Trojaner Interpol mit Sperrbildschirm - Abgesichter Modus nicht möglich

webpeter · 20.10.2013, 20:21

Hallo,

ich habe mir einen Trojaner mit Sperrbildschirm eingefangen, der auch im abgesicherten Modus erscheint.

Ich habe einen FRST und einen OTL-Scan erstellt.

Wäre klasse wenn mir jemand helfen könnte.

Ingo

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013
Ran by SYSTEM on REATOGO on 20-10-2013 23:07:47
Running from E:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-31] (Synaptics, Inc.)
HKLM\...\Run: [PLFSetL] - C:\Windows\PLFSetL.exe [94208 2007-07-05] (sonix)
HKLM\...\Run: [LaunchAp] - C:\Program Files\Launch Manager\LaunchAp.exe [32768 2007-09-01] ()
HKLM\...\Run: [HotkeyApp] - C:\Program Files\Launch Manager\HotkeyApp.exe [188416 2007-09-06] (Wistron)
HKLM\...\Run: [LMgrOSD] - C:\Program Files\Launch Manager\OSD.exe [180224 2006-12-26] (Wistron Corp.)
HKLM\...\Run: [Wbutton] - C:\Program Files\Launch Manager\Wbutton.exe [86016 2007-09-07] (Wistron)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-10-31] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\weimann\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [ 2007-10-15] (Nero AG)
HKU\weimann\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Other.res [ 2013-07-09] () <==== ATTENTION 

========================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-06-27] ()
S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-19] (Empolis GmbH)
S2 omniserv; C:\Program Files\Softex\OmniPass\OmniServ.exe [40960 2007-11-02] (Softex Inc.)
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2007-09-11] (Wistron Corp.)

==================== Drivers (Whitelisted) ====================

S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146560 2007-08-28] (AuthenTec, Inc.)
S3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [805416 2007-08-30] (Bison Electronics. Inc. )
S0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
S1 Hotkey; C:\Windows\System32\Drivers\Hotkey.sys [9867 2003-04-28] ()
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [23424 2007-08-08] (Huawei Tech. Co., Ltd.)
S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)
S0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210736 2007-06-01] (Silicon Image, Inc)
S0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-05-25] (Silicon Image, Inc.)
S0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12464 2007-05-25] (Silicon Image, Inc.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749760 2007-08-22] ()
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10064 2010-10-07] (TuneUp Software)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S3 Aelmaninss; No ImagePath
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [100864 2008-01-22] (Huawei Technologies Co., Ltd.)
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-20 23:07 - 2013-10-20 23:07 - 00000000 ____D C:\FRST
2013-10-20 21:28 - 2013-10-20 21:28 - 00057174 _____ C:\OTL.Txt
2013-10-19 13:39 - 2013-10-19 14:04 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-10 11:24 - 2013-09-23 08:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-10 11:24 - 2013-09-23 08:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-10 11:24 - 2013-09-23 08:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-10-10 11:24 - 2013-09-23 08:55 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-10-10 11:24 - 2013-09-23 08:53 - 00611840 _____ (Microsoft Corporation) C:\Windows\System32\mstime.dll
2013-10-10 11:24 - 2013-09-23 08:52 - 06017024 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-10 11:24 - 2013-09-23 08:52 - 00630272 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-10 11:24 - 2013-09-23 08:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-10-10 11:24 - 2013-09-23 08:52 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-10-10 11:24 - 2013-09-23 08:51 - 11111936 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-10 11:24 - 2013-09-23 08:51 - 02005504 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-10 11:24 - 2013-09-23 08:51 - 01469440 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-10-10 11:24 - 2013-09-23 08:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-10-10 11:24 - 2013-09-23 08:51 - 00164352 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-10 11:24 - 2013-09-23 08:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-10 11:24 - 2013-09-23 08:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-10 11:24 - 2013-09-23 08:51 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-10 11:24 - 2013-09-23 08:51 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-10-10 11:24 - 2013-09-23 08:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-10 11:24 - 2013-09-23 08:50 - 00387584 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-10-10 11:24 - 2013-09-23 08:49 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\corpol.dll
2013-10-10 11:24 - 2013-09-23 07:14 - 00385024 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-10-10 11:24 - 2013-09-23 05:29 - 00174080 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-10 11:24 - 2013-09-23 05:29 - 00133632 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-10-10 11:24 - 2013-09-23 05:27 - 01638912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-10 11:24 - 2013-09-23 05:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-10-10 11:24 - 2013-08-29 03:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-10 11:24 - 2013-07-31 23:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-10 11:24 - 2013-07-31 22:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-10-10 11:24 - 2013-07-20 06:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 11:24 - 2013-07-04 00:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-10 11:24 - 2013-07-02 22:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-10 11:24 - 2013-06-28 22:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-10 11:24 - 2013-06-28 22:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-10 11:24 - 2013-06-28 22:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-10 11:24 - 2013-06-28 22:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-10-10 11:24 - 2013-06-26 19:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-10 11:24 - 2013-06-26 19:01 - 00047720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-10-10 11:24 - 2013-06-26 19:01 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-10-10 11:24 - 2013-06-04 00:16 - 00034304 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-10 11:24 - 2013-06-03 21:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-10 11:24 - 2011-05-05 09:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-10 11:24 - 2011-05-05 09:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-10-05 08:45 - 2013-10-05 08:45 - 00000000 ____D C:\Windows\System32\Adobe

