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-26 06:12 - 2013-08-14 10:26 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-26 06:12 - 2013-08-14 10:26 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-26 06:12 - 2013-08-14 10:26 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-26 06:12 - 2013-08-14 10:26 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-26 06:12 - 2013-08-14 10:26 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-26 06:12 - 2013-08-14 10:26 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-26 06:12 - 2013-08-14 10:26 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-26 06:12 - 2013-08-14 10:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-26 06:12 - 2013-08-14 10:26 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-26 06:12 - 2013-08-14 10:26 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-26 04:35 - 2013-08-14 10:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-26 04:13 - 2013-08-14 10:26 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 04:13 - 2013-08-14 10:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 04:12 - 2013-08-14 10:26 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 04:12 - 2013-08-14 10:26 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 04:12 - 2013-08-14 10:26 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 04:12 - 2013-08-14 10:26 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 04:12 - 2013-08-14 10:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 04:12 - 2013-08-14 10:26 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 04:12 - 2013-08-14 10:26 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 04:12 - 2013-08-14 10:26 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 04:12 - 2013-08-14 10:26 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 04:11 - 2013-08-14 10:26 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 04:11 - 2013-08-14 10:26 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 03:49 - 2013-08-14 10:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 03:39 - 2013-08-14 10:26 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 02:59 - 2013-08-14 10:26 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 10:25 - 2013-08-14 07:13 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-25 09:57 - 2013-08-14 07:13 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-23 16:31 - 2012-09-26 17:39 - 00000000 ____D C:\Users\LeoDesign\AppData\Local\Deployment
2013-07-22 09:55 - 2013-07-22 09:55 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\HDRsoft
Files to move or delete:
====================
C:\Users\LeoDesign\ntuserdirect_MSManager.dat
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-08-14 10:23:28
Restore point made on: 2013-08-20 02:00:21
Restore point made on: 2013-08-20 08:37:41
==================== Memory info ===========================
Percentage of memory in use: 7%
Total physical RAM: 16348.88 MB
Available physical RAM: 15152.37 MB
Total Pagefile: 16347.08 MB
Available Pagefile: 15157.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:111.79 GB) (Free:47.28 GB) NTFS
Drive e: (Programme) (Fixed) (Total:465.76 GB) (Free:118.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: () (Removable) (Total:1.92 GB) (Free:1.92 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Backup) (Fixed) (Total:115.04 GB) (Free:49.16 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 115 GB) (Disk ID: D832D832)
Partition 1: (Not Active) - (Size=115 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 6659D3CF)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F841F85C)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (Size: 2 GB) (Disk ID: CB6E2416)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)
LastRegBack: 2013-08-12 10:34
==================== End Of Log ============================
|
|
20.08.2013, 11:00
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Nach Trojaner-Entfernung hängt PC beim Start bei cmd.exe Hallo und
__________________ Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
__________________ |
|
20.08.2013, 11:04
| #3 |
| | Nach Trojaner-Entfernung hängt PC beim Start bei cmd.exe Auch wenn das in der Problematik nicht weiter hilft: Bin Grafiker und nutze diese Software sowohl auf Arbeit als auch privat. Und ja, ich habe mir die CS6 (bereits seit CS2) legal für zu Hause erworben und sitze gerade an meiner Privatkiste!
__________________Gruß Leo |
|
20.08.2013, 11:14
| #4 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner-Entfernung hängt PC beim Start bei cmd.exeZitat:
Insbesondere möchte ich dich auf den farbig geposteten Teil der folgenden Textbox aufmerksam machen. Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.08.2013, 11:24
| #5 |
| | Nach Trojaner-Entfernung hängt PC beim Start bei cmd.exe Hallo cosinus, gelesen und verstanden. Wie gesagt ist das mein Privatrechner (und ich bin hier gaaanz alleine  ) und mir kann keine Firma ans Bein pinkeln - geschweige denn euch :-)Es scheint mir, als wäre es kaum glaubhaft, dass ich mir diese Software selber gekauft habe, stimmts? Ist aber so. Ich bin gegen Schwarzarbeit. Wenn mir Verwandte/Bekannte was zum Gestalten geben und mir dafür was zahlen wollen, bekommen sie dazu auch eine Rechnung (Kleinunternehmer). Bei mir solls eben korrekt zugehen - auch im privaten! Gruß Leo |
|
20.08.2013, 11:31
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner-Entfernung hängt PC beim Start bei cmd.exe Es geht hier doch nicht um Schwarzarbeit  Das was wichtig ist und was ich unterstreichen wollte ist der farblich gepostete Teil. Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\LeoDesign\...\Winlogon: [Shell] cmd.exe [345088 2010-11-21] (Microsoft Corporation) <==== ATTENTION
C:\Users\LeoDesign\AppData\Roaming\Yrkedi
C:\Users\LeoDesign\AppData\Roaming\Ifap
C:\Users\LeoDesign\AppData\Roaming\Yfilcy
C:\Users\LeoDesign\ntuserdirect_MSManager.dat
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________ --> Nach Trojaner-Entfernung hängt PC beim Start bei cmd.exe |
|
20.08.2013, 11:44
| #7 |
| | Nach Trojaner-Entfernung hängt PC beim Start bei cmd.exe Weiß ich doch, dass es darum nicht geht! Ich dachte, dass du aufgrund der CS6 noch immer an meinem privaten Handeln zweifelst! Und ES FUNKTIONIERT! Hab herzlichen Dank, der Tag ist gerettet  Frage mich nur wie ihr das so schnell hinbekommt? Gibts da irgendeine Software?!? Gruß Leo Der Vollständigkeit halber hier noch die Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-08-2013 03
Ran by SYSTEM at 2013-08-20 12:37:40 Run:2
Running from H:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
HKU\LeoDesign\...\Winlogon: [Shell] cmd.exe [345088 2010-11-21] (Microsoft Corporation) <==== ATTENTION
C:\Users\LeoDesign\AppData\Roaming\Yrkedi
C:\Users\LeoDesign\AppData\Roaming\Ifap
C:\Users\LeoDesign\AppData\Roaming\Yfilcy
C:\Users\LeoDesign\ntuserdirect_MSManager.dat
*****************
HKU\LeoDesign\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\LeoDesign\AppData\Roaming\Yrkedi => Moved successfully.
