|
Plagegeister aller Art und deren Bekämpfung: Windows 8: keineantwortadresse@web.deWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.12.2013, 16:13 | #1 |
| Windows 8: keineantwortadresse@web.de Hallo liebe Community, ich bin neu hier! Grund ist allerdings ein unerfreulicher! Und zwar bekam ich gestern im Laufe des Tages zig Mails von keineantwortadresse@web.de, welche angeblich alle von meinem Account geschickt wurden. Daraufhin habe ich zunächst das Passwort geändert. Das war gestern abend zwischen 23 und 23.30 Uhr. Seitdem habe ich auch keine weiteren Emails erhalten. Nichtsdestotrotz hatte ich heute morgen von web.de eine Aufforderung erhalten, mein Passwort zu ändern, weil mein Computer oder mein Passwort übernommen oder gehackt wurde. Der Email-Text dürfte einigen von euch bekannt sein: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error........ etc. Ich habe die Mails erstmal alle gelöscht. Noch einmal zur Klarstellung: Seitdem ich das Passwort geändert habe, ist nichts mehr passiert. Nichtsdestotrotz habe ich ein ungutes Gefühl, dass ich vlt einen Trojaner oder einen Virus auf dem Computer habe. Mein Mitbewohner, der etwas computeraffiner ist als ich, hat gestern einige Programme durchlaufen lassen. Ich kann euch gerade nur nicht sagen was und er ist jetzt erstmal eine Woche bei seiner Freundin. Außerdem war er danach auch nicht schlauer. Ich selber nutze AntiMalwareBytes und das meckert derzeit nicht. Ich würde gerne wissen, ob ich einen Trojaner, Keylogger etc. habe oder ob meine Email-Adresse einfach gehackt wurde. Wie in euren Vorgaben beschrieben, habe ich einige Logs erstellt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2013 Ran by Seb (administrator) on SEBASTIAN on 06-12-2013 15:33:55 Running from C:\Users\Seb\Downloads Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe () C:\Program Files\TOSHIBA\LANDriver\TNSSVC.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe () C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Spotify Ltd) C:\Users\Seb\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] - [x] HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13197456 2012-09-28] (Realtek Semiconductor) HKLM\...\Run: [SRS Premium Sound 3D] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_PS3D.zip [215248 2012-07-27] () HKLM\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-05] (TOSHIBA Corporation) HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] () HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2609064 2012-08-30] () HKLM\...\Run: [TOSDCR] - C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] () HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation) HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-08-31] (Acronis) HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [Spotify Web Helper] - C:\Users\Seb\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-19] (Spotify Ltd) HKCU\...\Run: [Spotify] - C:\Users\Seb\AppData\Roaming\Spotify\spotify.exe [5955072 2013-11-19] (Spotify Ltd) HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.) HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation) HKLM-x32\...\Run: [TOSDCR] - %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe HKLM-x32\...\Run: [ATLauncher] - "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createshortcuts:1 HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622232 2007-08-31] (Acronis) HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [907040 2007-08-31] (Acronis) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-08-30] (Cisco Systems, Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2349392 2013-11-11] (LogMeIn Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Lsa: [Authentication Packages] msv1_0 relog_ap Startup: C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File SearchScopes: HKLM - DefaultScope {09A69234-BD08-4395-99EF-968D786EBEF5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS SearchScopes: HKLM - {09A69234-BD08-4395-99EF-968D786EBEF5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS SearchScopes: HKLM-x32 - {09A69234-BD08-4395-99EF-968D786EBEF5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS SearchScopes: HKCU - {09A69234-BD08-4395-99EF-968D786EBEF5} URL = BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 134.95.127.1 FireFox: ======== FF ProfilePath: C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default FF SearchEngineOrder.1: Ask.com FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\searchplugins\youtube-videosuche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Seb\AppData\Roaming\Mozilla\Firefox\Profiles\2xnekie7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-14] (Avira Operations GmbH & Co. KG) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor) R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH) R2 TNSSVC; C:\Program Files\Toshiba\LANDriver\TNSSVC.exe [40944 2012-09-07] () R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) S2 McOobeSv2; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [x] S2 McSchedulerSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [x] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132600 2013-11-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-03-30] (DT Soft Ltd) R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [452432 2012-08-10] (Intel Corporation) R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.) R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider) S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-08-30] (Cisco Systems, Inc.) S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows (R) Win 7 DDK provider) U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation) U5 MBAMSwissArmy; C:\Windows\System32\Drivers\MBAMSwissArmy.sys [116440 2013-12-06] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-06 15:33 - 2013-12-06 15:34 - 00017019 _____ C:\Users\Seb\Downloads\FRST.txt 2013-12-06 15:32 - 2013-12-06 15:32 - 00000000 ____D C:\FRST 2013-12-06 15:31 - 2013-12-06 15:31 - 01925820 _____ (Farbar) C:\Users\Seb\Downloads\FRST64.exe 2013-12-06 12:29 - 2013-12-06 12:41 - 00000000 ____D C:\Users\Seb\Desktop\mbar 2013-12-06 12:29 - 2013-12-06 12:41 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-12-06 12:29 - 2013-12-06 12:29 - 00116440 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2013-12-06 12:29 - 2013-12-06 12:29 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2013-12-06 12:28 - 2013-12-06 12:28 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Seb\Downloads\mbar-1.07.0.1007.exe 2013-12-06 11:46 - 2013-12-06 11:50 - 00000000 ____D C:\ProgramData\HitmanPro 2013-12-06 11:45 - 2013-12-06 11:46 - 10264904 _____ (SurfRight B.V.) C:\Users\Seb\Downloads\hitmanpro_x64.exe 2013-12-06 11:42 - 2013-12-06 11:42 - 00000000 ____D C:\Program Files\McAfee Security Scan 2013-12-06 11:11 - 2013-12-06 11:11 - 02209056 _____ C:\Users\Seb\Downloads\avira-eu-cleaner_de.exe 2013-12-06 11:11 - 2013-12-06 11:11 - 00001992 _____ C:\Users\Seb\Desktop\Entfernen des Avira EU-Cleaners.lnk 2013-12-06 11:11 - 2013-12-06 11:11 - 00001936 _____ C:\Users\Seb\Desktop\Avira EU-Cleaner.lnk 2013-12-06 11:08 - 2013-12-06 11:08 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-12-06 11:07 - 2013-12-06 11:07 - 01070944 _____ (Solid State Networks) C:\Users\Seb\Downloads\install_flashplayer11x32_mssa_aaa_aih.exe 2013-12-06 02:42 - 2013-12-06 02:42 - 00383952 _____ C:\windows\system32\FNTCACHE.DAT 2013-12-06 02:38 - 2013-12-06 02:38 - 01110034 _____ C:\Users\Seb\Downloads\adwcleaner(1).exe 2013-12-06 02:11 - 2013-12-06 02:11 - 00076630 _____ C:\Users\Seb\Downloads\Extras.Txt 2013-12-06 02:10 - 2013-12-06 02:10 - 00138086 _____ C:\Users\Seb\Downloads\OTL.Txt 2013-12-06 02:04 - 2013-12-06 02:04 - 00602112 _____ (OldTimer Tools) C:\Users\Seb\Downloads\OTL.exe 2013-12-06 01:55 - 2013-12-06 01:55 - 00001013 _____ C:\Users\Seb\Desktop\JRT.txt 2013-12-06 01:50 - 2013-12-06 01:50 - 01034531 _____ (Thisisu) C:\Users\Seb\Downloads\JRT.exe 2013-12-06 01:50 - 2013-12-06 01:50 - 00000000 ____D C:\windows\ERUNT 2013-12-06 00:37 - 2013-12-06 00:54 - 00000000 ___SD C:\ComboFix 2013-12-06 00:37 - 2013-12-06 00:37 - 00000000 ___SD C:\32788R22FWJFW 2013-12-06 00:19 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe 2013-12-06 00:19 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe 2013-12-06 00:19 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2013-12-06 00:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2013-12-06 00:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2013-12-06 00:19 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe 2013-12-06 00:19 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe 2013-12-06 00:19 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe 2013-12-06 00:19 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe 2013-12-06 00:14 - 2013-12-06 00:14 - 00001412 _____ C:\Users\Seb\Desktop\ComboFix - Verknüpfung.lnk 2013-12-06 00:13 - 2013-12-06 00:19 - 00000000 ____D C:\Qoobox 2013-12-06 00:12 - 2013-12-06 00:12 - 05152313 ____R (Swearware) C:\Users\Seb\Downloads\ComboFix.exe 2013-12-06 00:12 - 2013-12-06 00:12 - 00000000 ____D C:\windows\erdnt 2013-12-02 02:54 - 2013-12-05 01:41 - 00011110 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)7.sgm 2013-12-01 19:22 - 2013-12-01 19:22 - 00009257 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)6.sgm 2013-11-28 01:47 - 2013-11-28 02:48 - 00009392 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)5.sgm 2013-11-27 14:53 - 2013-11-27 22:00 - 00008283 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)4.sgm 2013-11-27 03:22 - 2013-11-27 03:22 - 00009096 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)3.sgm 2013-11-27 00:03 - 2013-11-27 03:22 - 00009121 _____ C:\Users\Seb\Downloads\Pokemon Gold (D).sgm 2013-11-27 00:03 - 2013-11-27 00:03 - 00008989 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)1.sgm 2013-11-27 00:03 - 2013-11-27 00:03 - 00008577 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)2.sgm 2013-11-26 23:33 - 2013-11-26 23:33 - 00008360 _____ C:\Users\Seb\Desktop\Pokemon Gold (D).sgm 2013-11-26 22:56 - 2013-12-05 01:41 - 00032812 _____ C:\Users\Seb\Downloads\Pokemon Gold (D).sav 2013-11-26 22:52 - 2013-11-26 22:52 - 00000000 ____D C:\Users\Seb\Documents\VisualBoyAdvance-1.8.0-beta3 2013-11-26 22:51 - 2013-11-26 22:51 - 00689051 _____ C:\Users\Seb\Downloads\VisualBoyAdvance-1.8.0-beta3.zip 2013-11-26 22:50 - 2013-11-26 22:50 - 00768138 _____ C:\Users\Seb\Downloads\Pokemon Gold (D).zip 2013-11-23 17:35 - 2013-11-23 17:44 - 00000000 ____D C:\Users\Seb\Desktop\bfgminer-3.1.4-win64 2013-11-23 16:04 - 2013-11-23 16:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2013-11-23 16:04 - 2013-11-23 16:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2013-11-23 16:04 - 2013-11-23 16:04 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2013-11-23 16:04 - 2013-11-23 16:04 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2013-11-23 16:04 - 2013-11-23 16:04 - 00000000 ____D C:\ProgramData\Sun 2013-11-23 16:04 - 2013-11-23 16:04 - 00000000 ____D C:\ProgramData\Oracle 2013-11-23 16:04 - 2013-11-23 16:04 - 00000000 ____D C:\Program Files (x86)\Java 2013-11-23 16:03 - 2013-11-23 16:03 - 00915368 _____ (Oracle Corporation) C:\Users\Seb\Downloads\jxpiinstall.exe 2013-11-23 16:02 - 2013-11-23 16:02 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_silabser_01009.Wdf 2013-11-23 16:02 - 2013-11-23 16:02 - 00000000 ____D C:\Program Files\DIFX 2013-11-23 16:01 - 2013-11-23 16:01 - 03847349 _____ C:\Users\Seb\Downloads\CP210x_VCP_Windows.zip 2013-11-23 16:01 - 2013-11-23 16:01 - 00000000 ____D C:\Users\Seb\Desktop\CP210x_VCP_Windows 2013-11-23 15:59 - 2013-11-23 15:59 - 00000000 ____D C:\Users\Seb\Documents\CP210x_VCP_Windows 2013-11-22 13:53 - 2013-11-22 13:53 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2013-11-21 14:32 - 2013-11-21 14:32 - 00000000 ____D C:\ProgramData\Package Cache 2013-11-16 15:25 - 2013-11-16 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-14 13:52 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll 2013-11-14 13:52 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2013-11-14 13:52 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll 2013-11-14 13:52 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll 2013-11-13 14:43 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-11-13 14:43 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys 2013-11-13 14:43 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL 2013-11-13 14:43 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL 2013-11-13 14:43 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2013-11-13 14:43 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll 2013-11-13 14:43 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll 2013-11-13 14:43 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2013-11-13 14:43 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2013-11-13 14:43 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2013-11-13 14:43 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2013-11-13 14:43 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll 2013-11-13 14:43 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll 2013-11-13 14:43 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll 2013-11-13 14:43 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll 2013-11-13 14:43 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe 2013-11-13 14:43 