| |
| |||||||
Log-Analyse und Auswertung: Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.09.2013, 12:45
| #1 |
 |  Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht. Hallo, ich habe hier auf einem Netbook einen BKA bzw. GVU-Trojaner. Da der Abgesichertenmodus noch ging, habe ich ein paar Scans gemacht (OLT, GMER, FRST). Da war Trend Micro Internet Security drauf, also wieso hat sich da der Trojaner eingenistet ? Kriegt man das Ding irgendwie runter? Code:
ATTFilter OTL logfile created on: 12.09.2013 12:41:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ani\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1015,24 Mb Total Physical Memory | 509,05 Mb Available Physical Memory | 50,14% Memory free 1,99 Gb Paging File | 1,47 Gb Available in Paging File | 73,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 71,97 Gb Free Space | 71,97% Space Free | Partition Type: NTFS Drive D: | 122,87 Gb Total Space | 122,65 Gb Free Space | 99,83% Space Free | Partition Type: NTFS Drive F: | 7,48 Gb Total Space | 6,67 Gb Free Space | 89,11% Space Free | Partition Type: NTFS Computer Name: ANI-PC | User Name: ani | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.18 22:49:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ani\Desktop\OTL.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2013.03.05 11:52:29 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a97f4e39d47dc3d5098150a8b14a9662\Microsoft.VisualBasic.ni.dll MOD - [2013.02.27 22:02:59 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll MOD - [2013.01.15 13:41:24 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\2b54822a40e9b08479a79cce0e196af1\System.EnterpriseServices.ni.dll MOD - [2013.01.15 13:41:18 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\00038bb019bb7e4470d3962b58b1926f\System.Transactions.ni.dll MOD - [2013.01.15 13:41:12 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\d0dd051976a66e08325379754531421c\System.Data.ni.dll MOD - [2013.01.15 13:34:46 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll MOD - [2013.01.15 13:32:58 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll MOD - [2013.01.15 13:32:42 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll MOD - [2013.01.15 13:32:38 | 007,974,400 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll MOD - [2013.01.15 13:31:56 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll MOD - [2009.09.15 20:45:59 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2009.09.15 20:45:59 | 000,029,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3524.15966__0d0f4b69e50e559b\SqliteShared.dll MOD - [2009.08.25 09:47:24 | 000,140,560 | ---- | M] () -- C:\Program Files\ASUS\Asus WebStorage\EcaremeDLL.dll MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.06.10 23:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\PROGRA~2\thidwhnakbhftduwajt.bfg -- (Winmgmt) SRV - [2013.06.30 21:11:04 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate) SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc) SRV - [2010.01.19 01:31:32 | 001,678,272 | ---- | M] (Discordia Limited) [Auto | Stopped] -- C:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator) SRV - [2009.08.22 11:01:00 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy) SRV - [2009.08.22 11:01:00 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV - [2009.08.22 11:00:00 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw) SRV - [2009.08.22 10:28:00 | 000,715,368 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom) SRV - [2009.08.18 17:35:56 | 000,219,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) ========== Driver Services (SafeList) ========== DRV - [2009.12.08 20:19:22 | 000,113,664 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.10.05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.08.22 11:38:00 | 001,223,832 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint) DRV - [2009.08.22 11:38:00 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp) DRV - [2009.08.22 11:38:00 | 000,225,808 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt) DRV - [2009.08.22 11:38:00 | 000,158,224 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm) DRV - [2009.08.22 11:38:00 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf) DRV - [2009.08.22 11:38:00 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi) DRV - [2009.08.22 11:38:00 | 000,059,920 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon) DRV - [2009.08.22 11:38:00 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2009.08.22 11:38:00 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt) DRV - [2009.07.30 14:57:40 | 000,107,008 | ---- | M] (BandRich Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\br3gmdm.sys -- (br3gmdm) DRV - [2009.07.27 09:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2009.07.20 11:29:00 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/hxxp://www.google.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=MAAU&ocid=bb7hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://asus.de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D7 F8 08 50 81 39 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1696E378-D1E9-42B9-9AED-24A1EF1BFF79}: "URL" = hxxp://www.bing.com/search?FORM=ASUBDF&PC=MAAU&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = hxxp://www.searchqu.com/web?src=ieb&q={SearchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2011.01.20 12:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ani\AppData\Roaming\mozilla\Extensions [2011.01.20 12:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.09.14 14:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\ani\AppData\Roaming\Mozilla\plugins\np-mswmp.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Discordia Limited) O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC) O4 - HKLM..\Run: [EeeStorageBackup] C:\Program Files\ASUS\Asus WebStorage\BackupService.exe (ECAREME) O4 - HKLM..\Run: [HotKeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.) O4 - HKCU..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://uploadserver.info/premium/mirror2/uploader/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCAD2730-FD19-40C3-883D-E91CADD4F7D1}: DhcpNameServer = 212.23.115.148 212.23.115.132 O20 - AppInit_DLLs: (c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll) - c:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC) O20 - AppInit_DLLs: (c:\progra~1\bearsh~1\mediabar\datamngr\iebho.dll) - c:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC) O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.03.24 09:06:41 | 000,000,053 | ---- | M] () - F:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{3b5d73e6-479a-11e2-9d4c-0025d3a3c011}\Shell - "" = AutoRun O33 - MountPoints2\{3b5d73e6-479a-11e2-9d4c-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{67441d6a-6a85-11df-bd92-0025d3a3c011}\Shell - "" = AutoRun O33 - MountPoints2\{67441d6a-6a85-11df-bd92-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{67441d8f-6a85-11df-bd92-0025d3a3c011}\Shell - "" = AutoRun O33 - MountPoints2\{67441d8f-6a85-11df-bd92-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{8acdd4ef-eed6-11e0-8a24-0025d3a3c011}\Shell - "" = AutoRun O33 - MountPoints2\{8acdd4ef-eed6-11e0-8a24-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{931790c7-8679-11df-b4ec-0025d3a3c011}\Shell - "" = AutoRun O33 - MountPoints2\{931790c7-8679-11df-b4ec-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{931790d9-8679-11df-b4ec-0025d3a3c011}\Shell - "" = AutoRun O33 - MountPoints2\{931790d9-8679-11df-b4ec-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{931790e3-8679-11df-b4ec-0025d3a3c011}\Shell - "" = AutoRun O33 - MountPoints2\{931790e3-8679-11df-b4ec-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{931790e6-8679-11df-b4ec-0025d3a3c011}\Shell - "" = AutoRun O33 - MountPoints2\{931790e6-8679-11df-b4ec-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{a2e8b479-f645-11df-b20b-0025d3a3c011}\Shell - "" = AutoRun O33 - MountPoints2\{a2e8b479-f645-11df-b20b-0025d3a3c011}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a4c600f1-f7b1-11df-9d2d-90e6baf33f7d}\Shell - "" = AutoRun O33 - MountPoints2\{a4c600f1-f7b1-11df-9d2d-90e6baf33f7d}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b2a81b65-eeba-11e0-a6d2-0025d3a3c011}\Shell - "" = AutoRun O33 - MountPoints2\{b2a81b65-eeba-11e0-a6d2-0025d3a3c011}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c561bf37-ef26-11e0-8a3b-90e6baf33f7d}\Shell - "" = AutoRun O33 - MountPoints2\{c561bf37-ef26-11e0-8a3b-90e6baf33f7d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.09.12 12:41:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ani\Desktop\OTL.exe [2013.09.12 12:41:11 | 000,000,000 | ---D | C] -- C:\Users\ani\Desktop\_ANTIVIR [2013.08.16 13:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\5372 [2013.08.16 13:16:42 | 000,000,000 | R--D | C] -- C:\Users\ani\Documents\Scanned Documents [2013.08.16 13:16:42 | 000,000,000 | ---D | C] -- C:\Users\ani\Documents\Fax [2009.09.15 20:37:01 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC486.dll [1 C:\Users\ani\Documents\*.tmp files -> C:\Users\ani\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.09.12 12:40:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.09.12 12:39:53 | 798,416,896 | -HS- | M] () -- C:\hiberfil.sys [2013.09.12 12:37:31 | 000,001,088 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.08.16 17:30:56 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.08.16 17:30:56 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.08.16 17:26:30 | 000,001,414 | ---- | M] () -- C:\Users\ani\Desktop\Registry kostenlos entrümpeln!.lnk [2013.08.16 17:24:37 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.08.16 15:51:27 | 000,006,576 | ---- | M] () -- C:\bootsqm.dat [1 C:\Users\ani\Documents\*.tmp files -> C:\Users\ani\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.08.16 15:51:27 | 000,006,576 | ---- | C] () -- C:\bootsqm.dat [2013.08.16 15:19:26 | 000,001,097 | ---- | C] () -- C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tjawudtfhbkanhwdiht.lnk [2012.10.12 17:21:31 | 000,017,136 | ---- | C] () -- C:\windows\System32\sasnative32.exe [2010.01.22 21:42:53 | 000,000,110 | ---- | C] () -- C:\Users\ani\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.09.2013 12:41:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ani\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1015,24 Mb Total Physical Memory | 509,05 Mb Available Physical Memory | 50,14% Memory free
1,99 Gb Paging File | 1,47 Gb Available in Paging File | 73,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 71,97 Gb Free Space | 71,97% Space Free | Partition Type: NTFS
Drive D: | 122,87 Gb Total Space | 122,65 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
Drive F: | 7,48 Gb Total Space | 6,67 Gb Free Space | 89,11% Space Free | Partition Type: NTFS
Computer Name: ANI-PC | User Name: ani | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000B5B6A-415D-470D-B985-E4DBA7226A3F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0D3D702E-E2A6-4053-8C95-B15A59E46A77}" = rport=445 | protocol=6 | dir=out | app=system |
"{69F3B35F-02B4-45F6-8F49-1C7131DE3D77}" = lport=445 | protocol=6 | dir=in | app=system |
"{78356BC9-0C46-4477-A94E-6E85554B3A4C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{78D0CE13-E2E0-4CCF-9FA2-5535EC520285}" = lport=137 | protocol=17 | dir=in | app=system |
"{82BCCD95-4DA4-453A-A2B6-81B095010D33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84402423-1A20-4FF3-A47F-56B75E6CEB29}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{86DE8C28-E126-4101-AE54-DAB8267011B7}" = lport=138 | protocol=17 | dir=in | app=system |
"{907A55E2-E373-423F-8234-9D44001F184B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9340674A-CE7E-4F29-BAC9-B9B28A23888C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{934AAB52-021D-4D2B-B449-AD458F8936F4}" = rport=138 | protocol=17 | dir=out | app=system |
"{93A41E69-D577-460B-AD5A-E3A32D0CC4BF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A70D3848-9521-4012-BFAA-7396CCEE18B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BD8B456F-5511-4D63-9148-FE947B7CF050}" = rport=137 | protocol=17 | dir=out | app=system |
"{DD5B0FBA-0EFC-430F-8C1D-FFC41B5DB290}" = lport=139 | protocol=6 | dir=in | app=system |
"{F5493B7F-D98E-45E2-9514-D82103BB37B7}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B197A49-A73E-47E3-B309-ACFDB9B146DD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2BCD06A3-6885-48D5-B990-B13164FAD3A5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5B2FEFFA-2D73-4257-B226-FF588250AE0E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{64313718-B1B4-4E86-AB5F-4249A2F1F363}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{7D55EBC5-DB96-428B-97F3-328E219FFEEC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{88DF8F50-648B-4BC4-A828-D00366BE1301}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{93F53564-F367-4360-AAA4-96DBD12F1615}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{A2B5788F-F77E-4F39-BC68-FA5E6FCA7A99}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EAD65076-89F6-4920-A732-1B6D8C810E95}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{EB6F5F1F-B052-46FC-8A70-6FE065AB63AB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F8055864-2F90-409B-97A6-61E3DEAECF3D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{13AC81CD-F6F0-4195-B89C-FA024D906EF4}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{CB714EF5-5CC6-4B48-A373-12AC0DD1DAFE}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{BCE37923-4BAE-42D1-9A00-438DEF38A1CF}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{E58D8262-CC5B-4698-A858-2210536B4938}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{6336C0CC-BA32-4949-9D3D-C86B76147CCA}" = 3G Connection Manager
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{715B225A-D37B-4967-BF83-C1A0FCBBE63D}" = Mobile PhoneTools
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAD8718D-950E-468D-BDE2-17D4D6F1EA6A}" = FontResizer
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS VIBE" = ASUS VIBE
"Asus WebStorage" = Asus WebStorage
"Bandoo" = Bandoo
"BearShare" = BearShare
"BearShare 2 MediaBar" = MediaBar
"Eee Docking_is1" = Eee Docking 2.6.0
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"RegClean Pro_is1" = RegClean Pro
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.01.2012 17:43:03 | Computer Name = ani-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 19.01.2012 17:44:38 | Computer Name = ani-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\3g
connection manager\Drivers\Bandrich\x64\DPInst64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 21.01.2012 10:30:58 | Computer Name = ani-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 21.01.2012 10:34:02 | Computer Name = ani-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\3g
connection manager\Drivers\Bandrich\x64\DPInst64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.01.2012 06:03:53 | Computer Name = ani-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 22.01.2012 06:07:07 | Computer Name = ani-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\3g
connection manager\Drivers\Bandrich\x64\DPInst64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 23.01.2012 17:59:01 | Computer Name = ani-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
Zeitstempel: 0x4eb4a5ea Name des fehlerhaften Moduls: Flash10c.ocx, Version: 10.0.32.18,
Zeitstempel: 0x4a613d79 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001579a2 ID des fehlerhaften
Prozesses: 0xde4 Startzeit der fehlerhaften Anwendung: 0x01ccd9a07183c8b3 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash10c.ocx Berichtskennung:
74f404ee-460d-11e1-8ae7-001e101f50a4
Error - 24.01.2012 05:46:58 | Computer Name = ani-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
Zeitstempel: 0x4eb4a5ea Name des fehlerhaften Moduls: Flash10c.ocx, Version: 10.0.32.18,
Zeitstempel: 0x4a613d79 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001579a2 ID des fehlerhaften
Prozesses: 0x1190 Startzeit der fehlerhaften Anwendung: 0x01ccda6602e94682 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash10c.ocx Berichtskennung:
5b42fb71-4670-11e1-8a16-001e101f7f74
Error - 24.01.2012 05:47:03 | Computer Name = ani-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
Zeitstempel: 0x4eb4a5ea Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16624,
Zeitstempel: 0x4c297c56 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00095b51 ID des fehlerhaften
Prozesses: 0x1190 Startzeit der fehlerhaften Anwendung: 0x01ccda6602e94682 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\windows\system32\ole32.dll Berichtskennung: 5e28edf3-4670-11e1-8a16-001e101f7f74
Error - 24.01.2012 17:30:31 | Computer Name = ani-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
Zeitstempel: 0x4eb4a5ea Name des fehlerhaften Moduls: Flash10c.ocx, Version: 10.0.32.18,
Zeitstempel: 0x4a613d79 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001579a2 ID des fehlerhaften
Prozesses: 0x1354 Startzeit der fehlerhaften Anwendung: 0x01ccda65dc61cb0d Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash10c.ocx Berichtskennung:
a3a3c2bf-46d2-11e1-8a16-001e101f7f74
Error - 24.01.2012 17:30:36 | Computer Name = ani-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
Zeitstempel: 0x4eb4a5ea Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16624,
Zeitstempel: 0x4c297c56 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00095b51 ID des fehlerhaften
Prozesses: 0x1354 Startzeit der fehlerhaften Anwendung: 0x01ccda65dc61cb0d Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\windows\system32\ole32.dll Berichtskennung: a6bc6cfa-46d2-11e1-8a16-001e101f7f74
[ OSession Events ]
Error - 23.01.2013 05:39:37 | Computer Name = ani-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 61461
seconds with 720 seconds of active time. This session ended with a crash.
