| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: AKM Trojaner hat meine Freundin erwischtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.12.2013, 21:38
| #1 |
| |  AKM Trojaner hat meine Freundin erwischt Hallo liebe Community, bei meiner Freundin hat der berüchtigte AKM-Trojaner zugeschlagen, er hat sich plötzlich beim Anschauen eines Youtube Videos installiert und ist danach aufgepoppt. Ein (Neu-)Start im abgesicherten Modus war leider erfoglos, der Trojaner aktivierte sich dennoch, wenn auch nur als weiße Wand (da keine Netzwerkverbindung existierte). Habe bereits den OTLpe durchlaufen lassen und hoffe einfach mal auf eure Hilfe, sodass meine Freundin den Rechner säubern kann bzw. zumindest ihre privaten Daten sichern kann. Danke Schön im Voraus! |
|
14.12.2013, 06:41
| #2 |
| /// the machine /// TB-Ausbilder    | AKM Trojaner hat meine Freundin erwischt Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
14.12.2013, 09:21
| #3 |
| | AKM Trojaner hat meine Freundin erwischt Hi,
__________________sorry & danke für die Info, hier noch einmal das Logfile: Code:
ATTFilter OTL logfile created on: 12/13/2013 8:21:41 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.54 Mb Free Space | 75.55% Space Free | Partition Type: NTFS
Drive D: | 148.95 Gb Total Space | 7.93 Gb Free Space | 5.32% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2013/10/23 11:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 11:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/09/27 14:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand] -- D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/08/21 03:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto] -- D:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto] -- D:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/08 12:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto] -- D:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/03/27 21:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto] -- D:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2013/11/19 04:14:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/16 05:45:02 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand] -- D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/09 03:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto] -- D:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/06/21 02:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/22 10:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto] -- D:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012/11/22 10:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto] -- D:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2011/03/04 05:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto] -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/09/29 11:46:56 | 000,783,872 | ---- | M] () [Auto] -- D:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe -- (NPWService)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/31 00:20:36 | 000,192,368 | ---- | M] (TOSHIBA CORPORATION) [On_Demand] -- D:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/17 05:21:28 | 002,058,776 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2008/09/17 05:21:22 | 000,174,616 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\AMT\LMS.exe -- (LMS) Intel(R)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/09/27 03:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- D:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/10/18 04:12:06 | 001,111,856 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2012/09/28 04:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/05/20 11:02:56 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System] -- D:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/10/20 11:24:18 | 000,302,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\e1y62x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2011/09/07 04:46:58 | 000,070,016 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\S3XXx64.sys -- (S3XXx64)
DRV:64bit: - [2011/09/02 01:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 01:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 01:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/02 01:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/03/04 05:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/17 05:09:14 | 000,240,128 | ---- | M] ( ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NUServer64.sys -- (NUServer64)
DRV:64bit: - [2010/07/28 17:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/02/08 01:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/01/28 07:51:28 | 000,030,208 | ---- | M] (Elite Silicon Technology Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NUS_Bus.sys -- (NUS_Bus)
DRV:64bit: - [2010/01/13 19:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/10/06 04:11:30 | 000,029,696 | ---- | M] ( ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\GenBus.sys -- (EST_BusEnum)
DRV:64bit: - [2009/09/09 20:19:38 | 000,085,280 | ---- | M] (O2Micro) [Kernel | On_Demand] -- D:\Windows\System32\drivers\oz776x64.sys -- (guardian2)