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe 2013-11-13 14:43 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2013-11-13 14:43 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2013-11-13 14:43 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2013-11-13 14:43 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll 2013-11-13 14:43 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll 2013-11-13 14:43 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll 2013-11-13 14:43 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2013-11-13 14:43 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2013-11-13 14:43 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys 2013-11-13 14:43 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys 2013-11-13 14:43 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll 2013-11-13 14:43 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll 2013-11-13 14:43 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys 2013-11-13 14:43 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys 2013-11-13 14:43 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2013-11-13 14:43 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2013-11-13 14:43 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll 2013-11-13 14:43 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll 2013-11-13 14:43 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll 2013-11-13 14:43 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll 2013-11-13 14:42 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-11-13 14:42 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-11-13 14:42 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-11-13 14:42 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-11-13 14:42 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-11-13 14:42 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-11-13 14:42 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-11-13 14:42 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-11-13 14:42 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-11-13 14:42 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-11-13 14:42 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-11-13 14:42 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-11-13 14:42 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-11-13 14:42 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-11-13 14:42 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-11-13 14:42 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-11-10 23:48 - 2013-11-12 17:44 - 00000000 ____D C:\Users\Seb\Documents\GTA Vice City User Files 2013-11-10 23:17 - 2013-11-10 23:17 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2013-11-08 22:28 - 2013-11-08 22:29 - 00000000 ____D C:\Users\Seb\Desktop\Mining BitCoin 2013-11-08 21:26 - 2013-11-08 21:26 - 00000000 ____D C:\Users\Seb\Documents\cgminer-3.7.0-windows 2013-11-07 02:39 - 2013-11-07 02:39 - 00007597 _____ C:\Users\Seb\AppData\Local\Resmon.ResmonCfg 2013-11-06 23:53 - 2013-11-20 01:25 - 00000000 ____D C:\Users\Seb\AppData\Roaming\Bitcoin 2013-11-06 23:53 - 2013-11-06 23:53 - 11678760 _____ (Bitcoin project) C:\Users\Seb\Downloads\bitcoin-0.8.5-win32-setup.exe 2013-11-06 23:53 - 2013-11-06 23:53 - 00000000 ____D C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin 2013-11-06 23:53 - 2013-11-06 23:53 - 00000000 ____D C:\Program Files (x86)\Bitcoin ==================== One Month Modified Files and Folders ======= 2013-12-06 15:34 - 2013-12-06 15:33 - 00017019 _____ C:\Users\Seb\Downloads\FRST.txt 2013-12-06 15:32 - 2013-12-06 15:32 - 00000000 ____D C:\FRST 2013-12-06 15:32 - 2013-09-05 10:06 - 00000000 ____D C:\Users\Seb\Documents\MASTERARBEIT 2013-12-06 15:31 - 2013-12-06 15:31 - 01925820 _____ (Farbar) C:\Users\Seb\Downloads\FRST64.exe 2013-12-06 15:25 - 2013-03-17 05:11 - 02063493 _____ C:\windows\WindowsUpdate.log 2013-12-06 15:24 - 2013-07-03 17:03 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-06 15:05 - 2013-07-03 17:03 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-06 15:05 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru 2013-12-06 12:51 - 2013-03-16 16:53 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-12-06 12:41 - 2013-12-06 12:29 - 00000000 ____D C:\Users\Seb\Desktop\mbar 2013-12-06 12:41 - 2013-12-06 12:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-12-06 12:29 - 2013-12-06 12:29 - 00116440 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2013-12-06 12:29 - 2013-12-06 12:29 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2013-12-06 12:28 - 2013-12-06 12:28 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Seb\Downloads\mbar-1.07.0.1007.exe 2013-12-06 11:50 - 2013-12-06 11:46 - 00000000 ____D C:\ProgramData\HitmanPro 2013-12-06 11:46 - 2013-12-06 11:45 - 10264904 _____ (SurfRight B.V.) C:\Users\Seb\Downloads\hitmanpro_x64.exe 2013-12-06 11:42 - 2013-12-06 11:42 - 00000000 ____D C:\Program Files\McAfee Security Scan 2013-12-06 11:11 - 2013-12-06 11:11 - 02209056 _____ C:\Users\Seb\Downloads\avira-eu-cleaner_de.exe 2013-12-06 11:11 - 2013-12-06 11:11 - 00001992 _____ C:\Users\Seb\Desktop\Entfernen des Avira EU-Cleaners.lnk 2013-12-06 11:11 - 2013-12-06 11:11 - 00001936 _____ C:\Users\Seb\Desktop\Avira EU-Cleaner.lnk 2013-12-06 11:08 - 2013-12-06 11:08 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-12-06 11:08 - 2013-03-17 23:19 - 00000000 ____D C:\Users\Seb\AppData\Local\Adobe 2013-12-06 11:08 - 2013-03-16 16:53 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-12-06 11:07 - 2013-12-06 11:07 - 01070944 _____ (Solid State Networks) C:\Users\Seb\Downloads\install_flashplayer11x32_mssa_aaa_aih.exe 2013-12-06 11:00 - 2012-08-01 17:38 - 00753134 _____ C:\windows\system32\perfh007.dat 2013-12-06 11:00 - 2012-08-01 17:38 - 00155826 _____ C:\windows\system32\perfc007.dat 2013-12-06 11:00 - 2012-07-26 08:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI 2013-12-06 02:42 - 2013-12-06 02:42 - 00383952 _____ C:\windows\system32\FNTCACHE.DAT 2013-12-06 02:42 - 2013-10-27 22:52 - 00000000 ____D C:\AdwCleaner 2013-12-06 02:42 - 2012-11-09 08:11 - 00121894 _____ C:\windows\PFRO.log 2013-12-06 02:42 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-12-06 02:42 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI 2013-12-06 02:38 - 2013-12-06 02:38 - 01110034 _____ C:\Users\Seb\Downloads\adwcleaner(1).exe 2013-12-06 02:11 - 2013-12-06 02:11 - 00076630 _____ C:\Users\Seb\Downloads\Extras.Txt 2013-12-06 02:10 - 2013-12-06 02:10 - 00138086 _____ C:\Users\Seb\Downloads\OTL.Txt 2013-12-06 02:04 - 2013-12-06 02:04 - 00602112 _____ (OldTimer Tools) C:\Users\Seb\Downloads\OTL.exe 2013-12-06 01:55 - 2013-12-06 01:55 - 00001013 _____ C:\Users\Seb\Desktop\JRT.txt 