|
Log-Analyse und Auswertung: Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer BildschirmWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.09.2013, 12:46 | #1 |
Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Hallo, vor wenigen Tagen erhielt ich den Laptop einer Freundin zu welchem ihr Sohn ebenfalls Zugang hat. Offensichtlich mit starkem Befall. Da die beiden ebenfalls keine Ahnung haben, baten sie mich um Hilfe und ich hiermit euch. Kurze Info zum Laptop: Er wurde von einem Gebrauchthändler gekauft, inkl. Windows. Da kein Windows-Aufkleber auf ihm vorhanden ist, zweifle ich an der Echtheit von Windows. Wie kann man soetwas herausfinden? Zum eigentlichen, In abgesicherten Modi booten: Nach Anmeldung sofort automatischer Neustart. Normal booten: Nach Anmelden Weißer Bildschirm, ausser Neustart nichts mehr möglich. Um wenigstens das Bootproblem zu lösen half das Programm "HitmanPro" (von Botfrei.de) Log: siehe Anhang, da zu lang Ich bezweifle dass der Computer schon Virenfrei ist, dafür fand der erste Scan viel zu viel. Hier die Logs von defogger, FRST & Gmer: defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:36 on 13/09/2013 (user) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-09-2013 Ran by user (administrator) on USER-PC on 13-09-2013 12:38:59 Running from C:\Users\user\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe () C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe () C:\Program Files\RocketDock\RocketDock.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MouseDriver] - C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-12] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKCU\...\Run: [Google Update] - C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-03] (Google Inc.) HKCU\...\Run: [RocketDock] - C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] () HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION MountPoints2: {ffb082ce-cab1-11e2-8597-00262285f644} - F:\Autorun.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE69ECB89E889CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=46364&st=home&tid=3869&ver=3.5&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/my_homepage/0022/ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974 HKLM\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=46364&st=home&tid=3869&ver=3.5&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974 SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=3.5&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A&q={searchTerms} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=41460&st=bs&tid=3201&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974 SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=3.2&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A&q={searchTerms} SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974 SearchScopes: HKCU - URL hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=3.2&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A&q={searchTerms} SearchScopes: HKCU - SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=46364&gid=1&dbCode=1&command={searchTerms} SearchScopes: HKCU - TopResultURLFallback hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=3.2&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A&q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=122471&babsrc=SP_ss&mntrId=F4B0904CE5293AE5 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974 SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=816cc1db-8aeb-4c3c-ac3c-4bb3af7706e3&searchtype=ds&q={searchTerms}&installDate=01/01/1970 BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\user\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL () BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Web Search.xml FF Extension: General Crawler - C:\Users\user\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi Chrome: ======= CHR HomePage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974 CHR RestoreOnStartup: "hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974" CHR DefaultSearchURL: (qvo6) - hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974&type=default&q={searchTerms} CHR DefaultSuggestURL: (qvo6) - "suggest_url": "" CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\user\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\user\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll () CHR Plugin: (Injovo Extension Plugin) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\npbrowserext.dll No File CHR Plugin: (Skype Click to Call) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll No File CHR Plugin: (widdit) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnnkmdadebfapiihcaiajaplpmpfgpnh\2.1_0\npwiddit.dll No File CHR Plugin: (Adobe Acrobat) - C:\Acrobat3\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Unity Player) - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File CHR Plugin: (Google Update) - C:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Kalydo Player Plugin for Mozilla) - C:\Users\user\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: () - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0 CHR Extension: (DealPly Shopping) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci\3.5.3.0_0 CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0 CHR Extension: (Amazon-Icon) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0 CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM\...\Chrome\Extension: [apfdadfinodckpcehhdhjlgiphgnbfci] - C:\Program Files\PutLockerDownloader\putlockerdownloader10.crx CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\user\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\user\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\user\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx CHR HKLM\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files\Gophoto.it\gophotoit14.crx ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-12] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-12] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-12] (Avira Operations GmbH & Co. KG) R2 Radio.fx; C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] () S2 SystemStoreService; C:\Program Files\SoftwareUpdater\SystemStore.exe [278016 2013-07-09] () S2 HitmanPro37CrusaderBoot; "G:\HitmanPro.exe" /crusader:boot [x] ==================== Drivers (Whitelisted) ==================== S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-05-19] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-09-12] (Avira Operations GmbH & Co. KG) R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-06-01] (DT Soft Ltd) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 HPMo4DE3; C:\Windows\System32\DRIVERS\HPMo4DE3.sys [20992 2011-03-09] (TPMX Electronics Ltd.) S3 HPub4DE3; C:\Windows\System32\Drivers\HPub4DE3.sys [13824 2011-04-12] (TPMX Electronics Ltd.) S3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2010-07-01] (Screaming Bee LLC) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-12] (Avira GmbH) S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [5120 2012-12-19] () S3 WinRing0_1_2_0; C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org) S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x] S3 taphss; system32\DRIVERS\taphss.sys [x] S3 taphss6; system32\DRIVERS\taphss6.sys [x] S3 XDva399; \??\C:\Windows\system32\XDva399.sys [x] S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-13 12:38 - 2013-09-13 12:38 - 00000000 ____D C:\FRST 2013-09-13 12:37 - 2013-09-13 12:32 - 00377856 _____ C:\Users\user\Desktop\bpkhnbrj.exe 2013-09-13 12:37 - 2013-09-13 12:28 - 01082459 _____ (Farbar) C:\Users\user\Desktop\FRST.exe 2013-09-13 12:36 - 2013-09-13 12:36 - 00000470 _____ C:\Users\user\Desktop\defogger_disable.log 2013-09-13 12:36 - 2013-09-13 12:36 - 00000000 _____ C:\Users\user\defogger_reenable 2013-09-13 12:36 - 2013-09-13 12:34 - 00050477 _____ C:\Users\user\Desktop\Defogger.exe 2013-09-13 10:22 - 2013-09-13 12:26 - 00000168 _____ C:\Windows\setupact.log 2013-09-13 10:22 - 2013-09-13 10:22 - 00000000 _____ C:\Windows\setuperr.log 2013-09-13 10:21 - 2013-09-13 10:21 - 00348096 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-12 09:21 - 2013-09-12 09:21 - 00097656 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-12 01:50 - 2013-09-12 01:50 - 00000000 ____D C:\Windows\system32\Lang 2013-09-12 01:50 - 2009-09-02 11:18 - 00398848 _____ (Intel(R) Corporation) C:\Windows\system32\TVWizudlg.exe 2013-09-12 01:50 - 2009-09-02 11:18 - 00140288 _____ () C:\Windows\system32\igfxtvcx.dll 2013-09-12 01:50 - 2009-09-02 11:16 - 00121232 _____ C:\Windows\system32\IScrNB.bmp 2013-09-12 01:45 - 2012-08-23 16:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2013-09-12 01:45 - 2012-08-23 16:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2013-09-12 01:45 - 2012-08-23 16:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2013-09-12 01:45 - 2012-08-23 16:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2013-09-12 01:45 - 2012-08-23 16:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2013-09-12 01:45 - 2012-08-23 15:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2013-09-12 01:45 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2013-09-12 01:45 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2013-09-12 01:45 - 2012-08-23 15:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2013-09-12 01:45 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2013-09-12 01:45 - 2012-08-23 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2013-09-12 01:45 - 2012-08-23 13:32 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2013-09-12 01:45 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2013-09-12 01:45 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll 2013-09-12 01:45 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2013-09-12 01:45 - 2012-08-23 12:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2013-09-12 01:45 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Windows\system32\x64 2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Intel 2013-09-12 01:43 - 2009-09-02 18:56 - 01002008 _____ (Intel Corporation) C:\Windows\system32\igxpun.exe 2013-09-12 01:42 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-12 01:42 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-12 01:42 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-12 01:42 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-12 01:42 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-12 01:42 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-12 01:38 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-12 01:38 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-12 01:38 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-12 01:38 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-12 01:38 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-12 01:38 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-12 01:38 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-12 01:38 - 2012-08-24 19:05 - 00136560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-09-12 01:38 - 2012-08-24 19:02 - 00369856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2013-09-12 01:38 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-09-12 01:38 - 2012-08-24 18:56 - 01039360 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-09-12 01:38 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2013-09-12 01:37 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-12 01:34 - 2013-09-12 01:33 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-09-12 01:31 - 2013-09-12 01:31 - 00002012 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2013-09-12 01:30 - 2013-09-12 01:30 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-09-12 01:30 - 2013-09-12 01:30 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-09-12 01:30 - 2013-09-12 01:30 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-09-12 01:30 - 2013-09-12 01:30 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2013-09-12 01:11 - 2013-09-12 09:16 - 00000000 ____D C:\Windows\pss 2013-09-12 00:53 - 2013-09-12 01:06 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2013-09-12 00:53 - 2013-09-12 01:06 - 00000340 _____ C:\Windows\system32\.crusader 2013-09-12 00:30 - 2013-09-12 00:54 - 00000000 ____D C:\ProgramData\HitmanPro 2013-09-05 21:13 - 2013-09-11 16:25 - 00000004 _____ C:\Users\user\AppData\Roaming\cache.ini 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (9).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (8).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (7).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (6).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (5).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (4).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (3).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (2).