DRV:64bit: - [2009/09/03 14:14:30 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto] -- D:\Windows\System32\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/09/03 13:59:28 | 000,054,784 | ---- | M] (REDC) [Kernel | Auto] -- D:\Windows\System32\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/09/03 13:37:02 | 000,067,072 | ---- | M] (REDC) [Kernel | Auto] -- D:\Windows\System32\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/08/05 17:45:28 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2009/08/05 15:56:04 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/28 23:02:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- D:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/24 18:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/24 14:33:14 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/21 17:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/14 06:25:14 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\TVALZ.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 01:12:36 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/08 00:39:08 | 000,211,432 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2009/06/29 13:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/29 11:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/23 15:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 13:00:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/19 12:59:32 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/17 15:01:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/11/16 11:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/02/07 03:29:08 | 000,195,632 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\*****_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
IE - HKU\*****_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\*****_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 74 41 94 41 AF CC 01 [binary data]
IE - HKU\*****_ON_D\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - Reg Error: Key error. File not found
IE - HKU\*****_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\*****_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: D:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: D:\Users\*****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}: C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2012/03/25 05:36:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012/11/27 03:56:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011/11/30 04:26:34 | 000,000,000 | ---D | M] (No name found) -- D:\Users\*****\AppData\Roaming\Mozilla\Extensions
[2013/03/22 04:00:23 | 000,000,000 | ---D | M] (No name found) -- D:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hndmqdcd.default\extensions
[2012/04/20 12:28:58 | 000,002,057 | ---- | M] () -- D:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hndmqdcd.default\searchplugins\youtube-videosuche.xml
[2013/11/16 05:44:26 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/16 05:44:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/16 05:44:25 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/16 05:44:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/16 05:45:03 | 000,000,000 | ---D | M] (Default) -- D:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
[2011/12/15 07:37:39 | 000,002,024 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - D:\Program Files\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - D:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O2 - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - D:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - D:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] D:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] D:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HSON] D:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [LogiScrollApp] D:\Program Files\Logitech\FlowScroll\KhalScroll.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] D:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] D:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] D:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] D:\Windows\System32\nwiz.exe ()
O4:64bit: - HKLM..\Run: [picon] D:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] D:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] D:\Windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] D:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] D:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ITSecMng] D:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SearchSettings] File not found
O4 - HKLM..\Run: [TOSDCR] D:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [TUSBSleepChargeSrv] File not found
O4 - HKLM..\Run: [TWebCamera] D:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\*****_ON_D..\Run: [ApplePhotoStreams] D:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\*****_ON_D..\Run: [Facebook Update] D:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\*****_ON_D..\Run: [iCloudServices] D:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\*****_ON_D..\Run: [iPhone PC Suite] File not found
O4 - HKU\*****_ON_D..\Run: [MobileDocuments] File not found
O4 - HKU\*****_ON_D..\Run: [Networking USB Server] D:\Program Files (x86)\USB Server\Networking USB Server\Networking USB Server.exe ()
O4 - HKU\*****_ON_D..\Run: [SanDiskSecureAccess_Manager.exe] D:\Users\*****\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O4 - Startup: D:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ()
O4 - Startup: D:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart.lnk ()
O4 - Startup: D:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - D:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (C:\Users\*****\AppData\Roaming\loadit.exe) - D:\Users\*****\AppData\Roaming\loadit.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\*****_ON_D Winlogon: Shell - (C:\Users\*****\AppData\Roaming\loadit.exe) - D:\Users\*****\AppData\Roaming\loadit.exe ()
O20 - HKU\*****_ON_D Winlogon: UserInit - (C:\Users\*****\AppData\Roaming\loadit.exe) - D:\Users\*****\AppData\Roaming\loadit.exe ()
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/12/03 12:45:28 | 000,000,000 | ---D | C] -- D:\Users\*****\Documents\Nachhilfe BO
[2013/11/16 05:44:23 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Mozilla Firefox
[2013/11/15 03:23:04 | 000,096,768 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2013/11/15 03:23:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2013/11/15 03:22:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2013/11/15 03:22:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2013/11/15 03:22:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2013/11/15 03:22:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieUnatt.exe
