| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: bundeskruminalamt trojaner vistaWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.11.2013, 02:17
| #1 |
| |  bundeskruminalamt trojaner vista hallo, sorry das ich euch mit meinem Problem belsetige, aber ich komme nicht wirklich weiter. mein pc ist komplett mit einer makse vom BKS (fake) gesperrt, wenn sich Windows geladen hat ist mein Bildschirm mit einer Art Seite geblockt, wo ich 100 euro zahlen soll. ich kann weder im abgesicherten Modus noch, als auch in den anderen varianten starten. es versucht zu laden und dann beginnt es von neuen. sorry ich weis nicht wirklich weiter, vielen dan kfür die hilfe |
|
22.11.2013, 08:33
| #2 |
| /// the machine /// TB-Ausbilder    | bundeskruminalamt trojaner vista hi,
__________________Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ |
|
22.11.2013, 13:54
| #3 |
| | bundeskruminalamt trojaner vista FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by HP (administrator) on HP-PC on 22-11-2013 12:34:43
Running from C:\Users\HP\Downloads
Windows Vista (TM) Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-08-25] (Macrovision Corporation)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-08-25] (Macrovision Corporation)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [DivX Download Manager] - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe [63360 2010-12-08] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM\...\Run: [FromDocToPDF Search Scope Monitor] - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrchMn.exe [42536 2013-03-22] (MindSpark)
HKLM\...\Run: [FromDocToPDF_65 Browser Plugin Loader] - C:\Program Files\FromDocToPDF_65\bar\1.bin\65brmon.exe [30096 2013-03-22] (VER_COMPANY_NAME)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-10-23] (APN)
HKCU\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKCU\...\Run: [msffl] - "c:\users\hp\appdata\local\msffl.exe" msffl
HKCU\...\Run: [BitComet] - C:\Program Files\BitComet\BitComet.exe /tray
HKCU\...\Run: [ClipIncSrvTray] - C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe [668424 2009-03-16] (Tobit.Software)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-06-01] (Nero AG)
HKCU\...\Policies\Explorer: [DisallowRun] 1
MountPoints2: {fa68c28b-e0f7-11e0-9b77-001d60c17e4e} - I:\LGAutoRun.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bgrjwwi.lnk
ShortcutTarget: bgrjwwi.lnk -> C:\PROGRA~2\iwwjrgb.dss (Корпорация Майкрософт)
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^Y6^xdm043^YY^de&ptb=18E471D3-9848-40F7-9BD8-3FDB8A9ED982&si=swissconverter
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
URLSearchHook: HKCU - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (MindSpark)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1382914101&from=cor&uid=ST3320820AS_6QF3QW8J
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://start.qone8.com/web/?type=ds&ts=1382914102&from=cor&uid=ST3320820AS_6QF3QW8J&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://start.qone8.com/web/?type=ds&ts=1382914102&from=cor&uid=ST3320820AS_6QF3QW8J&q={searchTerms}
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm043^YY^de&si=swissconverter&ptb=18E471D3-9848-40F7-9BD8-3FDB8A9ED982&ind=2013032820&n=77fc7174&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={0947E270-580C-11E2-B673-87DBE51B5704}
SearchScopes: HKCU - DefaultScope {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL =
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://avira.search.ask.com/web?p2=%5EB0Q%5EYYYYYY%5EZF%5EDE&gct=sb&itbv=12.6.0.1898&o=APN11074&tpid=AVIRA-V7&apn_uid=7D575616-279F-4303-9D62-BCE02879E3DB&apn_ptnrs=%5EB0Q&apn_dtid=%5EYYYYYY%5EZF%5EDE&apn_dbr=ie_7.0.6002.18005&doi=2013-10-31&trgb=ALL&q={searchTerms}&psv=
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll No File
BHO: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark)
BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll No File
BHO: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