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (1).zip 2013-09-05 21:12 - 2013-09-05 21:12 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv.zip 2013-09-04 22:33 - 2013-09-04 22:36 - 1119874775 _____ C:\Users\user\Desktop\Fusion-Network.zip 2013-09-04 22:26 - 2013-09-04 22:31 - 00000000 ____D C:\Users\user\Desktop\Fusion-Network 2013-09-04 22:25 - 2013-09-04 22:26 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner 2013-09-04 22:16 - 2013-09-04 22:16 - 05829952 _____ (TeamViewer GmbH) C:\Users\user\Downloads\TeamViewer_Setup_de_8.0.20768.exe 2013-09-02 19:57 - 2013-09-02 19:57 - 00001128 _____ C:\Users\Public\Desktop\Game Booster 3.lnk 2013-09-02 19:56 - 2013-09-02 19:57 - 04344120 _____ (IObit ) C:\Users\user\Downloads\gb3-4-setup.exe 2013-09-02 15:28 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-09-02 15:28 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-09-02 15:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2013-09-02 15:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-09-02 15:28 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-09-02 15:28 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-09-02 15:28 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-09-02 15:28 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-09-02 15:28 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-09-02 15:28 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-09-02 15:28 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-09-02 15:27 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\ProgramData\IObit 2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\Program Files\IObit 2013-08-17 00:42 - 2013-08-17 00:42 - 04706130 _____ C:\Users\user\Downloads\3D Cube.zip 2013-08-17 00:24 - 2013-08-17 00:26 - 33130822 _____ C:\Users\user\Downloads\Cube.rar 2013-08-15 18:10 - 2013-08-15 17:57 - 1009950912 _____ C:\Users\user\Desktop\Fusion-Network (2).rar 2013-08-15 17:36 - 2013-08-15 17:57 - 1009950912 _____ C:\Users\user\Downloads\Fusion-Network (2).rar 2013-08-15 17:36 - 2013-08-15 17:57 - 1009950912 _____ C:\Users\user\Downloads\Fusion-Network (1).rar 2013-08-15 14:20 - 2013-08-15 14:20 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira 2013-08-15 14:19 - 2013-08-15 14:19 - 00000000 ____D C:\ProgramData\AskPartnerNetwork 2013-08-15 14:19 - 2013-08-15 14:19 - 00000000 ____D C:\Program Files\AskPartnerNetwork 2013-08-15 14:17 - 2013-08-15 14:17 - 00000000 ____D C:\ProgramData\Avira 2013-08-15 14:17 - 2013-08-15 14:17 - 00000000 ____D C:\Program Files\Avira ==================== One Month Modified Files and Folders ======= 2013-09-13 12:38 - 2013-09-13 12:38 - 00000000 ____D C:\FRST 2013-09-13 12:36 - 2013-09-13 12:36 - 00000470 _____ C:\Users\user\Desktop\defogger_disable.log 2013-09-13 12:36 - 2013-09-13 12:36 - 00000000 _____ C:\Users\user\defogger_reenable 2013-09-13 12:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-09-13 12:34 - 2013-09-13 12:36 - 00050477 _____ C:\Users\user\Desktop\Defogger.exe 2013-09-13 12:33 - 2012-08-27 16:44 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-13 12:33 - 2009-07-14 06:34 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-13 12:33 - 2009-07-14 06:34 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-13 12:32 - 2013-09-13 12:37 - 00377856 _____ C:\Users\user\Desktop\bpkhnbrj.exe 2013-09-13 12:29 - 2013-08-13 19:58 - 00781776 _____ C:\Windows\WindowsUpdate.log 2013-09-13 12:28 - 2013-09-13 12:37 - 01082459 _____ (Farbar) C:\Users\user\Desktop\FRST.exe 2013-09-13 12:26 - 2013-09-13 10:22 - 00000168 _____ C:\Windows\setupact.log 2013-09-13 12:26 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-13 10:22 - 2013-09-13 10:22 - 00000000 _____ C:\Windows\setuperr.log 2013-09-13 10:22 - 2012-09-03 17:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-13 10:21 - 2013-09-13 10:21 - 00348096 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-12 09:21 - 2013-09-12 09:21 - 00097656 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-12 09:20 - 2012-09-03 17:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-09-12 09:20 - 2012-09-03 17:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-09-12 09:20 - 2012-08-27 15:25 - 00000000 ____D C:\Windows\Panther 2013-09-12 09:16 - 2013-09-12 01:11 - 00000000 ____D C:\Windows\pss 2013-09-12 09:16 - 2012-12-15 01:12 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype 2013-09-12 01:50 - 2013-09-12 01:50 - 00000000 ____D C:\Windows\system32\Lang 2013-09-12 01:50 - 2012-09-03 20:27 - 00000000 ____D C:\Program Files\Intel 2013-09-12 01:47 - 2009-07-14 10:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE 2013-09-12 01:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE 2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Windows\system32\x64 2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Intel 2013-09-12 01:40 - 2013-08-12 03:02 - 00000000 ____D C:\Windows\system32\MRT 2013-09-12 01:39 - 2012-09-07 11:10 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-12 01:33 - 2013-09-12 01:34 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-09-12 01:31 - 2013-09-12 01:31 - 00002012 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2013-09-12 01:30 - 2013-09-12 01:30 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-09-12 01:30 - 2013-09-12 01:30 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-09-12 01:30 - 2013-09-12 01:30 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-09-12 01:30 - 2013-09-12 01:30 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2013-09-12 01:14 - 2013-02-03 20:00 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000UA.job 2013-09-12 01:06 - 2013-09-12 00:53 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2013-09-12 01:06 - 2013-09-12 00:53 - 00000340 _____ C:\Windows\system32\.crusader 2013-09-12 01:00 - 2013-08-13 19:41 - 00000000 ____D C:\Program Files\WinZipper 2013-09-12 00:59 - 2012-09-13 16:52 - 00000000 ____D C:\Program Files\DsNET Corp 2013-09-12 00:54 - 2013-09-12 00:30 - 00000000 ____D C:\ProgramData\HitmanPro 2013-09-12 00:53 - 2013-08-13 04:15 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner (2) 2013-09-12 00:53 - 2013-08-13 03:39 - 00000000 ____D C:\Users\user\AppData\Roaming\Desk 365 2013-09-12 00:53 - 2013-08-13 03:39 - 00000000 ____D C:\ProgramData\eSafe 2013-09-11 16:25 - 2013-09-05 21:13 - 00000004 _____ C:\Users\user\AppData\Roaming\cache.ini 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (9).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (8).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (7).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (6).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (5).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (4).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (3).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (2).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (1).zip 2013-09-05 21:12 - 2013-09-05 21:12 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv.zip 2013-09-05 08:14 - 2013-02-03 20:00 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000Core.job 2013-09-04 22:36 - 2013-09-04 22:33 - 1119874775 _____ C:\Users\user\Desktop\Fusion-Network.zip 2013-09-04 22:31 - 2013-09-04 22:26 - 00000000 ____D C:\Users\user\Desktop\Fusion-Network 2013-09-04 22:26 - 2013-09-04 22:25 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner 2013-09-04 22:16 - 2013-09-04 22:16 - 05829952 _____ (TeamViewer GmbH) C:\Users\user\Downloads\TeamViewer_Setup_de_8.0.20768.exe 2013-09-03 04:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache 2013-09-02 19:57 - 2013-09-02 19:57 - 00001128 _____ C:\Users\Public\Desktop\Game Booster 3.lnk 2013-09-02 19:57 - 2013-09-02 19:56 - 04344120 _____ (IObit ) C:\Users\user\Downloads\gb3-4-setup.exe 2013-09-02 16:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp 2013-09-02 16:16 - 2013-04-04 19:45 - 00000000 ____D C:\Program Files\Common Files\Skype 2013-09-02 16:16 - 2013-02-03 20:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-09-02 16:16 - 2012-12-15 01:12 - 00000000 ___RD C:\Program Files\Skype 2013-09-02 16:16 - 2012-09-14 18:57 - 00000000 ____D C:\Users\user\AppData\Local\Akamai 2013-09-02 16:16 - 2012-09-12 16:27 - 00000000 ____D C:\Program Files\CCleaner 2013-09-02 16:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration 2013-09-02 16:16 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-09-02 16:14 - 2012-12-15 01:12 - 00000000 ____D C:\ProgramData\Skype 2013-09-02 16:14 - 2012-09-08 10:00 - 00000000 ____D C:\ProgramData\Real 2013-09-02 16:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles 2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\ProgramData\IObit 2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\Program Files\IObit 2013-08-17 00:42 - 2013-08-17 00:42 - 04706130 _____ C:\Users\user\Downloads\3D Cube.zip 2013-08-17 00:33 - 2012-10-07 12:39 - 00000000 ___HD C:\Windows\msdownld.tmp 2013-08-17 00:33 - 2012-10-07 12:39 - 00000000 ____D C:\Windows\system32\directx 2013-08-17 00:26 - 2013-08-17 00:24 - 33130822 _____ C:\Users\user\Downloads\Cube.rar 2013-08-15 17:57 - 2013-08-15 18:10 - 1009950912 _____ C:\Users\user\Desktop\Fusion-Network (2).rar 2013-08-15 17:57 - 2013-08-15 17:36 - 1009950912 _____ C:\Users\user\Downloads\Fusion-Network (2).rar 2013-08-15 17:57 - 2013-08-15 17:36 - 1009950912 _____ C:\Users\user\Downloads\Fusion-Network (1).rar 2013-08-15 14:20 - 2013-08-15 14:20 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira 2013-08-15 14:19 - 2013-08-15 14:19 - 00000000 ____D C:\ProgramData\AskPartnerNetwork 2013-08-15 14:19 - 2013-08-15 14:19 - 00000000 ____D C:\Program Files\AskPartnerNetwork 2013-08-15 14:17 - 2013-08-15 14:17 - 00000000 ____D C:\ProgramData\Avira 2013-08-15 14:17 - 2013-08-15 14:17 - 00000000 ____D C:\Program Files\Avira Files to move or delete: ==================== C:\Users\Alles\NosTale[DE]Lvl,Job Bot.exe C:\Users\user\jagex_cl_runescape_LIVE.dat C:\Users\user\random.dat C:\Users\user\AppData\Roaming\cache.ini ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-12 09:58 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-09-2013 Ran by user at 2013-09-13 12:39:54 Running from C:\Users\user\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Acrobat Reader 3.0 Adobe Flash Player 11 ActiveX (Version: 11.8.800.168) Adobe Flash Player 11 Plugin (Version: 11.8.800.94) Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04) Adobe Shockwave Player 11.6 (Version: 11.6.6.636) Akamai NetSession Interface Avira Free Antivirus (Version: 13.0.0.4052) CCleaner (Version: 4.02) Command & Conquer Windows 95 DivX-Setup (Version: 2.6.1.22) Game Booster 3 (Version: 3.4) Google Chrome (HKCU Version: 29.0.1547.66) Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1892) Intel(R) TV Wizard Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) League of Legends (Version: 1.3) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) Nexon Game Manager NVIDIA PhysX (Version: 9.10.0129) Radio.fx RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0) RealPlayer (Version: 15.0.6) RealUpgrade 1.1 (Version: 1.1.0) RocketDock 1.3.5 RuneScape Launcher 1.2.2 (Version: 1.2.2) Skype™ 6.5 (Version: 6.5.158) swMSM (Version: 12.0.0.1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) Winamp (Version: 5.64 ) WinRAR 4.20 (32-Bit) (Version: 4.20.0) ==================== Restore Points ========================= 03-09-2013 01:00:12 Windows Update 03-09-2013 01:34:18 Windows-Sicherung 11-09-2013 12:17:31 Windows-Sicherung 11-09-2013 23:38:35 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {0FEBE866-0D45-4BC5-B0E4-32F381A86924} - System32\Tasks\Software Updater Ui => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-07-09] () Task: {10D13FE9-DB91-4185-A5C5-00C7643AD394} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-03] (Google Inc.) Task: {20E2D111-3877-4DCC-81DE-28D7A3F482FF} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-07-06] () Task: {221A7075-ED51-4A0F-996D-3CB66535EC91} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-03] (Google Inc.) Task: {42A3DCCB-3B62-49E0-B9D3-32858D0F956B} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files\Omiga Plus\omigaplus.exe Task: {49AA6FDC-7B8B-4BC3-AC0B-DDBF86A896AB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-390601350-1865464865-2767028540-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {5CDD061D-62CA-4CA9-9E69-E1EDD5508E51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-12] (Adobe Systems Incorporated) Task: {73A05E22-1452-4654-84DF-5A4C99433BB9} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-390601350-1865464865-2767028540-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {83CF2527-B8D3-43D4-9E45-EA3C0D8C7244} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe Task: {8D77BCB9-3E5F-4887-9101-E2F37C80CE50} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe [2013-09-02] () Task: {90AE8D60-35E9-4DD5-9B75-D7A33FB07D56} - System32\Tasks\DealPlyUpdate => C:\Program Task: {AE402E78-1860-4EF2-95E7-0BECC5221281} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation) Task: {AEE18223-E9ED-4464-9249-58B59BFC85C0} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files\Real\RealPlayer\Update\realsched.exe [2012-11-17] (RealNetworks, Inc.) Task: {BDC278DC-1449-4352-A238-57EC0D18EC58} - System32\Tasks\Freemium1ClickMaint => C:\Users\user\Downloads\1Click.exe Task: {C634BB63-6A51-4E45-947E-120DFD16C301} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2012-11-30] () Task: {C751AA88-1EAD-4077-BBA4-827450C87A52} - System32\Tasks\Dealply => C:\Users\user\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE Task: {CED1312B-0E7C-4DD8-BC87-0F858C178994} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd) Task: {D6B1E253-603D-4295-967A-7696A7310447} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: {F13D8727-32A2-4321-A51B-746977B3436C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation) Task: {FFFC673F-5F30-4681-A8BA-E8138BC16F94} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Dealply.job => C:\Users\user\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-19 15:36 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files\RocketDock\RocketDock.dll 2013-05-17 21:51 - 2012-06-09 19:20 - 00167936 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll 2009-09-02 18:21 - 2009-09-02 18:21 - 00303616 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/12/2013 01:01:18 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/12/2013 00:56:38 AM) (Source: MsiInstaller) (User: user-PC) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011004}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (09/12/2013 00:55:15 AM) (Source: ESENT) (User: ) Description: taskhost (2224) Versuch, Datei "C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. System errors: ============= Error: (09/13/2013 00:26:21 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/13/2013 10:43:37 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/13/2013 10:43:35 AM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 13.09.2013 um 10:41:19 unerwartet heruntergefahren. Error: (09/13/2013 10:22:11 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/12/2013 09:14:39 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/12/2013 01:51:13 AM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 70. Der interne Fehlerstatus lautet: 105. Error: (09/12/2013 01:51:13 AM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 70. Der interne Fehlerstatus lautet: 105. Error: (09/12/2013 01:51:13 AM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 70. Der interne Fehlerstatus lautet: 105. Error: (09/12/2013 01:51:13 AM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 70. Der interne Fehlerstatus lautet: 105. Error: (09/12/2013 01:49:19 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (09/12/2013 01:01:18 AM) (Source: SideBySide)(User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"G:\HitmanPro_x64.exe Error: (09/12/2013 00:56:38 AM) (Source: MsiInstaller)(User: user-PC) Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011004}1625(NULL)(NULL)(NULL) Error: (09/12/2013 00:55:15 AM) (Source: ESENT)(User: ) Description: taskhost2224C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. ==================== Memory info =========================== Percentage of memory in use: 25% Total physical RAM: 3001.98 MB Available physical RAM: 2248 MB Total Pagefile: 6002.24 MB Available Pagefile: 5075.11 MB Total Virtual: 2047.88 MB Available Virtual: 1909.42 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.04 GB) (Free:40.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:149 GB) (Free:81.65 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 08D908D8) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=149 GB) - (Type=0C) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-09-13 12:57:04 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB Running: bpkhnbrj.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys ---- System - GMER 2.1 ---- SSDT 8E4A8196 ZwCreateSection SSDT 8E4A81A0 ZwRequestWaitReplyPort SSDT 8E4A819B ZwSetContextThread SSDT 8E4A81A5 ZwSetSecurityObject SSDT 8E4A81AA ZwSystemDebugControl SSDT 8E4A8137 ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C4BA15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C85212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C8C58C 4 Bytes [96, 81, 4A, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82C8C8E8 4 Bytes CALL CD4A696F .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82C8C92C 4 Bytes [9B, 81, 4A, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82C8C9A8 4 Bytes [A5, 81, 4A, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82C8C9FC 4 Bytes [AA, 81, 4A, 8E] .text ... ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe[1692] kernel32.dll!SetUnhandledExceptionFilter 7685F4EB 5 Bytes JMP 0067B780 C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32@ %SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24} ---- EOF - GMER 2.1 ---- Des Weiteren weiß ich nicht wieviele oder welche installierten Programme behaftet sind. Gruß, Geisteskr4nk bzw. Chris
__________________ NICHTS kann mich aufhalten! - mist, 'ne Kindersicherung |
13.09.2013, 13:19 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Hallo und
__________________Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ |
13.09.2013, 13:55 | #3 |
Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Hallo Cosinus,
__________________vielen Dank für die schnelle Antwort. hier das Log von Combofix: Code:
ATTFilter ComboFix 13-09-13.01 - user 13.09.2013 14:43:58.2.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3002.2081 [GMT 2:00] ausgeführt von:: C:\Users\user\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ((((((((((((((((((((((( Dateien erstellt von 2013-08-13 bis 2013-09-13 )))))))))))))))))))))))))))))) 2013-09-13 12:48:31 . 2013-09-13 12:48:31 -------- d---a-w- C:\Users\Default\AppData\Local\temp 2013-09-13 10:38:38 . 2013-09-13 10:38:38 -------- d-----w- C:\FRST 2013-09-11 23:50:32 . 2009-09-02 09:18:58 398848 ----a-w- C:\Windows\system32\TVWizudlg.exe 2013-09-11 23:50:31 . 2009-09-02 09:18:32 140288 ----a-w- C:\Windows\system32\igfxtvcx.dll 2013-09-11 23:50:30 . 2013-09-11 23:50:31 -------- d-----w- C:\Windows\system32\Lang 2013-09-11 23:43:48 . 2013-09-11 23:43:48 -------- d-----w- C:\Intel 2013-09-11 23:43:38 . 2013-09-11 23:43:38 -------- d-----w- C:\Windows\system32\x64 2013-09-11 23:43:38 . 2009-09-02 16:56:48 1002008 ----a-w- C:\Windows\system32\igxpun.exe 2013-09-11 23:38:28 . 2012-05-04 09:59:54 514560 ----a-w- C:\Windows\system32\qdvd.dll 2013-09-11 23:37:47 . 2013-08-08 01:03:07 2348544 ----a-w- C:\Windows\system32\win32k.sys 2013-09-11 23:34:00 . 2013-09-11 23:33:47 66144 ----a-w- C:\Windows\system32\drivers\avnetflt.sys 2013-09-11 23:30:44 . 2013-09-11 23:30:05 88840 ----a-w- C:\Windows\system32\drivers\avgntflt.sys 2013-09-11 23:30:44 . 2013-09-11 23:30:05 37352 ----a-w- C:\Windows\system32\drivers\avkmgr.sys 2013-09-11 23:30:44 . 2013-09-11 23:30:05 136672 ----a-w- C:\Windows\system32\drivers\avipbb.sys 2013-09-11 22:53:33 . 2013-09-11 23:06:13 12872 ----a-w- C:\Windows\system32\bootdelete.exe 2013-09-11 22:30:44 . 2013-09-11 22:54:05 -------- d-----w- C:\ProgramData\HitmanPro 2013-09-03 14:10:07 . 2013-08-06 07:28:16 7166848 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C719F4F7-7F2E-44CC-92B8-21B99FB2C33D}\mpengine.dll 2013-09-02 13:28:43 . 2013-07-09 04:50:42 652800 ----a-w- C:\Windows\system32\rpcrt4.dll 2013-09-02 13:28:36 . 2013-07-06 05:05:35 1293760 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2013-09-02 13:28:22 . 2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\system32\ntkrnlpa.exe 2013-09-02 13:28:22 . 2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\system32\ntoskrnl.exe 2013-09-02 13:28:22 . 2013-07-09 04:53:46 1289096 ----a-w- C:\Windows\system32\ntdll.dll 2013-09-02 13:28:19 . 2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\system32\crypt32.dll 2013-09-02 13:28:18 . 2013-07-09 04:52:10 175104 ----a-w- C:\Windows\system32\wintrust.dll 2013-09-02 13:28:18 . 2013-07-09 04:46:31 140288 ----a-w- C:\Windows\system32\cryptsvc.dll 2013-09-02 13:28:18 . 2013-07-09 04:46:31 103936 ----a-w- C:\Windows\system32\cryptnet.dll 2013-09-02 13:28:13 . 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\system32\WMVDECOD.DLL 2013-09-02 13:28:04 . 2013-07-19 01:41:01 2048 ----a-w- C:\Windows\system32\tzres.dll 2013-09-02 13:27:59 . 2013-06-15 03:38:43 31232 ----a-w- C:\Windows\system32\drivers\tssecsrv.sys 2013-08-17 00:24:43 . 2013-08-17 00:24:43 -------- d-----w- C:\ProgramData\IObit 2013-08-17 00:24:43 . 2013-08-17 00:24:43 -------- d-----w- C:\Program Files\IObit 2013-08-15 12:20:42 . 2013-08-15 12:20:42 -------- d-----w- C:\Users\user\AppData\Roaming\Avira 2013-08-15 12:19:25 . 2013-08-15 12:19:25 -------- d-----w- C:\ProgramData\AskPartnerNetwork 2013-08-15 12:19:25 . 2013-08-15 12:19:25 -------- d-----w- C:\Program Files\AskPartnerNetwork 2013-08-15 12:17:30 . 2013-08-15 12:17:41 -------- d-----w- C:\ProgramData\Avira 2013-08-15 12:17:30 . 2013-08-15 12:17:30 -------- d-----w- C:\Program Files\Avira . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-09-12 07:20:11 . 2012-09-03 15:46:01 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-09-12 07:20:11 . 2012-09-03 15:46:01 692616 ----a-w- C:\Windows\system32\FlashPlayerApp.exe 2013-08-13 17:41:32 . 2011-02-19 21:03:12 421032 ----a-w- C:\Windows\system32\msvcp100.dll 2013-08-13 17:41:32 . 2011-02-18 22:40:50 773800 ----a-w- C:\Windows\system32\msvcr100.dll 2013-08-07 02:22:04 . 2012-09-03 15:26:18 238872 ------w- C:\Windows\system32\MpSigStub.exe 2013-07-19 15:34:39 . 2013-07-19 15:34:44 94632 ----a-w- C:\Windows\system32\WindowsAccessBridge.dll 2013-07-19 15:34:39 . 2012-09-15 12:14:20 789416 ----a-w- C:\Windows\system32\deployJava1.dll 2013-07-19 15:34:39 . 2012-09-15 12:14:19 867240 ----a-w- C:\Windows\system32\npDeployJava1.dll (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 12:58:52 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MouseDriver"="TiltWheelMouse.exe" [2012-12-19 06:42:10 241152] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 05:32:50 253816] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 10:37:26 958576] "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2013-09-11 23:29:31 347192] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2009-09-02 16:18:44 135168] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-09-02 16:18:32 167424] "Persistence"="C:\Windows\system32\igfxpers.exe" [2009-09-02 16:18:22 144384] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Radio.fx.LNK] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Radio.fx.LNK backup=C:\Windows\pss\Radio.fx.LNK.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^301b5fcf8ce2fab8868e80b6c1f912fe.exe] path=C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\301b5fcf8ce2fab8868e80b6c1f912fe.exe backup=C:\Windows\pss\301b5fcf8ce2fab8868e80b6c1f912fe.exe.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface] 2013-06-04 23:01:52 4489472 ----a-w- C:\Users\user\AppData\Local\Akamai\netsession_win.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer] 2012-11-13 18:13:34 450560 ----a-w- C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfxsrvtray] 2013-02-07 16:38:54 1838872 ----a-w- C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock] 2007-09-02 12:58:52 495616 ----a-w- C:\Program Files\RocketDock\RocketDock.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2013-06-03 14:27:20 19603048 ----a-r- C:\Program Files\Skype\Phone\Skype.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Akamai NetSession Interface"="C:\Users\user\AppData\Local\Akamai\netsession_win.exe" "Clownfish"="C:\Program Files\Clownfish\Clownfish.exe" "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "SDP"=C:\Program Files\FilesFrog Update Checker\update_checker.exe /auto "Optimizer Pro"=C:\Program Files\Optimizer Pro\OptProLauncher.exe "KPeerNexonEU"=C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe "Skype"="C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun "301b5fcf8ce2fab8868e80b6c1f912fe"="C:\Users\user\AppData\Local\Temp\System.exe" .. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TkBellExe"="C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot "Aeria Ignite"="C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent "LogMeIn Hamachi Ui"="C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start "IgfxTray"=C:\Windows\system32\igfxtray.exe "Persistence"=C:\Windows\system32\igfxpers.exe "HotKeysCmds"=C:\Windows\system32\hkcmd.exe "DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW R2 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot);G:\HitmanPro.exe [x] R2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [2013-06-03 14:21:54 162408] R2 SystemStoreService;System Store;C:\Program Files\SoftwareUpdater\SystemStore.exe -displayname System Store -servicename SystemStoreService [x] R3 apf003;apf003;C:\Windows\system32\apf003.sys [2013-05-19 18:10:19 13232] R3 EagleXNt;EagleXNt;C:\Windows\system32\drivers\EagleXNt.sys [x] R3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);C:\Windows\system32\DRIVERS\HPMo4DE3.sys [2011-03-09 08:44:52 20992] R3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);C:\Windows\system32\Drivers\HPub4DE3.sys [2011-04-12 09:46:00 13824] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14:44:32 14848] R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\Windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 14:21:14 34896] R3 t_mouse.sys;HID-compliand device;C:\Windows\system32\DRIVERS\t_mouse.sys [2012-12-19 06:42:08 5120] R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\system32\DRIVERS\taphss6.sys [x] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 14:40:25 49664] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-10-07 12:26:04 1343400] R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [2010-11-01 04:08:46 14416] R3 XDva399;XDva399;C:\Windows\system32\XDva399.sys [x] R3 XDva401;XDva401;C:\Windows\system32\XDva401.sys [x] R4 AntiVirWebService;Avira Browser-Schutz;C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-09-11 23:29:37 815160] S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [2013-09-11 23:30:05 37352] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-06-01 12:16:57 242240] S2 AntiVirSchedulerService;Avira Planer;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2013-09-11 23:29:55 84024] S2 Radio.fx;Radio.fx Server;C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe [2013-06-03 11:06:20 3999512] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 22:02:47 50688] --- Andere Dienste/Treiber im Speicher --- *NewlyCreated* - KXLDAPOB *Deregistered* - kxldapob Inhalt des "geplante Tasks" Ordners 2013-09-13 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 15:46:01 . 2013-09-12 07:20:12] 2013-09-05 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000Core.job - C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-03 18:00:41 . 2013-02-03 18:00:40] 2013-09-13 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000UA.job - C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-03 18:00:41 . 2013-02-03 18:00:40] ------- Zusätzlicher Suchlauf ------- uStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974 mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=816cc1db-8aeb-4c3c-ac3c-4bb3af7706e3&searchtype=ds&q={searchTerms}&installDate=01/01/1970 IE: Download with &Media Finder - C:\Program Files\Media Finder\hook.html LSP: C:\Program Files\Avira\AntiVir Desktop\avsda.dll Trusted Zone: aeriagames.com TCP: DhcpNameServer = 192.168.2.1 [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HitmanPro37CrusaderBoot] "ImagePath"="\"G:\HitmanPro.exe\" /crusader:boot" --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-390601350-1865464865-2767028540-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:38,03,94,f3,41,af,1c,2a,b6,62,4a,90,dc,ee,f7,3e,0c,f8,e3,37,51,1a,c0, 11,86,46,0a,eb,97,2e,8c,ed,20,70,2e,f3,41,e3,87,ae,8f,5f,0c,ba,9f,b5,df,4e,\ "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) Chris
__________________ |
13.09.2013, 14:09 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
13.09.2013, 15:11 | #5 |
Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Hallo, beim 1. Durchlauf funkte mir Avira dazwischen, hier das 2. Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1005 www.malwarebytes.org Database version: v2013.09.13.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16686 user :: USER-PC [administrator] 13.09.2013 15:49:10 mbar-log-2013-09-13 (15-49-10).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 238123 Time elapsed: 12 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 3 HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974) Good: (hxxp://www.google.com) -> Replace on reboot. HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL (Hijack.SearchPage) -> Bad: (hxxp://search.certified-toolbar.com?si=46364&st=chrome&tid=3869&ver=3.5&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A&q=) Good: (hxxp://www.google.com/) -> Replace on reboot. HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974) Good: (hxxp://www.google.com) -> Replace on reboot. Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Users\user\Desktop\Fusion-Network\metin2client.bin (RiskWare.Tool.CK) -> Delete on reboot. C:\Users\user\Desktop\Neuer Ordner\Fusion-Network\metin2client.bin (RiskWare.Tool.CK) -> Delete on reboot. C:\Users\user\AppData\Roaming\user-wchelper.dll (Trojan.Agent.Gen) -> Delete on reboot. Physical Sectors Detected: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1005 www.malwarebytes.org Database version: v2013.09.13.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16686 user :: USER-PC [administrator] 13.09.2013 15:29:41 mbar-log-2013-09-13 (15-29-41).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 238026 Time elapsed: 18 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 3 HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974) Good: (hxxp://www.google.com) -> No action taken. HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL (Hijack.SearchPage) -> Bad: (hxxp://search.certified-toolbar.com?si=46364&st=chrome&tid=3869&ver=3.5&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A&q=) Good: (hxxp://www.google.com/) -> No action taken. HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974) Good: (hxxp://www.google.com) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Users\user\Desktop\Fusion-Network\metin2client.bin (RiskWare.Tool.CK) -> No action taken. C:\Users\user\Desktop\Neuer Ordner\Fusion-Network\metin2client.bin (RiskWare.Tool.CK) -> No action taken. C:\Users\user\AppData\Roaming\user-wchelper.dll (Trojan.Agent.Gen) -> No action taken. Physical Sectors Detected: 0 (No malicious items detected) (end) Chris
__________________ NICHTS kann mich aufhalten! - mist, 'ne Kindersicherung |
13.09.2013, 15:34 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Nach dem Entfernen MUSS MBAR nochmal ausgeführt werden!
__________________ --> Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm |
13.09.2013, 15:37 | #7 |
Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Getan, Meldung: kein Fund. Log nötig? Edit: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1005 www.malwarebytes.org Database version: v2013.09.13.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16686 user :: USER-PC [administrator] 13.09.2013 16:17:00 mbar-log-2013-09-13 (16-17-00).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 238203 Time elapsed: 13 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end)
__________________ NICHTS kann mich aufhalten! - mist, 'ne Kindersicherung Geändert von Geisteskr4nk (13.09.2013 um 16:28 Uhr) |
14.09.2013, 12:48 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
14.09.2013, 14:05 | #9 |
Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Hallo, AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.003 - Bericht erstellt am 14/09/2013 um 14:41:55 # Updated 07/09/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzername : user - USER-PC # Gestartet von : C:\Users\user\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : SystemStoreService ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Ask Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\eSafe Ordner Gelöscht : C:\ProgramData\simplitec Ordner Gelöscht : C:\ProgramData\Tarma Installer Ordner Gelöscht : C:\Program Files\SoftwareUpdater Ordner Gelöscht : C:\Program Files\WinZipper Ordner Gelöscht : C:\Program Files\Common Files\337 Ordner Gelöscht : C:\users\user\AppData\Local\DownloadGuide Ordner Gelöscht : C:\users\user\AppData\Local\DownTango Ordner Gelöscht : C:\users\user\AppData\Local\PutLockerDownloader Ordner Gelöscht : C:\users\user\AppData\Local\SwvUpdater Ordner Gelöscht : C:\users\user\AppData\LocalLow\boost_interprocess Ordner Gelöscht : C:\users\user\AppData\LocalLow\Conduit Ordner Gelöscht : C:\users\user\AppData\LocalLow\delta Ordner Gelöscht : C:\users\user\AppData\LocalLow\SimplyTech Ordner Gelöscht : C:\users\user\AppData\LocalLow\Toolbar4 Ordner Gelöscht : C:\users\user\AppData\Roaming\Babylon Ordner Gelöscht : C:\users\user\AppData\Roaming\DealPly Ordner Gelöscht : C:\users\user\AppData\Roaming\Desk 365 Ordner Gelöscht : C:\users\user\AppData\Roaming\DesktopIconForAmazon Ordner Gelöscht : C:\users\user\AppData\Roaming\eIntaller Ordner Gelöscht : C:\users\user\AppData\Roaming\Media Finder Ordner Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com Ordner Gelöscht : C:\users\user\AppData\Roaming\OCS Ordner Gelöscht : C:\users\user\AppData\Roaming\Omiga Plus Ordner Gelöscht : C:\users\user\AppData\Roaming\OpenCandy Ordner Gelöscht : C:\users\user\AppData\Roaming\simplitec Ordner Gelöscht : C:\users\user\AppData\Roaming\Windows Net Data Ordner Gelöscht : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly Ordner Gelöscht : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Web Search.xml Datei Gelöscht : C:\Windows\System32\Tasks\Dealply Datei Gelöscht : C:\Windows\System32\Tasks\DealPlyUpdate Datei Gelöscht : C:\Windows\System32\Tasks\Omiga Plus RunAsStdUser Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater Ui Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater ***** [ Verknüpfungen ] ***** Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}] Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\apfdadfinodckpcehhdhjlgiphgnbfci Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C751AA88-1EAD-4077-BBA4-827450C87A52} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C751AA88-1EAD-4077-BBA4-827450C87A52} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90AE8D60-35E9-4DD5-9B75-D7A33FB07D56} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90AE8D60-35E9-4DD5-9B75-D7A33FB07D56} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Omiga Plus RunAsStdUser [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42A3DCCB-3B62-49E0-B9D3-32858D0F956B} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42A3DCCB-3B62-49E0-B9D3-32858D0F956B} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater Ui [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FEBE866-0D45-4BC5-B0E4-32F381A86924} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0FEBE866-0D45-4BC5-B0E4-32F381A86924} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20E2D111-3877-4DCC-81DE-28D7A3F482FF} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20E2D111-3877-4DCC-81DE-28D7A3F482FF} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PutLockerDownloader Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc Schlüssel Gelöscht : HKCU\Software\d28cd9e239b910 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{162E06EC-4E38-4809-AE76-BF2400D34334} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKCU\Software\1ClickDownload Schlüssel Gelöscht : HKCU\Software\Ciuvo Schlüssel Gelöscht : HKCU\Software\DealPly Schlüssel Gelöscht : HKCU\Software\delta LTD Schlüssel Gelöscht : HKCU\Software\FoxyDeal Schlüssel Gelöscht : HKCU\Software\IM Schlüssel Gelöscht : HKCU\Software\ImInstaller Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\lollipop Schlüssel Gelöscht : HKCU\Software\MediaFinder Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\PIP Schlüssel Gelöscht : HKCU\Software\simplytech Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\V9 Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\Software\DealPly Schlüssel Gelöscht : HKLM\Software\Desksvc Schlüssel Gelöscht : HKLM\Software\DomaIQ Schlüssel Gelöscht : HKLM\Software\IB Updater Schlüssel Gelöscht : HKLM\Software\Iminent Schlüssel Gelöscht : HKLM\Software\omigaplusSvc Schlüssel Gelöscht : HKLM\Software\PIP Schlüssel Gelöscht : HKLM\Software\qvo6Software Schlüssel Gelöscht : HKLM\Software\Uniblue\DriverScanner ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16686 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)] -\\ Mozilla Firefox v -\\ Google Chrome v [ Datei : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [22945 octets] - [14/09/2013 14:41:11] AdwCleaner[S0].txt - [20246 octets] - [14/09/2013 14:41:55] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20307 octets] ########## JRT: JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.0 (09.12.2013:1) OS: Windows 7 Professional x86 Ran by user on 14.09.2013 at 14:45:40,46 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricstar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-390601350-1865464865-2767028540-1000\Software\IB Updater Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-390601350-1865464865-2767028540-1000\Software\SweetIM Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-390601350-1865464865-2767028540-1000\Software\Wajam Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\omigaplussvc Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HappyLyrics_2802-7edf9df5_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HappyLyrics_2802-7edf9df5_RASMANCS ~~~ Files Successfully deleted: [File] "C:\Windows\System32\Tasks\desk 365 runasstduser" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn" Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin" ~~~ Chrome Successfully deleted: [Folder] C:\Users\user\appdata\local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel Successfully deleted: [Folder] C:\Users\user\appdata\local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 14.09.2013 at 14:48:00,58 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-09-2013 Ran by user (administrator) on USER-PC on 14-09-2013 14:56:36 Running from C:\Users\user\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe () C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\RocketDock\RocketDock.