|
Log-Analyse und Auswertung: Windows 8: FedPol BundesKriminalPolizei Virus auf meinem PCWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.10.2013, 00:57 | #1 |
| Windows 8: FedPol BundesKriminalPolizei Virus auf meinem PC Guten Abend, Ich habe seit ca. 2 h den FEDPOL BundesKriminalPolizei Virus auf meinem Hauptrechner. Ich habe bereits versucht via Abgesicherten Modus den Spybot Search & Destroy& den Scan von Bitdefender laufen zu lassen, aber keine Chance, kaum ist der Scan gestartet, erscheint auch schon der Virus und blockiert den Computer. Betriebssystem: Windows 8 Pro with Media Center (X64) / Sprache Deutsch / Upgrade von Windows 7 Antivirenprogramm: Bitdefender Total Security 2013 + Spybot Search and Destroy Ich habe bereits das FRST64.exe laufen lassen. Hier der Auszug aus dem Textfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2013 01 Ran by SYSTEM on MININT-CKG4JQH on 28-10-2013 00:11:38 Running from G:\ Windows 8 Pro with Media Center (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1568512 2013-07-24] (Bitdefender) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-08-27] (NVIDIA Corporation) HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-05-15] (Autodesk, Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM-x32\...\Run: [UpdReg] - C:\WINDOWS\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [237693 2009-02-03] (Creative Technology Ltd) HKLM-x32\...\Run: [Adobe Version Cue CS2] - "d:\Programme\Adobe\Creative_Suite 2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.) HKLM-x32\...\Run: [iTunesHelper] - "D:\Programme\iTunes\iTunesHelper.exe" HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [CTxfiHlp] - C:\Windows\\SysWOW64\CTXFIHLP.EXE [24576 2012-12-18] (Creative Technology Ltd) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [606040 2013-08-15] (Razer Inc.) HKU\Michi\...\Run: [Akamai NetSession Interface] - C:\Users\Michi\AppData\Local\Akamai\netsession_win.exe [4441920 2012-10-09] (Akamai Technologies, Inc.) HKU\Michi\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\Michi\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.) HKU\Michi\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.) HKU\Michi\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.) HKU\Michi\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.) HKU\Michi\...\Run: [SteelSeries Engine] - C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [239104 2013-02-06] (SteelSeries ApS) HKU\Michi\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.) HKU\Michi\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION HKU\Michi\...\Command Processor: "C:\Users\Michi\Documents\15dd4378.exe" <===== ATTENTION! Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t2rwwl.lnk ShortcutTarget: 7t2rwwl.lnk -> C:\PROGRA~3\lwwr2t7.dss (Sekizenkan Company) Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Samsung Electronics.) ==================== Services (Whitelisted) ================= S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-20] (Adobe Systems) S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-02-26] (Bitdefender) S2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [255008 2009-01-06] (NVIDIA) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation) S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () S2 PnkBstrA; C:\WINDOWS\SysWow64\PnkBstrA.exe [76888 2013-10-02] () S2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [95184 2012-12-07] (Bitdefender) S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.) S2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [169504 2009-01-07] (NVIDIA) S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-07-24] (Bitdefender) S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1646280 2013-07-24] (Bitdefender) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) S2 Winmgmt; C:\PROGRA~3\7t2rwwl.pss [62052 2013-10-27] (Microsoft Corporation) S4 Adobe Version Cue CS2; "d:\Programme\Adobe\Creative_Suite 2\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service [x] S2 HTCMonitorService; "D:\Programme\HTC Sync Manager\HSMServiceEntry.exe" [x] ==================== Drivers (Whitelisted) ==================== S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-29] (BitDefender) S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [597776 2013-07-24] (BitDefender) S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23456 2012-07-11] (Bitdefender) S1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2013-04-09] (BitDefender LLC) S1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [106568 2012-10-17] (BitDefender LLC) S1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [78752 2013-05-18] (BitDefender) S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [147232 2013-05-18] (BitDefender LLC) S3 MagicianSataModeReader; C:\Program Files (x86)\Samsung Magician\magdrvamd64.sys [13216 2013-05-24] () S3 NVR0Dev; C:\WINDOWS\nvoclk64.sys [40480 2009-01-06] (NVIDIA Corp.) S2 NVR0FLASHDev; C:\WINDOWS\nvflsh64.sys [40992 2009-01-07] (NVIDIA Corp.) S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation) S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39096 2013-08-20] (Razer Inc) S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [38016 2013-01-10] (SteelSeries Corporation) S2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-31] (BitDefender S.R.L.) S5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-12-20] (BitDefender) S5 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82384 2012-11-12] (BitDefender SRL) S3 idsvc; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-28 00:11 - 2013-10-28 00:11 - 00000000 ____D C:\FRST 2013-10-28 00:08 - 2013-10-28 