C:\Users\LeoDesign\AppData\Roaming\Ifap => Moved successfully.
C:\Users\LeoDesign\AppData\Roaming\Yfilcy => Moved successfully.
C:\Users\LeoDesign\ntuserdirect_MSManager.dat => Moved successfully.
==== End of Fixlog ====
|
|
20.08.2013, 11:52
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner-Entfernung hängt PC beim Start bei cmd.exe Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.08.2013, 12:28
| #9 |
| | Nach Trojaner-Entfernung hängt PC beim Start bei cmd.exe 1. Schritt: adwCleaner Code:
ATTFilter # AdwCleaner v2.306 - Datei am 20/08/2013 um 12:56:17 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : LeoDesign - LEOPC
# Bootmodus : Normal
# Ausgeführt unter : G:\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\LeoDesign\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16660
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [1612 octets] - [20/08/2013 12:56:17]
########## EOF - C:\AdwCleaner[S1].txt - [1672 octets] ##########
2. Schritt: JRT - Junkware Removal Tool Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.1 (08.19.2013:1)
OS: Windows 7 Professional x64
Ran by LeoDesign on 20.08.2013 at 13:04:10,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\syswow64\authuitu.dll"
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.08.2013 at 13:08:11,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3. Schritt: Frisches Log mit FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-08-2013 03
Ran by LeoDesign (administrator) on 20-08-2013 13:10:28
Running from G:\
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\system32\PrintCtrl.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) d:\Programme\StarMoney\ouservice\StarMoneyOnlineUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(TuneUp Software) D:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Windows\system32\atwtusb.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Windows\system32\atwtusb.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(TuneUp Software) D:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Bopsoft) D:\Portable\ListaryPortable\Listary.exe
() D:\Portable\ListaryPortable\ListaryHelper64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(1&1 Internet AG) D:\Programme\1&1 Upload-Manager\DAVSRV.EXE
(EasySector) D:\Programme\BackupSF\BackupSF.exe
(6 Wunderkinder GmbH) C:\Program Files (x86)\Wunderlist2\Wunderlist.exe
(oh!soft) C:\Program Files (x86)\SecretFolder\SecretFolder.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Irza Alexandr) D:\Portable\Volume2\Volume2.exe
(nionsoftware) D:\Portable\DropboxPortableAHK\DropboxPortableAHK.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) D:\Programme\Evernote\EvernoteClipper.exe
(Igor Nys) D:\Portable\TrayIt\TrayIt!.exe
(PortableApps.com) D:\Portable\Notepad++Portable\Notepad++Portable.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Don HO don.h@free.fr) D:\Portable\Notepad++Portable\App\Notepad++\notepad++.exe
(Dropbox, Inc.) D:\Portable\DropboxPortableAHK\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe
(EJIE Technology) C:\Program Files (x86)\Clover\clover.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2012-04-06] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKCU\...\Run: [1&1_1&1 Upload-Manager] - d:\Programme\1&1 Upload-Manager\DAVSRV.EXE [989264 2011-11-21] (1&1 Internet AG)
HKCU\...\Run: [Haufe.TimeManagement] - D:\Programme\zeitmanagement\Haufe.TimeManagement.exe [1440112 2012-04-20] (Haufe-Lexware GmbH & Co. KG)
HKCU\...\Run: [BackupSF] - D:\Programme\BackupSF\BackupSF.exe [5722112 2012-08-09] (EasySector)
HKCU\...\Run: [Wunderlist] - C:\Program Files (x86)\Wunderlist2\Wunderlist.exe [12995168 2013-08-09] (6 Wunderkinder GmbH)
HKCU\...\Run: [SecretFolder] - C:\Program Files (x86)\SecretFolder\SecretFolder.exe [4143616 2013-07-11] (oh!soft)
HKCU\...\Run: [Volume2] - D:\Portable\Volume2\Volume2.exe [4662272 2012-07-07] (Irza Alexandr)
MountPoints2: {159f78e9-7fb8-11e1-b170-806e6f6e6963} - D:\Bin\assetup.exe
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-07-12] (Adobe Systems Incorporated)
Startup: C:\Users\LeoDesign\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> D:\Portable\DropboxPortableAHK\DropboxPortableAHK.exe (nionsoftware)
Startup: C:\Users\LeoDesign\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> D:\Programme\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\LeoDesign\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrayIt!.lnk
ShortcutTarget: TrayIt!.lnk -> D:\Portable\TrayIt\TrayIt!.exe (Igor Nys)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ExplorerWatcher Class - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - C:\Program Files (x86)\Clover\TabHelper64.dll (EJIE Technology)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - D:\Programme\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: msdaipp - No CLSID Value -
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\..\Interfaces\{11F04C0A-C137-4D56-B90A-0BF8F9F1ECB1}: [NameServer]192.168.178.3,192.168.178.1
==================== Services (Whitelisted) =================