BHO: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (MindSpark)
Toolbar: HKLM - BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll No File
Toolbar: HKCU - No Name - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6tfvswa6.default
FF user.js: detected! => C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6tfvswa6.default\user.js
FF Homepage: hxxp://de.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @FromDocToPDF_65.com/Plugin - C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6tfvswa6.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: FromDocToPDF - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6tfvswa6.default\Extensions\65ffxtbr@FromDocToPDF_65.com
FF Extension: Amazon-Icon - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6tfvswa6.default\Extensions\amazon-icon@winload.de
FF Extension: Spartipps von SparPilot.com - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6tfvswa6.default\Extensions\sparpilot@sparpilot.com
FF Extension: No Name - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6tfvswa6.default\Extensions\staged
FF Extension: Microsoft .NET Framework Assistant - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6tfvswa6.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Wajam - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6tfvswa6.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}
FF Extension: FileConverter 1.3 - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6tfvswa6.default\Extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}
FF Extension: No Name - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6tfvswa6.default\Extensions\{85324d1f-feb0-4a4f-b3e2-aee6e2d0c840}
FF Extension: BasicSeek - C:\Program Files\Mozilla Firefox\extensions\{40D65E82-75AC-47CA-8A73-1CEDC2668EFF}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF HKLM\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] - C:\Program Files\FromDocToPDF_65\bar\1.bin
FF Extension: FromDocToPDF - C:\Program Files\FromDocToPDF_65\bar\1.bin
FF HKCU\...\Firefox\Extensions: [addlyrics@addlyrics.net] - C:\Program Files\AddLyrics\FF\
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://start.qone8.com/?type=sc&ts=1382914101&from=cor&uid=ST3320820AS_6QF3QW8J
Chrome:
=======
CHR Extension: () - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.0.0
CHR Extension: (DivX HiQ) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0
CHR Extension: (Iminent) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.3.2.1_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx
CHR HKLM\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files\DealPly\DealPly.crx
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\HP\AppData\Local\Wajam\Chrome\wajam.crx
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\HP\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
R2 ClipInc001; C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe [2230024 2009-05-27] ()
R2 FromDocToPDF_65Service; C:\Program Files\FromDocToPDF_65\bar\1.bin\65barsvc.exe [42504 2013-03-22] (COMPANYVERS_NAME)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-12-11] ()
S2 SystemStoreService; C:\Program Files\SoftwareUpdater\SystemStore.exe [278016 2013-07-09] ()
R2 WajamUpdater; C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064 2012-07-26] (Wajam)
S2 Winmgmt; C:\ProgramData\iwwjrgb.dss [221184 2013-11-21] (Корпорация Майкрософт)
S2 Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [x]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]
S3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-10-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
S3 FLASHSYS; C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys [9216 2007-12-14] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-10-23] ()
S3 NTIOLib_1_0_4; C:\Program Files\MSI\Live Update 4\LU4\NTIOLib.sys [7680 2010-10-20] (MSI)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1119616 2006-11-06] (Philips Semiconductors GmbH)