2013-12-06 01:50 - 2013-12-06 01:50 - 01034531 _____ (Thisisu) C:\Users\Seb\Downloads\JRT.exe 2013-12-06 01:50 - 2013-12-06 01:50 - 00000000 ____D C:\windows\ERUNT 2013-12-06 00:54 - 2013-12-06 00:37 - 00000000 ___SD C:\ComboFix 2013-12-06 00:37 - 2013-12-06 00:37 - 00000000 ___SD C:\32788R22FWJFW 2013-12-06 00:19 - 2013-12-06 00:13 - 00000000 ____D C:\Qoobox 2013-12-06 00:14 - 2013-12-06 00:14 - 00001412 _____ C:\Users\Seb\Desktop\ComboFix - Verknüpfung.lnk 2013-12-06 00:12 - 2013-12-06 00:12 - 05152313 ____R (Swearware) C:\Users\Seb\Downloads\ComboFix.exe 2013-12-06 00:12 - 2013-12-06 00:12 - 00000000 ____D C:\windows\erdnt 2013-12-05 01:41 - 2013-12-02 02:54 - 00011110 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)7.sgm 2013-12-05 01:41 - 2013-11-26 22:56 - 00032812 _____ C:\Users\Seb\Downloads\Pokemon Gold (D).sav 2013-12-03 13:28 - 2013-04-01 11:26 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2013-12-02 01:42 - 2013-03-16 17:24 - 00000000 ____D C:\Users\Seb\AppData\Roaming\Spotify 2013-12-01 19:22 - 2013-12-01 19:22 - 00009257 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)6.sgm 2013-12-01 15:03 - 2012-07-26 08:21 - 00036870 _____ C:\windows\setupact.log 2013-12-01 15:00 - 2013-03-16 17:24 - 00000000 ____D C:\Users\Seb\AppData\Local\Spotify 2013-12-01 13:19 - 2013-07-03 17:03 - 00004096 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-12-01 13:19 - 2013-07-03 17:03 - 00003860 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-11-28 02:48 - 2013-11-28 01:47 - 00009392 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)5.sgm 2013-11-27 22:00 - 2013-11-27 14:53 - 00008283 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)4.sgm 2013-11-27 03:22 - 2013-11-27 03:22 - 00009096 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)3.sgm 2013-11-27 03:22 - 2013-11-27 00:03 - 00009121 _____ C:\Users\Seb\Downloads\Pokemon Gold (D).sgm 2013-11-27 00:03 - 2013-11-27 00:03 - 00008989 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)1.sgm 2013-11-27 00:03 - 2013-11-27 00:03 - 00008577 _____ C:\Users\Seb\Downloads\Pokemon Gold (D)2.sgm 2013-11-26 23:33 - 2013-11-26 23:33 - 00008360 _____ C:\Users\Seb\Desktop\Pokemon Gold (D).sgm 2013-11-26 22:52 - 2013-11-26 22:52 - 00000000 ____D C:\Users\Seb\Documents\VisualBoyAdvance-1.8.0-beta3 2013-11-26 22:51 - 2013-11-26 22:51 - 00689051 _____ C:\Users\Seb\Downloads\VisualBoyAdvance-1.8.0-beta3.zip 2013-11-26 22:50 - 2013-11-26 22:50 - 00768138 _____ C:\Users\Seb\Downloads\Pokemon Gold (D).zip 2013-11-26 22:04 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent 2013-11-23 20:13 - 2012-07-26 09:12 - 00000000 ____D C:\windows\rescache 2013-11-23 17:44 - 2013-11-23 17:35 - 00000000 ____D C:\Users\Seb\Desktop\bfgminer-3.1.4-win64 2013-11-23 16:30 - 2013-01-15 01:45 - 00073238 _____ C:\windows\DPINST.LOG 2013-11-23 16:26 - 2013-03-16 14:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-23 16:26 - 2012-07-26 09:12 - 00000000 ___RD C:\windows\ToastData 2013-11-23 16:26 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore 2013-11-23 16:04 - 2013-11-23 16:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2013-11-23 16:04 - 2013-11-23 16:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2013-11-23 16:04 - 2013-11-23 16:04 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2013-11-23 16:04 - 2013-11-23 16:04 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2013-11-23 16:04 - 2013-11-23 16:04 - 00000000 ____D C:\ProgramData\Sun 2013-11-23 16:04 - 2013-11-23 16:04 - 00000000 ____D C:\ProgramData\Oracle 2013-11-23 16:04 - 2013-11-23 16:04 - 00000000 ____D C:\Program Files (x86)\Java 2013-11-23 16:03 - 2013-11-23 16:03 - 00915368 _____ (Oracle Corporation) C:\Users\Seb\Downloads\jxpiinstall.exe 2013-11-23 16:02 - 2013-11-23 16:02 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_silabser_01009.Wdf 2013-11-23 16:02 - 2013-11-23 16:02 - 00000000 ____D C:\Program Files\DIFX 2013-11-23 16:01 - 2013-11-23 16:01 - 03847349 _____ C:\Users\Seb\Downloads\CP210x_VCP_Windows.zip 2013-11-23 16:01 - 2013-11-23 16:01 - 00000000 ____D C:\Users\Seb\Desktop\CP210x_VCP_Windows 2013-11-23 16:01 - 2013-10-24 22:39 - 00073216 _____ (Silicon Laboratories) C:\windows\system32\Drivers\silabser.sys 2013-11-23 16:01 - 2013-10-24 22:39 - 00027336 _____ (Silicon Laboratories) C:\windows\system32\Drivers\silabenm.sys 2013-11-23 15:59 - 2013-11-23 15:59 - 00000000 ____D C:\Users\Seb\Documents\CP210x_VCP_Windows 2013-11-22 13:53 - 2013-11-22 13:53 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2013-11-22 12:52 - 2013-10-26 01:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-11-21 14:33 - 2013-01-15 01:40 - 00000000 ____D C:\Intel 2013-11-21 14:33 - 2012-11-08 23:57 - 00000000 ____D C:\ProgramData\Intel 2013-11-21 14:32 - 2013-11-21 14:32 - 00000000 ____D C:\ProgramData\Package Cache 2013-11-21 14:32 - 2013-08-19 21:08 - 00000000 ____D C:\Users\ADMINI~1 2013-11-21 14:32 - 2013-01-15 01:46 - 00000000 ____D C:\ProgramData\Intel.sav 2013-11-21 14:32 - 2013-01-15 01:46 - 00000000 ____D C:\Program Files (x86)\Cisco 2013-11-21 14:32 - 2013-01-15 01:41 - 00000000 ____D C:\Program Files\Common Files\Intel 2013-11-21 14:32 - 2013-01-15 01:39 - 00000000 ____D C:\Program Files\Intel 2013-11-21 14:32 - 2012-11-08 23:57 - 00000000 ____D C:\Program Files (x86)\Intel 2013-11-20 16:52 - 2012-07-26 09:12 - 00000000 ____D C:\windows\LiveKernelReports 2013-11-20 01:25 - 2013-11-06 23:53 - 00000000 ____D C:\Users\Seb\AppData\Roaming\Bitcoin 2013-11-19 00:28 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\NDF 2013-11-16 15:25 - 2013-11-16 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-15 14:16 - 2013-03-21 23:39 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-11-15 13:48 - 2013-07-15 20:37 - 00000000 ____D C:\windows\system32\MRT 2013-11-15 13:47 - 2013-03-18 22:28 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-11-14 13:57 - 2013-05-08 10:50 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2013-11-14 13:57 - 2013-04-01 11:26 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2013-11-14 13:57 - 2013-04-01 11:26 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2013-11-12 19:24 - 2013-03-16 12:17 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-737478861-1433762466-2432789249-1001 2013-11-12 17:44 - 2013-11-10 23:48 - 00000000 ____D C:\Users\Seb\Documents\GTA Vice City User Files 2013-11-10 23:39 - 2013-03-16 21:52 - 00016314 _____ C:\windows\Directx.log 2013-11-10 23:18 - 2012-11-08 23:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-11-10 23:17 - 2013-11-10 23:17 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2013-11-08 22:29 - 2013-11-08 22:28 - 00000000 ____D C:\Users\Seb\Desktop\Mining BitCoin 2013-11-08 21:26 - 