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S4 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [98576 2012-06-17] (SANDBOXIE L.T.D)
R2 StarMoney 9.0 OnlineUpdate; d:\Programme\StarMoney\ouservice\StarMoneyOnlineUpdate.exe [663184 2013-06-13] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 TuneUp.UtilitiesSvc; D:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
R2 WTService; C:\Windows\system32\atwtusb.exe [897536 2011-07-19] ()
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R2 hfFilter; C:\Windows\System32\drivers\hfFilter.sys [30600 2013-06-20] ()
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [166576 2012-06-17] (SANDBOXIE L.T.D)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [765288 2011-10-01] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [268648 2011-10-01] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [25960 2011-10-01] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [22376 2011-10-01] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; D:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [199752 2011-11-21] (1&1 Internet AG)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider)
U3 DfSdkS;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-20 13:04 - 2013-08-20 13:04 - 00000000 ____D C:\Windows\ERUNT
2013-08-20 13:00 - 2013-08-20 13:00 - 00000000 ____D C:\N++RECOV
2013-08-20 12:56 - 2013-08-20 12:56 - 00001739 _____ C:\AdwCleaner[S1].txt
2013-08-20 12:17 - 2013-08-20 12:17 - 00000000 ____D C:\FRST
2013-08-20 11:01 - 2013-08-20 12:33 - 00000277 _____ D:\Favoriten\Desktop\Fixlist.txt
2013-08-20 09:51 - 2013-08-20 09:51 - 00078920 _____ D:\Favoriten\Desktop\Extras.Txt
2013-08-20 09:50 - 2013-08-20 09:50 - 00119116 _____ D:\Favoriten\Desktop\OTL.Txt
2013-08-20 09:45 - 2013-08-20 09:45 - 00602112 _____ (OldTimer Tools) D:\Favoriten\Desktop\OTL.exe
2013-08-19 19:14 - 2013-08-19 19:14 - 00000947 _____ D:\Favoriten\Desktop\SecretFolder.lnk
2013-08-17 20:23 - 2013-08-17 20:23 - 00000000 ____D D:\Favoriten\Desktop\Minimal Transparent Menu
2013-08-14 11:26 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 11:26 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 11:26 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 11:26 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 11:26 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 11:26 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 11:26 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 11:26 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 11:26 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 11:26 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 11:26 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 11:26 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 11:26 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 11:26 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 11:26 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 11:26 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 11:26 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 11:26 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 11:26 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 11:26 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 11:26 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 11:26 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 11:26 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 11:26 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 11:26 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 11:26 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 11:26 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 11:26 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 11:26 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 11:26 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 11:26 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 11:23 - 2013-08-14 11:25 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 08:13 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 08:13 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 08:13 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 08:13 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 08:13 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 08:13 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 08:13 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 08:13 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 08:13 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 08:13 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 08:13 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 08:13 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 08:13 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 08:13 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 08:13 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 08:13 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 08:13 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 08:13 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 08:13 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 08:13 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 08:13 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 08:13 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 08:13 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 08:13 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 08:13 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 08:13 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 08:13 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-12 00:01 - 2013-08-12 00:02 - 00000000 ____D D:\Favoriten\Desktop\A5 HTML5 Animator