Error - 23.01.2013 07:05:34 | Computer Name = ani-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1217
seconds with 240 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 12.09.2013 06:40:38 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12.09.2013 06:40:38 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12.09.2013 06:40:38 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12.09.2013 06:40:38 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12.09.2013 06:42:05 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
Fehler beendet: %%126
Error - 12.09.2013 06:42:05 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Sicherheitscenter" ist vom Dienst "Windows-Verwaltungsinstrumentation"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%126
Error - 12.09.2013 06:44:11 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Sicherheitscenter" ist vom Dienst "Windows-Verwaltungsinstrumentation"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%126
Error - 12.09.2013 06:44:11 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
Fehler beendet: %%126
Error - 12.09.2013 06:55:49 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12.09.2013 06:56:32 | Computer Name = ani-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-12 13:33:00
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0002 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ani\AppData\Local\Temp\uwldrpow.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13F9 81E7E829 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EA3132 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
Device \FileSystem\fastfat \Fat AB219130
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243df175e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a3c011
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a3c011@2421ab1854d0 0x56 0xB7 0x2D 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a3c011@00265d5b841a 0xA8 0xED 0xCC 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a3c011@b8f9345bba9b 0xEA 0xB0 0xBD 0x32 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a3c011@3017c80991f4 0x66 0xBB 0x26 0xDE ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243df175e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a3c011 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a3c011@2421ab1854d0 0x56 0xB7 0x2D 0x0D ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a3c011@00265d5b841a 0xA8 0xED 0xCC 0x99 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a3c011@b8f9345bba9b 0xEA 0xB0 0xBD 0x32 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a3c011@3017c80991f4 0x66 0xBB 0x26 0xDE ...
---- EOF - GMER 2.1 ----
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-08-2013 (ATTENTION: ====> FRST version is 17 days old and could be outdated)
Ran by ani (administrator) on 12-09-2013 13:33:44
Running from C:\Users\ani\Desktop
Windows 7 Starter (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [750008 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotKeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-09-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [EeeStorageBackup] - C:\Program Files\ASUS\Asus WebStorage\BackupService.exe [947472 2009-08-25] (ECAREME)
HKLM\...\Run: [UfSeAgnt.exe] - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1024368 2009-08-22] (Trend Micro Inc.)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [DATAMNGR] - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE [1114552 2011-01-06] (MusicLab, LLC)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKCU\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [402608 2009-08-25] ()
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
MountPoints2: E - E:\AutoRun.exe
MountPoints2: {3b5d73e6-479a-11e2-9d4c-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {67441d6a-6a85-11df-bd92-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {67441d8f-6a85-11df-bd92-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {8acdd4ef-eed6-11e0-8a24-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {931790c7-8679-11df-b4ec-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {931790d9-8679-11df-b4ec-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {931790e3-8679-11df-b4ec-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {931790e6-8679-11df-b4ec-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {a2e8b479-f645-11df-b20b-0025d3a3c011} - F:\AutoRun.exe
MountPoints2: {a4c600f1-f7b1-11df-9d2d-90e6baf33f7d} - F:\AutoRun.exe
MountPoints2: {b2a81b65-eeba-11e0-a6d2-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {c561bf37-ef26-11e0-8a3b-90e6baf33f7d} - E:\AutoRun.exe
HKU\Default\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] ()
HKU\Default User\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=MAAU&ocid=bb7hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://asus.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/
hxxp://www.google.de/
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKCU - {1696E378-D1E9-42B9-9AED-24A1EF1BFF79} URL = hxxp://www.bing.com/search?FORM=ASUBDF&PC=MAAU&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = hxxp://www.searchqu.com/web?src=ieb&q={SearchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll ()
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: BandooIEPlugin Class - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Discordia Limited)
Toolbar: HKLM - MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll ()
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Users\ani\AppData\Roaming\Mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
========================== Services (Whitelisted) =================
S2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] ()
S2 Bandoo Coordinator; C:\PROGRA~1\Bandoo\Bandoo.exe [1678272 2010-01-19] (Discordia Limited)
S2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [715368 2009-08-22] (Trend Micro Inc.)
S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345352 2009-08-22] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [497008 2009-08-22] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [689416 2009-08-22] (Trend Micro Inc.)
S2 Winmgmt; C:\PROGRA~2\thidwhnakbhftduwajt.bfg [x]
==================== Drivers (Whitelisted) ====================
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [59920 2009-08-22] (Trend Micro Inc.)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [158224 2009-08-22] (Trend Micro Inc.)
S3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [50704 2009-08-22] (Trend Micro Inc.)
S3 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146448 2009-08-22] (Trend Micro Inc.)
S3 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [36368 2009-08-22] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2009-08-22] (Trend Micro Inc.)
S3 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [283152 2009-08-22] (Trend Micro Inc.)
S3 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [225808 2009-08-22] (Trend Micro Inc.)
S3 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1223832 2009-08-22] (Trend Micro Inc.)
U3 uwldrpow; \??\C:\Users\ani\AppData\Local\Temp\uwldrpow.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-12 13:33 - 2013-08-26 21:10 - 01070979 _____ (Farbar) C:\Users\ani\Desktop\FRST.exe
2013-09-12 12:58 - 2013-07-18 22:54 - 00377856 _____ C:\Users\ani\Desktop\gmer_2.1.19163.exe
2013-09-12 12:41 - 2013-09-12 12:59 - 00000000 ____D C:\Users\ani\Desktop\_ANTIVIR
2013-09-12 12:41 - 2013-07-18 22:49 - 00602112 _____ (OldTimer Tools) C:\Users\ani\Desktop\OTL.exe
2013-08-16 15:51 - 2013-08-16 15:51 - 00006576 ____N C:\bootsqm.dat
2013-08-16 13:17 - 2013-08-16 13:17 - 00000000 ____D C:\ProgramData\5372
2013-08-16 13:16 - 2013-08-16 13:16 - 00000000 ____D C:\Users\ani\Documents\Fax
==================== One Month Modified Files and Folders =======
2013-09-12 13:33 - 2013-09-12 13:33 - 00000000 ____D C:\FRST
2013-09-12 13:06 - 2010-01-24 00:23 - 00000000 ____D C:\Users\ani\AppData\Local\BearShare
2013-09-12 13:06 - 2010-01-22 20:58 - 00000000 ____D C:\Users\ani\Tracing
2013-09-12 13:06 - 2009-09-15 20:13 - 00000000 ____D C:\windows\panther
2013-09-12 13:03 - 2011-11-20 11:43 - 00000000 ____D C:\windows\Minidump
2013-09-12 12:59 - 2013-09-12 12:41 - 00000000 ____D C:\Users\ani\Desktop\_ANTIVIR
2013-09-12 12:37 - 2012-06-27 19:04 - 00001088 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-12 12:36 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-26 21:10 - 2013-09-12 13:33 - 01070979 _____ (Farbar) C:\Users\ani\Desktop\FRST.exe
2013-08-16 18:21 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\wfp
2013-08-16 18:21 - 2009-07-14 04:37 - 00000000 ____D C:\windows\registration
2013-08-16 17:30 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-16 17:30 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-16 17:26 - 2012-11-08 19:10 - 00001414 _____ C:\Users\ani\Desktop\Registry kostenlos entrümpeln!.lnk
2013-08-16 17:24 - 2012-06-27 19:04 - 00001092 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-16 17:23 - 2010-01-22 16:28 - 00000000 ____D C:\Users\ani
2013-08-16 15:51 - 2013-08-16 15:51 - 00006576 ____N C:\bootsqm.dat
2013-08-16 13:17 - 2013-08-16 13:17 - 00000000 ____D C:\ProgramData\5372
2013-08-16 13:16 - 2013-08-16 13:16 - 00000000 ____D C:\Users\ani\Documents\Fax
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-11-16 16:20
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-08-2013
Ran by ani at 2013-09-12 13:35:10
Running from C:\Users\ani\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================
==================== Installed Programs =======================
Update for Microsoft Office 2007 (KB2508958)
3G Connection Manager (Version: 2.00)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.6) - Deutsch (Version: 10.1.6)
Advanced System Protector (Version: 2.1.1000.9972)
ASUS VIBE (Version: 1.0.166)
Asus WebStorage (Version: 2.0.31.477)
ASUSUpdate for Eee PC
Atheros Client Installation Program (Version: 7.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.10)
Bandoo
BearShare (Version: 9.0.0.98413)
Bing Bar (Version: 7.1.391.0)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
E-Cam (Version: 2.0.1.7)
Eee Docking 2.6.0 (Version: 2.6.0)
EeeSplendid (Version: 5.1.2.0004)
FontResizer (Version: 1.01.0007)
Google Chrome (Version: 28.0.1500.95)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
Hotkey Service (Version: 1.11)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Java Auto Updater (Version: 2.0.6.1)
Java(TM) 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 14.0.8089.726)
MediaBar (Version: 2.5.0.98385)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mobile Partner (Version: 16.001.06.03.52)
Mobile PhoneTools (Version: 3.55)
MSVCRT (Version: 14.0.1468.721)
Ralink RT2860 Wireless LAN Card (Version: 1.2.0.1)
Realtek High Definition Audio Driver (Version: 6.0.1.5898)
RegClean Pro (Version: 6.21)
Super Hybrid Engine (Version: 2.09)
Synaptics Pointing Device Driver (Version: 13.2.6.1)
Trend Micro Internet Security (Version: 17.50)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
WIDCOMM Bluetooth Software (Version: 6.2.0.9600)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live ID-Anmelde-Assistent (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
==================== Restore Points =========================
Could not list Restore Points.