00:08 - 00000000 _____ C:\Recovery.txt 2013-10-27 23:30 - 2013-10-28 00:03 - 01210890 _____ C:\Windows\setupact.log 2013-10-27 23:26 - 2013-10-28 00:00 - 95025368 ____T C:\ProgramData\7t2rwwl.bxx 2013-10-27 23:26 - 2013-10-28 00:00 - 00000000 _____ C:\ProgramData\7t2rwwl.fvv 2013-10-27 23:26 - 2013-10-27 23:26 - 00139264 _____ (Sekizenkan Company) C:\ProgramData\lwwr2t7.dss 2013-10-27 23:26 - 2013-10-27 23:26 - 00062052 ____T (Microsoft Corporation) C:\ProgramData\7t2rwwl.pss 2013-10-27 22:20 - 2013-10-27 22:20 - 00017513 _____ C:\Windows\DirectX.log 2013-10-27 22:19 - 2013-10-27 22:19 - 00000728 _____ C:\Users\Public\Desktop\DTM Experience Demo.lnk 2013-10-27 20:15 - 2013-10-27 20:15 - 00000000 ____D C:\Users\Michi\AppData\Local\{E07EEECD-5D0F-4403-A52F-8238A47292DB} 2013-10-26 18:35 - 2013-10-26 18:35 - 00000000 ____D C:\Users\Michi\AppData\Local\{49251084-02AC-4550-B271-3D5F92472FB7} 2013-10-25 17:02 - 2013-10-25 17:02 - 00311544 _____ C:\Users\Michi\Desktop\mgb_holly_halston_480p_1000_big.mp4.exe 2013-10-25 16:47 - 2013-10-25 16:47 - 00000000 ____D C:\Users\Michi\AppData\Local\{27CB6A98-A253-44ED-929D-1F0D9346FA3D} 2013-10-24 15:57 - 2013-10-24 15:57 - 00000000 ____D C:\Users\Michi\AppData\Local\{BBAA9BD6-E9BF-45D8-B545-E6772EEA65DA} 2013-10-23 19:47 - 2013-10-23 19:47 - 00000000 ____D C:\Users\Michi\AppData\Local\{EF06123D-2594-41A5-93BF-35E795C84DB0} 2013-10-22 16:33 - 2013-10-22 16:33 - 00000000 ____D C:\Users\Michi\AppData\Local\{2CE30582-A923-445C-9FAA-72E517D56DC9} 2013-10-21 16:30 - 2013-10-21 16:30 - 00000000 ____D C:\Users\Michi\AppData\Local\{90C33B5A-00B6-4070-91D8-B5E02E44BBF1} 2013-10-20 22:24 - 2013-10-20 22:24 - 00000000 ____D C:\Users\Michi\AppData\Local\{D2BAFBCE-B9DE-4E99-B161-6EFB60CEEE9E} 2013-10-20 01:39 - 2013-10-20 01:39 - 00034172 _____ C:\plugin003.dmp 2013-10-20 01:29 - 2013-10-20 01:29 - 00120976 _____ C:\plugin002.dmp 2013-10-20 00:53 - 2013-10-20 00:53 - 00000000 ____D C:\Users\Michi\AppData\Local\{6FCB6487-F180-4ADE-A56C-550D75BF2D50} 2013-10-18 23:41 - 2013-10-18 23:41 - 00000000 ____D C:\Users\Michi\AppData\Local\{7F7B4820-2E9B-4D06-8C14-3C4A4EF9D215} 2013-10-18 06:54 - 2013-10-18 06:54 - 00000000 ____D C:\Users\Michi\AppData\Local\{EB0BAAC1-5BAE-410B-82AE-859CD30A9DE1} 2013-10-18 03:12 - 2013-10-18 03:12 - 00033772 _____ C:\plugin001.dmp 2013-10-18 03:02 - 2013-10-18 03:02 - 00123696 _____ C:\plugin000.dmp 2013-10-17 16:02 - 2013-10-17 16:02 - 00000000 ____D C:\Users\Michi\AppData\Local\{80B3C1BF-E8DD-4AAF-A2AA-D79F4AACBD9D} 2013-10-16 17:04 - 2013-10-24 21:21 - 00016228 _____ C:\Users\Michi\Desktop\wog.xlsx 2013-10-16 16:29 - 2013-10-16 16:29 - 00009193 _____ C:\Users\Michi\Desktop\teste.txt 2013-10-16 16:01 - 2013-10-16 16:01 - 00000000 ____D C:\Users\Michi\AppData\Local\{4271292A-7E97-4AB5-A96F-21542D8CB77A} 2013-10-14 18:24 - 2013-10-14 18:24 - 00000000 ____D C:\Users\Michi\AppData\Local\{B8D1C393-E9B5-4679-A59A-3A39FB2CEA40} 2013-10-13 22:11 - 2013-10-13 22:11 - 00000669 _____ C:\Users\Public\Desktop\ClipGrab.lnk 2013-10-13 14:38 - 2013-10-13 14:38 - 00000000 ____D C:\Users\Michi\AppData\Local\{9404914B-E53D-4A49-95F3-051F2393FDFE} 2013-10-12 08:29 - 2013-10-12 08:29 - 00000000 ____D C:\Users\Michi\AppData\Local\{246D66E0-8BBF-406B-905F-5AAC212127A6} 2013-10-11 20:29 - 2013-10-11 20:29 - 00000000 ____D C:\Users\Michi\AppData\Local\{7200AA3D-5189-422C-BFDD-E30B61EE8FE1} 2013-10-11 08:27 - 2013-10-11 08:42 - 00000000 ____D C:\Users\Michi\Documents\Battlefield 4 Beta 2013-10-10 21:38 - 2013-10-10 21:38 - 00457440 _____ C:\Windows\System32\FNTCACHE.DAT 2013-10-10 21:37 - 2013-10-10 21:37 - 00000000 ____D C:\Users\Michi\AppData\Local\NOS 2013-10-10 21:30 - 2013-10-10 21:30 - 00000000 ____D C:\Users\Michi\AppData\Local\{047C9D4C-1490-4229-9D06-AA8CE3DC6B8F} 2013-10-10 07:26 - 2013-10-10 07:26 - 00000000 ____D C:\Users\Michi\AppData\Local\{801D22B7-1955-4278-B7F6-5F7649C094FA} 2013-10-09 15:46 - 2013-10-09 16:21 - 642330513 _____ C:\Users\Michi\Downloads\mshflollykarlo_720.mp4 2013-10-09 12:40 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-09 12:40 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-09 12:40 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-09 12:40 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-09 12:40 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-09 12:40 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-09 12:40 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-09 12:40 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-09 12:40 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-10-09 12:40 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-10-09 12:40 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-10-09 12:40 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-10-09 12:40 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-10-09 12:40 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-10-09 12:40 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-10-09 12:40 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-10-09 12:40 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-10-09 12:40 - 2013-07-06 01:15 - 00652288 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll 2013-10-09 12:40 - 2013-07-05 23:02 - 00099328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys 2013-10-09 12:40 - 2013-07-04 03:13 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-09 12:40 - 2013-07-02 02:41 - 00447320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS 2013-10-09 12:40 - 2013-07-02 02:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS 2013-10-09 12:40 - 2013-07-02 02:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UCX01000.SYS 2013-10-09 