2013-11-08 21:26 - 00000000 ____D C:\Users\Seb\Documents\cgminer-3.7.0-windows 2013-11-07 02:39 - 2013-11-07 02:39 - 00007597 _____ C:\Users\Seb\AppData\Local\Resmon.ResmonCfg 2013-11-06 23:53 - 2013-11-06 23:53 - 11678760 _____ (Bitcoin project) C:\Users\Seb\Downloads\bitcoin-0.8.5-win32-setup.exe 2013-11-06 23:53 - 2013-11-06 23:53 - 00000000 ____D C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin 2013-11-06 23:53 - 2013-11-06 23:53 - 00000000 ____D C:\Program Files (x86)\Bitcoin Some content of TEMP: ==================== C:\Users\ADMINI~1\AppData\Local\Temp\PresentationCore.dll C:\Users\ADMINI~1\AppData\Local\Temp\PresentationFramework.dll C:\Users\ADMINI~1\AppData\Local\Temp\ReachFramework.dll C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationProvider.dll C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationTypes.dll C:\Users\ADMINI~1\AppData\Local\Temp\WindowsBase.dll C:\Users\ADMINI~1\AppData\Local\Temp\WindowsFormsIntegration.dll C:\Users\Seb\AppData\Local\Temp\avgnt.exe C:\Users\Seb\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-28 15:57 ==================== End Of Log =========================== Addition Datei: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2013 Ran by Seb at 2013-12-06 15:34:24 Running from C:\Users\Seb\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Acronis*True*Image*Home (x32 Version: 11.0.8010) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152) Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05) Aloha TriPeaks (x32 Version: 2.2.0.98) ANNO 1503 (x32) Apple Application Support (x32 Version: 2.3.6) Apple Mobile Device Support (Version: 7.0.0.117) Apple Software Update (x32 Version: 2.1.3.127) Avira Free Antivirus (x32 Version: 14.0.1.759) Bejeweled 3 (x32 Version: 2.2.0.98) Bitcoin (HKCU Version: 0.8.5) Bonjour (Version: 3.0.0.10) Chuzzle Deluxe (x32 Version: 2.2.0.95) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04066) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04066) Command & Conquer Generals (x32 Version: 0.50.0000) Counter-Strike Source 1.9.1 (x32) DAEMON Tools Lite (x32 Version: 4.46.1.0327) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) doPDF 7.3 printer Empire Earth (x32) Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98) Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1) Free YouTube to MP3 Converter version 3.12.0.128 (x32 Version: 3.12.0.128) FUSSBALL MANAGER 09 (x32) Google Earth Plug-in (x32 Version: 7.1.1.1888) Google Update Helper (x32 Version: 1.3.22.3) Grand Theft Auto Vice City (x32 Version: 1.00.000) HP LaserJet P1000 series (x32) HPSSupply (x32 Version: 2.1.1.0000) Intel AppUp(SM) center (x32 Version: 3.6.1.33268.15) Intel(R) Management Engine Components (x32 Version: 8.1.0.1252) Intel(R) Network Connections Drivers (Version: 17.3) Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577) Intel(R) Processor Graphics (x32 Version: 9.17.10.2828) Intel(R) Rapid Start Technology (x32 Version: 2.1.0.1002) Intel(R) Rapid Storage Technology (x32 Version: 11.5.2.1001) Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149) Intel(R) WiDi (Version: 3.5.34.0) Intel® PROSet/Wireless Software (x32 Version: 16.1.5) Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269) Intel® Trusted Connect Service Client (Version: 1.24.388.1) Island Tribe (x32 Version: 2.2.0.98) iTunes (Version: 11.1.2.32) Java 7 Update 45 (x32 Version: 7.0.450) Java Auto Updater (x32 Version: 2.1.9.8) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98) LogMeIn Hamachi (x32 Version: 2.2.0.105) Magic Academy (x32 Version: 2.2.0.98) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) McAfee Security Scan Plus (Version: 3.8.130.10) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1) Mozilla Maintenance Service (x32 Version: 24.1.1) Mozilla Thunderbird 24.1.1 (x86 de) (x32 Version: 24.1.1) MrvlUsgTracking (x32 Version: 1.0.7) MrvlUsgTracking64 (Version: 1.0.1) Nero 12 Essentials Toshiba (x32 Version: 12.0.00600) Nero BackItUp (x32 Version: 12.0.3000) Nero BackItUp Help (CHM) (x32 Version: 12.0.3000) Nero Blu-ray Player (x32 Version: 12.0.17500) Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.4000) Nero BurnRights (x32 Version: 12.0.5000) Nero BurnRights Help (CHM) (x32 Version: 12.0.5000) Nero ControlCenter (x32 Version: 11.0.15300) Nero ControlCenter Help (CHM) (x32 Version: 12.0.5000) Nero Core Components (x32 Version: 11.0.18200) Nero Express (x32 Version: 12.0.20000) Nero Express Help (CHM) (x32 Version: 12.0.5000) Nero Kwik Media (x32 Version: 1.18.18900) Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000) Nero Kwik Themes Basic (x32 Version: 12.0.11500) Nero Launcher (x32 Version: 12.2.6000) Nero RescueAgent (x32 Version: 12.0.9000) Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000) Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0) Nero Update (x32 Version: 11.0.11800.31.0) OpenOffice.org 3.4.1 (x32 Version: 3.41.9593) Peggle Nights (x32 Version: 2.2.0.98) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98) Polar Bowler (x32 Version: 2.2.0.97) Prerequisite installer (x32 Version: 12.0.0002) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6748) RICOH Media Driver v2.22.17.01 (x32 Version: 2.22.17.01) Shared C Run-time for x64 (Version: 10.0.0) Sid Meier's Civilization 4 (x32 Version: 1.61) Skype™ 6.3 (x32 Version: 6.3.105) Spotify (HKCU Version: 0.9.6.72.ge389c074) SRS Premium Sound Control Panel (Version: 1.12.4600) Synaptics Pointing Device Driver (Version: 16.2.10.5) TOSHIBA Desktop Assist (Version: 1.00.0007.00002) TOSHIBA eco Utility (Version: 2.0.0.6415) TOSHIBA Function Key (Version: 1.00.6625.6402) TOSHIBA Manuals (x32 Version: 10.10) TOSHIBA Password Utility (Version: 3.00.0002.64003) TOSHIBA PC Health Monitor (Version: 1.8.17.640104) TOSHIBA Recovery Media Creator (x32 Version: 2.2.1.54043006) TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.2.2.00) TOSHIBA Service Station (Version: 2.4.6) TOSHIBA System Driver (x32 Version: 1.00.0012) TOSHIBA System Settings (x32 Version: 1.00.0002.32002) Toshiba TEMPRO (x32 Version: 4.5.0) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32) Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32) Update Installer for WildTangent Games App (x32) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98) Welcome App (Start-up experience) (x32 Version: 12.0.14000) WildTangent Games (x32 Version: 1.0.3.0) WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7) Windows Mobile Device Updater Component (Version: 04.08.2345.00) Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports (10/18/2013 6.6.1.0) (Version: 10/18/2013 6.6.1.0) Xfire (remove only) (x32) Zune (Version: 04.08.2345.00) Zune Language Pack (CHS) (Version: 04.08.2345.00) Zune