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {179B024B-098E-44D8-80E0-7BFE061DF324} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {1865F8D6-928F-4AB4-8301-DB342545E01F} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files\RegClean Pro\RegCleanPro.exe [2012-09-21] (Systweak Inc)
Task: {6A2E9BCD-93DD-4F5A-AEC2-3729B7D67213} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-27] (Google Inc.)
Task: {6D2FFD4C-39D9-477C-A8B2-24864CF899A7} - System32\Tasks\User_Feed_Synchronization-{E05BD53F-55BE-4FD5-AB3E-AAF284007120} => C:\windows\system32\msfeedssync.exe [2012-02-20] (Microsoft Corporation)
Task: {88CFFC87-85BD-4B7F-B7C2-5C14A1BC2B40} - System32\Tasks\Advanced System Protector_startup => C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe [2012-09-24] (Systweak)
Task: {97230E64-397F-4971-B494-02D86A01FBA7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4007594265-3339371781-3975660076-1000
Task: {AE35E485-344D-4A17-851F-990A61509E26} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-27] (Google Inc.)
Task: {C24E52BC-FA34-49F1-9F1E-9EF4D983C6B0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-30] (Adobe Systems Incorporated)
Task: {DC25468F-731E-4F06-97C8-05537168A469} - System32\Tasks\RegClean Pro => C:\Program Files\RegClean Pro\RegCleanPro.exe [2012-09-21] (Systweak Inc)
Task: {F604F448-3400-4924-8018-4A768FC8A265} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files\RegClean Pro\RegCleanPro.exe [2012-09-21] (Systweak Inc)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files\RegClean Pro\RegCleanPro.exe
Task: C:\windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files\RegClean Pro\RegCleanPro.exe
==================== Faulty Device Manager Devices =============
Could not list Devices.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/12/2013 01:22:07 PM) (Source: PerfNet) (User: )
Description:
Error: (09/12/2013 01:22:07 PM) (Source: PerfNet) (User: )
Description:
Error: (09/12/2013 00:53:02 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/12/2013 00:38:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SuperHybridEngine.exe, Version: 6.1.1.2009, Zeitstempel: 0x4aa62cec
Name des fehlerhaften Moduls: SuperHybridEngine.exe, Version: 6.1.1.2009, Zeitstempel: 0x4aa62cec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011f42
ID des fehlerhaften Prozesses: 0xb74
Startzeit der fehlerhaften Anwendung: 0xSuperHybridEngine.exe0
Pfad der fehlerhaften Anwendung: SuperHybridEngine.exe1
Pfad des fehlerhaften Moduls: SuperHybridEngine.exe2
Berichtskennung: SuperHybridEngine.exe3
Error: (09/12/2013 00:38:06 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0xb7c
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3
Error: (08/16/2013 05:45:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0xf84
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3
Error: (08/16/2013 05:44:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0x15f8
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3
Error: (08/16/2013 05:43:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0x1088
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3
Error: (08/16/2013 05:42:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0xa30
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3
Error: (08/16/2013 05:41:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Name des fehlerhaften Moduls: HotkeyService.exe, Version: 6.1.1.2018, Zeitstempel: 0x4aa9e0bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018186
ID des fehlerhaften Prozesses: 0x157c
Startzeit der fehlerhaften Anwendung: 0xHotkeyService.exe0
Pfad der fehlerhaften Anwendung: HotkeyService.exe1
Pfad des fehlerhaften Moduls: HotkeyService.exe2
Berichtskennung: HotkeyService.exe3
System errors:
=============
Error: (09/12/2013 01:35:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (09/12/2013 01:35:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/12/2013 01:35:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/12/2013 01:35:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (09/12/2013 01:34:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/12/2013 01:34:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/12/2013 01:34:14 PM) (Source: DCOM) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error: (09/12/2013 01:33:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (09/12/2013 00:59:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/12/2013 00:56:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (02/02/2013 07:15:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 544051 seconds with 360 seconds of active time. This session ended with a crash.
Error: (01/23/2013 01:05:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1217 seconds with 240 seconds of active time. This session ended with a crash.
Error: (01/23/2013 11:39:37 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 61461 seconds with 720 seconds of active time. This session ended with a crash.
|
|
12.09.2013, 13:08
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht. Hi,
__________________da müssen wir von Aussen ran: Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ |
|
12.09.2013, 13:36
| #3 |
| | Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht. habe ich gemacht.
__________________Ich muss noch sagen, dass im Autostart eine Verknüpfung war die ich vor den Scans gelöscht habe. Hier nochmal der Scan über "Computer reparieren" FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-08-2013 (ATTENTION: ====> FRST version is 17 days old and could be outdated) Ran by SYSTEM on 12-09-2013 14:26:25 Running from F:\_ANTIVIR Windows 7 Starter (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated) HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [750008 2009-09-11] (ASUSTeK Computer Inc.) HKLM\...\Run: [HotKeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.) HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-09-09] (ASUSTeK Computer Inc.) HKLM\...\Run: [EeeStorageBackup] - C:\Program Files\ASUS\Asus WebStorage\BackupService.exe [947472 2009-08-25] (ECAREME) HKLM\...\Run: [UfSeAgnt.exe] - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1024368 2009-08-22] (Trend Micro Inc.) HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor) HKLM\...\Run: [DATAMNGR] - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE [1114552 2011-01-06] (MusicLab, LLC) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated) HKU\ani\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] () HKU\ani\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2009-07-26] (Microsoft Corporation) HKU\Default\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] () HKU\Default User\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] () Startup: C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ========================== Services (Whitelisted) ================= S2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] () S2 Bandoo Coordinator; C:\PROGRA~1\Bandoo\Bandoo.exe [1678272 2010-01-19] (Discordia Limited) S2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [715368 2009-08-22] (Trend Micro Inc.) S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345352 2009-08-22] (Trend Micro Inc.) S3 TmPfw; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [497008 2009-08-22] (Trend Micro Inc.) S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [689416 2009-08-22] (Trend Micro Inc.) S2 Winmgmt; C:\PROGRA~2\thidwhnakbhftduwajt.bfg [x] ==================== Drivers (Whitelisted) ==================== S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( ) S3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [59920 2009-08-22] (Trend Micro Inc.) S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [158224 2009-08-22] (Trend Micro Inc.) S3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [50704 2009-08-22] (Trend Micro Inc.) S3 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146448 2009-08-22] (Trend Micro Inc.) S3 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [36368 2009-08-22] (Trend Micro Inc.) S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2009-08-22] (Trend Micro Inc.) S3 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [283152 2009-08-22] (Trend Micro Inc.) S3 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [225808 2009-08-22] (Trend Micro Inc.) S3 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1223832 2009-08-22] (Trend Micro Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-12 13:20 - 2013-09-12 13:20 - 00334608 _____ C:\Windows\System32\FNTCACHE.DAT 2013-09-12 13:20 - 2013-09-12 13:20 - 00000056 _____ C:\Windows\setupact.log 2013-09-12 13:20 - 2013-09-12 13:20 - 00000000 _____ C:\Windows\setuperr.log 2013-09-12 12:36 - 2013-09-12 12:36 - 00014128 _____ C:\Users\ani\Desktop\FRST.txt 2013-09-12 12:35 - 2013-09-12 12:36 - 00017114 _____ C:\Users\ani\Desktop\Addition.txt 2013-09-12 12:33 - 2013-09-12 12:33 - 00000000 ____D C:\FRST 2013-09-12 12:33 - 2013-08-26 20:10 - 01070979 _____ (Farbar) C:\Users\ani\Desktop\FRST.exe 2013-09-12 11:58 - 2013-07-18 21:54 - 00377856 _____ C:\Users\ani\Desktop\gmer_2.1.19163.exe 2013-09-12 11:41 - 2013-09-12 11:59 - 00000000 ____D C:\Users\ani\Desktop\_ANTIVIR 2013-09-12 11:41 - 2013-07-18 21:49 - 00602112 _____ (OldTimer Tools) C:\Users\ani\Desktop\OTL.exe 2013-08-16 14:51 - 2013-08-16 14:51 - 00006576 ____N C:\bootsqm.dat 2013-08-16 12:17 - 2013-08-16 12:17 - 00000000 ____D C:\ProgramData\5372 2013-08-16 12:16 - 2013-08-16 12:16 - 00000000 ____D C:\Users\ani\Documents\Fax ==================== One Month Modified Files and Folders ======= 2013-09-12 13:24 - 2013-09-12 13:23 - 00001176 _____ C:\Windows\WindowsUpdate.log 2013-09-12 13:24 - 2009-07-14 05:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-12 13:24 - 2009-07-14 05:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-12 13:20 - 2013-09-12 13:20 - 00334608 _____ C:\Windows\System32\FNTCACHE.DAT 2013-09-12 13:20 - 2013-09-12 13:20 - 00000056 _____ C:\Windows\setupact.log 2013-09-12 13:20 - 2013-09-12 13:20 - 00000000 _____ C:\Windows\setuperr.log 2013-09-12 12:36 - 2013-09-12 12:36 - 00014128 _____ C:\Users\ani\Desktop\FRST.txt 2013-09-12 12:36 - 2013-09-12 12:35 - 00017114 _____ C:\Users\ani\Desktop\Addition.txt 2013-09-12 12:33 - 2013-09-12 12:33 - 00000000 ____D C:\FRST 2013-09-12 12:06 - 2010-01-23 23:23 - 00000000 ____D C:\Users\ani\AppData\Local\BearShare 2013-09-12 12:06 - 2010-01-22 19:58 - 00000000 ____D C:\Users\ani\Tracing 2013-09-12 12:06 - 2009-09-15 19:13 - 00000000 ____D C:\Windows\panther 2013-09-12 12:03 - 2011-11-20 10:43 - 00000000 ____D C:\Windows\Minidump 2013-09-12 11:59 - 2013-09-12 11:41 - 00000000 ____D C:\Users\ani\Desktop\_ANTIVIR 2013-08-26 20:10 - 2013-09-12 12:33 - 01070979 _____ (Farbar) C:\Users\ani\Desktop\FRST.exe 2013-08-16 17:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\wfp 2013-08-16 17:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration 2013-08-16 16:26 - 2012-11-08 18:10 - 00001414 _____ C:\Users\ani\Desktop\Registry kostenlos entrümpeln!.lnk 2013-08-16 16:23 - 2010-01-22 15:28 - 00000000 ____D C:\users\ani 2013-08-16 14:51 - 2013-08-16 14:51 - 00006576 ____N C:\bootsqm.dat 2013-08-16 12:17 - 2013-08-16 12:17 - 00000000 ____D C:\ProgramData\5372 2013-08-16 12:16 - 2013-08-16 12:16 - 00000000 ____D C:\Users\ani\Documents\Fax ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-08-10 23:32:18 Restore point made on: 2013-08-16 12:00:41 Restore point made on: 2013-08-16 16:31:48 ==================== Memory info =========================== Percentage of memory in use: 35% Total physical RAM: 1015.24 MB Available physical RAM: 653.47 MB Total Pagefile: 1015.24 MB Available Pagefile: 649.61 MB Total Virtual: 2047.88 MB Available Virtual: 1935.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100 GB) (Free:75.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:122.87 GB) (Free:122.65 GB) NTFS Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS Drive f: (OTLPE) (Removable) (Total:7.48 GB) (Free:6.67 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: FA799A37) Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=123 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10 GB) - (Type=1B) Partition 4: (Not Active) - (Size=16 MB) - (Type=EF) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: E1A8E1A8) Partition 1: (Active) - (Size=7 GB) - (Type=0E) LastRegBack: 2012-11-16 15:20 ==================== End Of Log ============================ --- --- --- Geändert von grizly354 (12.09.2013 um 13:49 Uhr) |
|
12.09.2013, 17:36
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht. Lösch bitte FRST und lad ne neue Version, deine ist uralt.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.09.2013, 19:27
| #5 | |
| | Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht.Zitat:
ok ich lade eine neue und mache es nochmal. Der GVU Trojaner ist weg, ich kann auch in den normalen Modus rein. Es kann sein dass noch trojanerreste da sind. WindowsSicherheitsCenter geht z.B. nicht. Melde mich in 15 min wegen dem Scan. hier der scan mit der neuen FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 02
Ran by SYSTEM on MININT-DCM17IU on 12-09-2013 20:23:58
Running from C:\FRST
Windows 7 Starter (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [750008 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotKeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-09-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [EeeStorageBackup] - C:\Program Files\ASUS\Asus WebStorage\BackupService.exe [947472 2009-08-25] (ECAREME)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [136600 2013-07-23] (Trend Micro Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\ani\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] ()
HKU\ani\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2009-07-26] (Microsoft Corporation)
HKU\Default\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] ()
HKU\Default User\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] ()
Startup: C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
========================== Services (Whitelisted) =================
S2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] ()
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [x]
S2 Winmgmt; C:\PROGRA~2\thidwhnakbhftduwajt.bfg [x]
==================== Drivers (Whitelisted) ====================
S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [102904 2013-07-18] (Trend Micro Inc.)
S0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [288840 2013-07-18] (Trend Micro Inc.)
S0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [40736 2013-07-01] (Trend Micro Inc.)
S3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [85280 2013-06-13] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [83352 2013-07-18] (Trend Micro Inc.)
S3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [282272 2013-05-22] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92304 2012-05-02] (Trend Micro Inc.)