12:40 - 2013-07-01 23:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbprint.sys 2013-10-09 12:40 - 2013-07-01 02:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys 2013-10-09 12:40 - 2013-07-01 02:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys 2013-10-09 12:40 - 2013-07-01 02:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys 2013-10-09 12:40 - 2013-07-01 02:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys 2013-10-09 12:40 - 2013-06-29 04:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys 2013-10-09 12:40 - 2013-06-29 04:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys 2013-10-09 12:40 - 2013-06-29 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys 2013-10-09 12:40 - 2013-06-29 04:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys 2013-10-09 12:40 - 2013-06-22 06:45 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys 2013-10-09 12:40 - 2013-06-22 06:45 - 00054488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys 2013-10-09 12:40 - 2013-05-15 23:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2013-10-09 12:40 - 2013-05-15 23:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\UXInit.dll 2013-10-09 12:40 - 2013-05-14 14:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-10-09 12:40 - 2013-05-14 10:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-09 12:40 - 2013-04-28 23:28 - 00915968 _____ (Microsoft Corporation) C:\Windows\System32\uxtheme.dll 2013-10-09 12:40 - 2013-02-21 11:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-09 12:40 - 2013-02-21 11:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-09 12:40 - 2013-02-21 11:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-09 12:40 - 2013-02-21 11:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-09 12:40 - 2013-02-21 11:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-10-09 12:40 - 2013-02-21 11:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-10-09 12:40 - 2013-02-19 10:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2013-10-09 12:40 - 2012-11-08 05:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-10-09 12:40 - 2012-11-08 05:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-10-09 12:39 - 2013-08-23 06:11 - 04040192 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-10-09 12:39 - 2013-07-19 23:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 12:39 - 2013-07-19 23:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 12:39 - 2013-05-27 00:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-09 12:39 - 2013-05-26 23:59 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll 2013-10-09 12:39 - 2013-05-25 04:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2013-10-09 12:39 - 2013-05-25 03:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-09 12:37 - 2013-10-09 12:37 - 00000000 ____D C:\Users\Michi\AppData\Local\{C9308253-3DDE-44EB-B441-5F34DE0350CE} 2013-10-08 15:50 - 2013-10-08 15:50 - 00000000 ____D C:\Users\Michi\AppData\Local\{4C987E85-C912-4211-BF85-955951C2FDC5} 2013-10-07 16:15 - 2013-10-07 16:15 - 00000000 ____D C:\Users\Michi\AppData\Local\{CF92C35C-7944-4475-BD32-A167C2E40063} 2013-10-06 09:36 - 2013-10-06 09:36 - 00003586 _____ C:\Windows\System32\Tasks\Bitdefender Auto-Scan 2013-10-05 18:02 - 2013-10-05 18:02 - 00000000 ____D C:\Users\Michi\AppData\Local\{B1762FEA-2B74-4A45-9187-3B3E81963153} 2013-10-05 04:06 - 2013-10-05 04:06 - 00000000 ____D C:\Users\Michi\AppData\Local\{1C61FDC5-48EA-49A5-8011-DCFB98ABEA33} 2013-10-04 11:43 - 2013-10-04 11:43 - 00000000 ____D C:\Users\Michi\AppData\Local\{840C8AEB-C88A-4E92-BCFD-AA5E4E2A34B1} 2013-10-03 17:18 - 2013-10-03 17:18 - 00000000 ____D C:\Users\Michi\AppData\Local\{580A8D53-CBFC-459F-9997-62F6E2E75160} 2013-10-02 22:02 - 2013-10-02 22:02 - 00000000 ____D C:\Users\Michi\AppData\Local\{5E84FF87-58DE-46E3-9353-10475D7FB6F9} 2013-10-02 18:48 - 2013-10-02 18:57 - 00000000 ____D C:\Users\Michi\Documents\Battlefield 4 2013-10-02 18:45 - 2013-10-02 18:45 - 00000726 _____ C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk 2013-10-02 18:34 - 2013-10-02 18:34 - 00000000 ____D C:\Program Files (x86)\Origin Games 2013-10-02 18:33 - 2013-10-02 18:33 - 00000000 ____D C:\ProgramData\Package Cache 2013-10-02 18:32 - 2013-10-20 03:59 - 00000000 ____D C:\Windows\System32\appmgmt 2013-10-01 20:54 - 2012-03-14 04:00 - 00385024 _____ (CANON INC.) C:\Windows\System32\CNMLMAU.DLL 2013-10-01 20:53 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\System32\SettingSync.dll 2013-10-01 20:53 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncInfo.dll 2013-10-01 20:53 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll 2013-10-01 20:53 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\System32\wdc.dll 2013-10-01 20:53 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\System32\wvc.dll 2013-10-01 20:53 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\System32\sysmon.ocx 2013-10-01 20:53 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx 2013-10-01 20:53 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll 2013-10-01 20:53 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll 2013-10-01 20:53 - 2013-08-02 07:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-10-01 20:53 - 2013-08-02 07:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll 2013-10-01 20:53 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-10-01 20:53 - 2013-08-02 07:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-10-01 20:53 - 2013-08-02 06:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-10-01 20:53 - 2013-08-02 06:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2013-10-01 20:53 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-10-01 