R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [53920 2004-08-09] (Protection Technology)
R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [114016 2004-08-09] (Protection Technology)
R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [7040 2004-07-19] (Protection Technology)
R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [83592 2007-05-02] (MCCI Corporation)
S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [15112 2007-05-02] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [109704 2007-05-02] (MCCI Corporation)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 TVICHW32; C:\Windows\system32\DRIVERS\TVICHW32.SYS [23600 2009-08-05] (EnTech Taiwan)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 MSICDSetup; \??\D:\CDriver.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4a\WNt500x86\Sandra.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-22 12:34 - 2013-11-22 12:34 - 01090881 _____ (Farbar) C:\Users\HP\Downloads\FRST(2).exe
2013-11-22 01:34 - 2013-11-22 01:36 - 00018787 _____ C:\Users\HP\Downloads\Addition.txt
2013-11-22 01:32 - 2013-11-22 12:34 - 00018360 _____ C:\Users\HP\Downloads\FRST.txt
2013-11-22 01:32 - 2013-11-22 01:32 - 01090881 _____ (Farbar) C:\Users\HP\Downloads\FRST.exe
2013-11-22 01:32 - 2013-11-22 01:32 - 00000000 ____D C:\FRST
2013-11-21 23:07 - 2013-11-21 23:07 - 00139480 _____ C:\Windows\Minidump\Mini112113-01.dmp
2013-11-21 22:42 - 2013-11-21 22:43 - 00000000 ____D C:\Users\HP\AppData\Local\WinZip
2013-11-21 22:42 - 2013-11-21 22:42 - 00001846 _____ C:\Users\Public\Desktop\WinZip.lnk
2013-11-21 22:41 - 2013-11-21 22:42 - 00000000 ____D C:\Program Files\WinZip
2013-11-21 22:35 - 2013-11-21 22:37 - 43543552 _____ C:\Users\HP\Downloads\wz180gev-32.msi
2013-11-21 22:34 - 2013-11-21 22:34 - 00000000 ____D C:\Users\HP\AppData\Local\AskPartnerNetwork
2013-11-21 22:00 - 2013-11-21 22:00 - 01305088 ____T C:\ProgramData\bgrjwwi.fdd
2013-11-21 22:00 - 2013-11-21 22:00 - 00000279 _____ C:\ProgramData\bgrjwwi.reg
2013-11-21 01:23 - 2013-11-22 12:34 - 95025368 ____T C:\ProgramData\bgrjwwi.bxx
2013-11-21 01:23 - 2013-11-22 12:22 - 00000000 _____ C:\ProgramData\bgrjwwi.fvv
2013-11-21 01:23 - 2013-11-21 01:23 - 00221184 _____ (Корпорация Майкрософт) C:\ProgramData\iwwjrgb.dss
2013-11-14 01:31 - 2013-10-12 13:13 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 01:31 - 2013-10-12 13:12 - 06119424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 01:31 - 2013-10-12 13:12 - 03627008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 01:31 - 2013-10-12 13:12 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 01:31 - 2013-10-12 13:12 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-11-14 01:31 - 2013-10-12 13:12 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 01:31 - 2013-10-12 13:12 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 01:31 - 2013-10-12 13:12 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-14 01:31 - 2013-10-12 13:12 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 01:31 - 2013-10-12 13:12 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-14 01:31 - 2013-10-12 13:12 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 01:31 - 2013-10-12 13:12 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 01:31 - 2013-10-12 13:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 01:31 - 2013-10-12 13:12 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-11-14 01:31 - 2013-10-12 11:52 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-14 01:31 - 2013-10-12 11:41 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 01:31 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 01:31 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 01:25 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 01:25 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 01:25 - 2013-10-11 01:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-10-31 22:05 - 2013-10-31 22:05 - 00000000 ____D C:\Users\HP\AppData\Roaming\Avira