==================== One Month Modified Files and Folders =======

2013-10-20 23:07 - 2013-10-20 23:07 - 00000000 ____D C:\FRST
2013-10-20 21:28 - 2013-10-20 21:28 - 00057174 _____ C:\OTL.Txt
2013-10-20 21:25 - 2008-02-21 04:08 - 00000000 ____D C:\users\weimann
2013-10-20 06:25 - 2006-11-02 08:47 - 00003168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-20 06:25 - 2006-11-02 08:47 - 00003168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-20 06:16 - 2008-02-21 04:03 - 01703518 _____ C:\Windows\WindowsUpdate.log
2013-10-20 06:15 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\tracing
2013-10-19 16:07 - 2012-06-18 15:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-19 14:04 - 2013-10-19 13:39 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-17 12:37 - 2008-04-01 14:53 - 00028029 _____ C:\Users\weimann\AppData\Roaming\nvModes.001
2013-10-16 09:47 - 2008-02-21 08:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-12 14:04 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 13:46 - 2006-11-02 06:33 - 01445786 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-10 13:40 - 2006-11-02 08:47 - 00350640 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-10 12:40 - 2013-08-14 09:43 - 00000000 ____D C:\Windows\System32\MRT
2013-10-10 12:36 - 2006-11-02 06:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-10-09 14:35 - 2012-06-18 15:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-10-09 14:35 - 2012-02-22 14:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-10-09 08:26 - 2008-04-11 12:10 - 00000000 ____D C:\Susan
2013-10-05 08:45 - 2013-10-05 08:45 - 00000000 ____D C:\Windows\System32\Adobe
2013-09-23 16:15 - 2008-02-29 06:59 - 00000030 _____ C:\Windows\Iedit_.INI
2013-09-23 08:57 - 2013-10-10 11:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-23 08:57 - 2013-10-10 11:24 - 00916992 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-23 08:57 - 2013-10-10 11:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-09-23 08:55 - 2013-10-10 11:24 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-09-23 08:53 - 2013-10-10 11:24 - 00611840 _____ (Microsoft Corporation) C:\Windows\System32\mstime.dll
2013-09-23 08:52 - 2013-10-10 11:24 - 06017024 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-23 08:52 - 2013-10-10 11:24 - 00630272 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-23 08:52 - 2013-10-10 11:24 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-09-23 08:52 - 2013-10-10 11:24 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-09-23 08:51 - 2013-10-10 11:24 - 11111936 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-23 08:51 - 2013-10-10 11:24 - 02005504 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-23 08:51 - 2013-10-10 11:24 - 01469440 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-09-23 08:51 - 2013-10-10 11:24 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-09-23 08:51 - 2013-10-10 11:24 - 00164352 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-23 08:51 - 2013-10-10 11:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-23 08:51 - 2013-10-10 11:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-23 08:51 - 2013-10-10 11:24 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-23 08:51 - 2013-10-10 11:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-09-23 08:51 - 2013-10-10 11:24 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-23 08:50 - 2013-10-10 11:24 - 00387584 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-09-23 08:49 - 2013-10-10 11:24 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\corpol.dll
2013-09-23 07:14 - 2013-10-10 11:24 - 00385024 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-09-23 05:29 - 2013-10-10 11:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-23 05:29 - 2013-10-10 11:24 - 00133632 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-09-23 05:27 - 2013-10-10 11:24 - 01638912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-23 05:27 - 2013-10-10 11:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

Files to move or delete:
====================
C:\Users\weimann\AppData\Roaming\desktop.ini


Some content of TEMP:
====================
C:\Users\weimann\AppData\Local\Temp\rpgaynnrvylmehevggufkpnrc.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

18
Restore point made on: 2013-07-23 13:54:59
Restore point made on: 2013-07-30 12:56:55
Restore point made on: 2013-08-02 13:30:25
Restore point made on: 2013-08-07 13:39:38
Restore point made on: 2013-08-14 03:04:05
Restore point made on: 2013-08-14 09:40:42
Restore point made on: 2013-08-20 13:36:10
Restore point made on: 2013-08-27 12:13:01
Restore point made on: 2013-08-29 13:49:47
Restore point made on: 2013-09-13 04:17:54
Restore point made on: 2013-09-13 07:54:11
Restore point made on: 2013-09-17 12:59:29
Restore point made on: 2013-09-24 14:07:20
Restore point made on: 2013-10-01 10:10:45
Restore point made on: 2013-10-05 04:13:21
Restore point made on: 2013-10-10 11:17:47
Restore point made on: 2013-10-10 12:34:43
Restore point made on: 2013-10-15 13:36:25

==================== Memory info =========================== 

Percentage of memory in use: 9%
Total physical RAM: 3070.36 MB
Available physical RAM: 2766.04 MB
Total Pagefile: 2895.05 MB
Available Pagefile: 2823.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.65 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: (BOOT) (Fixed) (Total:126.37 GB) (Free:51.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVER) (Fixed) (Total:22.66 GB) (Free:12.23 GB) FAT32
Drive e: (USB-STICK) (Removable) (Total:1.88 GB) (Free:1.78 GB) FAT
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 2 GB) (Disk ID: 6B736964)
No partition Table on disk 0.