20:53 - 2013-08-02 06:06 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-10-01 20:53 - 2013-08-01 11:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-10-01 20:53 - 2013-07-31 00:30 - 00386923 _____ C:\Windows\System32\ApnDatabase.xml 2013-10-01 20:53 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll 2013-10-01 20:53 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\System32\mbsmsapi.dll 2013-10-01 20:53 - 2013-07-13 07:15 - 00459776 _____ (Microsoft Corporation) C:\Windows\System32\appmgr.dll 2013-10-01 20:53 - 2013-07-13 05:23 - 00366592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll 2013-10-01 20:53 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll 2013-10-01 20:53 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2013-10-01 17:52 - 2013-10-01 17:52 - 00000000 ____D C:\Users\Michi\AppData\Local\NVIDIA 2013-10-01 17:51 - 2013-10-01 17:51 - 00001351 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2013-10-01 17:51 - 2013-10-01 17:51 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-10-01 17:50 - 2013-10-01 17:50 - 00002137 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk 2013-10-01 17:50 - 2013-10-01 17:50 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten 2013-10-01 17:50 - 2013-07-10 20:28 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help 2013-10-01 17:49 - 2013-10-20 03:59 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-10-01 17:49 - 2013-09-27 09:57 - 30334752 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 25256224 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 22925088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 18259624 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 18229224 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 15832920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 15232424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 12528416 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys 2013-10-01 17:49 - 2013-09-27 09:57 - 11345168 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 11292144 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 09480840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 09436544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 03130144 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 03121952 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 03052616 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 02945312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 02745632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 02682816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433140.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433140.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 01432408 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 01239304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 00696096 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 00654624 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 00559904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 00317472 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 00168616 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2013-10-01 17:49 - 2013-09-27 09:57 - 00023307 _____ C:\Windows\System32\nvinfo.pb 2013-10-01 17:49 - 2013-09-27 08:45 - 06641440 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll 2013-10-01 17:49 - 2013-09-27 08:45 - 03483424 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll 2013-10-01 17:49 - 2013-09-27 08:44 - 00922912 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe 2013-10-01 17:49 - 2013-09-27 08:44 - 00219424 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll 2013-10-01 17:49 - 2013-09-27 08:44 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll 2013-10-01 17:49 - 2013-09-26 14:32 - 03386608 _____ C:\Windows\System32\nvcoproc.bin 2013-10-01 17:49 - 2013-08-20 14:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys 2013-10-01 17:49 - 2013-08-20 14:32 - 00029984 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap64v.dll 2013-10-01 17:49 - 2013-08-20 14:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2013-10-01 17:49 - 2013-06-16 13:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys 2013-10-01 17:49 - 2013-06-16 13:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll 2013-10-01 17:49 - 2013-01-29 09:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll 2013-10-01 17:26 - 2013-10-01 17:26 - 00000000 ____D C:\Program Files (x86)\Samsung 2013-10-01 17:25 - 2013-10-01 17:25 - 00000000 ____D C:\ProgramData\Samsung 2013-10-01 17:25 - 2013-10-01 17:25 - 00000000 ____D C:\Program Files (x86)\Samsung Magician 2013-10-01 15:59 - 2013-10-01 15:59 - 00000000 ____D C:\Users\Michi\AppData\Local\{0EDB0FA7-120B-4B7C-9D41-AAF765A4E81B} 2013-09-30 15:57 - 2013-09-30 15:58 - 00000000 ____D C:\Users\Michi\AppData\Local\{A9DA5267-CA67-4E6D-B053-F01BE1B2C4AF} 2013-09-30 05:46 - 2013-10-20 05:47 - 00000000 ___HD C:\$Windows.