Language Pack (CHT) (Version: 04.08.2345.00) Zune Language Pack (CSY) (Version: 04.08.2345.00) Zune Language Pack (DAN) (Version: 04.08.2345.00) Zune Language Pack (DEU) (Version: 04.08.2345.00) Zune Language Pack (ELL) (Version: 04.08.2345.00) Zune Language Pack (ESP) (Version: 04.08.2345.00) Zune Language Pack (FIN) (Version: 04.08.2345.00) Zune Language Pack (FRA) (Version: 04.08.2345.00) Zune Language Pack (HUN) (Version: 04.08.2345.00) Zune Language Pack (IND) (Version: 04.08.2345.00) Zune Language Pack (ITA) (Version: 04.08.2345.00) Zune Language Pack (JPN) (Version: 04.08.2345.00) Zune Language Pack (KOR) (Version: 04.08.2345.00) Zune Language Pack (MSL) (Version: 04.08.2345.00) Zune Language Pack (NLD) (Version: 04.08.2345.00) Zune Language Pack (NOR) (Version: 04.08.2345.00) Zune Language Pack (PLK) (Version: 04.08.2345.00) Zune Language Pack (PTB) (Version: 04.08.2345.00) Zune Language Pack (PTG) (Version: 04.08.2345.00) Zune Language Pack (RUS) (Version: 04.08.2345.00) Zune Language Pack (SVE) (Version: 04.08.2345.00) ==================== Restore Points ========================= 17-11-2013 22:40:02 Windows Update 21-11-2013 13:31:44 Windows Update 23-11-2013 15:04:16 Installed Java 7 Update 45 30-11-2013 16:45:58 Geplanter Prüfpunkt 05-12-2013 23:19:02 ComboFix created restore point ==================== Hosts content: ========================== 2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {14A6BD4C-A6E2-4F35-B652-641AEAE236B9} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2012-08-23] (TOSHIBA Corporation) Task: {25EFD721-B249-4586-928F-FEF77859D5E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-06] (Adobe Systems Incorporated) Task: {56646ECA-B8DF-412F-ABDA-99F992CF7BA2} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {74CA6B9C-6BB8-4DA6-85E0-3E0EA7BB6753} - \Scheduled Update for Ask Toolbar No Task File Task: {89A3EF59-80D8-4277-AAA7-84286EE6F95E} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-18] (Toshiba Europe GmbH) Task: {9A17AAAE-86BA-4B7A-806C-086C4AAA3365} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03] (Google Inc.) Task: {C406893B-1034-4290-8512-5AAAE1476259} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03] (Google Inc.) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {E6DF1243-744B-4D1A-8467-47FB61413B1C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-08-06 06:36 - 2012-08-06 06:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2012-07-19 03:38 - 2012-07-19 03:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll 2010-03-03 23:15 - 2010-03-03 23:15 - 00019256 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnF10.dll 2010-03-03 23:15 - 2010-03-03 23:15 - 00019256 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnF11.dll 2012-08-14 04:13 - 2012-08-14 04:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll 2013-03-16 23:49 - 2012-12-18 09:31 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-01-15 01:39 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2012-11-08 23:57 - 2012-08-01 23:01 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll 2012-11-08 23:57 - 2012-08-01 23:01 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll 2012-11-08 23:57 - 2012-08-01 23:01 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll 2012-11-08 23:57 - 2012-08-01 23:01 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll 2012-11-08 23:57 - 2012-08-01 23:01 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll 2012-11-08 23:57 - 2012-08-01 23:01 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll 2012-11-08 23:57 - 2012-08-01 23:01 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll 2012-11-08 23:57 - 2012-08-01 23:01 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll 2012-11-08 23:57 - 2012-08-01 23:01 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll 2012-11-08 23:57 - 2012-08-01 23:01 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll 2012-11-08 23:57 - 2012-08-01 23:01 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll 2012-11-08 23:57 - 2012-08-01 23:01 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll 2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2007-08-31 17:13 - 2007-08-31 17:13 - 01336600 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll 2013-11-16 15:25 - 2013-11-16 15:25 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/05/2013 11:46:35 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (12/04/2013 00:28:50 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (12/03/2013 03:14:20 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: WLANExt.exe, Version: 6.2.9200.16384, Zeitstempel: 0x5010891a Name des fehlerhaften Moduls: IWMSSvc.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x521e806a Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007fd7790b723 ID des fehlerhaften Prozesses: 0x2ef4 Startzeit der fehlerhaften Anwendung: 0xWLANExt.exe0 Pfad der fehlerhaften Anwendung: WLANExt.exe1 Pfad des fehlerhaften Moduls: WLANExt.exe2 Berichtskennung: WLANExt.exe3 Vollständiger Name des fehlerhaften Pakets: WLANExt.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WLANExt.exe5 Error: (12/02/2013 05:01:28 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: WLANExt.exe, Version: 6.2.9200.16384, Zeitstempel: 0x5010891a Name des fehlerhaften Moduls: IWMSSvc.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x521e806a Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007fd818bb723 ID des fehlerhaften Prozesses: 0x1bc0 Startzeit der fehlerhaften Anwendung: 0xWLANExt.exe0 Pfad der fehlerhaften Anwendung: WLANExt.exe1 Pfad des fehlerhaften Moduls: WLANExt.exe2 Berichtskennung: WLANExt.exe3 Vollständiger Name des fehlerhaften Pakets: WLANExt.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WLANExt.exe5 Error: (12/02/2013 00:55:34 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: WLANExt.exe, Version: 6.2.9200.16384, Zeitstempel: 0x5010891a Name des fehlerhaften Moduls: IWMSSvc.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x521e806a Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007fd79aeb723 ID des fehlerhaften Prozesses: 0x39cc Startzeit der fehlerhaften Anwendung: 0xWLANExt.exe0 Pfad der fehlerhaften Anwendung: WLANExt.exe1 Pfad des fehlerhaften Moduls: WLANExt.exe2 Berichtskennung: WLANExt.exe3 Vollständiger Name des fehlerhaften Pakets: WLANExt.