2013-08-11 20:53 - 2013-08-11 20:53 - 00000535 _____ D:\Favoriten\Desktop\triangle.svg
2013-08-11 20:08 - 2013-08-11 20:08 - 00000000 ____D C:\Users\LEODES~1\AppData\Local\DATA BECKER
2013-08-11 20:08 - 2013-08-11 20:08 - 00000000 ____D C:\Users\LEODES~1\AppData\Local\Chromium
2013-08-11 20:02 - 2013-08-11 20:08 - 00004096 _____ C:\Users\Public\Documents\0000476D.LCS
2013-08-11 20:02 - 2013-08-11 20:03 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\ProtectDisc
2013-08-11 20:02 - 2013-08-11 20:02 - 00000990 _____ D:\Favoriten\Desktop\A5 HTML5 Animator Free Handbuch.lnk
2013-08-11 20:02 - 2013-08-11 20:02 - 00000000 ____D D:\Bibliotheken\Dokumente\A5 HTML5 Animator Projekte
2013-08-11 18:20 - 2013-08-11 20:06 - 00000000 ____D D:\Favoriten\Desktop\Feuer
2013-08-11 16:09 - 2013-08-11 16:09 - 06795962 _____ D:\Favoriten\Desktop\Wiki 08-13.psd
2013-08-11 14:13 - 2013-08-11 14:13 - 00021144 _____ D:\Favoriten\Desktop\Events and schedules - Waldresidenz Zum Roten Wasser.html
2013-08-11 14:13 - 2013-08-11 14:13 - 00000000 ____D D:\Favoriten\Desktop\Events and schedules - Waldresidenz Zum Roten Wasser_files
2013-08-09 19:13 - 2013-08-09 19:13 - 00000000 ____D C:\Program Files (x86)\Wunderlist2
2013-08-08 22:22 - 2013-08-08 22:22 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\chc
2013-08-07 08:24 - 2013-08-07 08:37 - 00000000 ____D D:\Favoriten\Desktop\Paypal Finderator
2013-08-01 18:23 - 2013-08-01 18:23 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-07-31 14:23 - 2013-07-31 14:23 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-07-31 14:23 - 2013-06-21 02:07 - 00203672 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2013-07-31 14:23 - 2013-06-21 02:07 - 00103448 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2013-07-30 13:06 - 2013-07-30 13:06 - 00000440 _____ C:\Desktop.lnk
2013-07-27 01:21 - 2013-07-27 01:21 - 01655644 _____ (Igor Pavlov) D:\Favoriten\Desktop\ShutdownTimer33Portable.exe
2013-07-24 16:58 - 2013-07-24 16:58 - 27902832 _____ D:\Favoriten\Desktop\I_20130709_Streik_an_Schleusen-Flash_640x360.flv
2013-07-22 10:55 - 2013-07-22 10:55 - 00000921 _____ D:\Favoriten\Desktop\Photomatix Pro 4.2.7 (64-bit).lnk
2013-07-22 10:55 - 2013-07-22 10:55 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\HDRsoft
2013-07-21 00:05 - 2013-07-21 00:05 - 00000851 _____ D:\Favoriten\Desktop\Artisteer 4.lnk
2013-07-21 00:05 - 2013-07-21 00:05 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\Artisteer
2013-07-21 00:05 - 2013-07-21 00:05 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\Apple Computer
2013-07-21 00:05 - 2013-07-21 00:05 - 00000000 ____D C:\Users\LEODES~1\AppData\Local\Apple Computer
==================== One Month Modified Files and Folders =======
2013-08-20 13:10 - 2013-08-20 13:10 - 00000696 _____ D:\Favoriten\Desktop\JRT.txt
2013-08-20 13:05 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-20 13:05 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 13:04 - 2013-08-20 13:04 - 00000000 ____D C:\Windows\ERUNT
2013-08-20 13:03 - 2011-04-12 09:43 - 00699860 _____ C:\Windows\system32\perfh007.dat
2013-08-20 13:03 - 2011-04-12 09:43 - 00149742 _____ C:\Windows\system32\perfc007.dat
2013-08-20 13:03 - 2009-07-14 07:13 - 01622188 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-20 13:00 - 2013-08-20 13:00 - 00000000 ____D C:\N++RECOV
2013-08-20 12:57 - 2013-07-09 18:36 - 00019643 _____ C:\Windows\setupact.log
2013-08-20 12:57 - 2012-04-06 03:34 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-20 12:57 - 2012-04-06 02:20 - 01512688 _____ C:\Windows\WindowsUpdate.log
2013-08-20 12:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-20 12:57 - 2009-07-14 04:34 - 00000514 _____ C:\Windows\win.ini
2013-08-20 12:56 - 2013-08-20 12:56 - 00001739 _____ C:\AdwCleaner[S1].txt
2013-08-20 12:33 - 2013-08-20 11:01 - 00000277 _____ D:\Favoriten\Desktop\Fixlist.txt
2013-08-20 12:26 - 2012-04-06 02:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-20 12:17 - 2013-08-20 12:17 - 00000000 ____D C:\FRST
2013-08-20 09:51 - 2013-08-20 09:51 - 00078920 _____ D:\Favoriten\Desktop\Extras.Txt
2013-08-20 09:50 - 2013-08-20 09:50 - 00119116 _____ D:\Favoriten\Desktop\OTL.Txt
2013-08-20 09:45 - 2013-08-20 09:45 - 00602112 _____ (OldTimer Tools) D:\Favoriten\Desktop\OTL.exe
2013-08-20 09:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-08-20 08:48 - 2012-06-13 00:36 - 00000000 ____D C:\ProgramData\MFAData