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\system32\prevhost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MouseDriver] - C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-12] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Policies\Explorer: [NoDrives] 0 HKCU\...\Run: [RocketDock] - C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] () HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION HKCU\...\Policies\Explorer: [NoDrives] 0 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE69ECB89E889CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - URL hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=3.2&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A&q={searchTerms} SearchScopes: HKCU - SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=46364&gid=1&dbCode=1&command={searchTerms} SearchScopes: HKCU - TopResultURLFallback hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=3.2&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A&q={searchTerms} BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 Chrome: ======= CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: () - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0 CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0 CHR Extension: (Amazon-Icon) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0 CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\user\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-12] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-12] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-12] (Avira Operations GmbH & Co. KG) R2 Radio.fx; C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] () S2 HitmanPro37CrusaderBoot; "G:\HitmanPro.exe" /crusader:boot [x] ==================== Drivers (Whitelisted) ==================== S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-05-19] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-09-12] (Avira Operations GmbH & Co. KG) R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-06-01] (DT Soft Ltd) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 HPMo4DE3; C:\Windows\System32\DRIVERS\HPMo4DE3.sys [20992 2011-03-09] (TPMX Electronics Ltd.) S3 HPub4DE3; C:\Windows\System32\Drivers\HPub4DE3.sys [13824 2011-04-12] (TPMX Electronics Ltd.) S3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2010-07-01] (Screaming Bee LLC) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-12] (Avira GmbH) S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [5120 2012-12-19] () S3 WinRing0_1_2_0; C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org) S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [x] S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x] S3 taphss; system32\DRIVERS\taphss.sys [x] S3 taphss6; system32\DRIVERS\taphss6.sys [x] S3 XDva399; \??\C:\Windows\system32\XDva399.sys [x] S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-14 14:51 - 2013-09-14 14:51 - 00000624 _____ C:\Users\user\Desktop\JRT.txt 2013-09-14 14:45 - 2013-09-14 14:45 - 00000000 ____D C:\Windows\ERUNT 2013-09-14 14:41 - 2013-09-14 14:42 - 00000000 ____D C:\AdwCleaner 2013-09-14 14:40 - 2013-09-14 14:37 - 01037278 _____ C:\Users\user\Desktop\adwcleaner.exe 2013-09-14 14:40 - 2013-09-14 14:37 - 01029509 _____ (Thisisu) C:\Users\user\Desktop\JRT.exe 2013-09-13 15:22 - 2013-09-13 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-13 15:19 - 2013-09-13 16:30 - 00000000 ____D C:\Users\user\Desktop\mbar 2013-09-13 15:19 - 2013-09-13 15:18 - 12907592 _____ (Malwarebytes Corp.) C:\Users\user\Desktop\mbar-1.07.0.1005.exe 2013-09-13 14:58 - 2013-09-14 14:42 - 00003060 _____ C:\Windows\PFRO.log 2013-09-13 14:43 - 2013-09-13 14:49 - 00000000 ____D C:\ComboFix 2013-09-13 14:29 - 2013-09-13 14:43 - 00000000 ____D C:\Qoobox 2013-09-13 14:29 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-09-13 14:29 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-09-13 14:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-09-13 14:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-09-13 14:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-09-13 14:29 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-09-13 14:29 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-09-13 14:29 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-09-13 14:28 - 2013-09-13 14:38 - 00000000 ____D C:\Windows\erdnt 2013-09-13 14:27 - 2013-09-13 14:26 - 05125578 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe 2013-09-13 12:38 - 2013-09-13 12:38 - 00000000 ____D C:\FRST 2013-09-13 12:37 - 2013-09-13 12:32 - 00377856 _____ C:\Users\user\Desktop\bpkhnbrj.exe 2013-09-13 12:37 - 2013-09-13 12:28 - 01082459 _____ (Farbar) C:\Users\user\Desktop\FRST.exe 2013-09-13 12:36 - 2013-09-13 12:36 - 00000000 _____ C:\Users\user\defogger_reenable 2013-09-13 12:36 - 2013-09-13 12:34 - 00050477 _____ C:\Users\user\Desktop\Defogger.exe 2013-09-13 10:22 - 2013-09-14 14:43 - 00000560 _____ C:\Windows\setupact.log 2013-09-13 10:22 - 2013-09-13 10:22 - 00000000 _____ C:\Windows\setuperr.log 2013-09-13 10:21 - 2013-09-13 10:21 - 00348096 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-12 09:21 - 2013-09-12 09:21 - 00097656 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-12 01:50 - 2013-09-12 01:50 - 00000000 ____D C:\Windows\system32\Lang 2013-09-12 01:50 - 2009-09-02 11:18 - 00398848 _____ (Intel(R) Corporation) C:\Windows\system32\TVWizudlg.exe 2013-09-12 01:50 - 2009-09-02 11:18 - 00140288 _____ () C:\Windows\system32\igfxtvcx.dll 2013-09-12 01:50 - 2009-09-02 11:16 - 00121232 _____ C:\Windows\system32\IScrNB.bmp 2013-09-12 01:45 - 2012-08-23 16:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2013-09-12 01:45 - 2012-08-23 16:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2013-09-12 01:45 - 2012-08-23 16:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2013-09-12 01:45 - 2012-08-23 16:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2013-09-12 01:45 - 2012-08-23 16:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2013-09-12 01:45 - 2012-08-23 15:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2013-09-12 01:45 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2013-09-12 01:45 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2013-09-12 01:45 - 2012-08-23 15:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2013-09-12 01:45 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2013-09-12 01:45 - 2012-08-23 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2013-09-12 01:45 - 2012-08-23 13:32 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2013-09-12 01:45 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2013-09-12 01:45 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll 2013-09-12 01:45 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2013-09-12 01:45 - 2012-08-23 12:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2013-09-12 01:45 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Windows\system32\x64 2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Intel 2013-09-12 01:43 - 2009-09-02 18:56 - 01002008 _____ (Intel Corporation) C:\Windows\system32\igxpun.exe 2013-09-12 01:42 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-12 01:42 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-12 01:42 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-12 01:42 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-12 01:42 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-12 01:42 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-12 01:38 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-12 01:38 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-12 01:38 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-12 01:38 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-12 01:38 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-12 01:38 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-12 01:38 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-12 01:38 - 2012-08-24 19:05 - 00136560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-09-12 01:38 - 2012-08-24 19:02 - 00369856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2013-09-12 01:38 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-09-12 01:38 - 2012-08-24 18:56 - 01039360 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-09-12 01:38 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2013-09-12 01:37 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-12 01:34 - 2013-09-12 01:33 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-09-12 01:31 - 2013-09-12 01:31 - 00002012 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2013-09-12 01:30 - 2013-09-12 01:30 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-09-12 01:30 - 2013-09-12 01:30 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-09-12 01:30 - 2013-09-12 01:30 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-09-12 01:30 - 2013-09-12 01:30 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2013-09-12 01:11 - 2013-09-12 09:16 - 00000000 ____D C:\Windows\pss 2013-09-12 00:53 - 2013-09-12 01:06 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2013-09-12 00:53 - 2013-09-12 01:06 - 00000340 _____ C:\Windows\system32\.crusader 2013-09-12 00:30 - 2013-09-12 00:54 - 00000000 ____D C:\ProgramData\HitmanPro 2013-09-05 21:13 - 2013-09-11 16:25 - 00000004 _____ C:\Users\user\AppData\Roaming\cache.ini 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (9).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (8).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (7).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (6).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (5).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (4).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (3).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (2).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (1).zip 2013-09-05 21:12 - 2013-09-05 21:12 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv.zip 2013-09-04 22:33 - 2013-09-04 22:36 - 1119874775 _____ C:\Users\user\Desktop\Fusion-Network.zip 2013-09-04 22:26 - 2013-09-13 16:02 - 00000000 ____D C:\Users\user\Desktop\Fusion-Network 2013-09-04 22:25 - 2013-09-04 22:26 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner 2013-09-04 22:16 - 2013-09-04 22:16 - 05829952 _____ (TeamViewer GmbH) C:\Users\user\Downloads\TeamViewer_Setup_de_8.0.20768.exe 2013-09-02 19:57 - 2013-09-02 19:57 - 00001128 _____ C:\Users\Public\Desktop\Game Booster 3.lnk 2013-09-02 19:56 - 2013-09-02 19:57 - 04344120 _____ (IObit ) C:\Users\user\Downloads\gb3-4-setup.exe 2013-09-02 15:28 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-09-02 15:28 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-09-02 15:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2013-09-02 15:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-09-02 15:28 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-09-02 15:28 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-09-02 15:28 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-09-02 15:28 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-09-02 15:28 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-09-02 15:28 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-09-02 15:28 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-09-02 15:27 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\ProgramData\IObit 2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\Program Files\IObit 2013-08-17 00:42 - 2013-08-17 00:42 - 04706130 _____ C:\Users\user\Downloads\3D Cube.zip 2013-08-17 00:24 - 2013-08-17 00:26 - 33130822 _____ C:\Users\user\Downloads\Cube.rar 2013-08-15 18:10 - 2013-08-15 17:57 - 1009950912 _____ C:\Users\user\Desktop\Fusion-Network (2).rar 2013-08-15 17:36 - 2013-08-15 17:57 - 1009950912 _____ C:\Users\user\Downloads\Fusion-Network (2).rar 2013-08-15 17:36 - 2013-08-15 17:57 - 1009950912 _____ C:\Users\user\Downloads\Fusion-Network (1).rar 2013-08-15 14:20 - 2013-08-15 14:20 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira 2013-08-15 14:19 - 2013-08-15 14:19 - 00000000 ____D C:\ProgramData\AskPartnerNetwork 2013-08-15 14:19 - 2013-08-15 14:19 - 00000000 ____D C:\Program Files\AskPartnerNetwork 2013-08-15 14:17 - 2013-08-15 14:17 - 00000000 ____D C:\ProgramData\Avira 2013-08-15 14:17 - 2013-08-15 14:17 - 00000000 ____D C:\Program Files\Avira ==================== One Month Modified Files and Folders ======= 2013-09-14 14:51 - 2013-09-14 14:51 - 00000624 _____ C:\Users\user\Desktop\JRT.txt 2013-09-14 14:50 - 2009-07-14 06:34 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-14 14:50 - 2009-07-14 06:34 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-14 14:45 - 2013-09-14 14:45 - 00000000 ____D C:\Windows\ERUNT 2013-09-14 14:43 - 2013-09-13 10:22 - 00000560 _____ C:\Windows\setupact.log 2013-09-14 14:43 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-14 14:42 - 2013-09-14 14:41 - 00000000 ____D C:\AdwCleaner 2013-09-14 14:42 - 2013-09-13 14:58 - 00003060 _____ C:\Windows\PFRO.log 2013-09-14 14:42 - 2013-08-13 19:58 - 00839171 _____ C:\Windows\WindowsUpdate.log 2013-09-14 14:41 - 2013-02-03 20:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-09-14 14:41 - 2012-08-27 14:54 - 00001146 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-14 14:37 - 2013-09-14 14:40 - 01037278 _____ C:\Users\user\Desktop\adwcleaner.exe 2013-09-14 14:37 - 2013-09-14 14:40 - 01029509 _____ (Thisisu) C:\Users\user\Desktop\JRT.exe 2013-09-14 11:14 - 2013-02-03 20:00 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000UA.job 2013-09-14 10:55 - 2012-08-27 16:44 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-13 17:20 - 2012-09-03 17:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-13 16:30 - 2013-09-13 15:19 - 00000000 ____D C:\Users\user\Desktop\mbar 2013-09-13 16:20 - 2012-09-03 17:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-09-13 16:20 - 2012-09-03 17:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-09-13 16:02 - 2013-09-04 22:26 - 00000000 ____D C:\Users\user\Desktop\Fusion-Network 2013-09-13 16:02 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\addins 2013-09-13 15:22 - 2013-09-13 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-13 15:18 - 2013-09-13 15:19 - 12907592 _____ (Malwarebytes Corp.) C:\Users\user\Desktop\mbar-1.07.0.1005.exe 2013-09-13 14:49 - 2013-09-13 14:43 - 00000000 ____D C:\ComboFix 2013-09-13 14:48 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini 2013-09-13 14:43 - 2013-09-13 14:29 - 00000000 ____D C:\Qoobox 2013-09-13 14:38 - 2013-09-13 14:28 - 00000000 ____D C:\Windows\erdnt 2013-09-13 14:38 - 2013-02-03 17:15 - 00000000 ___HD C:\Users\Neuer Ordner (2) 2013-09-13 14:38 - 2012-12-19 16:16 - 00000000 ___HD C:\Users\PICS 2013-09-13 14:38 - 2012-12-19 16:16 - 00000000 ___HD C:\Users\Alles 2013-09-13 14:38 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public 2013-09-13 14:38 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default 2013-09-13 14:26 - 2013-09-13 14:27 - 05125578 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe 2013-09-13 14:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache 2013-09-13 12:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-09-13 12:38 - 2013-09-13 12:38 - 00000000 ____D C:\FRST 2013-09-13 12:36 - 2013-09-13 12:36 - 00000000 _____ C:\Users\user\defogger_reenable 2013-09-13 12:34 - 2013-09-13 12:36 - 00050477 _____ C:\Users\user\Desktop\Defogger.exe 2013-09-13 12:32 - 2013-09-13 12:37 - 00377856 _____ C:\Users\user\Desktop\bpkhnbrj.exe 2013-09-13 12:28 - 2013-09-13 12:37 - 01082459 _____ (Farbar) C:\Users\user\Desktop\FRST.exe 2013-09-13 10:22 - 2013-09-13 10:22 - 00000000 _____ C:\Windows\setuperr.log 2013-09-13 10:21 - 2013-09-13 10:21 - 00348096 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-12 09:21 - 2013-09-12 09:21 - 00097656 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-12 09:20 - 2012-08-27 15:25 - 00000000 ____D C:\Windows\Panther 2013-09-12 09:16 - 2013-09-12 01:11 - 00000000 ____D C:\Windows\pss 2013-09-12 09:16 - 2012-12-15 01:12 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype 2013-09-12 01:50 - 2013-09-12 01:50 - 00000000 ____D C:\Windows\system32\Lang 2013-09-12 01:50 - 2012-09-03 20:27 - 00000000 ____D C:\Program Files\Intel 2013-09-12 01:47 - 2009-07-14 10:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE 2013-09-12 01:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE 2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Windows\system32\x64 2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Intel 2013-09-12 01:40 - 2013-08-12 03:02 - 00000000 ____D C:\Windows\system32\MRT 2013-09-12 01:39 - 2012-09-07 11:10 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-12 01:33 - 2013-09-12 01:34 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-09-12 01:31 - 2013-09-12 01:31 - 00002012 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2013-09-12 01:30 - 2013-09-12 01:30 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-09-12 01:30 - 2013-09-12 01:30 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-09-12 01:30 - 2013-09-12 01:30 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-09-12 01:30 - 2013-09-12 01:30 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2013-09-12 01:06 - 2013-09-12 00:53 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2013-09-12 01:06 - 2013-09-12 00:53 - 00000340 _____ C:\Windows\system32\.crusader 2013-09-12 00:59 - 2012-09-13 16:52 - 00000000 ____D C:\Program Files\DsNET Corp 2013-09-12 00:54 - 2013-09-12 00:30 - 00000000 ____D C:\ProgramData\HitmanPro 2013-09-12 00:53 - 2013-08-13 04:15 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner (2) 2013-09-11 16:25 - 2013-09-05 21:13 - 00000004 _____ C:\Users\user\AppData\Roaming\cache.ini 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (9).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (8).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (7).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (6).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (5).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (4).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (3).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (2).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (1).zip 2013-09-05 21:12 - 2013-09-05 21:12 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv.zip 2013-09-05 08:14 - 2013-02-03 20:00 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000Core.job 2013-09-04 22:36 - 2013-09-04 22:33 - 1119874775 _____ C:\Users\user\Desktop\Fusion-Network.zip 2013-09-04 22:26 - 2013-09-04 22:25 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner 2013-09-04 22:16 - 2013-09-04 22:16 - 05829952 _____ (TeamViewer GmbH) C:\Users\user\Downloads\TeamViewer_Setup_de_8.0.20768.exe 2013-09-02 19:57 - 2013-09-02 19:57 - 00001128 _____ C:\Users\Public\Desktop\Game Booster 3.lnk 2013-09-02 19:57 - 2013-09-02 19:56 - 04344120 _____ (IObit ) C:\Users\user\Downloads\gb3-4-setup.exe 2013-09-02 16:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp 2013-09-02 16:16 - 2013-04-04 19:45 - 00000000 ____D C:\Program Files\Common Files\Skype 2013-09-02 16:16 - 2012-12-15 01:12 - 00000000 ___RD C:\Program Files\Skype 2013-09-02 16:16 - 2012-09-14 18:57 - 00000000 ____D C:\Users\user\AppData\Local\Akamai 2013-09-02 16:16 - 2012-09-12 16:27 - 00000000 ____D C:\Program Files\CCleaner 2013-09-02 16:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration 2013-09-02 16:16 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-09-02 16:14 - 2012-12-15 01:12 - 00000000 ____D C:\ProgramData\Skype 2013-09-02 16:14 - 2012-09-08 10:00 - 00000000 ____D C:\ProgramData\Real 2013-09-02 16:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles 2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\ProgramData\IObit 2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\Program Files\IObit 2013-08-17 00:42 - 2013-08-17 00:42 - 04706130 _____ C:\Users\user\Downloads\3D Cube.zip 2013-08-17 00:33 - 2012-10-07 12:39 - 00000000 ___HD C:\Windows\msdownld.tmp 2013-08-17 00:33 - 2012-10-07 12:39 - 00000000 ____D C:\Windows\system32\directx 2013-08-17 00:26 - 2013-08-17 00:24 - 33130822 _____ C:\Users\user\Downloads\Cube.rar 2013-08-15 17:57 - 2013-08-15 18:10 - 1009950912 _____ C:\Users\user\Desktop\Fusion-Network (2).rar 2013-08-15 17:57 - 2013-08-15 17:36 - 1009950912 _____ C:\Users\user\Downloads\Fusion-Network (2).rar 2013-08-15 17:57 - 2013-08-15 17:36 - 1009950912 _____ C:\Users\user\Downloads\Fusion-Network (1).rar 2013-08-15 14:20 - 2013-08-15 14:20 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira 2013-08-15 14:19 - 2013-08-15 14:19 - 00000000 ____D C:\ProgramData\AskPartnerNetwork 2013-08-15 14:19 - 2013-08-15 14:19 - 00000000 ____D C:\Program Files\AskPartnerNetwork 2013-08-15 14:17 - 2013-08-15 14:17 - 00000000 ____D C:\ProgramData\Avira 2013-08-15 14:17 - 2013-08-15 14:17 - 00000000 ____D C:\Program Files\Avira Files to move or delete: ==================== C:\Users\user\jagex_cl_runescape_LIVE.dat C:\Users\user\random.dat C:\Users\user\AppData\Roaming\cache.ini C:\Users\user\AppData\Local\temp\catchme.dll C:\Users\user\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-12 09:58 ==================== End Of Log ============================ --- --- --- Addition: FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-09-2013 Ran by user at 2013-09-14 14:57:02 Running from C:\Users\user\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Acrobat Reader 3.0 Adobe Flash Player 11 ActiveX (Version: 11.8.800.174) Adobe Flash Player 11 Plugin (Version: 11.8.800.168) Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04) Adobe Shockwave Player 11.6 (Version: 11.6.6.636) Akamai NetSession Interface Avira Free Antivirus (Version: 13.0.0.4052) CCleaner (Version: 4.02) Command & Conquer Windows 95 DivX-Setup (Version: 2.6.1.22) Game Booster 3 (Version: 3.4) Google Chrome (HKCU Version: 29.0.1547.66) Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1892) Intel(R) TV Wizard Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) League of Legends (Version: 1.3) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) Nexon Game Manager NVIDIA PhysX (Version: 9.10.0129) Radio.fx RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0) RealPlayer (Version: 15.0.6) RealUpgrade 1.1 (Version: 1.1.0) RocketDock 1.3.5 RuneScape Launcher 1.2.2 (Version: 1.2.2) Skype™ 6.5 (Version: 6.5.158) swMSM (Version: 12.0.0.1) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) Winamp (Version: 5.64 ) WinRAR 4.20 (32-Bit) (Version: 4.20.0) ==================== Restore Points ========================= 03-09-2013 01:00:12 Windows Update 03-09-2013 01:34:18 Windows-Sicherung 11-09-2013 12:17:31 Windows-Sicherung 11-09-2013 23:38:35 Windows Update 13-09-2013 12:29:21 ComboFix created restore point 13-09-2013 13:26:24 Malwarebytes Anti-Rootkit Restore Point 13-09-2013 14:01:47 Malwarebytes Anti-Rootkit Restore Point ==================== Hosts content: ========================== 2009-07-14 04:04 - 2013-09-13 14:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {10D13FE9-DB91-4185-A5C5-00C7643AD394} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-03] (Google Inc.) Task: {221A7075-ED51-4A0F-996D-3CB66535EC91} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-03] (Google Inc.) Task: {546F8AFD-6566-4EB5-9F16-96647615A4D8} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-390601350-1865464865-2767028540-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {5CDD061D-62CA-4CA9-9E69-E1EDD5508E51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13] (Adobe Systems Incorporated) Task: {6D08A9C8-740B-400B-A170-5DCB95D22FB3} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-390601350-1865464865-2767028540-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {83CF2527-B8D3-43D4-9E45-EA3C0D8C7244} - \Desk 365 RunAsStdUser No Task File Task: {8D77BCB9-3E5F-4887-9101-E2F37C80CE50} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe [2013-09-02] () Task: {AE402E78-1860-4EF2-95E7-0BECC5221281} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation) Task: {AEE18223-E9ED-4464-9249-58B59BFC85C0} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files\Real\RealPlayer\Update\realsched.exe [2012-11-17] (RealNetworks, Inc.) Task: {BDC278DC-1449-4352-A238-57EC0D18EC58} - System32\Tasks\Freemium1ClickMaint => C:\Users\user\Downloads\1Click.exe Task: {C634BB63-6A51-4E45-947E-120DFD16C301} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2012-11-30] () Task: {CED1312B-0E7C-4DD8-BC87-0F858C178994} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd) Task: {D6B1E253-603D-4295-967A-7696A7310447} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: {F13D8727-32A2-4321-A51B-746977B3436C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation) Task: {FFFC673F-5F30-4681-A8BA-E8138BC16F94} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-19 15:36 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files\RocketDock\RocketDock.dll 2009-09-02 18:21 - 2009-09-02 18:21 - 00303616 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc 2013-05-17 21:51 - 2012-06-09 19:20 - 00167936 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 3001.98 MB Available physical RAM: 2267.24 MB Total Pagefile: 6002.24 MB Available Pagefile: 5076.27 MB Total Virtual: 2047.88 MB Available Virtual: 1927.39 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.04 GB) (Free:37.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:149 GB) (Free:81.65 GB) FAT32 Drive g: (Transcend) (Removable) (Total:7.55 GB) (Free:7.46 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 08D908D8) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=149 GB) - (Type=0C) ======================================================== Disk: 1 (Size: 8 GB) (Disk ID: 070887FE) Partition 1: (Active) - (Size=8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Gruß und schönes Wochenende, Chris