2013-10-31 22:01 - 2013-10-31 22:01 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-10-31 22:01 - 2013-10-31 22:01 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-10-31 22:00 - 2013-10-31 22:00 - 00000000 ____D C:\ProgramData\APN
2013-10-31 21:59 - 2013-11-14 11:16 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-31 21:59 - 2013-11-14 11:16 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-31 21:59 - 2013-10-31 21:59 - 00001847 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-31 21:59 - 2013-10-31 21:59 - 00000000 ____D C:\ProgramData\Avira
2013-10-31 21:59 - 2013-10-31 21:59 - 00000000 ____D C:\Program Files\Avira
2013-10-31 21:59 - 2013-10-10 19:14 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-31 21:59 - 2013-10-10 19:14 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-10-31 21:54 - 2013-10-31 21:56 - 123853152 _____ C:\Users\HP\Downloads\avira_free_antivirus_de_14b411.exe
2013-10-31 00:18 - 2013-10-31 00:18 - 00000000 ____D C:\Program Files\Slitherine
2013-10-27 23:48 - 2013-10-27 23:53 - 00000000 ____D C:\Program Files\BonanzaDealsLive
2013-10-27 23:48 - 2013-10-27 23:51 - 00000000 ____D C:\Program Files\BonanzaDeals
2013-10-27 23:48 - 2013-10-27 23:48 - 00000280 _____ C:\Windows\Tasks\DigitalSite.job
2013-10-27 23:48 - 2013-10-27 23:48 - 00000000 ____D C:\Users\HP\AppData\Roaming\DigitalSite
2013-10-27 23:48 - 2013-10-27 23:48 - 00000000 ____D C:\Users\HP\AppData\Roaming\0D0S1L2Z1P1B
2013-10-27 23:48 - 2013-10-27 23:48 - 00000000 ____D C:\Users\HP\AppData\Local\BonanzaDealsLive
2013-10-27 23:48 - 2013-10-27 23:48 - 00000000 ____D C:\ProgramData\eSafe
2013-10-27 23:48 - 2013-10-27 23:48 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-10-27 23:47 - 2013-10-27 23:47 - 00752096 _____ C:\Users\HP\Downloads\ZipExtractorSetup.exe
2013-10-27 23:33 - 2013-10-27 23:33 - 01345792 _____ C:\Users\HP\Downloads\Operation-Barbarossa---The-Struggle-for-Russia-Setup.exe
2013-10-27 23:33 - 2013-10-27 23:33 - 00000000 ____D C:\Users\HP\Downloads\Operation-Barbarossa---The-Struggle-for-Russia
2013-10-27 23:33 - 2013-10-27 23:33 - 00000000 ____D C:\Users\HP\ChromeExtensions
2013-10-27 23:33 - 2013-10-27 23:33 - 00000000 ____D C:\Users\HP\AppData\Local\Tempd7a0dc5bca6769ff3dbbb2a0ba9a5f2e
2013-10-27 23:33 - 2013-10-27 23:33 - 00000000 ____D C:\Users\HP\AppData\Local\Temp62ba8363165370c807e11e61a78c735a
2013-10-27 23:33 - 2013-10-27 23:33 - 00000000 ____D C:\Users\HP\AppData\Local\Temp457ad06f72d1fa9f1d337c14820936aa
2013-10-25 17:35 - 2013-10-25 17:35 - 00001969 _____ C:\Users\Public\Desktop\EasyStudio II 2.0 PIMS & File Manager.lnk
2013-10-25 17:34 - 2005-03-29 10:36 - 00556544 ____N (NEXTREAMING) C:\Windows\system32\NexPlayerX.dll
==================== One Month Modified Files and Folders =======
2013-11-22 12:35 - 2013-11-22 01:32 - 00018360 _____ C:\Users\HP\Downloads\FRST.txt
2013-11-22 12:34 - 2013-11-22 12:34 - 01090881 _____ (Farbar) C:\Users\HP\Downloads\FRST(2).exe
2013-11-22 12:34 - 2013-11-21 01:23 - 95025368 ____T C:\ProgramData\bgrjwwi.bxx
2013-11-22 12:25 - 2009-02-26 23:36 - 00000000 ____D C:\Program Files\Steam
2013-11-22 12:25 - 2006-11-02 13:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-22 12:22 - 2013-11-21 01:23 - 00000000 _____ C:\ProgramData\bgrjwwi.fvv
2013-11-22 12:22 - 2006-11-02 13:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-22 12:22 - 2006-11-02 13:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-22 12:21 - 2009-02-17 22:54 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-22 12:21 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-22 12:17 - 2006-11-02 13:47 - 00039936 _____ C:\Windows\system32\umstartup.etl
2013-11-22 12:16 - 2006-11-02 14:01 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-22 01:56 - 2006-11-02 13:52 - 01603957 _____ C:\Windows\WindowsUpdate.log
2013-11-22 01:36 - 2013-11-22 01:34 - 00018787 _____ C:\Users\HP\Downloads\Addition.txt
2013-11-22 01:32 - 2013-11-22 01:32 - 01090881 _____ (Farbar) C:\Users\HP\Downloads\FRST.exe
2013-11-22 01:32 - 2013-11-22 01:32 - 00000000 ____D C:\FRST