[2013/11/15 03:22:51 | 000,237,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2013/11/15 03:22:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2013/11/15 03:22:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2013/11/15 03:22:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inetcpl.cpl
[2013/11/15 03:22:45 | 000,729,088 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2013/11/15 03:22:45 | 000,607,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2013/11/15 03:22:43 | 002,334,720 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2013/11/15 03:22:41 | 001,806,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2013/11/15 03:22:41 | 000,816,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2013/11/15 03:22:41 | 000,717,824 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2013/11/15 03:22:41 | 000,599,040 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2013/11/14 00:56:23 | 001,474,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\crypt32.dll
[2013/11/14 00:56:10 | 001,930,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\authui.dll
[2013/11/14 00:56:10 | 001,796,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\authui.dll
[2013/11/14 00:56:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\credui.dll
[2013/11/14 00:56:10 | 000,190,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SmartcardCredentialProvider.dll
[2013/11/14 00:56:08 | 000,168,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\credui.dll
[2013/11/14 00:56:08 | 000,152,576 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/14 00:55:58 | 001,447,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\lsasrv.dll
[2013/11/14 00:55:58 | 000,135,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\sspicli.dll
[2013/11/14 00:55:57 | 000,307,200 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ncrypt.dll
[2013/11/14 00:55:57 | 000,220,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ncrypt.dll
[2013/11/14 00:55:57 | 000,028,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\secur32.dll
[2013/11/14 00:55:56 | 000,028,672 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\sspisrv.dll
[2013/11/14 00:55:52 | 000,404,480 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\gdi32.dll
[2013/11/14 00:55:50 | 000,830,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\nshwfp.dll
[2013/11/14 00:55:50 | 000,324,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\FWPUCLNT.DLL
[2013/11/14 00:55:50 | 000,216,576 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/14 00:55:48 | 000,656,896 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\nshwfp.dll
[1 D:\Users\*****\Documents\*.tmp files -> D:\Users\*****\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/12/13 13:54:39 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/12/13 13:51:49 | 1594,286,080 | -HS- | M] () -- D:\hiberfil.sys
[2013/12/09 10:21:00 | 000,000,936 | ---- | M] () -- D:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3656519263-3072364745-1712417860-1000UA.job
[2013/12/09 10:10:48 | 000,018,592 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/09 10:10:48 | 000,018,592 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/09 10:01:08 | 000,595,440 | ---- | M] () -- D:\Users\*****\AppData\Roaming\loadit.exe
[2013/12/09 10:01:08 | 000,000,719 | ---- | M] () -- D:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2013/12/09 09:46:31 | 000,001,977 | ---- | M] () -- D:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart.lnk
[2013/12/09 09:34:01 | 000,000,830 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/09 07:21:02 | 000,000,914 | ---- | M] () -- D:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3656519263-3072364745-1712417860-1000Core.job
[2013/11/19 04:14:36 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerApp.exe
[2013/11/19 04:14:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/18 19:53:42 | 000,001,945 | ---- | M] () -- D:\Windows\epplauncher.mif
[2013/11/18 19:53:40 | 000,002,117 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/11/18 14:54:39 | 000,627,316 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2013/11/18 14:54:39 | 000,107,600 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[1 D:\Users\*****\Documents\*.tmp files -> D:\Users\*****\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/12/09 10:01:08 | 000,000,719 | ---- | C] () -- D:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2013/12/09 10:01:04 | 000,595,440 | ---- | C] () -- D:\Users\*****\AppData\Roaming\loadit.exe
[2013/12/09 09:46:31 | 000,001,977 | ---- | C] () -- D:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart.lnk
[2012/04/10 09:19:09 | 000,111,932 | ---- | C] () -- D:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/04/10 09:19:09 | 000,031,053 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern131.dat
[2012/04/10 09:19:09 | 000,027,417 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern121.dat
[2012/04/10 09:19:09 | 000,026,154 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern1.dat
[2012/04/10 09:19:09 | 000,024,903 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern3.dat
[2012/04/10 09:19:09 | 000,021,390 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern5.dat
[2012/04/10 09:19:09 | 000,020,148 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern2.dat
[2012/04/10 09:19:09 | 000,011,811 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern4.dat
[2012/04/10 09:19:09 | 000,004,943 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern6.dat
[2012/04/10 09:19:09 | 000,001,146 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012/04/10 09:19:09 | 000,001,139 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/04/10 09:19:09 | 000,001,139 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/04/10 09:19:09 | 000,001,136 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/04/10 09:19:09 | 000,001,129 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/04/10 09:19:09 | 000,001,129 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/04/10 09:19:09 | 000,001,120 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012/04/10 09:19:09 | 000,001,107 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012/04/10 09:19:09 | 000,001,104 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/04/10 09:19:09 | 000,000,097 | ---- | C] () -- D:\Windows\SysWow64\PICSDK.ini