S2 TMAgent;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-12 18:02 - 2013-09-12 18:06 - 167164267 _____ C:\Users\ani\Downloads\Windows6.1-KB947821-v28-x86.msu
2013-09-12 18:01 - 2013-09-12 18:02 - 02002416 _____ (Trend Micro Inc.) C:\Users\ani\Downloads\HousecallLauncher.exe
2013-09-12 16:48 - 2013-09-12 16:48 - 00000000 ____D C:\Windows\System32\MRT
2013-09-12 16:12 - 2013-09-12 16:25 - 563934504 _____ (Microsoft Corporation) C:\Users\ani\Downloads\windows6.1-KB976932-x86.exe
2013-09-12 15:45 - 2013-09-12 15:45 - 00000000 ____D C:\ProgramData\Oracle
2013-09-12 15:45 - 2013-09-12 15:45 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-12 15:44 - 2013-09-12 15:42 - 00868264 _____ (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-09-12 15:44 - 2013-09-12 15:42 - 00264616 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-09-12 15:43 - 2013-09-12 15:42 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-09-12 15:43 - 2013-09-12 15:42 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-09-12 15:43 - 2013-09-12 15:42 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-09-12 15:41 - 2013-09-12 15:41 - 00000000 ____D C:\Program Files\Java
2013-09-12 15:34 - 2013-09-12 15:34 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-12 15:30 - 2013-09-12 15:30 - 00001949 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-12 15:25 - 2013-09-12 15:26 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-12 15:00 - 2013-09-12 19:09 - 00000000 ____D C:\Users\ani\AppData\Roaming\U3
2013-09-12 14:58 - 2013-09-12 14:58 - 00000000 ___HD C:\TMRescueDisk
2013-09-12 14:54 - 2013-07-18 05:25 - 00288840 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2013-09-12 14:54 - 2013-07-18 05:25 - 00102904 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmactmon.sys
2013-09-12 14:54 - 2013-07-18 05:25 - 00083352 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmevtmgr.sys
2013-09-12 14:54 - 2013-07-01 14:08 - 00040736 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\TMEBC32.sys
2013-09-12 14:54 - 2013-06-13 07:35 - 00085280 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmeevw.sys
2013-09-12 14:54 - 2013-05-22 16:37 - 00282272 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmnciesc.sys
2013-09-12 14:54 - 2012-05-02 20:27 - 00092304 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys
2013-09-12 14:50 - 2013-09-12 14:50 - 00000059 _____ C:\Windows\System32\SupportTool.exe.bat
2013-09-12 14:48 - 2013-09-12 14:48 - 00000000 ____D C:\Program Files\Trend Micro
2013-09-12 14:45 - 2013-09-12 14:45 - 00000036 _____ C:\Users\ani\AppData\Local\housecall.guid.cache
2013-09-12 14:42 - 2013-09-12 17:07 - 00007098 _____ C:\Windows\PFRO.log
2013-09-12 14:14 - 2013-09-12 14:15 - 06631816 _____ (Trend Micro Inc.) C:\Users\ani\Downloads\TTi_7.0_MR_Downloader.exe
2013-09-12 14:02 - 2013-09-12 14:02 - 00079592 _____ C:\Users\ani\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-12 13:23 - 2013-09-12 19:22 - 00190331 _____ C:\Windows\WindowsUpdate.log
2013-09-12 13:20 - 2013-09-12 17:33 - 00001189 _____ C:\Windows\setupact.log
2013-09-12 13:20 - 2013-09-12 13:20 - 00334608 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-12 13:20 - 2013-09-12 13:20 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 12:33 - 2013-09-12 19:21 - 00000000 ____D C:\FRST
2013-09-12 11:41 - 2013-09-12 11:59 - 00000000 ____D C:\Users\ani\Desktop\_ANTIVIR
2013-08-16 12:17 - 2013-08-16 12:17 - 00000000 ____D C:\ProgramData\5372
2013-08-16 12:16 - 2013-08-16 12:16 - 00000000 ____D C:\Users\ani\Documents\Fax
==================== One Month Modified Files and Folders =======
2013-09-12 19:22 - 2013-09-12 13:23 - 00190331 _____ C:\Windows\WindowsUpdate.log
2013-09-12 19:21 - 2013-09-12 12:33 - 00000000 ____D C:\FRST
2013-09-12 19:09 - 2013-09-12 15:00 - 00000000 ____D C:\Users\ani\AppData\Roaming\U3
2013-09-12 18:48 - 2013-09-12 18:48 - 00000000 ____D C:\Windows\CheckSur
2013-09-12 18:06 - 2013-09-12 18:02 - 167164267 _____ C:\Users\ani\Downloads\Windows6.1-KB947821-v28-x86.msu
2013-09-12 18:02 - 2013-09-12 18:01 - 02002416 _____ (Trend Micro Inc.) C:\Users\ani\Downloads\HousecallLauncher.exe
2013-09-12 17:57 - 2009-07-14 05:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-12 17:57 - 2009-07-14 05:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-12 17:34 - 2010-01-22 19:58 - 00000000 ____D C:\Users\ani\Tracing
2013-09-12 17:33 - 2013-09-12 13:20 - 00001189 _____ C:\Windows\setupact.log
2013-09-12 17:07 - 2013-09-12 14:42 - 00007098 _____ C:\Windows\PFRO.log
2013-09-12 16:56 - 2013-09-12 16:48 - 00000000 ____D C:\Windows\System32\MRT
2013-09-12 16:25 - 2013-09-12 16:12 - 563934504 _____ (Microsoft Corporation) C:\Users\ani\Downloads\windows6.1-KB976932-x86.exe
2013-09-12 16:10 - 2009-09-15 19:46 - 00000000 ____D C:\ProgramData\Trend Micro
2013-09-12 15:45 - 2013-09-12 15:45 - 00000000 ____D C:\ProgramData\Oracle
2013-09-12 15:45 - 2013-09-12 15:45 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-12 15:42 - 2013-09-12 15:44 - 00868264 _____ (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-09-12 15:42 - 2013-09-12 15:44 - 00264616 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-09-12 15:42 - 2013-09-12 15:43 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-09-12 15:42 - 2013-09-12 15:43 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-09-12 15:42 - 2013-09-12 15:43 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-09-12 15:42 - 2012-06-18 15:41 - 00790440 _____ (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-09-12 15:41 - 2013-09-12 15:41 - 00000000 ____D C:\Program Files\Java
2013-09-12 15:41 - 2010-10-06 16:37 - 00000000 ____D C:\Users\ani\AppData\Roaming\Mozilla
2013-09-12 15:34 - 2013-09-12 15:34 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-12 15:33 - 2010-10-06 16:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-12 15:33 - 2010-01-22 15:28 - 00000000 ____D C:\Users\ani\AppData\Local\Adobe
2013-09-12 15:30 - 2013-09-12 15:30 - 00001949 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-12 15:26 - 2013-09-12 15:25 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-12 15:25 - 2009-09-15 19:38 - 00000000 ____D C:\ProgramData\Adobe
2013-09-12 15:25 - 2009-09-15 19:37 - 00000000 ____D C:\Program Files\Adobe
2013-09-12 15:20 - 2012-07-09 17:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-09-12 15:20 - 2012-07-09 17:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-09-12 14:58 - 2013-09-12 14:58 - 00000000 ___HD C:\TMRescueDisk
2013-09-12 14:50 - 2013-09-12 14:50 - 00000059 _____ C:\Windows\System32\SupportTool.exe.bat
2013-09-12 14:48 - 2013-09-12 14:48 - 00000000 ____D C:\Program Files\Trend Micro
2013-09-12 14:45 - 2013-09-12 14:45 - 00000036 _____ C:\Users\ani\AppData\Local\housecall.guid.cache
2013-09-12 14:42 - 2012-06-27 18:03 - 00000000 ____D C:\Program Files\Google
2013-09-12 14:42 - 2010-01-24 17:22 - 00000000 ____D C:\Program Files\Bandoo
2013-09-12 14:36 - 2012-10-12 16:20 - 00000000 ____D C:\Users\ani\AppData\Roaming\Systweak
2013-09-12 14:32 - 2010-01-23 23:23 - 00000000 ____D C:\Program Files\BearShare Applications
2013-09-12 14:30 - 2012-06-27 18:03 - 00000000 ____D C:\Users\ani\AppData\Local\Google
2013-09-12 14:15 - 2013-09-12 14:14 - 06631816 _____ (Trend Micro Inc.) C:\Users\ani\Downloads\TTi_7.0_MR_Downloader.exe
2013-09-12 14:02 - 2013-09-12 14:02 - 00079592 _____ C:\Users\ani\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-12 13:20 - 2013-09-12 13:20 - 00334608 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-12 13:20 - 2013-09-12 13:20 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 12:06 - 2010-01-23 23:23 - 00000000 ____D C:\Users\ani\AppData\Local\BearShare
2013-09-12 12:06 - 2009-09-15 19:13 - 00000000 ____D C:\Windows\panther
2013-09-12 12:03 - 2011-11-20 10:43 - 00000000 ____D C:\Windows\Minidump
2013-09-12 11:59 - 2013-09-12 11:41 - 00000000 ____D C:\Users\ani\Desktop\_ANTIVIR
2013-08-16 17:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\wfp
2013-08-16 17:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2013-08-16 16:23 - 2010-01-22 15:28 - 00000000 ____D C:\users\ani
2013-08-16 12:17 - 2013-08-16 12:17 - 00000000 ____D C:\ProgramData\5372
2013-08-16 12:16 - 2013-08-16 12:16 - 00000000 ____D C:\Users\ani\Documents\Fax
Files to move or delete:
====================
C:\ProgramData\hpeC486.dll
C:\Users\ani\AppData\Local\Temp\nsyA0D1.tmp.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-08-10 23:32:18
Restore point made on: 2013-08-16 12:00:41
Restore point made on: 2013-08-16 16:31:48
Restore point made on: 2013-09-12 14:16:20
Restore point made on: 2013-09-12 14:30:48
Restore point made on: 2013-09-12 15:10:34
Restore point made on: 2013-09-12 15:38:24
Restore point made on: 2013-09-12 16:47:17
Restore point made on: 2013-09-12 18:48:17
==================== Memory info ===========================
Percentage of memory in use: 35%
Total physical RAM: 1015.24 MB
Available physical RAM: 654.58 MB
Total Pagefile: 1015.24 MB
Available Pagefile: 651.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1953.38 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:100 GB) (Free:69.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:122.87 GB) (Free:122.65 GB) NTFS
Drive e: (OTLPE) (Removable) (Total:7.49 GB) (Free:6.76 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: FA799A37)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=123 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=1B)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)
========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=8 GB) - (Type=0B)
LastRegBack: 2012-11-16 15:20
==================== End Of Log ============================
--- --- --- |
|
13.09.2013, 08:39
| #6 | |
| /// the machine /// TB-Ausbilder | Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht.Zitat:
 Dann bitte FRST vom Desktop aus scannen lassen.