2013-11-21 23:07 - 2013-11-21 23:07 - 00139480 _____ C:\Windows\Minidump\Mini112113-01.dmp
2013-11-21 23:07 - 2013-03-03 13:34 - 00000000 ____D C:\Windows\Minidump
2013-11-21 23:07 - 2013-03-03 13:33 - 221505218 _____ C:\Windows\MEMORY.DMP
2013-11-21 22:43 - 2013-11-21 22:42 - 00000000 ____D C:\Users\HP\AppData\Local\WinZip
2013-11-21 22:43 - 2009-10-23 01:50 - 00000000 ____D C:\ProgramData\WinZip
2013-11-21 22:42 - 2013-11-21 22:42 - 00001846 _____ C:\Users\Public\Desktop\WinZip.lnk
2013-11-21 22:42 - 2013-11-21 22:41 - 00000000 ____D C:\Program Files\WinZip
2013-11-21 22:42 - 2009-02-17 23:39 - 00000000 ____D C:\Users\HP
2013-11-21 22:37 - 2013-11-21 22:35 - 43543552 _____ C:\Users\HP\Downloads\wz180gev-32.msi
2013-11-21 22:34 - 2013-11-21 22:34 - 00000000 ____D C:\Users\HP\AppData\Local\AskPartnerNetwork
2013-11-21 22:00 - 2013-11-21 22:00 - 01305088 ____T C:\ProgramData\bgrjwwi.fdd
2013-11-21 22:00 - 2013-11-21 22:00 - 00000279 _____ C:\ProgramData\bgrjwwi.reg
2013-11-21 22:00 - 2012-08-25 20:52 - 00000430 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-11-21 01:23 - 2013-11-21 01:23 - 00221184 _____ (Корпорация Майкрософт) C:\ProgramData\iwwjrgb.dss
2013-11-21 00:18 - 2009-02-17 23:39 - 00002708 _____ C:\Users\HP\AppData\Local\d3d9caps.dat
2013-11-16 02:26 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-11-14 11:32 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-14 11:28 - 2013-08-14 20:07 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 11:22 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-14 11:16 - 2013-10-31 21:59 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-14 11:16 - 2013-10-31 21:59 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-13 00:42 - 2013-10-17 01:30 - 00000000 _____ C:\end
2013-11-01 10:16 - 2009-03-02 01:48 - 00149082 _____ C:\Windows\PFRO.log
2013-11-01 00:02 - 2013-03-17 01:45 - 00000000 ____D C:\Program Files\BasicSeek
2013-10-31 23:02 - 2012-11-03 18:59 - 00000000 _____ C:\ProgramData\LauncherAccess.dt
2013-10-31 22:05 - 2013-10-31 22:05 - 00000000 ____D C:\Users\HP\AppData\Roaming\Avira
2013-10-31 22:01 - 2013-10-31 22:01 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-10-31 22:01 - 2013-10-31 22:01 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-10-31 22:01 - 2009-03-06 04:51 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-31 22:00 - 2013-10-31 22:00 - 00000000 ____D C:\ProgramData\APN
2013-10-31 21:59 - 2013-10-31 21:59 - 00001847 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-31 21:59 - 2013-10-31 21:59 - 00000000 ____D C:\ProgramData\Avira
2013-10-31 21:59 - 2013-10-31 21:59 - 00000000 ____D C:\Program Files\Avira
2013-10-31 21:58 - 2009-03-06 04:51 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-10-31 21:56 - 2013-10-31 21:54 - 123853152 _____ C:\Users\HP\Downloads\avira_free_antivirus_de_14b411.exe
2013-10-31 21:27 - 2006-11-02 11:33 - 01445116 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-31 00:25 - 2009-06-15 22:05 - 00000000 ____D C:\Users\HP\Documents\My Games
2013-10-31 00:18 - 2013-10-31 00:18 - 00000000 ____D C:\Program Files\Slitherine
2013-10-30 23:26 - 2009-02-26 23:44 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-10-27 23:53 - 2013-10-27 23:48 - 00000000 ____D C:\Program Files\BonanzaDealsLive
2013-10-27 23:53 - 2009-02-17 23:39 - 00000949 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-27 23:51 - 2013-10-27 23:48 - 00000000 ____D C:\Program Files\BonanzaDeals
2013-10-27 23:48 - 2013-10-27 23:48 - 00000280 _____ C:\Windows\Tasks\DigitalSite.job
2013-10-27 23:48 - 2013-10-27 23:48 - 00000000 ____D C:\Users\HP\AppData\Roaming\DigitalSite
2013-10-27 23:48 - 2013-10-27 23:48 - 00000000 ____D C:\Users\HP\AppData\Roaming\0D0S1L2Z1P1B
2013-10-27 23:48 - 2013-10-27 23:48 - 00000000 ____D C:\Users\HP\AppData\Local\BonanzaDealsLive
2013-10-27 23:48 - 2013-10-27 23:48 - 00000000 ____D C:\ProgramData\eSafe
2013-10-27 23:48 - 2013-10-27 23:48 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-10-27 23:47 - 2013-10-27 23:47 - 00752096 _____ C:\Users\HP\Downloads\ZipExtractorSetup.exe