[2011/12/05 15:46:19 | 000,004,096 | -H-- | C] () -- D:\Users\*****\AppData\Local\keyfile3.drm
[2011/12/01 04:19:38 | 000,000,288 | ---- | C] () -- D:\Users\*****\AppData\Roaming\.backup.dm
[2011/11/15 01:44:33 | 000,748,034 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/15 01:02:57 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/11/14 22:39:54 | 001,514,016 | ---- | C] () -- D:\Windows\SysWow64\nView.dll
[2011/11/14 22:39:54 | 001,108,512 | ---- | C] () -- D:\Windows\SysWow64\nvwimg.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2013/01/13 12:38:41 | 000,000,000 | ---D | M] -- D:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2012/08/01 07:56:51 | 000,000,000 | ---D | M] -- D:\ProgramData\Canneverbe Limited
[2011/12/01 04:19:23 | 000,000,000 | ---D | M] -- D:\ProgramData\ClubSanDisk
[2012/05/20 11:07:14 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2011/11/14 22:26:39 | 000,000,000 | ---D | M] -- D:\ProgramData\Downloaded Installations
[2012/04/10 09:18:46 | 000,000,000 | ---D | M] -- D:\ProgramData\EPSON
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2013/01/31 09:20:22 | 000,000,000 | ---D | M] -- D:\ProgramData\install_clap
[2013/10/18 02:45:46 | 000,000,000 | ---D | M] -- D:\ProgramData\Oracle
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2013/01/31 09:47:29 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2012/01/12 06:25:22 | 000,000,000 | ---D | M] -- D:\ProgramData\TOSHIBA
[2011/11/14 22:26:46 | 000,000,000 | ---D | M] -- D:\ProgramData\TrueSuite
[2012/04/10 09:24:36 | 000,000,000 | ---D | M] -- D:\ProgramData\UDL
[2013/01/13 13:19:53 | 000,000,000 | ---D | M] -- D:\ProgramData\WindSolutions
[2011/12/04 11:22:07 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2013/12/09 07:21:02 | 000,000,914 | ---- | M] () -- D:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3656519263-3072364745-1712417860-1000Core.job
[2013/12/09 10:21:00 | 000,000,936 | ---- | M] () -- D:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3656519263-3072364745-1712417860-1000UA.job
[2013/01/10 02:01:26 | 000,032,624 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
|
|
14.12.2013, 16:07
| #4 |
| /// the machine /// TB-Ausbilder | AKM Trojaner hat meine Freundin erwischt Hi, das ist Win7, da zeigt uns FRST mehr. Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.12.2013, 19:19
| #5 |
| | AKM Trojaner hat meine Freundin erwischt Hi schrauber. danke für den Hinweis, anbei das FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2013 01
Ran by SYSTEM on MININT-8A1H5HK on 14-12-2013 19:15:28
Running from F:\
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [238592 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [picon] - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [357400 2008-09-17] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [LogiScrollApp] - C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] C:\Users\*****\AppData\Roaming\loadit.exe [595440 2013-12-09] () <=== ATTENTION
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
Winlogon\Notify\ScCertProp: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-09-19] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TUSBSleepChargeSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-05-11] (TOSHIBA)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [TOSDCR] - C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [665424 2008-12-04] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SearchSettings] - "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation)
HKU\*****\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\*****\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27306624 2011-12-01] (Gemalto N.V.)
HKU\*****\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\*****\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
HKU\*****\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)
HKU\*****\...\Run: [Networking USB Server] - C:\Program Files (x86)\USB Server\Networking USB Server\Networking USB Server.exe [2420736 2010-09-28] ()
HKU\*****\...\Run: [Facebook Update] - C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-15] (Facebook Inc.)
HKU\*****\...\Run: [iPhone PC Suite] - C:\Program Files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start
HKU\*****\...\Winlogon: [Userinit] C:\Users\*****\AppData\Roaming\loadit.exe [595440 2013-12-09] ()
HKU\*****\...\Winlogon: [Shell] C:\Users\*****\AppData\Roaming\loadit.exe [595440 2013-12-09] () <==== ATTENTION
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart.lnk
ShortcutTarget: AutoStart.lnk -> (No File)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk -> (No File)
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-09] (Adobe Systems)
S2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2008-09-17] (Intel Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S2 NPWService; C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe [783872 2010-09-29] ()
S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
S2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2008-09-17] (Intel Corporation)
==================== Drivers (Whitelisted) ====================
S3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-20] (DT Soft Ltd)
S3 EST_BusEnum; C:\Windows\System32\DRIVERS\GenBus.sys [29696 2009-10-06] ( )
S3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [85280 2009-09-09] (O2Micro)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 NUServer64; C:\Windows\System32\DRIVERS\NUServer64.sys [240128 2010-09-17] ( )
S3 NUS_Bus; C:\Windows\System32\DRIVERS\NUS_Bus.sys [30208 2010-01-28] (Elite Silicon Technology Inc.)