2013-08-20 02:00 - 2012-05-04 21:36 - 00000000 ____D C:\Users\LEODES~1\AppData\Local\Adobe
2013-08-19 23:23 - 2013-04-11 23:02 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0801BCE7-DFEA-4B4A-BC33-A638DCEC01FC}
2013-08-19 19:40 - 2012-06-16 00:21 - 00000000 ___RD C:\Users\LeoDesign\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tools
2013-08-19 19:39 - 2013-04-16 02:02 - 00000228 _____ C:\Windows\HFIT.hff
2013-08-19 19:14 - 2013-08-19 19:14 - 00000947 _____ D:\Favoriten\Desktop\SecretFolder.lnk
2013-08-19 19:14 - 2013-04-16 02:02 - 00000000 ____D C:\Program Files (x86)\SecretFolder
2013-08-19 08:13 - 2013-06-27 10:19 - 00000000 ____D D:\Favoriten\Desktop\PortableApps 2013-06
2013-08-18 19:18 - 2012-10-16 18:27 - 00000000 ____D C:\ProgramData\firebird
2013-08-18 14:07 - 2009-07-14 06:45 - 05317320 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-17 21:01 - 2013-04-11 15:15 - 00000000 ____D D:\Favoriten\Desktop\themeforest-Bundle
2013-08-17 20:23 - 2013-08-17 20:23 - 00000000 ____D D:\Favoriten\Desktop\Minimal Transparent Menu
2013-08-17 20:22 - 2013-06-29 22:50 - 00000000 ____D D:\Favoriten\Desktop\Gemeinde
2013-08-17 18:19 - 2012-06-11 02:19 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\vlc
2013-08-16 22:45 - 2013-04-12 14:25 - 00001456 _____ C:\Users\LEODES~1\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-08-16 12:03 - 2012-05-05 01:19 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\SoftGrid Client
2013-08-15 21:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 20:30 - 2012-04-06 02:36 - 00152224 _____ C:\Users\LEODES~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-14 15:37 - 2013-03-09 17:13 - 00209312 _____ D:\Bibliotheken\Dokumente\Readiris.DUS
2013-08-14 11:25 - 2013-08-14 11:23 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 11:23 - 2012-05-04 22:36 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-12 00:02 - 2013-08-12 00:01 - 00000000 ____D D:\Favoriten\Desktop\A5 HTML5 Animator
2013-08-11 23:36 - 2012-05-08 00:55 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\Mozilla
2013-08-11 20:53 - 2013-08-11 20:53 - 00000535 _____ D:\Favoriten\Desktop\triangle.svg
2013-08-11 20:08 - 2013-08-11 20:08 - 00000000 ____D C:\Users\LEODES~1\AppData\Local\DATA BECKER
2013-08-11 20:08 - 2013-08-11 20:08 - 00000000 ____D C:\Users\LEODES~1\AppData\Local\Chromium
2013-08-11 20:08 - 2013-08-11 20:02 - 00004096 _____ C:\Users\Public\Documents\0000476D.LCS
2013-08-11 20:06 - 2013-08-11 18:20 - 00000000 ____D D:\Favoriten\Desktop\Feuer
2013-08-11 20:03 - 2013-08-11 20:02 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\ProtectDisc
2013-08-11 20:02 - 2013-08-11 20:02 - 00000990 _____ D:\Favoriten\Desktop\A5 HTML5 Animator Free Handbuch.lnk
2013-08-11 20:02 - 2013-08-11 20:02 - 00000000 ____D D:\Bibliotheken\Dokumente\A5 HTML5 Animator Projekte
2013-08-11 16:09 - 2013-08-11 16:09 - 06795962 _____ D:\Favoriten\Desktop\Wiki 08-13.psd
2013-08-11 14:13 - 2013-08-11 14:13 - 00021144 _____ D:\Favoriten\Desktop\Events and schedules - Waldresidenz Zum Roten Wasser.html
2013-08-11 14:13 - 2013-08-11 14:13 - 00000000 ____D D:\Favoriten\Desktop\Events and schedules - Waldresidenz Zum Roten Wasser_files
2013-08-09 19:13 - 2013-08-09 19:13 - 00000000 ____D C:\Program Files (x86)\Wunderlist2
2013-08-09 19:13 - 2013-07-12 00:12 - 00002495 _____ C:\Users\Public\Desktop\Wunderlist.lnk
2013-08-09 19:13 - 2013-07-12 00:09 - 00000000 ____D C:\ProgramData\Package Cache
2013-08-09 09:40 - 2012-06-16 00:24 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grafik
2013-08-08 22:41 - 2012-04-06 02:38 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\Adobe
2013-08-08 22:22 - 2013-08-08 22:22 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\chc
2013-08-08 19:54 - 2012-10-11 00:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-08 08:36 - 2012-05-08 00:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-07 08:37 - 2013-08-07 08:24 - 00000000 ____D D:\Favoriten\Desktop\Paypal Finderator
2013-08-01 18:23 - 2013-08-01 18:23 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-07-31 14:24 - 2013-05-19 23:17 - 00000000 ____D D:\Favoriten\Desktop\Handybackup
2013-07-31 14:23 - 2013-07-31 14:23 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-07-31 14:23 - 2012-05-04 23:55 - 00000000 ____D C:\Users\LEODES~1\AppData\Local\Downloaded Installations
2013-07-31 14:20 - 2013-05-20 13:37 - 00000000 ____D D:\Bibliotheken\Dokumente\SelfMV
2013-07-31 12:22 - 2013-02-05 23:06 - 00001397 _____ D:\Favoriten\Desktop\TeamViewer.lnk
2013-07-30 13:06 - 2013-07-30 13:06 - 00000440 _____ C:\Desktop.lnk
2013-07-27 14:16 - 2012-09-11 18:32 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\Simfy
2013-07-27 14:14 - 2012-09-30 02:55 - 00000000 ____D D:\Bibliotheken\Dokumente\PersBackup
2013-07-27 14:03 - 2013-03-30 12:10 - 00001094 _____ D:\Favoriten\Desktop\Backup LeoServer BackupTwo.lnk
2013-07-27 13:48 - 2012-06-16 00:20 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System