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 08DB956A)
Partition 1: (Not Active) - (Size=23 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=126 GB) - (Type=07 NTFS)


LastRegBack: 2013-10-19 16:22

==================== End Of Log ============================

Code:

ATTFilter

OTL logfile created on: 10/20/2013 9:25:48 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19475)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126.37 Gb Total Space | 51.33 Gb Free Space | 40.62% Space Free | Partition Type: NTFS
Drive D: | 22.66 Gb Total Space | 12.23 Gb Free Space | 53.98% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/10/19 13:39:24 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/09 14:35:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/12/08 14:31:24 | 001,527,104 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/08 14:28:00 | 000,029,504 | ---- | M] (TuneUp Software) [On_Demand] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/02 07:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007/10/03 10:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [On_Demand] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/09/11 09:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2007/04/19 07:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto] -- C:\Program Files\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/11/17 10:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (igfx)
DRV - File not found [Adapter | On_Demand] --  -- (Aelmaninss)
DRV - [2010/10/07 06:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/03/17 05:05:30 | 000,101,632 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/12/18 06:31:00 | 007,630,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/08/30 14:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007/08/28 10:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/08/22 13:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/08/08 22:06:40 | 000,023,424 | R--- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewdcsc.sys -- (Huawei)
DRV - [2007/08/08 02:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/07/31 05:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007/06/01 04:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2007/05/25 03:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007/05/25 03:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007/04/30 07:42:14 | 000,081,408 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/30 09:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006/11/28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2003/04/28 05:27:06 | 000,009,867 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\weimann_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\weimann_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKU\weimann_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\weimann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 15:33:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 15:33:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
 
[2012/06/18 15:33:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/14 18:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/25 15:23:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/14 18:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/14 18:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/14 18:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/14 18:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/14 18:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\weimann_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197719312979 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\weimann_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\weimann_ON_C Winlogon: Shell - (C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Other.res) - C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Other.res ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4f1b10c9-f3d2-11de-8448-0015af79c5b9}\Shell - "" = AutoRun
O33 - MountPoints2\{4f1b10c9-f3d2-11de-8448-0015af79c5b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5abeca54-f3d1-11de-9de2-0015af79c5b9}\Shell - "" = AutoRun
O33 - MountPoints2\{5abeca54-f3d1-11de-9de2-0015af79c5b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{64d0c4f1-616e-11de-9654-0015af79c5b9}\Shell - "" = AutoRun
O33 - MountPoints2\{64d0c4f1-616e-11de-9654-0015af79c5b9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{64d0c4f7-616e-11de-9654-0015af79c5b9}\Shell - "" = AutoRun
O33 - MountPoints2\{64d0c4f7-616e-11de-9654-0015af79c5b9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{65f5f7b3-a6ac-11e2-b03d-85ef2b60e62a}\Shell - "" = AutoRun
O33 - MountPoints2\{65f5f7b3-a6ac-11e2-b03d-85ef2b60e62a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{df8716cd-f86f-11de-8059-0015af79c5b9}\Shell - "" = AutoRun
O33 - MountPoints2\{df8716cd-f86f-11de-8059-0015af79c5b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e170774b-dc26-11df-9fad-0015af79c5b9}\Shell - "" = AutoRun
O33 - MountPoints2\{e170774b-dc26-11df-9fad-0015af79c5b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f3d32600-60f4-11df-b6ed-0016d387311e}\Shell - "" = AutoRun
O33 - MountPoints2\{f3d32600-60f4-11df-b6ed-0016d387311e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/10/19 13:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013/10/10 11:24:43 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/10/10 11:24:38 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/10/10 11:24:38 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/10 11:24:38 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/10/10 11:24:38 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/10/10 11:24:38 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/10/10 11:24:38 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/10/10 11:24:38 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/10 11:24:38 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/10/10 11:24:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/10/10 11:24:38 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/10/10 11:24:37 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/10/10 11:24:37 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/10/10 11:24:37 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/10/10 11:24:37 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/10/10 11:24:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/10/10 11:24:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/10 11:24:37 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2013/10/10 11:24:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/10/10 11:24:36 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/10 11:24:35 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 11:24:34 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/10 11:24:26 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2013/10/10 11:24:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2013/10/10 11:24:24 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/10 11:24:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/10 11:24:23 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/10 11:24:23 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/10 11:24:21 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013/10/05 08:45:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2007/10/22 07:45:46 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007/10/22 07:45:45 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/10/20 06:29:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/20 06:26:45 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{32850A4D-009D-44A4-93C4-83647F4DFAD0}.job
[2013/10/20 06:25:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/20 06:25:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/20 06:24:11 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/19 16:35:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/10 13:46:46 | 000,628,448 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/10/10 13:46:46 | 000,595,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/10 13:46:46 | 000,127,056 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/10/10 13:46:46 | 000,104,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/10 13:40:33 | 000,350,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/09 14:35:37 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/10/09 14:35:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/23 16:15:43 | 000,000,030 | ---- | M] () -- C:\Windows\Iedit_.INI
[2013/09/23 08:57:27 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/09/23 08:53:10 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/09/23 08:52:31 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/23 08:52:31 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/09/23 08:51:49 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/09/23 08:51:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/23 08:51:24 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/09/23 08:51:07 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/23 08:51:07 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/09/23 08:51:06 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/09/23 08:51:04 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/09/23 08:51:04 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/09/23 08:50:58 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/09/23 08:49:22 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2013/09/23 07:14:03 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/09/23 05:29:22 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/09/23 05:29:11 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/09/23 05:27:55 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/09/23 05:27:14 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
 