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\System32\DRIVERS\agrsm64.sys ==> MD5 is legit
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\Apfiltr.sys 19B93A45C4428419E60FE840014407E7
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ATSwpWDF.sys 225FB1C90CF88CD478D25940B3930873
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CVirtA64.sys 44BDDEB03C84A1C993C992FFB5700357
C:\Windows\system32\Drivers\CVPNDRVA.sys 79AF0E203D089AF442A3F70ED00A37FB
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dne64x.sys 05CB5910B3CA6019FC3CCA815EE06FFB
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 46571ED73AE84469DCA53081D33CF3C8
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\System32\DRIVERS\e1y62x64.sys 11D0ECA73AB25135F65656B93ADBCB3D
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GenBus.sys 917DFF97525B7D70C46D4DEDA240089F
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\Drivers\oz776x64.sys D8E84D3D614BC444FAB97BC78489F067
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 15C9789470B8855AC2F54FDF96802D13
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ivusb.sys BD5BF20EC242E003A2F570B8754A56D1
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LEqdUsb.Sys ED7EC050CD6C20E1A93A4DAFB7EFD14D
C:\Windows\System32\DRIVERS\LHidEqd.Sys 3267BC698E29474A8381E68904EB0390
C:\Windows\System32\DRIVERS\LHidFilt.Sys 241F2648ADF090E2A10095BD6D6F5DCB
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LMouFilt.Sys 342ED5A4B3326014438F36D22D803737
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys C6B88D62F20AC646C6BD5C032EC2FAF9
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETw5s64.sys 39EDE676D17F37AF4573C2B33EC28ACA
C:\Windows\System32\DRIVERS\netw5v64.sys 64428DFDAF6E88366CB51F45A79C5F69
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys ACE8C64C57E4A711473C8BC10ADF692B
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NUServer64.sys 05ED699058671EE1DC0B10E8B1152E92
C:\Windows\System32\DRIVERS\NUS_Bus.sys D4FA3EA39C6E919103DAA24FAB48B329
C:\Windows\System32\DRIVERS\nvlddmkm.sys 7A0FA5FE8B2904CDF3E375F45C23A858
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pgeffect.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rimmpx64.sys F45D6E12EB99A668F52201637C67C8F5
C:\Windows\System32\DRIVERS\rimspx64.sys EAC02ED935A9C1F2DDD8D985C465B854
C:\Windows\System32\DRIVERS\rixdpx64.sys 931A8F843B4120DF527C3684DAF77FD9
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\S3XXx64.sys 4F55BC63DCA859A6DEDC1106E0062135
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\thpdrv.sys C013F6ACAA9761F571BD28DADA7C157D
C:\Windows\System32\DRIVERS\Thpevm.SYS B4E609047434ED948AF7BDEF2FA66E38
C:\Windows\System32\DRIVERS\tosporte.sys 8021F63311797085949FA387F7C83583
C:\Windows\System32\DRIVERS\tosrfbd.sys 71BB669BFCADE1580FDCE010ABC76310
C:\Windows\System32\Drivers\tosrfbnp.sys 62512B5277D88600F8BD4B7AEC43569D
C:\Windows\System32\Drivers\tosrfcom.sys C523A9186C39D65CC9ADEBB2E1B93CCD
C:\Windows\System32\DRIVERS\tosrfec.sys 11699D47B3491D86249C168496D55C92
C:\Windows\System32\DRIVERS\Tosrfhid.sys 451B8C1815C6CC39650AF916C2A382CD
C:\Windows\System32\DRIVERS\tosrfnds.sys B6FDC3C76FFE9C5171EEA9C37EA367C2
C:\Windows\System32\drivers\tosrfsnd.sys E1E045240C1184FA6628F3C7E7FF85D8
C:\Windows\System32\DRIVERS\tosrfusb.sys DA7AA562448E29CA895895920BFF8946
C:\Windows\System32\DRIVERS\tos_sps64.sys ==> MD5 is legit
C:\Windows\System32\drivers\tpm.sys DBCC20C02E8A3E43B03C304A4E40A84F
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZ.SYS EFFCE6E033EBDD0F3C0F14A413558F65
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys 43228F8EDD1B0BCDD3145AD246E63D39
C:\Windows\System32\DRIVERS\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 311C1DD1088E55BEAE15954D17F50646
C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F
C:\Windows\system32\drivers\usbohci.sys 9406D801042FAF859CF81B2C886413DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-14 19:15 - 2013-12-14 19:15 - 00000000 ____D C:\FRST
2013-12-13 17:26 - 2013-12-13 17:30 - 00076516 _____ C:\OTL.Txt
2013-12-09 07:01 - 2013-12-09 07:01 - 00595440 _____ C:\Users\*****\AppData\Roaming\loadit.exe
2013-12-03 09:45 - 2013-12-03 09:45 - 00000000 ____D C:\Users\*****\Documents\Nachhilfe BO