2013-07-27 01:21 - 2013-07-27 01:21 - 01655644 _____ (Igor Pavlov) D:\Favoriten\Desktop\ShutdownTimer33Portable.exe
2013-07-26 07:13 - 2013-08-14 11:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-14 11:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-14 11:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-14 11:26 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-14 11:26 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-14 11:26 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-14 11:26 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-14 11:26 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-14 11:26 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-14 11:26 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-14 11:26 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-14 11:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-14 11:26 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-14 11:26 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-14 11:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-14 11:26 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-14 11:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-14 11:26 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-14 11:26 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-14 11:26 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-14 11:26 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-14 11:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-14 11:26 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-14 11:26 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-14 11:26 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-14 11:26 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-14 11:26 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-14 11:26 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-14 11:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-14 11:26 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-14 11:26 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-14 08:13 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-14 08:13 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 16:58 - 2013-07-24 16:58 - 27902832 _____ D:\Favoriten\Desktop\I_20130709_Streik_an_Schleusen-Flash_640x360.flv
2013-07-23 17:31 - 2012-09-26 18:39 - 00000000 ____D C:\Users\LEODES~1\AppData\Local\Deployment
2013-07-22 10:55 - 2013-07-22 10:55 - 00000921 _____ D:\Favoriten\Desktop\Photomatix Pro 4.2.7 (64-bit).lnk
2013-07-22 10:55 - 2013-07-22 10:55 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\HDRsoft
2013-07-21 00:05 - 2013-07-21 00:05 - 00000851 _____ D:\Favoriten\Desktop\Artisteer 4.lnk
2013-07-21 00:05 - 2013-07-21 00:05 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\Artisteer
2013-07-21 00:05 - 2013-07-21 00:05 - 00000000 ____D C:\Users\LeoDesign\AppData\Roaming\Apple Computer
2013-07-21 00:05 - 2013-07-21 00:05 - 00000000 ____D C:\Users\LEODES~1\AppData\Local\Apple Computer
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-12 11:34
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2013 03
Ran by LeoDesign at 2013-08-20 13:10:45
Running from G:\
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
2013 (Version: 2013.0.3392)
1&1 Upload-Manager (x32 Version: 2.0.676)
ACDSee Pro 6 (Version: 6.3.221)
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.7)
Adobe AIR (x32 Version: 3.8.0.870)
Adobe Anchor Service CS3 (x32 Version: 1.0)
Adobe Asset Services CS3 (x32 Version: 3)
Adobe Bridge CS3 (x32 Version: 2)
Adobe Bridge Start Meeting (x32 Version: 1.0)
Adobe BridgeTalk Plugin CS3 (x32 Version: 1.0)
Adobe Camera Raw 4.0 (x32 Version: 4.0)
Adobe CMaps (x32 Version: 1.0)
Adobe Color - Photoshop Specific (x32 Version: 1.0)
Adobe Color Common Settings (x32 Version: 1.0)
Adobe Color EU Recommended Settings (x32 Version: 1.0)
Adobe Color JA Extra Settings (x32 Version: 1.0)
Adobe Color NA Extra Settings (x32 Version: 1.0)
Adobe Creative Cloud (x32 Version: 2.0.2.189)
Adobe Creative Suite 3 Design Premium (x32 Version: 1.0)
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen (x32 Version: 1.0)
Adobe CS6 Design and Web Premium (x32 Version: 6)
Adobe Default Language CS3 (x32 Version: 1.0)
Adobe Device Central CS3 (x32 Version: 1.0)
Adobe Dreamweaver CS3 (x32 Version: 9)
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0)
Adobe Extension Manager CS3 (x32 Version: 1.8)
Adobe Flash CS3 (x32 Version: 9.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Flash Video Encoder (x32 Version: 2.0)
Adobe Fonts All (x32 Version: 1.0)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Help Viewer CS3 (x32 Version: 1)
Adobe Illustrator CS3 (x32 Version: 13.0)
Adobe InDesign CS3 (x32 Version: 5.0)
Adobe InDesign CS3 Icon Handler (x32 Version: 5.0)
Adobe Linguistics CS3 (x32 Version: 3.0.0)
Adobe MotionPicture Color Files (x32 Version: 1.0)
Adobe PDF Library Files (x32 Version: 8.0)
Adobe Photoshop CS3 (x32 Version: 10)
Adobe Setup (x32 Version: 1.0)
Adobe SING CS3 (x32 Version: 0.1)
Adobe Stock Photos CS3 (x32 Version: 1.5)
Adobe Type Support (x32 Version: 1.0)