__________________ NICHTS kann mich aufhalten! - mist, 'ne Kindersicherung |
15.09.2013, 19:51 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\user\jagex_cl_runescape_LIVE.dat C:\Users\user\random.dat C:\Users\user\AppData\Roaming\cache.ini C:\Users\user\AppData\Local\temp\catchme.dll C:\Users\user\AppData\Local\temp\Quarantine.exe HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
15.09.2013, 21:32 | #11 |
Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Abend, hier das Log: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-09-2013 Ran by user at 2013-09-15 22:29:42 Run:1 Running from C:\Users\user\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\user\jagex_cl_runescape_LIVE.dat C:\Users\user\random.dat C:\Users\user\AppData\Roaming\cache.ini C:\Users\user\AppData\Local\temp\catchme.dll C:\Users\user\AppData\Local\temp\Quarantine.exe HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION ***************** C:\Users\user\jagex_cl_runescape_LIVE.dat => Moved successfully. C:\Users\user\random.dat => Moved successfully. C:\Users\user\AppData\Roaming\cache.ini => Moved successfully. C:\Users\user\AppData\Local\temp\catchme.dll => Moved successfully. C:\Users\user\AppData\Local\temp\Quarantine.exe => Moved successfully. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. ==== End of Fixlog ====
__________________ NICHTS kann mich aufhalten! - mist, 'ne Kindersicherung |
15.09.2013, 21:45 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Bitte ein frisches Log mit FRST machen. FRST vorher neu runterladen
__________________ Logfiles bitte immer in CODE-Tags posten |
16.09.2013, 00:16 | #13 |
Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Morgen, neues FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-09-2013 05 Ran by user (administrator) on USER-PC on 16-09-2013 01:08:01 Running from C:\Users\user\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe () C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe (Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\RocketDock\RocketDock.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MouseDriver] - C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-12] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Policies\Explorer: [NoDrives] 0 HKCU\...\Run: [RocketDock] - C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] () HKCU\...\Policies\Explorer: [NoDrives] 0 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE69ECB89E889CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - URL hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=3.2&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A&q={searchTerms} SearchScopes: HKCU - SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=46364&gid=1&dbCode=1&command={searchTerms} SearchScopes: HKCU - TopResultURLFallback hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=3.2&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A&q={searchTerms} BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 Chrome: ======= CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: () - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0 CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0 CHR Extension: (Amazon-Icon) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0 CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\user\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-12] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-12] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-12] (Avira Operations GmbH & Co. KG) R2 Radio.fx; C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] () S2 HitmanPro37CrusaderBoot; "G:\HitmanPro.exe" /crusader:boot [x] ==================== Drivers (Whitelisted) ==================== S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-05-19] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-09-12] (Avira Operations GmbH & Co. KG) R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-06-01] (DT Soft Ltd) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 HPMo4DE3; C:\Windows\System32\DRIVERS\HPMo4DE3.sys [20992 2011-03-09] (TPMX Electronics Ltd.) S3 HPub4DE3; C:\Windows\System32\Drivers\HPub4DE3.sys [13824 2011-04-12] (TPMX Electronics Ltd.) S3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2010-07-01] (Screaming Bee LLC) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-12] (Avira GmbH) S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [5120 2012-12-19] () S3 WinRing0_1_2_0; C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org) S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [x] S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x] S3 taphss; system32\DRIVERS\taphss.sys [x] S3 taphss6; system32\DRIVERS\taphss6.sys [x] S3 XDva399; \??\C:\Windows\system32\XDva399.sys [x] S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-16 01:03 - 2013-09-16 01:03 - 01084055 _____ (Farbar) C:\Users\user\Desktop\FRST.exe 2013-09-14 14:51 - 2013-09-14 14:51 - 00000624 _____ C:\Users\user\Desktop\JRT.txt 2013-09-14 14:45 - 2013-09-14 14:45 - 00000000 ____D C:\Windows\ERUNT 2013-09-14 14:41 - 2013-09-14 14:42 - 00000000 ____D C:\AdwCleaner 2013-09-14 14:40 - 2013-09-14 14:37 - 01037278 _____ C:\Users\user\Desktop\adwcleaner.exe 2013-09-14 14:40 - 2013-09-14 14:37 - 01029509 _____ (Thisisu) C:\Users\user\Desktop\JRT.exe 2013-09-13 15:22 - 2013-09-13 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-13 15:19 - 2013-09-13 16:30 - 00000000 ____D C:\Users\user\Desktop\mbar 2013-09-13 15:19 - 2013-09-13 15:18 - 12907592 _____ (Malwarebytes Corp.) C:\Users\user\Desktop\mbar-1.07.0.1005.exe 2013-09-13 14:58 - 2013-09-14 14:42 - 00003060 _____ C:\Windows\PFRO.log 2013-09-13 14:43 - 2013-09-13 14:49 - 00000000 ____D C:\ComboFix 2013-09-13 14:29 - 2013-09-13 14:43 - 00000000 ____D C:\Qoobox 2013-09-13 14:29 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-09-13 14:29 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-09-13 14:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-09-13 14:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-09-13 14:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-09-13 14:29 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-09-13 14:29 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-09-13 14:29 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-09-13 14:28 - 2013-09-13 14:38 - 00000000 ____D C:\Windows\erdnt 2013-09-13 14:27 - 2013-09-13 14:26 - 05125578 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe 2013-09-13 12:38 - 2013-09-13 12:38 - 00000000 ____D C:\FRST 2013-09-13 12:37 - 2013-09-13 12:32 - 00377856 _____ C:\Users\user\Desktop\bpkhnbrj.exe 2013-09-13 12:36 - 2013-09-13 12:36 - 00000000 _____ C:\Users\user\defogger_reenable 2013-09-13 12:36 - 2013-09-13 12:34 - 00050477 _____ C:\Users\user\Desktop\Defogger.exe 2013-09-13 10:22 - 2013-09-16 01:06 - 00000672 _____ C:\Windows\setupact.log 2013-09-13 10:22 - 2013-09-13 10:22 - 00000000 _____ C:\Windows\setuperr.log 2013-09-13 10:21 - 2013-09-13 10:21 - 00348096 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-12 09:21 - 2013-09-12 09:21 - 00097656 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-12 01:50 - 2013-09-12 01:50 - 00000000 ____D C:\Windows\system32\Lang 2013-09-12 01:50 - 2009-09-02 11:18 - 00398848 _____ (Intel(R) Corporation) C:\Windows\system32\TVWizudlg.exe 2013-09-12 01:50 - 2009-09-02 11:18 - 00140288 _____ () C:\Windows\system32\igfxtvcx.dll 2013-09-12 01:50 - 2009-09-02 11:16 - 00121232 _____ C:\Windows\system32\IScrNB.bmp 2013-09-12 01:45 - 2012-08-23 16:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2013-09-12 01:45 - 2012-08-23 16:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2013-09-12 01:45 - 2012-08-23 16:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2013-09-12 01:45 - 2012-08-23 16:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2013-09-12 01:45 - 2012-08-23 16:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2013-09-12 01:45 - 2012-08-23 15:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2013-09-12 01:45 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2013-09-12 01:45 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2013-09-12 01:45 - 2012-08-23 15:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2013-09-12 01:45 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2013-09-12 01:45 - 2012-08-23 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2013-09-12 01:45 - 2012-08-23 13:32 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2013-09-12 01:45 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2013-09-12 01:45 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll 2013-09-12 01:45 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2013-09-12 01:45 - 2012-08-23 12:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2013-09-12 01:45 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Windows\system32\x64 2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Intel 2013-09-12 01:43 - 2009-09-02 18:56 - 01002008 _____ (Intel Corporation) C:\Windows\system32\igxpun.exe 2013-09-12 01:42 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-12 01:42 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-12 01:42 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-12 01:42 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-12 01:42 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-12 01:42 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-12 01:42 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-12 01:38 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-12 01:38 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-12 01:38 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-12 01:38 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-12 01:38 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-12 01:38 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-12 01:38 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-12 01:38 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-12 01:38 - 2012-08-24 19:05 - 00136560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-09-12 01:38 - 2012-08-24 19:02 - 00369856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2013-09-12 01:38 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-09-12 01:38 - 2012-08-24 18:56 - 01039360 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-09-12 01:38 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2013-09-12 01:37 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-12 01:34 - 2013-09-12 01:33 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-09-12 01:31 - 2013-09-12 01:31 - 00002012 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2013-09-12 01:30 - 2013-09-12 01:30 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-09-12 01:30 - 2013-09-12 01:30 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-09-12 01:30 - 2013-09-12 01:30 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-09-12 01:30 - 2013-09-12 01:30 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2013-09-12 01:11 - 2013-09-12 09:16 - 00000000 ____D C:\Windows\pss 2013-09-12 00:53 - 2013-09-12 01:06 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2013-09-12 00:53 - 2013-09-12 01:06 - 00000340 _____ C:\Windows\system32\.crusader 2013-09-12 00:30 - 2013-09-12 00:54 - 00000000 ____D C:\ProgramData\HitmanPro 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (9).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (8).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (7).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (6).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (5).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (4).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (3).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (2).