2013-11-16 02:44 - 2013-11-16 02:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 00:23 - 2013-10-13 06:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-11-15 00:23 - 2013-10-13 06:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-15 00:23 - 2013-10-13 01:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-15 00:23 - 2013-10-13 01:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-15 00:23 - 2013-10-13 01:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-15 00:22 - 2013-10-13 07:58 - 17847296 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-15 00:22 - 2013-10-13 07:09 - 10926080 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-15 00:22 - 2013-10-13 06:55 - 02334720 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-15 00:22 - 2013-10-13 06:48 - 01346560 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-15 00:22 - 2013-10-13 06:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-15 00:22 - 2013-10-13 06:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-11-15 00:22 - 2013-10-13 06:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-11-15 00:22 - 2013-10-13 06:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-15 00:22 - 2013-10-13 06:42 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-15 00:22 - 2013-10-13 06:42 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-11-15 00:22 - 2013-10-13 06:42 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-11-15 00:22 - 2013-10-13 06:39 - 02147840 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-15 00:22 - 2013-10-13 06:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-15 00:22 - 2013-10-13 06:29 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-15 00:22 - 2013-10-13 02:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 00:22 - 2013-10-13 02:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 00:22 - 2013-10-13 01:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-15 00:22 - 2013-10-13 01:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 00:22 - 2013-10-13 01:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-15 00:22 - 2013-10-13 01:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 00:22 - 2013-10-13 01:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-15 00:22 - 2013-10-13 01:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 00:22 - 2013-10-13 01:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-15 00:22 - 2013-10-13 01:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-15 00:22 - 2013-10-13 01:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 00:22 - 2013-10-13 01:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 00:22 - 2013-10-13 01:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
==================== One Month Modified Files and Folders =======
2013-12-14 19:15 - 2013-12-14 19:15 - 00000000 ____D C:\FRST
2013-12-13 17:30 - 2013-12-13 17:26 - 00076516 _____ C:\OTL.Txt
2013-12-13 17:21 - 2011-11-14 19:59 - 00000000 ____D C:\users\*****
2013-12-13 10:53 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-13 10:53 - 2009-07-13 20:51 - 00064339 _____ C:\Windows\setupact.log
2013-12-09 07:21 - 2012-07-15 03:16 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3656519263-3072364745-1712417860-1000UA.job
2013-12-09 07:12 - 2011-11-14 19:43 - 01331461 _____ C:\Windows\WindowsUpdate.log
2013-12-09 07:10 - 2009-07-13 20:45 - 00018592 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-09 07:10 - 2009-07-13 20:45 - 00018592 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-09 07:01 - 2013-12-09 07:01 - 00595440 _____ C:\Users\*****\AppData\Roaming\loadit.exe
2013-12-09 06:34 - 2012-03-30 03:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-09 06:14 - 2011-11-30 01:37 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc
2013-12-09 04:21 - 2012-07-15 03:16 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3656519263-3072364745-1712417860-1000Core.job
2013-12-03 09:45 - 2013-12-03 09:45 - 00000000 ____D C:\Users\*****\Documents\Nachhilfe BO
2013-11-29 07:44 - 2013-05-17 01:48 - 00000000 ____D C:\Users\*****\Documents\Studitemps
2013-11-21 08:23 - 2012-04-18 12:44 - 00000000 ____D C:\Users\*****\AppData\Local\7BC0F0C3-7F11-4AA3-899B-F004A69C73A3.aplzod
2013-11-21 00:54 - 2011-12-05 08:16 - 00000000 ____D C:\Users\*****\Documents\Jobs
2013-11-19 13:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-11-19 02:21 - 2011-11-14 19:20 - 00267936 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-11-19 01:14 - 2012-03-30 03:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-19 01:14 - 2012-03-30 03:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-19 01:14 - 2011-11-15 15:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-19 01:14 - 2011-11-15 15:44 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2013-11-19 00:56 - 2012-04-24 09:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-19 00:56 - 2011-11-14 19:55 - 00026744 _____ C:\Windows\PFRO.log
2013-11-18 16:53 - 2012-05-03 00:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-18 16:53 - 2011-11-14 22:44 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-18 16:53 - 2011-11-14 22:44 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-18 11:54 - 2009-07-13 21:13 - 00730448 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-18 11:23 - 2013-07-11 12:49 - 00000000 ____D C:\Users\*****\Documents\Banken
2013-11-16 02:45 - 2013-11-16 02:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 01:12 - 2013-01-09 00:06 - 00000000 ___RD C:\Users\*****\Dropbox
2013-11-15 01:12 - 2013-01-08 23:58 - 00000000 ____D C:\Users\*****\AppData\Roaming\Dropbox