Adobe Update Manager CS3 (x32 Version: 5.1.0)
Adobe Version Cue CS3 Client (x32 Version: 3)
Adobe WAS CS3 (x32 Version: 1.0)
Adobe Widget Browser (x32 Version: 2.0 Build 230)
Adobe Widget Browser (x32 Version: 2.0.230)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0)
Adobe XMP Panels CS3 (x32 Version: 1.0)
Adobe® Content Viewer (x32 Version: 3.2.0)
AHV content for Acrobat and Flash (x32 Version: 1)
AI Suite II (x32 Version: 1.01.40)
ALLNET Smart Utility 1.01.02 (x32 Version: 1.01.02)
Artisteer 4 (x32 Version: 4.1)
Ashampoo Burning Studio 11 v.11.0.4 (x32 Version: 11.0.4)
Ashampoo WinOptimizer 9 v.9.04.31 (x32 Version: 9.04.31)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.14.3.0)
AVG 2013 (Version: 13.0.3211)
AVG 2013 (Version: 13.0.3392)
AVM FRITZ!fax für FRITZ!Box (x32)
BackupSF version 2.7 (x32 Version: 2.7)
Brother P-touch Address Book 1.1 (x32 Version: 1.1.2201)
Brother P-touch Editor 5.0 (x32 Version: 5.0.2300)
Brother P-touch Update Software (x32 Version: 1.0.0060)
Clover 3.0 (x32 Version: 3.0)
ColorPic (x32 Version: 4.1)
colymp (x32 Version: 1.3.288)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - KPT Collection (x32 Version: 1.00.0000)
CorelDRAW Graphics Suite X5 - KPT Collection (x32)
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3)
CorelDRAW Graphics Suite X5 (x32 Version: 15.3)
CorelDRAW(R) Graphics Suite X5 (x32 Version: 15.2.0.686)
D3DX10 (x32 Version: 15.4.2368.0902)
DATA BECKER A5 HTML5 Animator Free (x32 Version: 1.0.0.0)
Dropbox (HKCU Version: 1.6.10)
EOSInfo (x32 Version: 0.2.0)
Evernote v. 4.6.7 (x32 Version: 4.6.7.8409)
Fotogalerie (x32 Version: 16.4.3505.0912)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64)
Herrnhuter Losungen (x32 Version: 3.2.1)
Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1026)
jAlbum (x32 Version: 11.0.5)
Java 7 Update 9 (64-bit) (Version: 7.0.90)
Java(TM) 6 Update 21 (x32 Version: 6.0.210)
K-Lite Codec Pack 9.3.0 (Full) (x32 Version: 9.3.0)
LAME v3.99.3 (for Windows) (x32)
Lexware Abschreibungsrechner (x32 Version: 12.00.04.0003)
Lexware Elster (x32 Version: 13.04.00.0113)
Lexware Info Service (x32 Version: 2.90.00.0009)
Lexware online banking (x32 Version: 18.00.00.0035)
Lexware Zeiterfassung (x32 Version: 26.00.04.0001)
Lexware zeitmanagement 2011 (x32 Version: 2.05.00.0169)
Meazure 2.0 (x32 Version: 2.0)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Image Composite Editor (Version: 1.4.4)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.6120.5004)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.6120.5004)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Small Business Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.6120.5005)
Microsoft Office XP Media Content (x32 Version: 10.0.2619.0)
Microsoft Office XP Professional (x32 Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Movie Maker (x32 Version: 16.4.3505.0912)
MozBackup 1.5.1 (x32)
Mozilla Maintenance Service (x32 Version: 17.0.8)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
mSecure (x32 Version: 3.114)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyFreeCodec (HKCU)
No23 Recorder (x32 Version: 2.1.0.3)
NVIDIA 3D Vision Controller-Treiber 310.90 (Version: 310.90)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Opera 12.14 (Version: 12.14.1738)
Opera 12.16 (Version: 12.16.1860)
PDF Settings (x32 Version: 1.0)
PDF Settings CS6 (x32 Version: 11.0)
PDFCreator (x32 Version: 1.7.1)
Personal Backup 5.4 (x32 Version: 5.3)
Photo Gallery (x32 Version: 16.4.3505.0912)
Photomatix Pro version 4.2.7 (Version: 4.2.7)
Readiris Pro 12 (x32 Version: 12.00.6209)
Realtek Ethernet Controller Driver (x32 Version: 7.49.927.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526)
Revo Uninstaller 1.83 (x32 Version: 1.83)
Samsung Kies (x32 Version: 2.5.3.13043_14)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0)
Sandboxie 3.72 (64-bit) (Version: 3.72)
SecretFolder version 2.0.0.0 (x32 Version: 2.0.0.0)
simfy (x32 Version: 1.7.3)
StarMoney (x32 Version: 4.0.0.203)
StarMoney 9.0 S-Edition (x32 Version: 9.0)
StreamTransport version: 1.0.2.2171 (x32)
TIPP10 Version 2.1.0 (x32)
TL-WN721N/TL-WN722N Driver (x32 Version: 1.0.0)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.73)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
USB Tablet Manager (Version: 4.13)
Virtual Audio Cable 4.10
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.1 (Version: 2.0.1)
VLC media player 2.0.5 (x32 Version: 2.0.5)
Website Backup (x32 Version: 2.1)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Wunderlist (x32 Version: 2.2.1.22)
==================== Restore Points =========================
14-08-2013 09:23:18 Windows Update
20-08-2013 01:00:10 Windows Update
20-08-2013 07:37:37 Wiederherstellungsvorgang
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {2D7C016E-330A-4671-8481-FB27DEFA4EAC} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {4DC2EA55-DEC2-4C2F-9318-E94D7BBC6AAE} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG)