========== Files Created - No Company Name ==========
 
[2013/10/20 06:24:11 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/14 08:17:43 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Other.res
[2013/03/22 14:54:01 | 000,000,032 | ---- | C] () -- C:\Windows\setup.INI
[2012/02/24 18:09:58 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/01/04 07:45:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/01/04 07:45:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/04 07:44:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/23 14:54:11 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/23 14:31:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009/06/23 14:31:18 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2008/03/25 09:35:44 | 000,000,552 | ---- | C] () -- C:\Users\weimann\AppData\Local\d3d8caps.dat
[2008/03/25 09:25:22 | 000,001,356 | ---- | C] () -- C:\Users\weimann\AppData\Local\d3d9caps.dat
[2008/03/25 09:10:35 | 000,001,158 | ---- | C] () -- C:\Windows\mozver.dat
[2008/02/29 06:59:48 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit_.INI
[2008/02/21 10:03:37 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2008/02/21 10:03:35 | 000,090,112 | ---- | C] () -- C:\Windows\System32\LxUtl10.dll
[2008/02/21 10:03:34 | 000,131,072 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC7.dll
[2008/02/21 08:29:48 | 000,022,016 | ---- | C] () -- C:\Users\weimann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/21 08:23:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/21 04:09:23 | 000,000,095 | ---- | C] () -- C:\Users\weimann\AppData\Local\fusioncache.dat
[2007/12/15 01:36:25 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/10/25 03:15:05 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007/10/25 03:15:04 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007/10/22 22:20:15 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2007/10/22 07:45:45 | 001,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/10/22 07:45:45 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007/10/22 07:45:45 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2007/10/22 07:45:45 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2007/09/18 03:38:30 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2007/09/18 03:33:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2007/09/18 03:16:24 | 000,000,132 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2007/09/12 03:36:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/09/12 03:35:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007/09/12 03:35:31 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2006/12/11 00:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/04 18:16:26 | 000,409,600 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC8.dll
[2006/11/03 22:58:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll
[2006/11/02 11:33:31 | 000,628,448 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,127,056 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,350,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,940 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/29 10:12:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2006/09/24 16:04:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2006/09/24 16:03:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2006/09/21 08:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll
[2006/09/21 08:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll
[2006/09/21 08:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll
[2005/11/09 07:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll
[2005/11/09 07:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll
[2005/11/09 07:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll
[2001/10/10 03:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll
[2001/10/10 03:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll
[2001/03/07 03:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll
 
========== LOP Check ==========
 
[2010/01/17 15:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Meine Traffic
[2013/10/20 06:16:14 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/10/20 06:26:45 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{32850A4D-009D-44A4-93C4-83647F4DFAD0}.job
 
========== Purity Check ==========
 
 
< End of report >

schrauber · 21.10.2013, 06:43

hi,

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\weimann\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Other.res [ 2013-07-09] () <==== ATTENTION 
C:\Users\weimann\AppData\Local\Temp\rpgaynnrvylmehevggufkpnrc.exe
C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Other.res

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Rechner normal starten.

webpeter · 21.10.2013, 12:32

Danke für die schnelle Hilfe!

Hier nun das Logfile:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-10-2013
Ran by SYSTEM at 2013-10-21 13:35:23 Run:1
Running from E:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\weimann\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Other.res [ 2013-07-09] () <==== ATTENTION 
C:\Users\weimann\AppData\Local\Temp\rpgaynnrvylmehevggufkpnrc.exe
C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Other.res
*****************

HKU\weimann\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\weimann\AppData\Local\Temp\rpgaynnrvylmehevggufkpnrc.exe => Moved successfully.
C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Other.res => Moved successfully.

==== End of Fixlog ====

Hallo Schrauber,

der Rechner läuft soweit wieder :-)

Ich habe schon mal AdwCleaner und JRT drüber laufen lassen.

JRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows Vista (TM) Home Premium x86
Ran by weimann on 21.10.2013 at 15:57:40,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\weimann\AppData\Roaming\big fish games"



~~~ FireFox

Successfully deleted: [File] C:\Users\weimann\AppData\Roaming\mozilla\firefox\profiles\rljsnneu.default\user.js
Emptied folder: C:\Users\weimann\AppData\Roaming\mozilla\firefox\profiles\rljsnneu.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.10.2013 at 16:06:57,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.010 - Bericht erstellt am 21/10/2013 um 16:07:53
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : weimann - NOTEBOOK
# Gestartet von : E:\adwcleaner-3.010.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v8.0.6001.19475


-\\ Mozilla Firefox v13.0.1 (de)

[ Datei : C:\Users\weimann\AppData\Roaming\Mozilla\Firefox\Profiles\rljsnneu.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [660 octets] - [21/10/2013 16:07:53]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [719 octets] ##########

--- --- ---

Sollte ich sonst noch etwas unternehmen?

Vielen Dank

schrauber · 22.10.2013, 06:47

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Noch Probleme?

webpeter · 22.10.2013, 11:23

Hier schonmal das ESET logfile

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=baced25e3e15a84bbcfce5e665db1dea
# engine=15575
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-22 01:20:00
# local_time=2013-10-22 03:20:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 81769 219980728 0 0
# scanned=252062
# found=5
# cleaned=0
# scan_time=8388
sh=4C729D4B23F9A2F4825F3DF3DC393A665ACA1BA6 ft=1 fh=6e8d044d548d3a04 vn="a variant of Win32/Kryptik.BNBR trojan" ac=I fn="C:\FRST\Quarantine\Other.res"
sh=4C729D4B23F9A2F4825F3DF3DC393A665ACA1BA6 ft=1 fh=6e8d044d548d3a04 vn="a variant of Win32/Kryptik.BNBR trojan" ac=I fn="C:\FRST\Quarantine\rpgaynnrvylmehevggufkpnrc.exe"
sh=508F261B7E9A90A552B362D76D753C3E469A1A3D ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.PUE trojan" ac=I fn="C:\Users\weimann\AppData\Local\Temp\jar_cache2412556662000242659.tmp"
sh=2E406BA405A4160D415E5D1B7684CC5863EBC1D3 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\weimann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1ff5eb6-209b7754"
sh=2E406BA405A4160D415E5D1B7684CC5863EBC1D3 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\weimann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1ff5eb6-3ece5d52"

schrauber · 22.10.2013, 17:33

ok

webpeter · 22.10.2013, 19:39

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.74  
 Windows Vista Service Pack 2 x86 (UAC is disabled!)  
 Internet Explorer 8 Out of date! 
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities 2011   
 TuneUp Utilities Language Pack (de-DE) 
 Java(TM) 6 Update 22  
 Java(TM) 6 Update 3  
 Java version out of Date! 
 Adobe Flash Player 	11.9.900.117  
 Adobe Reader 8 Adobe Reader out of Date! 
 Mozilla Firefox 13.0.1 Firefox out of Date!  
 Mozilla Thunderbird (24.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSASCui.exe 
 Windows Defender MSASCui.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

So, nun auch der Rest.

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2013
Ran by weimann (administrator) on NOTEBOOK on 22-10-2013 23:38:22
Running from C:\Users\weimann\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Softex Inc.) C:\Program Files\Softex\OmniPass\OmniServ.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Empolis GmbH) c:\program files\common files\gnab\service\servicecontroller.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
() C:\Program Files\Launch Manager\LaunchAp.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron) C:\Program Files\Launch Manager\WButton.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\Softex\OmniPass\opvapp.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-31] (Synaptics, Inc.)
HKLM\...\Run: [PLFSetL] - C:\Windows\PLFSetL.exe [94208 2007-07-05] (sonix)
HKLM\...\Run: [LaunchAp] - C:\Program Files\Launch Manager\LaunchAp.exe [32768 2007-09-01] ()
HKLM\...\Run: [HotkeyApp] - C:\Program Files\Launch Manager\HotkeyApp.exe [188416 2007-09-06] (Wistron)
HKLM\...\Run: [LMgrOSD] - C:\Program Files\Launch Manager\OSD.exe [180224 2006-12-26] (Wistron Corp.)
HKLM\...\Run: [Wbutton] - C:\Program Files\Launch Manager\Wbutton.exe [86016 2007-09-07] (Wistron)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-10-31] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
MountPoints2: {4f1b10c9-f3d2-11de-8448-0015af79c5b9} - E:\AutoRun.exe
MountPoints2: {5abeca54-f3d1-11de-9de2-0015af79c5b9} - E:\AutoRun.exe
MountPoints2: {64d0c4f1-616e-11de-9654-0015af79c5b9} - E:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {64d0c4f7-616e-11de-9654-0015af79c5b9} - E:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {65f5f7b3-a6ac-11e2-b03d-85ef2b60e62a} - E:\AutoRun.exe
MountPoints2: {df8716cd-f86f-11de-8059-0015af79c5b9} - E:\AutoRun.exe
MountPoints2: {e170774b-dc26-11df-9fad-0015af79c5b9} - E:\AutoRun.exe
MountPoints2: {f3d32600-60f4-11df-b6ed-0016d387311e} - E:\AutoRun.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{6C395699-C9E9-4033-BBF3-620ECC9DDFB9}: [NameServer]192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\weimann\AppData\Roaming\Mozilla\Firefox\Profiles\rljsnneu.default
FF user.js: detected! => C:\Users\weimann\AppData\Roaming\Mozilla\Firefox\Profiles\rljsnneu.default\user.js
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.yahoo.com/
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\weimann\AppData\Roaming\Mozilla\Firefox\Profiles\rljsnneu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter

========================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-06-27] ()
S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-19] (Empolis GmbH)
R2 omniserv; C:\Program Files\Softex\OmniPass\OmniServ.exe [40960 2007-11-02] (Softex Inc.)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2007-09-11] (Wistron Corp.)

==================== Drivers (Whitelisted) ====================

R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146560 2007-08-28] (AuthenTec, Inc.)
S3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [805416 2007-08-30] (Bison Electronics. Inc. )
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
R1 Hotkey; C:\Windows\System32\Drivers\Hotkey.sys [9867 2003-04-28] ()
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [23424 2007-08-09] (Huawei Tech. Co., Ltd.)
S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)