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WLANExt.exe5 Error: (11/30/2013 03:13:39 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (11/29/2013 02:53:06 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (11/28/2013 05:31:17 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (11/26/2013 08:51:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Sebastian) Description: Das Paket „Microsoft.ZuneMusic_1.5.214.0_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte. Error: (11/26/2013 08:35:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Sebastian) Description: Die App „Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic“ wurde nicht innerhalb der vorgesehenen Zeit gestartet. System errors: ============= Error: (12/06/2013 03:05:28 PM) (Source: NetBT) (User: ) Description: Der Name "SEBASTIAN :0" konnte nicht auf der Schnittstelle mit IP-Adresse 172.29.242.208 registriert werden. Der Computer mit IP-Adresse 134.95.112.101 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (12/06/2013 00:41:22 PM) (Source: mbamchameleon) (User: ) Description: \Device\HarddiskVolume4\PROGRAM FILES\MCAFEE SECURITY SCAN\3.8.130\SSSCHEDULER.EXE Error: (12/06/2013 00:40:33 PM) (Source: mbamchameleon) (User: ) Description: \Device\HarddiskVolume4\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVWSC.EXE Error: (12/06/2013 00:40:33 PM) (Source: mbamchameleon) (User: ) Description: \??\C:\Program Files (x86)\Avira\AntiVir Desktop\avwsc.exe Error: (12/06/2013 00:30:32 PM) (Source: mbamchameleon) (User: ) Description: \Device\HarddiskVolume4\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVWSC.EXE Error: (12/06/2013 00:30:32 PM) (Source: mbamchameleon) (User: ) Description: \??\C:\Program Files (x86)\Avira\AntiVir Desktop\avwsc.exe Error: (12/06/2013 00:29:10 PM) (Source: mbamchameleon) (User: ) Description: \Device\HarddiskVolume4\PROGRAM FILES\MCAFEE SECURITY SCAN\3.8.130\SSSCHEDULER.EXE Error: (12/06/2013 00:29:10 PM) (Source: mbamchameleon) (User: ) Description: \Device\HarddiskVolume4\PROGRAM FILES\MCAFEE SECURITY SCAN\3.8.130\SSSCHEDULER.EXE Error: (12/06/2013 00:29:09 PM) (Source: mbamchameleon) (User: ) Description: \Device\HarddiskVolume4\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe Error: (12/06/2013 00:29:09 PM) (Source: mbamchameleon) (User: ) Description: \Device\HarddiskVolume4\PROGRAM FILES\MCAFEE SECURITY SCAN\3.8.130\SSSCHEDULER.EXE Microsoft Office Sessions: ========================= Error: (12/05/2013 11:46:35 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 Error: (12/04/2013 00:28:50 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 Error: (12/03/2013 03:14:20 PM) (Source: Application Error)(User: ) Description: WLANExt.exe6.2.9200.163845010891aIWMSSvc.dll_unloaded0.0.0.0521e806ac0000005000007fd7790b7232ef401cef022d8735bfbC:\windows\system32\WLANExt.exeIWMSSvc.dll33185d6b-5c25-11e3-bee8-c8f733913623 Error: (12/02/2013 05:01:28 PM) (Source: Application Error)(User: ) Description: WLANExt.exe6.2.9200.163845010891aIWMSSvc.dll_unloaded0.0.0.0521e806ac0000005000007fd818bb7231bc001ceef5f2be4fc58C:\windows\system32\WLANExt.exeIWMSSvc.dll006c8d6f-5b6b-11e3-bee8-c8f733913623 Error: (12/02/2013 00:55:34 PM) (Source: Application Error)(User: ) Description: WLANExt.exe6.2.9200.163845010891aIWMSSvc.dll_unloaded0.0.0.0521e806ac0000005000007fd79aeb72339cc01ceef475a8aa028C:\windows\system32\WLANExt.exeIWMSSvc.dlla65986df-5b48-11e3-bee8-c8f733913623 Error: (11/30/2013 03:13:39 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 Error: (11/29/2013 02:53:06 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 Error: (11/28/2013 05:31:17 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 Error: (11/26/2013 08:51:09 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Sebastian) Description: Microsoft.ZuneMusic_1.5.214.0_x64__8wekyb3d8bbwe Error: (11/26/2013 08:35:46 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Sebastian) Description: Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic ==================== Memory info =========================== Percentage of memory in use: 42% Total physical RAM: 3990.14 MB Available physical RAM: 2281.21 MB Total Pagefile: 6678.14 MB Available Pagefile: 4630.81 MB Total Virtual: 8192 MB Available Virtual: 8191.76 MB ==================== Drives ================================ Drive c: (TI31016900A) (Fixed) (Total:219.49 GB) (Free:86.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238 GB) (Disk ID: 728F6589) Partition: GPT Partition Type ==================== End Of Log ============================ GMER Datei: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-12-06 15:46:26 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000042 TOSHIBA_THNSNF256GMCS rev.FSTAN103 238,47GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Seb\AppData\Local\Temp\fgtcapow.sys ---- User code sections - GMER 2.1 ---- .text C:\windows\System32\spoolsv.exe[1724] C:\windows\system32\MSIMG32.DLL!GradientFill + 690 000007fc48bd1532 4 bytes [BD, 48, FC, 07] .text C:\windows\System32\spoolsv.exe[1724] C:\windows\system32\MSIMG32.DLL!GradientFill + 698 000007fc48bd153a 4 bytes [BD, 48, FC, 07] .text C:\windows\System32\spoolsv.exe[1724] C:\windows\system32\MSIMG32.DLL!TransparentBlt + 246 000007fc48bd165a 4 bytes [BD, 48, FC, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2092] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc48bd1532 4 bytes [BD, 48, FC, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2092] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc48bd153a 4 bytes [BD, 48, FC, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2092] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc48bd165a 4 bytes [BD, 48, FC, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2092] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fc4e7a177a 4 bytes [7A, 4E, FC, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2092] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fc4e7a1782 4 bytes [7A, 4E, FC, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2092] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fc451e1b32 4 bytes [1E, 45, FC, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2092] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fc451e1b3a 4 bytes [1E, 45, FC, 07] .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2288] C:\windows\system32\PsApi.dll!GetProcessImageFileNameA + 306 000007fc4e7a177a 4 bytes [7A, 4E, FC, 07] .