__________________ --> Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht. |
|
13.09.2013, 20:42
| #7 | |
| | Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht.FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-09-2013 02
Ran by ani (administrator) on ANI-PC on 13-09-2013 21:02:31
Running from C:\Users\ani\Desktop
Windows 7 Starter (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [750008 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotKeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-09-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [136600 2013-07-23] (Trend Micro Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [402608 2009-08-25] ()
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
MountPoints2: E - E:\LaunchU3.exe -a
MountPoints2: {3b5d73e6-479a-11e2-9d4c-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {67441d6a-6a85-11df-bd92-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {67441d8f-6a85-11df-bd92-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {8acdd4ef-eed6-11e0-8a24-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {931790c7-8679-11df-b4ec-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {931790d9-8679-11df-b4ec-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {931790e3-8679-11df-b4ec-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {931790e6-8679-11df-b4ec-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {a2e8b479-f645-11df-b20b-0025d3a3c011} - F:\AutoRun.exe
MountPoints2: {a4c600f1-f7b1-11df-9d2d-90e6baf33f7d} - F:\AutoRun.exe
MountPoints2: {b2a81b65-eeba-11e0-a6d2-0025d3a3c011} - E:\AutoRun.exe
MountPoints2: {c561bf37-ef26-11e0-8a3b-90e6baf33f7d} - E:\AutoRun.exe
HKU\Default\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] ()
HKU\Default User\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [ 2009-08-25] ()
Startup: C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://asus.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD7F808508139CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKCU - DefaultScope {1696E378-D1E9-42B9-9AED-24A1EF1BFF79} URL = hxxp://www.bing.com/search?FORM=ASUBDF&PC=MAAU&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {1696E378-D1E9-42B9-9AED-24A1EF1BFF79} URL = hxxp://www.bing.com/search?FORM=ASUBDF&PC=MAAU&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL =
BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll No File
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll (Trend Micro Inc.)
BHO: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\TmBpIe32.dll (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll No File
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
FireFox:
========
FF ProfilePath: C:\Users\ani\AppData\Roaming\Mozilla\Firefox\Profiles\xmjfs0dr.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\ani\AppData\Roaming\Mozilla\Firefox\Profiles\xmjfs0dr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\firefoxextension
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF HKLM\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Users\ani\AppData\Roaming\Mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Extension: (TrendMicro BEP Extension) - C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee\8.0.0.1095_0
CHR Extension: (Adblock Plus) - C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Trend Micro NSC Chrome Extension) - C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dflinnddekagfkncpgojoppgnppfkbkj\6.8.0.1118_0
CHR Extension: (Trend Micro Toolbar) - C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\7.0.0.1151_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\chrome_tmbep.crx
CHR HKLM\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - C:\Program Files\Trend Micro\AMSP\module\20004\ChromeExt\chromeextension\TmNSCChromeExt.crx
CHR HKLM\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\chromeextension.crx
========================== Services (Whitelisted) =================
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] ()
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [x]
S2 Winmgmt; C:\PROGRA~2\thidwhnakbhftduwajt.bfg [x]
==================== Drivers (Whitelisted) ====================
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [102904 2013-07-18] (Trend Micro Inc.)
S0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [288840 2013-07-18] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [40736 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [85280 2013-06-13] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [83352 2013-07-18] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [282272 2013-05-22] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92304 2012-05-02] (Trend Micro Inc.)
U2 TMAgent;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-13 21:02 - 2013-09-13 21:01 - 01082677 _____ (Farbar) C:\Users\ani\Desktop\FRST.exe
2013-09-13 18:18 - 2013-09-13 18:18 - 00000000 ____D C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2013-09-13 10:28 - 2013-07-18 06:25 - 00288840 ____N (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2013-09-13 00:12 - 2013-09-13 00:12 - 00001031 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-13 00:12 - 2013-09-13 00:12 - 00000000 ____D C:\Users\ani\AppData\Roaming\Malwarebytes
2013-09-13 00:12 - 2013-09-13 00:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-13 00:12 - 2013-09-13 00:12 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-13 00:12 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-09-12 22:14 - 2013-09-12 22:15 - 00000000 ____D C:\0daf7beb421a4831978034ec5e42
2013-09-12 19:48 - 2013-09-12 19:48 - 00000000 ____D C:\windows\CheckSur
2013-09-12 19:02 - 2013-09-12 19:06 - 167164267 _____ C:\Users\ani\Downloads\Windows6.1-KB947821-v28-x86.msu
2013-09-12 17:48 - 2013-09-13 09:25 - 00000000 ____D C:\windows\system32\MRT
2013-09-12 17:12 - 2013-09-12 17:25 - 563934504 _____ (Microsoft Corporation) C:\Users\ani\Downloads\windows6.1-KB976932-x86.exe
2013-09-12 16:45 - 2013-09-12 16:45 - 00000000 ____D C:\ProgramData\Oracle
2013-09-12 16:45 - 2013-09-12 16:45 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-12 16:44 - 2013-09-12 16:42 - 00868264 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll
2013-09-12 16:44 - 2013-09-12 16:42 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-09-12 16:43 - 2013-09-12 16:42 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-09-12 16:43 - 2013-09-12 16:42 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-09-12 16:43 - 2013-09-12 16:42 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-09-12 16:41 - 2013-09-12 16:41 - 00000000 ____D C:\Program Files\Java
2013-09-12 16:34 - 2013-09-12 16:34 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-12 16:30 - 2013-09-12 16:30 - 00001949 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-12 16:25 - 2013-09-12 16:26 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-12 16:03 - 2013-09-12 16:03 - 00000000 ____D C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security
2013-09-12 16:00 - 2013-09-12 20:09 - 00000000 ____D C:\Users\ani\AppData\Roaming\U3
2013-09-12 15:58 - 2013-09-12 15:58 - 00000000 ___HD C:\TMRescueDisk
2013-09-12 15:54 - 2013-07-18 06:25 - 00102904 ____N (Trend Micro Inc.) C:\windows\system32\Drivers\tmactmon.sys
2013-09-12 15:54 - 2013-07-18 06:25 - 00083352 ____N (Trend Micro Inc.) C:\windows\system32\Drivers\tmevtmgr.sys
2013-09-12 15:54 - 2013-07-01 15:08 - 00040736 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\TMEBC32.sys
2013-09-12 15:54 - 2013-06-13 08:35 - 00085280 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmeevw.sys
2013-09-12 15:54 - 2013-05-22 17:37 - 00282272 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmnciesc.sys
2013-09-12 15:54 - 2012-05-02 21:27 - 00092304 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmtdi.sys
2013-09-12 15:50 - 2013-09-12 15:50 - 00000059 _____ C:\windows\system32\SupportTool.exe.bat
2013-09-12 15:48 - 2013-09-12 15:48 - 00000000 ____D C:\Program Files\Trend Micro