R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210736 2007-06-01] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-05-25] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12464 2007-05-25] (Silicon Image, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749760 2007-08-22] ()
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10064 2010-10-07] (TuneUp Software)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
U3 Aelmaninss; No ImagePath
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [100864 2008-01-22] (Huawei Technologies Co., Ltd.)
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-22 23:37 - 2013-10-22 23:38 - 01087503 _____ (Farbar) C:\Users\weimann\Desktop\FRST.exe
2013-10-22 23:19 - 2013-10-22 09:50 - 00891167 _____ C:\Users\weimann\Desktop\SecurityCheck.exe
2013-10-21 16:07 - 2013-10-21 16:15 - 00000000 ____D C:\AdwCleaner
2013-10-21 15:57 - 2013-10-21 15:57 - 00000000 ____D C:\Windows\ERUNT
2013-10-21 05:07 - 2013-10-21 05:07 - 00000000 ____D C:\FRST
2013-10-21 03:28 - 2013-10-21 03:28 - 00057174 _____ C:\OTL.Txt
2013-10-19 19:39 - 2013-10-19 20:04 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-10 17:24 - 2013-09-23 14:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 17:24 - 2013-09-23 14:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 17:24 - 2013-09-23 14:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-10 17:24 - 2013-09-23 14:55 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-10-10 17:24 - 2013-09-23 14:53 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-10-10 17:24 - 2013-09-23 14:52 - 06017024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 17:24 - 2013-09-23 14:52 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 17:24 - 2013-09-23 14:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-10 17:24 - 2013-09-23 14:52 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-10-10 17:24 - 2013-09-23 14:51 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 17:24 - 2013-09-23 14:51 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 17:24 - 2013-09-23 14:51 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-10 17:24 - 2013-09-23 14:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-10 17:24 - 2013-09-23 14:51 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 17:24 - 2013-09-23 14:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 17:24 - 2013-09-23 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 17:24 - 2013-09-23 14:51 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 17:24 - 2013-09-23 14:51 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-10-10 17:24 - 2013-09-23 14:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 17:24 - 2013-09-23 14:50 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-10-10 17:24 - 2013-09-23 14:49 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-10-10 17:24 - 2013-09-23 13:14 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-10 17:24 - 2013-09-23 11:29 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 17:24 - 2013-09-23 11:29 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-10 17:24 - 2013-09-23 11:27 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 17:24 - 2013-09-23 11:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-10-10 17:24 - 2013-08-29 09:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 17:24 - 2013-08-01 05:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 17:24 - 2013-08-01 04:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-10 17:24 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 17:24 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 17:24 - 2013-07-03 04:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 17:24 - 2013-06-29 04:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-10 17:24 - 2013-06-29 04:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-10 17:24 - 2013-06-29 04:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-10 17:24 - 2013-06-29 04:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-10 17:24 - 2013-06-27 01:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 17:24 - 2013-06-27 01:01 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-10 17:24 - 2013-06-27 01:01 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-10-10 17:24 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 17:24 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 17:24 - 2011-05-05 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-10 17:24 - 2011-05-05 15:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-05 14:45 - 2013-10-05 14:45 - 00000000 ____D C:\Windows\system32\Adobe

==================== One Month Modified Files and Folders =======

2013-10-22 23:38 - 2013-10-22 23:37 - 01087503 _____ (Farbar) C:\Users\weimann\Desktop\FRST.exe
2013-10-22 23:36 - 2008-04-01 20:53 - 00028029 _____ C:\Users\weimann\AppData\Roaming\nvModes.001
2013-10-22 23:36 - 2008-02-21 14:33 - 00000422 ____H C:\Windows\Tasks\User_Feed_Synchronization-{32850A4D-009D-44A4-93C4-83647F4DFAD0}.job
2013-10-22 23:35 - 2012-06-18 21:37 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-22 23:34 - 2008-02-21 10:03 - 01766032 _____ C:\Windows\WindowsUpdate.log
2013-10-22 23:33 - 2008-02-21 14:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-22 23:12 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-22 23:12 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-22 23:12 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-22 15:27 - 2006-11-02 15:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-22 13:45 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing
2013-10-22 09:50 - 2013-10-22 23:19 - 00891167 _____ C:\Users\weimann\Desktop\SecurityCheck.exe
2013-10-21 16:15 - 2013-10-21 16:07 - 00000000 ____D C:\AdwCleaner
2013-10-21 16:01 - 2006-11-02 12:33 - 01445786 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-21 15:57 - 2013-10-21 15:57 - 00000000 ____D C:\Windows\ERUNT
2013-10-21 05:07 - 2013-10-21 05:07 - 00000000 ____D C:\FRST
2013-10-21 03:28 - 2013-10-21 03:28 - 00057174 _____ C:\OTL.Txt
2013-10-21 03:25 - 2008-02-21 10:08 - 00000000 ____D C:\Users\weimann
2013-10-19 22:07 - 2012-06-18 21:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-19 20:04 - 2013-10-19 19:39 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-12 20:04 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 19:40 - 2006-11-02 14:47 - 00350640 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 18:40 - 2013-08-14 15:43 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 18:36 - 2006-11-02 12:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-09 20:35 - 2012-06-18 21:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 20:35 - 2012-02-22 20:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 14:26 - 2008-04-11 18:10 - 00000000 ____D C:\Susan
2013-10-05 14:45 - 2013-10-05 14:45 - 00000000 ____D C:\Windows\system32\Adobe