2013-11-15 00:33 - 2011-11-14 21:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-15 00:19 - 2013-08-15 02:03 - 00000000 ____D C:\Windows\System32\MRT
2013-11-15 00:05 - 2011-11-14 19:23 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\contentDATs.exe
C:\Users\*****\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\LMkRstPt.exe
C:\Users\*****\AppData\Local\Temp\nvAppBar.exe
C:\Users\*****\AppData\Local\Temp\nview.dll
C:\Users\*****\AppData\Local\Temp\nView64.dll
C:\Users\*****\AppData\Local\Temp\nViewSetup.exe
C:\Users\*****\AppData\Local\Temp\nvShell.dll
C:\Users\*****\AppData\Local\Temp\nvTaskBar.exe
C:\Users\*****\AppData\Local\Temp\nvwdmcpl.dll
C:\Users\*****\AppData\Local\Temp\nvwimg.dll
C:\Users\*****\AppData\Local\Temp\nvwimg64.dll
C:\Users\*****\AppData\Local\Temp\NVWRSAR.dll
C:\Users\*****\AppData\Local\Temp\NVWRSCS.dll
C:\Users\*****\AppData\Local\Temp\NVWRSDA.dll
C:\Users\*****\AppData\Local\Temp\NVWRSDE.dll
C:\Users\*****\AppData\Local\Temp\NVWRSEL.dll
C:\Users\*****\AppData\Local\Temp\NVWRSENG.dll
C:\Users\*****\AppData\Local\Temp\NVWRSENU.dll
C:\Users\*****\AppData\Local\Temp\NVWRSES.dll
C:\Users\*****\AppData\Local\Temp\NVWRSESM.dll
C:\Users\*****\AppData\Local\Temp\NVWRSFI.dll
C:\Users\*****\AppData\Local\Temp\NVWRSFR.dll
C:\Users\*****\AppData\Local\Temp\NVWRSHE.dll
C:\Users\*****\AppData\Local\Temp\NVWRSHU.dll
C:\Users\*****\AppData\Local\Temp\NVWRSIT.dll
C:\Users\*****\AppData\Local\Temp\NVWRSJA.dll
C:\Users\*****\AppData\Local\Temp\NVWRSKO.dll
C:\Users\*****\AppData\Local\Temp\NVWRSNL.dll
C:\Users\*****\AppData\Local\Temp\NVWRSNO.dll
C:\Users\*****\AppData\Local\Temp\NVWRSPL.dll
C:\Users\*****\AppData\Local\Temp\NVWRSPT.dll
C:\Users\*****\AppData\Local\Temp\NVWRSPTB.dll
C:\Users\*****\AppData\Local\Temp\NVWRSRU.dll
C:\Users\*****\AppData\Local\Temp\NVWRSSK.dll
C:\Users\*****\AppData\Local\Temp\NVWRSSL.dll
C:\Users\*****\AppData\Local\Temp\NVWRSSV.dll
C:\Users\*****\AppData\Local\Temp\NVWRSTH.dll
C:\Users\*****\AppData\Local\Temp\NVWRSTR.dll
C:\Users\*****\AppData\Local\Temp\NVWRSZHC.dll
C:\Users\*****\AppData\Local\Temp\NVWRSZHT.dll
C:\Users\*****\AppData\Local\Temp\nwiz.exe
C:\Users\*****\AppData\Local\Temp\ose00000.exe
C:\Users\*****\AppData\Local\Temp\saUpg64.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\*****\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\*****\AppData\Local\Temp\WZCPlugin_VISTA.exe
C:\Users\*****\AppData\Local\Temp\_is2D31.exe
C:\Users\*****\AppData\Local\Temp\_is4CA.exe
C:\Users\*****\AppData\Local\Temp\_is4DBB.exe
C:\Users\*****\AppData\Local\Temp\_isB1DA.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== BCD ================================
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {default}
resumeobject {6e9d8fff-0f3b-11e1-a94c-ee6ff8d96a9c}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {6e9d8fff-0f3b-11e1-a94c-ee6ff8d96a9c}
nx OptIn
Windows Boot Loader
-------------------
identifier {current}
device ramdisk=[C:]\Recovery\6e9d9001-0f3b-11e1-a94c-ee6ff8d96a9c\Winre.wim,{6e9d9002-0f3b-11e1-a94c-ee6ff8d96a9c}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\6e9d9001-0f3b-11e1-a94c-ee6ff8d96a9c\Winre.wim,{6e9d9002-0f3b-11e1-a94c-ee6ff8d96a9c}
systemroot \windows
nx OptIn
winpe Yes
Resume from Hibernate
---------------------
identifier {6e9d8fff-0f3b-11e1-a94c-ee6ff8d96a9c}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems Yes
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {6e9d9002-0f3b-11e1-a94c-ee6ff8d96a9c}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\6e9d9001-0f3b-11e1-a94c-ee6ff8d96a9c\boot.sdi
==================== Memory info ===========================
Percentage of memory in use: 25%
Total physical RAM: 2027.24 MB
Available physical RAM: 1502.44 MB
Total Pagefile: 2027.24 MB
Available Pagefile: 1500.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.95 GB) (Free:7.84 GB) NTFS
Drive e: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:7.44 GB) (Free:0.18 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 413C413C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)
LastRegBack: 2013-11-22 05:40
==================== End Of Log ============================
|
|
15.12.2013, 08:03
| #6 |
| /// the machine /// TB-Ausbilder | AKM Trojaner hat meine Freundin erwischt Und ab geht die Lutzi  Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\...\Winlogon: [Shell] C:\Users\*****\AppData\Roaming\loadit.exe [595440 2013-12-09] () <=== ATTENTION
HKU\*****\...\Winlogon: [Userinit] C:\Users\*****\AppData\Roaming\loadit.exe [595440 2013-12-09] ()
HKU\*****\...\Winlogon: [Shell] C:\Users\*****\AppData\Roaming\loadit.exe [595440 2013-12-09] () <==== ATTENTION
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk -> (No File)
2013-12-09 07:01 - 2013-12-09 07:01 - 00595440 _____ C:\Users\*****\AppData\Roaming\loadit.exe
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Rechner normal starten.