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2288] C:\windows\system32\PsApi.dll!GetProcessImageFileNameA + 314 000007fc4e7a1782 4 bytes [7A, 4E, FC, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2392] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fc4e7a177a 4 bytes [7A, 4E, FC, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2392] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fc4e7a1782 4 bytes [7A, 4E, FC, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2392] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc48bd1532 4 bytes [BD, 48, FC, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2392] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc48bd153a 4 bytes [BD, 48, FC, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2392] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc48bd165a 4 bytes [BD, 48, FC, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2676] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc48bd1532 4 bytes [BD, 48, FC, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2676] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc48bd153a 4 bytes [BD, 48, FC, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2676] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc48bd165a 4 bytes [BD, 48, FC, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2676] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fc4e7a177a 4 bytes [7A, 4E, FC, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2676] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fc4e7a1782 4 bytes [7A, 4E, FC, 07] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2700] C:\windows\system32\PsApi.dll!GetProcessImageFileNameA + 306 000007fc4e7a177a 4 bytes [7A, 4E, FC, 07] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2700] C:\windows\system32\PsApi.dll!GetProcessImageFileNameA + 314 000007fc4e7a1782 4 bytes [7A, 4E, FC, 07] .text C:\windows\system32\wbem\wmiprvse.exe[2868] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fc4e7a177a 4 bytes [7A, 4E, FC, 07] .text C:\windows\system32\wbem\wmiprvse.exe[2868] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fc4e7a1782 4 bytes [7A, 4E, FC, 07] .text C:\windows\system32\wbem\wmiprvse.exe[2868] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc48bd1532 4 bytes [BD, 48, FC, 07] .text C:\windows\system32\wbem\wmiprvse.exe[2868] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc48bd153a 4 bytes [BD, 48, FC, 07] .text C:\windows\system32\wbem\wmiprvse.exe[2868] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc48bd165a 4 bytes [BD, 48, FC, 07] .text C:\windows\system32\WLANExt.exe[580] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fc4e7a177a 4 bytes [7A, 4E, FC, 07] .text C:\windows\system32\WLANExt.exe[580] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fc4e7a1782 4 bytes [7A, 4E, FC, 07] .text C:\windows\system32\WLANExt.exe[580] C:\windows\system32\MSIMG32.dll!GradientFill + 690 000007fc48bd1532 4 bytes [BD, 48, FC, 07] .text C:\windows\system32\WLANExt.exe[580] C:\windows\system32\MSIMG32.dll!GradientFill + 698 000007fc48bd153a 4 bytes [BD, 48, FC, 07] .text C:\windows\system32\WLANExt.exe[580] C:\windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fc48bd165a 4 bytes [BD, 48, FC, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4908] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc48bd1532 4 bytes [BD, 48, FC, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4908] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc48bd153a 4 bytes [BD, 48, FC, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4908] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc48bd165a 4 bytes [BD, 48, FC, 07] .text C:\Windows\System32\igfxpers.exe[5724] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fc4e7a177a 4 bytes [7A, 4E, FC, 07] .text C:\Windows\System32\igfxpers.exe[5724] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fc4e7a1782 4 bytes [7A, 4E, FC, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2360] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc48bd1532 4 bytes [BD, 48, FC, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2360] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc48bd153a 4 bytes [BD, 48, FC, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2360] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc48bd165a 4 bytes [BD, 48, FC, 07] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[5568] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc48bd1532 4 bytes [BD, 48, FC, 07] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[5568] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc48bd153a 4 bytes [BD, 48, FC, 07] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[5568] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc48bd165a 4 bytes [BD, 48, FC, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6452] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fc4e7a177a 4 bytes [7A, 4E, FC, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6452] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fc4e7a1782 4 bytes [7A, 4E, FC, 07] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4504] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fc4e7a177a 4 bytes [7A, 4E, FC, 07] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4504] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fc4e7a1782 4 bytes [7A, 4E, FC, 07] ---- Threads - GMER 2.1 ---- Thread C:\windows\system32\csrss.exe [824:5436] fffff9600086c5e8 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Vielen Dank für Eure Hilfe schon einmal vorab! :-) |
06.12.2013, 16:17 | #2 |
/// the machine /// TB-Ausbilder | Windows 8: keineantwortadresse@web.de hi,
__________________Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
__________________ |
06.12.2013, 16:25 | #3 |
| Windows 8: keineantwortadresse@web.de Hi,
__________________Hier das Text Log: Code:
ATTFilter Detected Windows version: 6.2 Build 9200 Installing direct disk access driver ... Driver connection handle: 0x00000154 1 valid drive(s) found. Details for Disk 0 - TOSHIBA THNSNF256GMCS Rev FSTAN103: Device name : \\.\PhysicalDrive0 Geometry (C/H/S) : 31130/255/63 Boot loader reputation : Unknown Cross view comparison : Passed Partition table integrity: Passed Boot loader hashes SHA-1 : 639AC5CDF8A5CF3245975932C6A4215450A7B98F MD5 : 5FB38429D5D77768867C76DCBDB35194 Anbei das zip |
07.12.2013, 12:05 | #4 |
/// the machine /// TB-Ausbilder | Windows 8: keineantwortadresse@web.de alles gut. Ändere das Passwort zum Email Account. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
07.12.2013, 15:27 | #5 |
| Windows 8: keineantwortadresse@web.de Hey Schrauber! Vielen Dank! :-) Seitdem ich das Passwort am Donnerstag gegen 23 Uhr geändert habe, keine einzige Email mehr bekommen! War das denn eher ein Passwort-Hack? |
08.12.2013, 07:24 | #6 |
/// the machine /// TB-Ausbilder | Windows 8: keineantwortadresse@web.de Genau
__________________ --> Windows 8: keineantwortadresse@web.de |
Themen zu Windows 8: keineantwortadresse@web.de |
4d36e972-e325-11ce-bfc1-08002be10318, adblock, antimalwarebytes, antivir, antivirus, avira, bonjour, computer, converter, desktop, device driver, entfernen, excel, firefox, flash player, homepage, installation, mozilla, mp3, plug-in, realtek, registry, rundll, scan, security, spotify web helper, svchost.exe, system, trojaner, vice city, virus, wildtangent games, windows, ändern |