~BT 2013-09-29 21:52 - 2013-09-29 21:52 - 00000000 ____D C:\Users\Michi\AppData\Local\{FE1E4D3D-9013-431A-803C-7C1221A00C13} 2013-09-28 19:37 - 2013-09-28 19:38 - 00000000 ____D C:\Users\Michi\AppData\Local\{C5962516-9652-4231-8038-377549D0CF72} 2013-09-28 06:43 - 2013-09-28 06:43 - 00000000 ____D C:\Users\Michi\AppData\Local\{3837875B-84AD-4B74-8785-7723956583B7} ==================== One Month Modified Files and Folders ======= 2013-10-28 00:11 - 2013-10-28 00:11 - 00000000 ____D C:\FRST 2013-10-28 00:08 - 2013-10-28 00:08 - 00000000 _____ C:\Recovery.txt 2013-10-28 00:03 - 2013-10-27 23:30 - 01210890 _____ C:\Windows\setupact.log 2013-10-28 00:03 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-28 00:03 - 2012-07-08 00:32 - 00000000 ____D C:\ProgramData\NVIDIA 2013-10-28 00:00 - 2013-10-27 23:26 - 95025368 ____T C:\ProgramData\7t2rwwl.bxx 2013-10-28 00:00 - 2013-10-27 23:26 - 00000000 _____ C:\ProgramData\7t2rwwl.fvv 2013-10-28 00:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\sru 2013-10-28 00:00 - 2012-07-08 02:12 - 00000000 ____D C:\Users\Michi\Tracing 2013-10-27 23:51 - 2013-05-28 21:47 - 00000000 ____D C:\Users\Michi\AppData\Local\HTC MediaHub 2013-10-27 23:31 - 2013-09-22 11:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-27 23:30 - 2012-07-08 02:48 - 00000000 ____D C:\Users\Michi\Documents\Outlook-Dateien 2013-10-27 23:28 - 2012-12-26 16:21 - 01381232 _____ C:\Windows\WindowsUpdate.log 2013-10-27 23:26 - 2013-10-27 23:26 - 00139264 _____ (Sekizenkan Company) C:\ProgramData\lwwr2t7.dss 2013-10-27 23:26 - 2013-10-27 23:26 - 00062052 ____T (Microsoft Corporation) C:\ProgramData\7t2rwwl.pss 2013-10-27 23:15 - 2012-07-08 02:13 - 01912320 ___SH C:\Users\Michi\Desktop\Thumbs.db 2013-10-27 22:20 - 2013-10-27 22:20 - 00017513 _____ C:\Windows\DirectX.log 2013-10-27 22:20 - 2012-11-28 18:09 - 00000000 ____D C:\Users\Michi\Documents\My Games 2013-10-27 22:19 - 2013-10-27 22:19 - 00000728 _____ C:\Users\Public\Desktop\DTM Experience Demo.lnk 2013-10-27 20:56 - 2012-12-26 16:32 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2929898079-2260005087-1386965309-1000 2013-10-27 20:15 - 2013-10-27 20:15 - 00000000 ____D C:\Users\Michi\AppData\Local\{E07EEECD-5D0F-4403-A52F-8238A47292DB} 2013-10-26 23:21 - 2012-07-26 11:27 - 00755402 _____ C:\Windows\System32\perfh007.dat 2013-10-26 23:21 - 2012-07-26 11:27 - 00156630 _____ C:\Windows\System32\perfc007.dat 2013-10-26 23:21 - 2012-07-26 08:28 - 01754016 _____ C:\Windows\System32\PerfStringBackup.INI 2013-10-26 22:25 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\System32\config\ELAM 2013-10-26 18:41 - 2012-07-08 02:12 - 00043008 _____ C:\Users\Michi\Desktop\Film_Liste.xls 2013-10-26 18:35 - 2013-10-26 18:35 - 00000000 ____D C:\Users\Michi\AppData\Local\{49251084-02AC-4550-B271-3D5F92472FB7} 2013-10-25 17:02 - 2013-10-25 17:02 - 00311544 _____ C:\Users\Michi\Desktop\mgb_holly_halston_480p_1000_big.mp4.exe 2013-10-25 16:47 - 2013-10-25 16:47 - 00000000 ____D C:\Users\Michi\AppData\Local\{27CB6A98-A253-44ED-929D-1F0D9346FA3D} 2013-10-24 22:59 - 2013-07-06 10:17 - 00000000 ____D C:\Users\Michi\AppData\Roaming\vlc 2013-10-24 21:21 - 2013-10-16 17:04 - 00016228 _____ C:\Users\Michi\Desktop\wog.xlsx 2013-10-24 15:57 - 2013-10-24 15:57 - 00000000 ____D C:\Users\Michi\AppData\Local\{BBAA9BD6-E9BF-45D8-B545-E6772EEA65DA} 2013-10-23 19:47 - 2013-10-23 19:47 - 00000000 ____D C:\Users\Michi\AppData\Local\{EF06123D-2594-41A5-93BF-35E795C84DB0} 2013-10-22 19:33 - 2012-07-14 10:57 - 00000000 ____D C:\Users\Michi\AppData\Roaming\Skype 2013-10-22 16:33 - 2013-10-22 16:33 - 00000000 ____D C:\Users\Michi\AppData\Local\{2CE30582-A923-445C-9FAA-72E517D56DC9} 2013-10-21 16:37 - 2013-07-11 04:54 - 00000000 ____D C:\Users\Michi\AppData\Local\CrashDumps 2013-10-21 16:30 - 2013-10-21 16:30 - 00000000 ____D C:\Users\Michi\AppData\Local\{90C33B5A-00B6-4070-91D8-B5E02E44BBF1} 2013-10-20 22:24 - 2013-10-20 22:24 - 00000000 ____D C:\Users\Michi\AppData\Local\{D2BAFBCE-B9DE-4E99-B161-6EFB60CEEE9E} 2013-10-20 05:47 - 2013-09-30 05:46 - 00000000 ___HD C:\$Windows.~BT 2013-10-20 03:59 - 2013-10-02 18:32 - 00000000 ____D C:\Windows\System32\appmgmt 2013-10-20 03:59 - 2013-10-01 17:49 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-10-20 03:59 - 2013-06-26 16:45 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith 2013-10-20 03:59 - 2013-01-20 13:42 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2013-10-20 03:59 - 2012-12-26 16:27 - 00000000 ____D C:\ProgramData\PRICache 2013-10-20 03:59 - 2012-12-26 16:19 - 00000000 ____D C:\users\Michi 2013-10-20 03:59 - 2012-12-26 16:19 - 00000000 ____D C:\ProgramData\Creative 2013-10-20 03:59 - 2012-12-26 16:18 - 00000000 ____D C:\Windows\SysWOW64\data 2013-10-20 03:59 - 2012-12-26 16:18 - 00000000 ____D C:\Windows\System32\data 2013-10-20 03:59 - 2012-12-26 16:18 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-10-20 03:59 - 2012-12-26 16:18 - 00000000 ____D C:\Program Files (x86)\OpenAL 2013-10-20 03:59 - 2012-12-26 16:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-10-20 03:59 - 2012-07-26 11:29 - 00000000 ____D C:\Windows\ShellNew 2013-10-20 03:59 - 2012-07-26 11:27 - 00000000 ____D C:\Windows\SysWOW64\WCN 2013-10-20 03:59 - 2012-07-26 11:27 - 00000000 ____D C:\Windows\SysWOW64\sysprep 2013-10-20 03:59 - 2012-07-26 11:27 - 00000000 ____D C:\Windows\System32\WCN 2013-10-20 03:59 - 2012-07-26 09:18 - 00000000 ____D C:\Windows\DigitalLocker 2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 __SHD C:\Program Files\Windows Sidebar 2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar 2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\MUI 2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\IME 2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\spool 2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\Recovery 2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\NDF 2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\MUI 2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\IME 2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\schemas 2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\LiveKernelReports 2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\IME 2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\Help 2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Common Files\System 