2013-09-12 15:45 - 2013-09-13 14:13 - 00000036 _____ C:\Users\ani\AppData\Local\housecall.guid.cache
2013-09-12 15:42 - 2013-09-13 09:29 - 00007714 _____ C:\windows\PFRO.log
2013-09-12 15:14 - 2013-09-12 15:15 - 06631816 _____ (Trend Micro Inc.) C:\Users\ani\Downloads\TTi_7.0_MR_Downloader.exe
2013-09-12 15:02 - 2013-09-12 15:02 - 00079592 _____ C:\Users\ani\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-12 14:23 - 2013-09-13 21:03 - 00527568 _____ C:\windows\WindowsUpdate.log
2013-09-12 14:20 - 2013-09-13 21:01 - 00003856 _____ C:\windows\setupact.log
2013-09-12 14:20 - 2013-09-12 14:20 - 00334608 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-12 14:20 - 2013-09-12 14:20 - 00000000 _____ C:\windows\setuperr.log
2013-09-12 13:33 - 2013-09-12 21:25 - 00000000 ____D C:\FRST
2013-09-12 12:41 - 2013-09-13 08:50 - 00000000 ____D C:\Users\ani\Desktop\_ANTIVIR
2013-08-16 13:17 - 2013-08-16 13:17 - 00000000 ____D C:\ProgramData\5372
2013-08-16 13:16 - 2013-08-16 13:16 - 00000000 ____D C:\Users\ani\Documents\Fax
==================== One Month Modified Files and Folders =======
2013-09-13 21:03 - 2013-09-12 14:23 - 00527568 _____ C:\windows\WindowsUpdate.log
2013-09-13 21:01 - 2013-09-13 21:02 - 01082677 _____ (Farbar) C:\Users\ani\Desktop\FRST.exe
2013-09-13 21:01 - 2013-09-12 14:20 - 00003856 _____ C:\windows\setupact.log
2013-09-13 20:59 - 2012-06-27 19:04 - 00001088 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-13 20:59 - 2010-01-22 20:58 - 00000000 ____D C:\Users\ani\Tracing
2013-09-13 20:59 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-13 18:24 - 2012-06-27 19:04 - 00001092 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-13 18:18 - 2013-09-13 18:18 - 00000000 ____D C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2013-09-13 18:17 - 2012-07-09 18:22 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-13 17:15 - 2012-07-09 18:22 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-09-13 17:15 - 2012-07-09 18:22 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-13 14:30 - 2009-09-15 20:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 14:13 - 2013-09-12 15:45 - 00000036 _____ C:\Users\ani\AppData\Local\housecall.guid.cache
2013-09-13 10:26 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-13 10:26 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-13 09:29 - 2013-09-12 15:42 - 00007714 _____ C:\windows\PFRO.log
2013-09-13 09:25 - 2013-09-12 17:48 - 00000000 ____D C:\windows\system32\MRT
2013-09-13 08:50 - 2013-09-12 12:41 - 00000000 ____D C:\Users\ani\Desktop\_ANTIVIR
2013-09-13 01:04 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2013-09-13 00:29 - 2010-01-22 22:18 - 00000000 ____D C:\windows\softwaredistribution.bak
2013-09-13 00:12 - 2013-09-13 00:12 - 00001031 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-13 00:12 - 2013-09-13 00:12 - 00000000 ____D C:\Users\ani\AppData\Roaming\Malwarebytes
2013-09-13 00:12 - 2013-09-13 00:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-13 00:12 - 2013-09-13 00:12 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-12 22:15 - 2013-09-12 22:14 - 00000000 ____D C:\0daf7beb421a4831978034ec5e42
2013-09-12 21:25 - 2013-09-12 13:33 - 00000000 ____D C:\FRST
2013-09-12 20:09 - 2013-09-12 16:00 - 00000000 ____D C:\Users\ani\AppData\Roaming\U3
2013-09-12 19:48 - 2013-09-12 19:48 - 00000000 ____D C:\windows\CheckSur
2013-09-12 19:06 - 2013-09-12 19:02 - 167164267 _____ C:\Users\ani\Downloads\Windows6.1-KB947821-v28-x86.msu
2013-09-12 17:25 - 2013-09-12 17:12 - 563934504 _____ (Microsoft Corporation) C:\Users\ani\Downloads\windows6.1-KB976932-x86.exe
2013-09-12 17:10 - 2009-09-15 20:46 - 00000000 ____D C:\ProgramData\Trend Micro
2013-09-12 16:45 - 2013-09-12 16:45 - 00000000 ____D C:\ProgramData\Oracle
2013-09-12 16:45 - 2013-09-12 16:45 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-12 16:42 - 2013-09-12 16:44 - 00868264 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll
2013-09-12 16:42 - 2013-09-12 16:44 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-09-12 16:42 - 2013-09-12 16:43 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-09-12 16:42 - 2013-09-12 16:43 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-09-12 16:42 - 2013-09-12 16:43 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-09-12 16:42 - 2012-06-18 16:41 - 00790440 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll
2013-09-12 16:41 - 2013-09-12 16:41 - 00000000 ____D C:\Program Files\Java
2013-09-12 16:41 - 2010-10-06 17:37 - 00000000 ____D C:\Users\ani\AppData\Roaming\Mozilla
2013-09-12 16:34 - 2013-09-12 16:34 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-12 16:33 - 2010-10-06 17:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-12 16:33 - 2010-01-22 16:28 - 00000000 ____D C:\Users\ani\AppData\Local\Adobe
2013-09-12 16:30 - 2013-09-12 16:30 - 00001949 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-12 16:26 - 2013-09-12 16:25 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-12 16:25 - 2009-09-15 20:38 - 00000000 ____D C:\ProgramData\Adobe
2013-09-12 16:25 - 2009-09-15 20:37 - 00000000 ____D C:\Program Files\Adobe
2013-09-12 16:03 - 2013-09-12 16:03 - 00000000 ____D C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security
2013-09-12 15:58 - 2013-09-12 15:58 - 00000000 ___HD C:\TMRescueDisk
2013-09-12 15:50 - 2013-09-12 15:50 - 00000059 _____ C:\windows\system32\SupportTool.exe.bat
2013-09-12 15:48 - 2013-09-12 15:48 - 00000000 ____D C:\Program Files\Trend Micro
2013-09-12 15:42 - 2012-06-27 19:03 - 00000000 ____D C:\Program Files\Google
2013-09-12 15:36 - 2012-10-12 17:20 - 00000000 ____D C:\Users\ani\AppData\Roaming\Systweak
2013-09-12 15:32 - 2010-01-24 00:23 - 00000000 ____D C:\Program Files\BearShare Applications
2013-09-12 15:30 - 2012-06-27 19:03 - 00000000 ____D C:\Users\ani\AppData\Local\Google
2013-09-12 15:15 - 2013-09-12 15:14 - 06631816 _____ (Trend Micro Inc.) C:\Users\ani\Downloads\TTi_7.0_MR_Downloader.exe
2013-09-12 15:02 - 2013-09-12 15:02 - 00079592 _____ C:\Users\ani\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-12 14:20 - 2013-09-12 14:20 - 00334608 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-12 14:20 - 2013-09-12 14:20 - 00000000 _____ C:\windows\setuperr.log
2013-09-12 13:06 - 2010-01-24 00:23 - 00000000 ____D C:\Users\ani\AppData\Local\BearShare
2013-09-12 13:06 - 2009-09-15 20:13 - 00000000 ____D C:\windows\panther
2013-09-12 13:03 - 2011-11-20 11:43 - 00000000 ____D C:\windows\Minidump
2013-09-01 16:57 - 2010-03-16 11:53 - 76725432 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-08-16 18:21 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\wfp
2013-08-16 18:21 - 2009-07-14 04:37 - 00000000 ____D C:\windows\registration
2013-08-16 17:23 - 2010-01-22 16:28 - 00000000 ____D C:\Users\ani
2013-08-16 13:17 - 2013-08-16 13:17 - 00000000 ____D C:\ProgramData\5372
2013-08-16 13:16 - 2013-08-16 13:16 - 00000000 ____D C:\Users\ani\Documents\Fax
Files to move or delete:
====================
C:\ProgramData\hpeC486.dll
Some content of TEMP:
====================
C:\Users\ani\AppData\Local\Temp\nsyA0D1.tmp.exe
C:\Users\ani\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-13 00:54
==================== End Of Log ============================
Zitat:
Das Problem was jetzt noch ist ist folgendes: 1.) Der Microsoft Sicherheitscenter (Dienst) kann nicht gestartet werden. 2.) Bei der Installation von SP1 bricht er immer ab. (Stop-Fehlercode 0x80080005 CO_E_SERVER_EXEC_FAILURE |
|
14.09.2013, 19:51
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht. hi, Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht. |
| adobe, bandoo, bho, bingbar, browser, defender, error, excel, farbar, farbar recovery scan tool, fehler, firefox, flash player, format, homepage, iexplore.exe, install.exe, installation, internet, logfile, object, plug-in, realtek, regclean, registry, richtlinie, rundll, security, services.exe, software, svchost.exe, systweak, udp, windows |
Linear-Darstellung