2013-09-23 22:15 - 2008-02-29 12:59 - 00000030 _____ C:\Windows\Iedit_.INI
2013-09-23 14:57 - 2013-10-10 17:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 14:57 - 2013-10-10 17:24 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 14:57 - 2013-10-10 17:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-23 14:55 - 2013-10-10 17:24 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-23 14:53 - 2013-10-10 17:24 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-09-23 14:52 - 2013-10-10 17:24 - 06017024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 14:52 - 2013-10-10 17:24 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 14:52 - 2013-10-10 17:24 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-23 14:52 - 2013-10-10 17:24 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-23 14:51 - 2013-10-10 17:24 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 14:51 - 2013-10-10 17:24 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 14:51 - 2013-10-10 17:24 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-23 14:51 - 2013-10-10 17:24 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-23 14:51 - 2013-10-10 17:24 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 14:51 - 2013-10-10 17:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 14:51 - 2013-10-10 17:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 14:51 - 2013-10-10 17:24 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 14:51 - 2013-10-10 17:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-23 14:51 - 2013-10-10 17:24 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 14:50 - 2013-10-10 17:24 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-23 14:49 - 2013-10-10 17:24 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-09-23 13:14 - 2013-10-10 17:24 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-23 11:29 - 2013-10-10 17:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 11:29 - 2013-10-10 17:24 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-23 11:27 - 2013-10-10 17:24 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-23 11:27 - 2013-10-10 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

Files to move or delete:
====================
C:\Users\weimann\AppData\Roaming\desktop.ini


Some content of TEMP:
====================
C:\Users\weimann\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-22 23:18

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-10-2013
Ran by weimann at 2013-10-22 23:40:04
Running from C:\Users\weimann\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

100 Prozent Wimmelbild
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Photoshop CS (Version: CS)
Adobe Reader 8.1.1 - Deutsch (Version: 8.1.1)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144)
AFPL Ghostscript 8.53
AFPL Ghostscript Fonts
Agere Systems HDA Modem
ALDI Foto Manager Free Sued (Version: 3.4.0.466)
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.9.2)
AVM FRITZ!Box Dokumentation
AVM FRITZ!Box Druckeranschluss
Big Fish Games: Game Manager (Version: 3.0.1.60)
Black Jack free 2.01c  (Version: 2.01c)
Compatibility Pack für 2007 Office System (Version: 12.0.4518.1014)
CorelDRAW Essential Edition 3
CorelDRAW Essential Edition 3 (Version: 3.0)
CyberLink Power2Go (Version: 6.0.1109a)
CyberLink YouCam (Version: 1.00.0000)
Dark Tales:™ Der Mord in der Rue Morgue von Edgar Allan Poe
DE (Version: 3.0)
Die Jaeger des Geisterhauses 2 (Version: 1.0)
druckstdu.de Designer 1.6.0
Firebird SQL Server - MAGIX Edition (Version: 2.0.1.8)
FreePDF XP (Remove only)
Ghost Town Mysteries
Hidden Mysteries Salem Secrets (Version: 1.0)
HUAWEI DataCard Driver 3.10.02.00 (Version: 3.10.02.00)
Inst5657 (Version: 5.00.91)
Intel(R) Matrix Storage Manager
Jäger des Geisterhauses
Java Auto Updater (Version: 2.0.2.4)
Java(TM) 6 Update 22 (Version: 6.0.220)
Java(TM) 6 Update 3 (Version: 1.6.0.30)
Launch Manager V1.4.9 (Version: 1.4.9)
Letstrade (Version: 1.00.0000)
Lexware buchhalter 2007 (Version: 12.00)
MakeDisc (Version: 3.0.2320)
Margrave Manor 2 (Version: 1.1.0.0)
Margrave Manor: Der Fluch des gebrochenen Herzens
MediaShow (Version: 3.0.4325)
MEDIONbox (Version: 1.09.0000.00052)
Meine Traffic 2.10
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.4518.1014)
Microsoft Office XP Professional mit FrontPage (Version: 10.0.2701.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Works (Version: 9.7.0621)
Midnight Mysteries - Teufel auf dem Mississippi (Version: 1.1.0.0)
Midnight Mysteries (Version: 1.1.0.0)
Midnight Mysteries Salem Witch Trials (Version: 1.1.0.0)
Mobile Partner (Version: 11.030.01.07.03)
Mozilla Firefox 13.0.1 (x86 de) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 24.0.1)
Mozilla Thunderbird 24.0.1 (x86 de) (Version: 24.0.1)
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery Case Files&reg;: Dire Grove™
Mystery Case Files: 13th Skull
Mystery Case Files: R&uuml;ckkehr nach Ravenhearst ™
Mystery Case Files: Ravenhearst ™
Mystery Stories - Das Geisterschiff
Mystery Stories - Expedition des Grauens
Nero 8 Essentials (Version: 8.10.124)
neroxml (Version: 1.0.0)
NVIDIA Drivers
OmniPass 5.00.91 (Version: 5.00.91)
PhotoNow! (Version: 1.0.4310)
POP3-Manager (Version: 3.11.0000)
PowerDirector (Version: 6.5.2209a)
PowerDVD (Version: 7.0.3118.0)
PowerProducer (Version: 4.2.2219)
Ralink Wireless LAN (Version: 1.00.0000)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5506)
Realtek USB 2.0 Card Reader (Version: )
Redemption Cemetery: Der Fluch des Raben
Redemption Cemetery: Die Not der Kinder
RedMon - Redirection Port Monitor
Shiver: Die verschollene Tramperin
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 10.0.14.0)
System Requirements Lab
TuneUp Utilities 2011 (Version: 10.0.4500.49)
TuneUp Utilities Language Pack (de-DE) (Version: 10.0.4500.49)
Ulead PhotoImpact 12 (Version: 12.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update Manager (Version: 4.60)
VCRedistSetup (Version: 1.0.0)
VLC media player 0.9.8a (Version: 0.9.8a)
Windows Live Messenger (Version: 8.1.0178.00)
Youda Legend
Youda Legend Der goldene Paradiesvogel

==================== Restore Points  =========================

07-08-2013 17:39:10 Windows Update
14-08-2013 07:03:29 Windows Update
14-08-2013 13:40:16 Windows Update
20-08-2013 17:35:44 Windows Update
27-08-2013 16:12:32 Windows Update
29-08-2013 17:48:59 Windows Update
13-09-2013 08:17:17 Windows Update
13-09-2013 11:53:47 Windows Update
17-09-2013 16:59:00 Windows Update
24-09-2013 18:06:52 Windows Update
01-10-2013 14:10:19 Windows Update
05-10-2013 08:12:55 Windows Update
10-10-2013 15:16:30 Windows Update
10-10-2013 16:34:19 Windows Update
15-10-2013 17:35:55 Windows Update