Task: {621B0E47-E15E-422C-8B37-07DA434A90D7} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {65D0D1CA-D694-4DA4-89C8-AB6A7FEAE1BB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {674F2285-5A30-46B7-9CA0-2A538184FD65} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {74BF573B-4005-45BC-8E8A-9CC206375CB7} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {7C86D5B5-C2ED-4258-9D92-6DD1B8827CDF} - System32\Tasks\Listary => D:\Portable\ListaryPortable\Listary.exe [2013-03-20] (Bopsoft)
Task: {7CF3E3E8-DB9B-450C-BA79-9C5C1746E659} - System32\Tasks\User_Feed_Synchronization-{0801BCE7-DFEA-4B4A-BC33-A638DCEC01FC} => C:\Windows\system32\msfeedssync.exe [2013-04-16] (Microsoft Corporation)
Task: {8258D7C2-87D1-4464-B6E0-F55477AA6F29} - System32\Tasks\{AFF492E8-1CED-4E8F-9D0C-18D875AE3573} => D:\Favoriten\Desktop\40DShutterCount.exe No File
Task: {94D08132-96B6-472F-936D-3A35C99AC076} - System32\Tasks\RunAsStdUser Task => d:\Programme\NetDrive\netdrive.exe No File
Task: {A7C03399-0F5D-410B-9D5C-839F6F385A1F} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => D:\Programme\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software)
Task: {B6FD0C6D-E561-460D-9EC2-2DD341B3AE82} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-11] (Adobe Systems Incorporated)
Task: {F870C3E3-9794-427A-B569-4AE652E1734A} - System32\Tasks\AdobeAAMUpdater-1.0-LeoPC-LeoDesign => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {FB17B196-A0E0-4025-9EFB-90AD9F1B4A2B} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Faulty Device Manager Devices =============
Name: Datacolor Spyder3
Description: Datacolor Spyder3
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 16348.88 MB
Available physical RAM: 13976.45 MB
Total Pagefile: 40887.95 MB
Available Pagefile: 38381.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:111.79 GB) (Free:46.89 GB) NTFS
Drive d: (Programme) (Fixed) (Total:465.76 GB) (Free:118.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Backup) (Fixed) (Total:115.04 GB) (Free:49.16 GB) NTFS
Drive g: () (Removable) (Total:1.92 GB) (Free:1.91 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F841F85C)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 6659D3CF)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 115 GB) (Disk ID: D832D832)
Partition 1: (Not Active) - (Size=115 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (Size: 2 GB) (Disk ID: CB6E2416)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)
==================== End Of Log ============================
Gruß Leo |
|
20.08.2013, 12:29
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner-Entfernung hängt PC beim Start bei cmd.exe Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.08.2013, 13:21
| #11 |
| | Nach Trojaner-Entfernung hängt PC beim Start bei cmd.exe Hallo cosinus, auch die letzten Scans haben nichts Böses mehr zutage gefördert. Nochmals danke und Gruß Leo |
|
20.08.2013, 13:38
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner-Entfernung hängt PC beim Start bei cmd.exe Die Logs bitte immer posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.08.2013, 13:50
| #13 |
| | Nach Trojaner-Entfernung hängt PC beim Start bei cmd.exe Ok, ok! Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.20.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 LeoDesign :: LEOPC [Administrator] 20.08.2013 14:39:46 mbam-log-2013-08-20 (14-39-46).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 249645 Laufzeit: 1 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
20.08.2013, 13:52
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner-Entfernung hängt PC beim Start bei cmd.exe Ok, ESET fehlt noch
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.08.2013, 16:23
| #15 |
| | Nach Trojaner-Entfernung hängt PC beim Start bei cmd.exe Nun habe ich den ESET schon seit Stunden am Laufen und er ist noch lange nicht am Ende. Das liegt daran, weil ich meine NAS-Laufwerke als interne Laufwerke eingebunden habe (Netzwerksuche) und ESET die nun komplett mitscannt! Ich habe das nun abgebrochen, weil die Rechnereigennen Laufwerke C und D "schon" durch sind. Here are the scan results: Code:
ATTFilter Target: C:\Users\LeoDesign\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\273e8635-701aafbd
Threat: Java/Exploit.Agent.PGU trojan
Target: D:\Favoriten\Desktop\Handybackup\Galaxy Note\Phone\com.maildroid.pro\files_v2\partial_cache\meine@mail.de\efa668fb-4a90-4d85-abd1-43caf3fe681e
Threat: HTML/Phishing.LinkedIn.A trojan
Target: D:\Favoriten\Desktop\Handybackup\Phone\com.maildroid.pro\files_v2\partial_cache\meine@mail.de\efa668fb-4a90-4d85-abd1-43caf3fe681e
Threat: HTML/Phishing.LinkedIn.A trojan
Soll ich versuchen, den Java-Cache zu löschen? Gruß Leo |
|
| Themen zu Nach Trojaner-Entfernung hängt PC beim Start bei cmd.exe |
| adobe flash player, association, asus, audio, avg, becker, check, crypt, explorer.exe, farbar, farbar recovery scan tool, flash player, folge, free, hängt, microsoft, namen, neue, neustart, problem, programme, realtek, registry, scan, services.exe, starmoney, svchost.exe, system32, winlogon, winlogon.exe |
Linear-Darstellung