2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-10-20 03:59 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\SysWOW64\SMI 2013-10-20 03:59 - 2012-07-08 01:07 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information 2013-10-20 03:59 - 2012-07-08 01:07 - 00000000 ____D C:\Windows\System32\STRING 2013-10-20 03:59 - 2011-04-12 08:54 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-10-20 01:39 - 2013-10-20 01:39 - 00034172 _____ C:\plugin003.dmp 2013-10-20 01:29 - 2013-10-20 01:29 - 00120976 _____ C:\plugin002.dmp 2013-10-20 01:15 - 2011-06-03 14:45 - 00000000 __SHD C:\Recovery 2013-10-20 01:10 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\System32\config\BBI 2013-10-20 01:07 - 2012-12-26 16:19 - 00089538 _____ C:\Windows\diagwrn.xml 2013-10-20 01:07 - 2012-12-26 16:19 - 00089538 _____ C:\Windows\diagerr.xml 2013-10-20 01:04 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\registration 2013-10-20 00:53 - 2013-10-20 00:53 - 00000000 ____D C:\Users\Michi\AppData\Local\{6FCB6487-F180-4ADE-A56C-550D75BF2D50} 2013-10-18 23:41 - 2013-10-18 23:41 - 00000000 ____D C:\Users\Michi\AppData\Local\{7F7B4820-2E9B-4D06-8C14-3C4A4EF9D215} 2013-10-18 23:41 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-10-18 06:54 - 2013-10-18 06:54 - 00000000 ____D C:\Users\Michi\AppData\Local\{EB0BAAC1-5BAE-410B-82AE-859CD30A9DE1} 2013-10-18 03:12 - 2013-10-18 03:12 - 00033772 _____ C:\plugin001.dmp 2013-10-18 03:02 - 2013-10-18 03:02 - 00123696 _____ C:\plugin000.dmp 2013-10-17 16:02 - 2013-10-17 16:02 - 00000000 ____D C:\Users\Michi\AppData\Local\{80B3C1BF-E8DD-4AAF-A2AA-D79F4AACBD9D} 2013-10-16 21:26 - 2012-12-26 16:18 - 00094514 _____ C:\Windows\PFRO.log 2013-10-16 16:29 - 2013-10-16 16:29 - 00009193 _____ C:\Users\Michi\Desktop\teste.txt 2013-10-16 16:01 - 2013-10-16 16:01 - 00000000 ____D C:\Users\Michi\AppData\Local\{4271292A-7E97-4AB5-A96F-21542D8CB77A} 2013-10-14 18:58 - 2012-07-08 11:05 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe 2013-10-14 18:44 - 2012-07-08 11:05 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0 2013-10-14 18:27 - 2012-07-08 09:49 - 00000000 ____D C:\Program Files (x86)\Origin 2013-10-14 18:24 - 2013-10-14 18:24 - 00000000 ____D C:\Users\Michi\AppData\Local\{B8D1C393-E9B5-4679-A59A-3A39FB2CEA40} 2013-10-13 22:11 - 2013-10-13 22:11 - 00000669 _____ C:\Users\Public\Desktop\ClipGrab.lnk 2013-10-13 14:38 - 2013-10-13 14:38 - 00000000 ____D C:\Users\Michi\AppData\Local\{9404914B-E53D-4A49-95F3-051F2393FDFE} 2013-10-12 08:29 - 2013-10-12 08:29 - 00000000 ____D C:\Users\Michi\AppData\Local\{246D66E0-8BBF-406B-905F-5AAC212127A6} 2013-10-11 20:29 - 2013-10-11 20:29 - 00000000 ____D C:\Users\Michi\AppData\Local\{7200AA3D-5189-422C-BFDD-E30B61EE8FE1} 2013-10-11 16:41 - 2013-05-14 15:59 - 00050688 ___SH C:\Users\Michi\Downloads\Thumbs.db 2013-10-11 08:42 - 2013-10-11 08:27 - 00000000 ____D C:\Users\Michi\Documents\Battlefield 4 Beta 2013-10-10 21:38 - 2013-10-10 21:38 - 00457440 _____ C:\Windows\System32\FNTCACHE.DAT 2013-10-10 21:37 - 2013-10-10 21:37 - 00000000 ____D C:\Users\Michi\AppData\Local\NOS 2013-10-10 21:37 - 2012-07-15 15:37 - 00000000 ____D C:\Users\Michi\AppData\Local\Adobe 2013-10-10 21:30 - 2013-10-10 21:30 - 00000000 ____D C:\Users\Michi\AppData\Local\{047C9D4C-1490-4229-9D06-AA8CE3DC6B8F} 2013-10-10 17:39 - 2013-01-28 18:12 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-10-10 17:39 - 2012-07-14 10:57 - 00000000 ____D C:\ProgramData\Skype 2013-10-10 16:09 - 2012-07-14 17:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-10 16:09 - 2012-07-14 17:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-10 07:26 - 2013-10-10 07:26 - 00000000 ____D C:\Users\Michi\AppData\Local\{801D22B7-1955-4278-B7F6-5F7649C094FA} 2013-10-09 16:21 - 2013-10-09 15:46 - 642330513 _____ C:\Users\Michi\Downloads\mshflollykarlo_720.mp4 2013-10-09 16:08 - 2013-09-25 19:04 - 261601425 _____ C:\Users\Michi\Downloads\mshfsirityler_qt.mp4 2013-10-09 15:53 - 2013-09-25 19:04 - 185203649 _____ C:\Users\Michi\Downloads\mfhmevadanny2_qt.mp4 2013-10-09 13:02 - 2013-08-11 12:36 - 00000000 ____D C:\Windows\System32\MRT 2013-10-09 13:02 - 2012-07-08 00:53 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-09 13:01 - 2012-07-17 20:19 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-10-09 12:37 - 2013-10-09 12:37 - 00000000 ____D C:\Users\Michi\AppData\Local\{C9308253-3DDE-44EB-B441-5F34DE0350CE} 2013-10-08 18:31 - 2013-09-22 11:50 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-08 15:50 - 2013-10-08 15:50 - 00000000 ____D C:\Users\Michi\AppData\Local\{4C987E85-C912-4211-BF85-955951C2FDC5} 2013-10-07 16:15 - 2013-10-07 16:15 - 00000000 ____D C:\Users\Michi\AppData\Local\{CF92C35C-7944-4475-BD32-A167C2E40063} 2013-10-06 09:36 - 2013-10-06 09:36 - 00003586 _____ C:\Windows\System32\Tasks\Bitdefender Auto-Scan 2013-10-05 18:02 - 2013-10-05 18:02 - 00000000 ____D C:\Users\Michi\AppData\Local\{B1762FEA-2B74-4A45-9187-3B3E81963153} 2013-10-05 04:06 - 2013-10-05 04:06 - 00000000 ____D C:\Users\Michi\AppData\Local\{1C61FDC5-48EA-49A5-8011-DCFB98ABEA33} 2013-10-04 11:43 - 2013-10-04 11:43 - 00000000 ____D C:\Users\Michi\AppData\Local\{840C8AEB-C88A-4E92-BCFD-AA5E4E2A34B1} 2013-10-03 17:18 - 2013-10-03 17:18 - 00000000 ____D C:\Users\Michi\AppData\Local\{580A8D53-CBFC-459F-9997-62F6E2E75160} 2013-10-02 22:02 - 2013-10-02 22:02 - 00000000 ____D C:\Users\Michi\AppData\Local\{5E84FF87-58DE-46E3-9353-10475D7FB6F9} 2013-10-02 18:57 - 2013-10-02 18:48 - 00000000 ____D C:\Users\Michi\Documents\Battlefield 4 2013-10-02 18:48 - 2012-08-09 16:53 - 00000000 ____D C:\Users\Michi\AppData\Local\PunkBuster 2013-10-02 18:45 - 2013-10-02 18:45 - 00000726 _____ C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk 2013-10-02 18:45 - 2012-07-08 11:05 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe 2013-10-02 18:34 - 2013-10-02 18:34 - 00000000 ____D C:\Program Files (x86)\Origin Games 2013-10-02 18:33 - 2013-10-02 18:33 - 00000000 ____D C:\ProgramData\Package Cache 2013-10-02 02:38 - 2012-07-26 09:14 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-02 02:38 - 2012-07-26 09:14 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-01 22:57 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache 2013-10-01 21:02 - 2012-07-08 10:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-01 21:01 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData 2013-10-01 20:54 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini 2013-10-01 17:52 - 2013-10-01 17:52 - 00000000 ____D C:\Users\Michi\AppData\Local\NVIDIA 2013-10-01 17:51 - 2013-10-01 17:51 - 00001351 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2013-10-01 17:51 - 2013-10-01 17:51 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-10-01 17:50 - 2013-10-01 17:50 - 00002137 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk 2013-10-01 17:50 - 2013-10-01 17:50 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten 2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten 2013-10-01 17:44 - 2012-12-05 17:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-01 17:44 - 2012-07-08 00:16 - 00000000 ____D C:\Users\Michi\AppData\Local\Mozilla 2013-10-01 17:26 - 2013-10-01 17:26 - 00000000 ____D C:\Program Files (x86)\Samsung 2013-10-01 17:26 - 2012-07-08 00:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-10-01 17:25 - 2013-10-01 17:25 - 00000000 ____D C:\ProgramData\Samsung 2013-10-01 17:25 - 2013-10-01 17:25 - 00000000 ____D C:\Program Files (x86)\Samsung Magician 2013-10-01 15:59 - 2013-10-01 15:59 - 00000000 ____D C:\Users\Michi\AppData\Local\{0EDB0FA7-120B-4B7C-9D41-AAF765A4E81B} 2013-09-30 15:58 - 2013-09-30 15:57 - 00000000 ____D C:\Users\Michi\AppData\Local\{A9DA5267-CA67-4E6D-B053-F01BE1B2C4AF} 2013-09-29 22:06 - 2012-08-05 19:29 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins 2013-09-29 21:52 - 2013-09-29 21:52 - 00000000 ____D C:\Users\Michi\AppData\Local\{FE1E4D3D-9013-431A-803C-7C1221A00C13} 2013-09-28 19:38 - 2013-09-28 19:37 - 00000000 ____D C:\Users\Michi\AppData\Local\{C5962516-9652-4231-8038-377549D0CF72} 2013-09-28 06:43 - 2013-09-28 06:43 - 00000000 ____D C:\Users\Michi\AppData\Local\{3837875B-84AD-4B74-8785-7723956583B7} Files to move or delete: ==================== C:\ProgramData\lwwr2t7.dss Some content of TEMP: ==================== C:\Users\Michi\AppData\Local\Temp\h1584282133.tmp.dll C:\Users\Michi\AppData\Local\Temp\jrrihwdjav.exe C:\Users\Michi\AppData\Local\Temp\owxmdn.exe C:\Users\Michi\AppData\Local\Temp\sonarinst.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 4 Restore point made on: 2013-10-16 17:18:42 Restore point made on: 2013-10-20 00:54:28 Restore point made on: 2013-10-24 16:10:13 Restore point made on: 2013-10-27 22:19:54 ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8175.29 MB Available physical RAM: 7323.59 MB Total Pagefile: 8175.29 MB Available Pagefile: 7330.36 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.69 GB) (Free:51.1 GB) NTFS Drive d: (Volume) (Fixed) (Total:232.88 GB) (Free:227.18 GB) NTFS Drive e: (new_hdd) (Fixed) (Total:931.51 GB) (Free:566.96 GB) NTFS Drive f: (Volume) (Fixed) (Total:492.15 GB) (Free:24.44 GB) NTFS Drive g: () (Removable) (Total:7.31 GB) (Free:7.28 GB) FAT32 Drive h: (Volume) (Fixed) (Total:439.36 GB) (Free:412.67 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 3EF9D02B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 518B5D2A) Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6F3C21DD) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 76417FF0) Partition 1: (Not Active) - (Size=932 GB) - (Type=42) ======================================================== Disk: 4 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=7 GB) - (Type=0B) LastRegBack: 2013-10-27 20:56 ==================== End Of Log ============================ Was kann ich nun tun, um diesen Trojaner zu entfernen? Vielen Dank im Voraus für eure Antworten. Gruss Michi |
28.10.2013, 08:35 | #2 |
/// the machine /// TB-Ausbilder | Windows 8: FedPol BundesKriminalPolizei Virus auf meinem PC hi,
__________________Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Michi\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION HKU\Michi\...\Command Processor: "C:\Users\Michi\Documents\15dd4378.exe" <===== ATTENTION! Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t2rwwl.lnk ShortcutTarget: 7t2rwwl.lnk -> C:\PROGRA~3\lwwr2t7.dss (Sekizenkan Company) S2 Winmgmt; C:\PROGRA~3\7t2rwwl.pss [62052 2013-10-27] (Microsoft Corporation) C:\ProgramData\lwwr2t7.dss C:\Users\Michi\Documents\15dd4378.exe C:\Users\Michi\AppData\Local\Temp\h1584282133.tmp.dll C:\Users\Michi\AppData\Local\Temp\jrrihwdjav.exe C:\Users\Michi\AppData\Local\Temp\owxmdn.exe C:\Users\Michi\AppData\Local\Temp\sonarinst.exe 2013-10-28 00:00 - 2013-10-27 23:26 - 95025368 ____T C:\ProgramData\7t2rwwl.bxx 2013-10-28 00:00 - 2013-10-27 23:26 - 00000000 _____ C:\ProgramData\7t2rwwl.fvv 2013-10-27 23:26 - 2013-10-28 00:00 - 95025368 ____T C:\ProgramData\7t2rwwl.bxx 2013-10-27 23:26 - 2013-10-28 00:00 - 00000000 _____ C:\ProgramData\7t2rwwl.fvv 2013-10-27 23:26 - 2013-10-27 23:26 - 00139264 _____ (Sekizenkan Company) C:\ProgramData\lwwr2t7.dss 2013-10-27 23:26 - 2013-10-27 23:26 - 00062052 ____T (Microsoft Corporation) C:\ProgramData\7t2rwwl.pss
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Rechner normal starten.