22-10-2013 11:18:12 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {7A030EA0-3F7D-424B-9EBF-0031727E9618} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14] (Sun Microsystems, Inc.)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\pla.dll [2008-01-19] (Microsoft Corporation)
Task: {C413DEBE-F202-4347-9233-FE5D7860C24E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2011-12-08] (TuneUp Software)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EC8C3586-2A44-49B7-9AE8-09B369AD140E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {F06B5922-0D9C-4A53-B112-F666823246D0} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{32850A4D-009D-44A4-93C4-83647F4DFAD0}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2007-12-15 10:49 - 2007-11-02 13:27 - 00065536 _____ () C:\Program Files\Softex\OmniPass\opfsdll.dll
2007-12-15 10:49 - 2007-11-02 13:27 - 00016896 _____ () C:\Program Files\Softex\OmniPass\cryptodll.dll
2007-12-15 10:49 - 2007-11-02 13:28 - 00434176 _____ () C:\Program Files\Softex\OmniPass\userdata.dll
2007-12-15 10:49 - 2007-11-02 13:28 - 01077248 _____ () C:\Program Files\Softex\OmniPass\autheng.dll
2007-12-15 10:49 - 2007-11-02 13:27 - 00013824 _____ () C:\Program Files\Softex\OmniPass\ssplogon.dll
2007-12-15 10:49 - 2007-11-02 13:27 - 00532480 _____ () C:\Program Files\Softex\OmniPass\storeng.dll
2007-12-15 10:49 - 2007-11-02 13:36 - 00048208 _____ () C:\Program Files\Softex\OmniPass\hdddrv.dll
2012-06-18 21:33 - 2012-06-15 00:17 - 02042848 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-10-09 20:35 - 2013-10-09 20:35 - 16233864 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:260575F1
AlternateDataStreams: C:\ProgramData\TEMP:2701CA70
AlternateDataStreams: C:\ProgramData\TEMP:927EC486
AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE
AlternateDataStreams: C:\ProgramData\TEMP:B54E4B5A
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
AlternateDataStreams: C:\ProgramData\TEMP:D31BE97C
AlternateDataStreams: C:\ProgramData\TEMP:E2458802
AlternateDataStreams: C:\ProgramData\TEMP:E91ADC66
AlternateDataStreams: C:\ProgramData\TEMP:EDDBC69E

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter #5
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{8F93EB9A-DFD4-4FC6-A339-AD78372A4318}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{8F93EB9A-DFD4-4FC6-A339-AD78372A4318}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #25
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #32
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (10/22/2013 11:12:19 PM) (Source: Service Control Manager) (User: )
Description: Treiber für parallelen Anschluss%%1058

Error: (10/22/2013 00:54:37 PM) (Source: Service Control Manager) (User: )
Description: Treiber für parallelen Anschluss%%1058

Error: (10/21/2013 04:18:03 PM) (Source: Service Control Manager) (User: )
Description: Treiber für parallelen Anschluss%%1058

Error: (10/21/2013 04:16:29 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (10/21/2013 04:15:56 PM) (Source: Service Control Manager) (User: )
Description: 30000Spooler


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2010-07-12 20:20:10.993
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-07-12 20:20:10.806
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-07-12 20:20:10.634
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-07-12 20:20:10.447
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-07-12 20:20:10.275
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-07-03 10:54:18.263
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-07-03 10:54:18.092
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-07-03 10:54:17.905
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-07-03 10:54:17.717
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-07-03 10:54:09.808
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 47%
Total physical RAM: 3069.69 MB
Available physical RAM: 1609.63 MB
Total Pagefile: 6341.64 MB
Available Pagefile: 5289.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.53 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:126.37 GB) (Free:52.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:22.66 GB) (Free:12.23 GB) FAT32
Drive e: (USB-STICK) (Removable) (Total:1.88 GB) (Free:1.77 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 08DB956A)
Partition 1: (Not Active) - (Size=23 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=126 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 6B736964)
No partition Table on disk 2.

==================== End Of Log ============================

schrauber · 23.10.2013, 12:49

Java, Adobe, Firefox und Windows updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\weimann\AppData\Roaming\desktop.ini

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

webpeter · 23.10.2013, 14:01

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-10-2013
Ran by weimann at 2013-10-23 17:59:42 Run:2
Running from E:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\weimann\AppData\Roaming\desktop.ini
*****************

C:\Users\weimann\AppData\Roaming\desktop.ini => Moved successfully.

==== End of Fixlog ====

Hallo Schrauber,

so, scheint nun alles wieder funktionieren - dank deiner Hilfe!

Ich werde deine Tipps an meine Frau weiterleiten, es war ihr Rechnen

Ich würde dir gerne etwas gutes tun, wie kann ich mich erkenntlich zeigen?

schrauber · 24.10.2013, 06:42

Wenn DU magst kannst du was spenden

und Gern Geschehen

webpeter · 24.10.2013, 09:05

Gern, wie kann ich das machen?

schrauber · 24.10.2013, 11:48

Guck mal in meiner Signatur, da ist ein link

webpeter · 25.10.2013, 08:29

War eigentlich nicht zu übersehen;-)

Erledigt!

schrauber · 25.10.2013, 11:12

danke

22.10.2013, 17:33	#6
schrauber /// the machine /// TB-Ausbilder	Trojaner Interpol mit Sperrbildschirm - Abgesichter Modus nicht möglich ok __________________ --> Trojaner Interpol mit Sperrbildschirm - Abgesichter Modus nicht möglich

24.10.2013, 06:42	#10
schrauber /// the machine /// TB-Ausbilder	Trojaner Interpol mit Sperrbildschirm - Abgesichter Modus nicht möglich Wenn DU magst kannst du was spenden und Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

24.10.2013, 11:48	#12
schrauber /// the machine /// TB-Ausbilder	Trojaner Interpol mit Sperrbildschirm - Abgesichter Modus nicht möglich Guck mal in meiner Signatur, da ist ein link __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

25.10.2013, 11:12	#14
schrauber /// the machine /// TB-Ausbilder	Trojaner Interpol mit Sperrbildschirm - Abgesichter Modus nicht möglich danke __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Trojaner Interpol mit Sperrbildschirm - Abgesichter Modus nicht möglich

Log-Analyse und Auswertung: Trojaner Interpol mit Sperrbildschirm - Abgesichter Modus nicht möglich