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (1).zip 2013-09-05 21:12 - 2013-09-05 21:12 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv.zip 2013-09-04 22:33 - 2013-09-04 22:36 - 1119874775 _____ C:\Users\user\Desktop\Fusion-Network.zip 2013-09-04 22:26 - 2013-09-13 16:02 - 00000000 ____D C:\Users\user\Desktop\Fusion-Network 2013-09-04 22:25 - 2013-09-04 22:26 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner 2013-09-04 22:16 - 2013-09-04 22:16 - 05829952 _____ (TeamViewer GmbH) C:\Users\user\Downloads\TeamViewer_Setup_de_8.0.20768.exe 2013-09-02 19:57 - 2013-09-02 19:57 - 00001128 _____ C:\Users\Public\Desktop\Game Booster 3.lnk 2013-09-02 19:56 - 2013-09-02 19:57 - 04344120 _____ (IObit ) C:\Users\user\Downloads\gb3-4-setup.exe 2013-09-02 15:28 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-09-02 15:28 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-09-02 15:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2013-09-02 15:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-09-02 15:28 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-09-02 15:28 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-09-02 15:28 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-09-02 15:28 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-09-02 15:28 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-09-02 15:28 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-09-02 15:28 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-09-02 15:27 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\ProgramData\IObit 2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\Program Files\IObit 2013-08-17 00:42 - 2013-08-17 00:42 - 04706130 _____ C:\Users\user\Downloads\3D Cube.zip 2013-08-17 00:24 - 2013-08-17 00:26 - 33130822 _____ C:\Users\user\Downloads\Cube.rar ==================== One Month Modified Files and Folders ======= 2013-09-16 01:06 - 2013-09-13 10:22 - 00000672 _____ C:\Windows\setupact.log 2013-09-16 01:06 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-16 01:03 - 2013-09-16 01:03 - 01084055 _____ (Farbar) C:\Users\user\Desktop\FRST.exe 2013-09-15 22:36 - 2013-08-13 19:58 - 00845040 _____ C:\Windows\WindowsUpdate.log 2013-09-15 22:28 - 2009-07-14 06:34 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-15 22:28 - 2009-07-14 06:34 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-14 15:20 - 2012-09-03 17:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-14 15:14 - 2013-02-03 20:00 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000UA.job 2013-09-14 14:51 - 2013-09-14 14:51 - 00000624 _____ C:\Users\user\Desktop\JRT.txt 2013-09-14 14:45 - 2013-09-14 14:45 - 00000000 ____D C:\Windows\ERUNT 2013-09-14 14:42 - 2013-09-14 14:41 - 00000000 ____D C:\AdwCleaner 2013-09-14 14:42 - 2013-09-13 14:58 - 00003060 _____ C:\Windows\PFRO.log 2013-09-14 14:41 - 2013-02-03 20:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-09-14 14:41 - 2012-08-27 14:54 - 00001146 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-14 14:37 - 2013-09-14 14:40 - 01037278 _____ C:\Users\user\Desktop\adwcleaner.exe 2013-09-14 14:37 - 2013-09-14 14:40 - 01029509 _____ (Thisisu) C:\Users\user\Desktop\JRT.exe 2013-09-14 10:55 - 2012-08-27 16:44 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-13 16:30 - 2013-09-13 15:19 - 00000000 ____D C:\Users\user\Desktop\mbar 2013-09-13 16:20 - 2012-09-03 17:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-09-13 16:20 - 2012-09-03 17:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-09-13 16:02 - 2013-09-04 22:26 - 00000000 ____D C:\Users\user\Desktop\Fusion-Network 2013-09-13 16:02 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\addins 2013-09-13 15:22 - 2013-09-13 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-13 15:18 - 2013-09-13 15:19 - 12907592 _____ (Malwarebytes Corp.) C:\Users\user\Desktop\mbar-1.07.0.1005.exe 2013-09-13 14:49 - 2013-09-13 14:43 - 00000000 ____D C:\ComboFix 2013-09-13 14:48 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini 2013-09-13 14:43 - 2013-09-13 14:29 - 00000000 ____D C:\Qoobox 2013-09-13 14:38 - 2013-09-13 14:28 - 00000000 ____D C:\Windows\erdnt 2013-09-13 14:38 - 2013-02-03 17:15 - 00000000 ___HD C:\Users\Neuer Ordner (2) 2013-09-13 14:38 - 2012-12-19 16:16 - 00000000 ___HD C:\Users\PICS 2013-09-13 14:38 - 2012-12-19 16:16 - 00000000 ___HD C:\Users\Alles 2013-09-13 14:38 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public 2013-09-13 14:38 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default 2013-09-13 14:26 - 2013-09-13 14:27 - 05125578 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe 2013-09-13 14:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache 2013-09-13 12:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-09-13 12:38 - 2013-09-13 12:38 - 00000000 ____D C:\FRST 2013-09-13 12:36 - 2013-09-13 12:36 - 00000000 _____ C:\Users\user\defogger_reenable 2013-09-13 12:34 - 2013-09-13 12:36 - 00050477 _____ C:\Users\user\Desktop\Defogger.exe 2013-09-13 12:32 - 2013-09-13 12:37 - 00377856 _____ C:\Users\user\Desktop\bpkhnbrj.exe 2013-09-13 10:22 - 2013-09-13 10:22 - 00000000 _____ C:\Windows\setuperr.log 2013-09-13 10:21 - 2013-09-13 10:21 - 00348096 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-12 09:21 - 2013-09-12 09:21 - 00097656 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-12 09:20 - 2012-08-27 15:25 - 00000000 ____D C:\Windows\Panther 2013-09-12 09:16 - 2013-09-12 01:11 - 00000000 ____D C:\Windows\pss 2013-09-12 09:16 - 2012-12-15 01:12 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype 2013-09-12 01:50 - 2013-09-12 01:50 - 00000000 ____D C:\Windows\system32\Lang 2013-09-12 01:50 - 2012-09-03 20:27 - 00000000 ____D C:\Program Files\Intel 2013-09-12 01:47 - 2009-07-14 10:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE 2013-09-12 01:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE 2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Windows\system32\x64 2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Intel 2013-09-12 01:40 - 2013-08-12 03:02 - 00000000 ____D C:\Windows\system32\MRT 2013-09-12 01:39 - 2012-09-07 11:10 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-12 01:33 - 2013-09-12 01:34 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-09-12 01:31 - 2013-09-12 01:31 - 00002012 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2013-09-12 01:30 - 2013-09-12 01:30 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-09-12 01:30 - 2013-09-12 01:30 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-09-12 01:30 - 2013-09-12 01:30 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-09-12 01:30 - 2013-09-12 01:30 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2013-09-12 01:06 - 2013-09-12 00:53 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2013-09-12 01:06 - 2013-09-12 00:53 - 00000340 _____ C:\Windows\system32\.crusader 2013-09-12 00:59 - 2012-09-13 16:52 - 00000000 ____D C:\Program Files\DsNET Corp 2013-09-12 00:54 - 2013-09-12 00:30 - 00000000 ____D C:\ProgramData\HitmanPro 2013-09-12 00:53 - 2013-08-13 04:15 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner (2) 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (9).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (8).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (7).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (6).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (5).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (4).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (3).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (2).zip 2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (1).zip 2013-09-05 21:12 - 2013-09-05 21:12 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv.zip 2013-09-05 08:14 - 2013-02-03 20:00 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000Core.job 2013-09-04 22:36 - 2013-09-04 22:33 - 1119874775 _____ C:\Users\user\Desktop\Fusion-Network.zip 2013-09-04 22:26 - 2013-09-04 22:25 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner 2013-09-04 22:16 - 2013-09-04 22:16 - 05829952 _____ (TeamViewer GmbH) C:\Users\user\Downloads\TeamViewer_Setup_de_8.0.20768.exe 2013-09-02 19:57 - 2013-09-02 19:57 - 00001128 _____ C:\Users\Public\Desktop\Game Booster 3.lnk 2013-09-02 19:57 - 2013-09-02 19:56 - 04344120 _____ (IObit ) C:\Users\user\Downloads\gb3-4-setup.exe 2013-09-02 16:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp 2013-09-02 16:16 - 2013-04-04 19:45 - 00000000 ____D C:\Program Files\Common Files\Skype 2013-09-02 16:16 - 2012-12-15 01:12 - 00000000 ___RD C:\Program Files\Skype 2013-09-02 16:16 - 2012-09-14 18:57 - 00000000 ____D C:\Users\user\AppData\Local\Akamai 2013-09-02 16:16 - 2012-09-12 16:27 - 00000000 ____D C:\Program Files\CCleaner 2013-09-02 16:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration 2013-09-02 16:16 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-09-02 16:14 - 2012-12-15 01:12 - 00000000 ____D C:\ProgramData\Skype 2013-09-02 16:14 - 2012-09-08 10:00 - 00000000 ____D C:\ProgramData\Real 2013-09-02 16:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles 2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\ProgramData\IObit 2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\Program Files\IObit 2013-08-17 00:42 - 2013-08-17 00:42 - 04706130 _____ C:\Users\user\Downloads\3D Cube.zip 2013-08-17 00:33 - 2012-10-07 12:39 - 00000000 ___HD C:\Windows\msdownld.tmp 2013-08-17 00:33 - 2012-10-07 12:39 - 00000000 ____D C:\Windows\system32\directx 2013-08-17 00:26 - 2013-08-17 00:24 - 33130822 _____ C:\Users\user\Downloads\Cube.rar ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-12 09:58 ==================== End Of Log ============================
__________________ NICHTS kann mich aufhalten! - mist, 'ne Kindersicherung |
16.09.2013, 08:41 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
16.09.2013, 13:23 | #15 |
Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Hallo, hier die Logs: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.16.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16686 user :: USER-PC [Administrator] Schutz: Aktiviert 16.09.2013 10:39:43 mbam-log-2013-09-16 (10-39-43).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 234895 Laufzeit: 5 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 13 C:\Users\user\Downloads\padmak switch bot v5__2971_i50081972_il1913747.exe (PUP.Optional.Amonetize) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\padmak switch bot v5__2971_i50085171_il1913747.exe (PUP.Optional.Amonetize) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\padmak switch bot v5__2971_i50085397_il1913747.exe (PUP.Optional.Amonetize) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\movie1080p.mkv (1).zip (Malware.Packer.CDRC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\movie1080p.mkv (2).zip (Malware.Packer.CDRC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\movie1080p.mkv (3).zip (Malware.Packer.CDRC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\movie1080p.mkv (4).zip (Malware.Packer.CDRC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\movie1080p.mkv (5).zip (Malware.Packer.CDRC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\movie1080p.mkv (6).zip (Malware.Packer.CDRC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\movie1080p.mkv (7).zip (Malware.Packer.CDRC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\movie1080p.mkv (8).zip (Malware.Packer.CDRC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\movie1080p.mkv (9).zip (Malware.Packer.CDRC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\movie1080p.mkv.zip (Malware.Packer.CDRC) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=8f56befb07aafa4bab06a353bbee47ec # engine=15147 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-09-16 12:15:56 # local_time=2013-09-16 02:15:56 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 95 186608 391673 179383 0 # compatibility_mode=5893 16776574 100 94 925391 130964947 0 0 # scanned=118470 # found=5 # cleaned=0 # scan_time=10902 sh=2138ABFB667440B4C27CE645C8E82621D168E8A1 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.B application" ac=I fn="D:\USER-PC\Backup Set 2013-06-02 190002\Backup Files 2013-06-02 190002\Backup files 3.zip" sh=627FA7FAFABFA78A966C3DB45776F32D928B476F ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\USER-PC\Backup Set 2013-09-03 033414\Backup Files 2013-09-03 033414\Backup files 1.zip" sh=ACD8BE2751E8FAB8243B61D0092EEFD59BE2981F ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\USER-PC\Backup Set 2013-09-03 033414\Backup Files 2013-09-03 033414\Backup files 5.zip" sh=2AA083E6C973C60FF2E2A635322476EFE50BEAF8 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\USER-PC\Backup Set 2013-09-03 033414\Backup Files 2013-09-11 141727\Backup files 1.zip" sh=B77E6AC92071D85D22D7CC364AD00CC877254B92 ft=0 fh=0000000000000000 vn="Win32/Kryptik.BJSY trojan" ac=I fn="D:\USER-PC\Backup Set 2013-09-03 033414\Backup Files 2013-09-11 141727\Backup files 24.zip" Chris
__________________ NICHTS kann mich aufhalten! - mist, 'ne Kindersicherung |
Themen zu Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm |
adblock, amazon-icon, antivir, antivirus, avira, bildschirm, booten, computer, downloader, farbar, farbar recovery scan tool, fehlercode 1, flash player, freemium, google, hijack.searchpage, hijack.startpage, iexplore.exe, installation, msiinstaller, nicht installiert, omiga plus, plug-in, problem, programm, prozess, registry, riskware.tool.ck, software, software updater ui, svchost.exe, system, trojan.agent.gen, wajam, warnung |