__________________ |
28.10.2013, 21:18 | #3 |
| Windows 8: FedPol BundesKriminalPolizei Virus auf meinem PC Hallo schrauber,
__________________Vielen Dank für deine Antwort. Den Fix habe ich, gemäss Anleitung ausgeführt. Hier die Daten vom Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2013 01 Ran by SYSTEM at 2013-10-28 17:25:08 Run:1 Running from G:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** HKU\Michi\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION HKU\Michi\...\Command Processor: "C:\Users\Michi\Documents\15dd4378.exe" <===== ATTENTION! Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t2rwwl.lnk ShortcutTarget: 7t2rwwl.lnk -> C:\PROGRA~3\lwwr2t7.dss (Sekizenkan Company) S2 Winmgmt; C:\PROGRA~3\7t2rwwl.pss [62052 2013-10-27] (Microsoft Corporation) C:\ProgramData\lwwr2t7.dss C:\Users\Michi\Documents\15dd4378.exe C:\Users\Michi\AppData\Local\Temp\h1584282133.tmp.dll C:\Users\Michi\AppData\Local\Temp\jrrihwdjav.exe C:\Users\Michi\AppData\Local\Temp\owxmdn.exe C:\Users\Michi\AppData\Local\Temp\sonarinst.exe 2013-10-28 00:00 - 2013-10-27 23:26 - 95025368 ____T C:\ProgramData\7t2rwwl.bxx 2013-10-28 00:00 - 2013-10-27 23:26 - 00000000 _____ C:\ProgramData\7t2rwwl.fvv 2013-10-27 23:26 - 2013-10-28 00:00 - 95025368 ____T C:\ProgramData\7t2rwwl.bxx 2013-10-27 23:26 - 2013-10-28 00:00 - 00000000 _____ C:\ProgramData\7t2rwwl.fvv 2013-10-27 23:26 - 2013-10-27 23:26 - 00139264 _____ (Sekizenkan Company) C:\ProgramData\lwwr2t7.dss 2013-10-27 23:26 - 2013-10-27 23:26 - 00062052 ____T (Microsoft Corporation) C:\ProgramData\7t2rwwl.pss ***************** HKU\Michi\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKU\Michi\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully. C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t2rwwl.lnk => Moved successfully. C:\PROGRA~3\lwwr2t7.dss => Moved successfully. Winmgmt => Service restored successfully. "C:\ProgramData\lwwr2t7.dss" => File/Directory not found. "C:\Users\Michi\Documents\15dd4378.exe" => File/Directory not found. C:\Users\Michi\AppData\Local\Temp\h1584282133.tmp.dll => Moved successfully. C:\Users\Michi\AppData\Local\Temp\jrrihwdjav.exe => Moved successfully. C:\Users\Michi\AppData\Local\Temp\owxmdn.exe => Moved successfully. C:\Users\Michi\AppData\Local\Temp\sonarinst.exe => Moved successfully. C:\ProgramData\7t2rwwl.bxx => Moved successfully. C:\ProgramData\7t2rwwl.fvv => Moved successfully. "C:\ProgramData\7t2rwwl.bxx" => File/Directory not found. "C:\ProgramData\7t2rwwl.fvv" => File/Directory not found. "C:\ProgramData\lwwr2t7.dss" => File/Directory not found. C:\ProgramData\7t2rwwl.pss => Moved successfully. ==== End of Fixlog ==== Wie geht es nun weiter? Vielen Dank für die Hilfe! Sorry für den doppel Post, ich habe mich vorhin entschieden, meinen Rechner neuzuinstallieren. Die Daten konnte ich nun dank deiner Hilfe auch sichern. Hoffe es ist OK für dich. |
29.10.2013, 12:42 | #4 |
/// the machine /// TB-Ausbilder | Windows 8: FedPol BundesKriminalPolizei Virus auf meinem PC ok.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 8: FedPol BundesKriminalPolizei Virus auf meinem PC |
adobe, akamai, association, blockiert, canon, defender, entfernen, explorer, farbar, farbar recovery scan tool, fedpol, file, firewall, flash player, geforce, installation, mozilla, nvidia, programm, programme, registry, scan, security, svchost.exe, temp, trojaner, virus, windows, windows xp, winlogon.exe |