2013-10-27 23:33 - 2013-10-27 23:33 - 01345792 _____ C:\Users\HP\Downloads\Operation-Barbarossa---The-Struggle-for-Russia-Setup.exe
2013-10-27 23:33 - 2013-10-27 23:33 - 00000000 ____D C:\Users\HP\Downloads\Operation-Barbarossa---The-Struggle-for-Russia
2013-10-27 23:33 - 2013-10-27 23:33 - 00000000 ____D C:\Users\HP\ChromeExtensions
2013-10-27 23:33 - 2013-10-27 23:33 - 00000000 ____D C:\Users\HP\AppData\Local\Tempd7a0dc5bca6769ff3dbbb2a0ba9a5f2e
2013-10-27 23:33 - 2013-10-27 23:33 - 00000000 ____D C:\Users\HP\AppData\Local\Temp62ba8363165370c807e11e61a78c735a
2013-10-27 23:33 - 2013-10-27 23:33 - 00000000 ____D C:\Users\HP\AppData\Local\Temp457ad06f72d1fa9f1d337c14820936aa
2013-10-25 17:35 - 2013-10-25 17:35 - 00001969 _____ C:\Users\Public\Desktop\EasyStudio II 2.0 PIMS & File Manager.lnk
2013-10-25 17:34 - 2009-02-26 03:40 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
Files to move or delete:
====================
C:\ProgramData\bgrjwwi.bxx
C:\ProgramData\bgrjwwi.fvv
C:\ProgramData\bgrjwwi.reg
C:\ProgramData\iwwjrgb.dss
Some content of TEMP:
====================
C:\Users\HP\AppData\Local\Temp\0356.dll
C:\Users\HP\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\HP\AppData\Local\Temp\avgnt.exe
C:\Users\HP\AppData\Local\Temp\binkw32.dll
C:\Users\HP\AppData\Local\Temp\d2l_Install.exe
C:\Users\HP\AppData\Local\Temp\dg_tubebox_update.exe
C:\Users\HP\AppData\Local\Temp\drm_dyndata_7380006.dll
C:\Users\HP\AppData\Local\Temp\GenericUninstall.exe
C:\Users\HP\AppData\Local\Temp\mgsqlite3.dll
C:\Users\HP\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
C:\Users\HP\AppData\Local\Temp\Runner.exe
C:\Users\HP\AppData\Local\Temp\sdanircmdc.exe
C:\Users\HP\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
C:\Users\HP\AppData\Local\Temp\Shortcut_SweetIM_2.exe
C:\Users\HP\AppData\Local\Temp\SimboApp.exe
C:\Users\HP\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\HP\AppData\Local\Temp\SmartbarExeInstaller.exe
C:\Users\HP\AppData\Local\Temp\tmp2220.tmp.exe
C:\Users\HP\AppData\Local\Temp\tmpE86A.tmp.exe
C:\Users\HP\AppData\Local\Temp\uninst1.exe
C:\Users\HP\AppData\Local\Temp\uninstaller.exe
C:\Users\HP\AppData\Local\Temp\wajam_install.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-22 12:29
==================== End Of Log =========================
--- --- --- --- --- --- Hallo! Ich habe jetz ein wenig gebastelt. Im Boot menü habe ich nicht den button "Computer reperieren" gefunden, habe es aber geschafft unter "Erzwingen der Treibersignatur deaktivieren" den PC ohne diesem Sperrbild zu starten. Ich hatte leider noch keinen Stic kvorbereitet und mir darum im Netzt diese FRST runter zuz laden und zu scanen. siehe oben den bericht! Ic hhoffe das war so richtig und ihr könnt damit etwas anfangen! lg |
|
23.11.2013, 07:33
| #4 |
| /// the machine /// TB-Ausbilder | bundeskruminalamt trojaner vista Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bgrjwwi.lnk
ShortcutTarget: bgrjwwi.lnk -> C:\PROGRA~2\iwwjrgb.dss (Корпорация Майкрософт)
S2 Winmgmt; C:\ProgramData\iwwjrgb.dss [221184 2013-11-21] (Корпорация Майкрософт)
2013-11-21 22:00 - 2013-11-21 22:00 - 01305088 ____T C:\ProgramData\bgrjwwi.fdd
2013-11-21 22:00 - 2013-11-21 22:00 - 00000279 _____ C:\ProgramData\bgrjwwi.reg
2013-11-21 01:23 - 2013-11-22 12:34 - 95025368 ____T C:\ProgramData\bgrjwwi.bxx
2013-11-21 01:23 - 2013-11-22 12:22 - 00000000 _____ C:\ProgramData\bgrjwwi.fvv
2013-11-21 01:23 - 2013-11-21 01:23 - 00221184 _____ (Корпорация Майкрософт) C:\ProgramData\iwwjrgb.dss
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Rechner normal starten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu bundeskruminalamt trojaner vista |
| abgesicherte, abgesicherten, andere, anderen, beginnt, bildschirm, euro, fake, geblockt, geladen, gesperrt, komplett, modus, neue, problem, seite, starte, troja, trojaner, variante, versucht, vista, windows, wirklich, zahlen |
Linear-Darstellung