__________________ --> AKM Trojaner hat meine Freundin erwischt |
|
15.12.2013, 11:22
| #7 |
| | AKM Trojaner hat meine Freundin erwischt Hier kommt die Lutzi bereits Retour Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2013 01
Ran by SYSTEM at 2013-12-15 11:20:52 Run:1
Running from F:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
HKLM\...\Winlogon: [Shell] C:\Users\*****\AppData\Roaming\loadit.exe [595440 2013-12-09] () <=== ATTENTION
HKU\*****\...\Winlogon: [Userinit] C:\Users\*****\AppData\Roaming\loadit.exe [595440 2013-12-09] ()
HKU\*****\...\Winlogon: [Shell] C:\Users\*****\AppData\Roaming\loadit.exe [595440 2013-12-09] () <==== ATTENTION
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk -> (No File)
2013-12-09 07:01 - 2013-12-09 07:01 - 00595440 _____ C:\Users\*****\AppData\Roaming\loadit.exe
*****************
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKU\*****\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value deleted successfully.
HKU\*****\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk => Moved successfully.
ShortcutTarget: ja.lnk -> (No File) not found.
C:\Users\*****\AppData\Roaming\loadit.exe => Moved successfully.
==== End of Fixlog ====
|
|
15.12.2013, 19:33
| #8 |
| /// the machine /// TB-Ausbilder | AKM Trojaner hat meine Freundin erwischt Rechner startet wieder normal?  Dann jetzt im normalen Modus: Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.12.2013, 21:02
| #9 |
| | AKM Trojaner hat meine Freundin erwischt Hi, jepp, der Rechner startete normal, wenn auch zu Beginn etwas langsam, hat sich nach den Fixes jetzt aber deutlich gebessert Anbei die Logs: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.15.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ***** :: TOSHIBA [administrator] 15-Dec-13 7:54:45 PM mbam-log-2013-12-15 (19-54-45).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Shuriken | PUP | PUM Scan options disabled: Heuristics/Extra | P2P Objects scanned: 40553 Time elapsed: 21 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 8 C:\Users\*****\AppData\Local\Temp\7v7ghCim.exe.part (PUP.Optional.Bundle) -> Quarantined and deleted successfully. C:\Users\*****\Downloads\DTLite4454-0314.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\*****\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully. C:\Users\*****\Downloads\iLividSetupV1.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully. C:\Users\*****\Downloads\SoftonicDownloader_fuer_alzip(1).exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully. C:\Users\*****\Downloads\SoftonicDownloader_fuer_alzip.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully. C:\Users\*****\Downloads\SoftonicDownloader_fuer_google-play-store-apk.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully. C:\Users\*****\Local Settings\Temporary Internet Files\Content.IE5\U7FQS8NL\loadit[1].exe (Trojan.Autoit) -> Quarantined and deleted successfully. (end) Code:
ATTFilter # AdwCleaner v3.015 - Report created 15/12/2013 at 20:36:10
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : ***** - TOSHIBA
# Running from : C:\Users\*****\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\*****\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\*****\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\*****\AppData\Roaming\pdfforge
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_alzip(1)_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_alzip(1)_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_alzip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_alzip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\pdfforge
Key Deleted : HKLM\Software\Search Settings
***** [ Browsers ] *****
-\\ Internet Explorer v0.0.0.0
-\\ Mozilla Firefox v25.0.1 (de)
[ File : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hndmqdcd.default\prefs.js ]
Line Deleted : user_pref("browser.newtabpage.pinned", "[null,{\"url\":\"hxxps://mail.google.com/mail/u/0/?ui=2&shva=1#inbox\",\"title\":\"Posteingang - claudi.hasenbein@googlemail.com - Gmail\"}]");
*************************
AdwCleaner[R0].txt - [2452 octets] - [15/12/2013 20:33:19]
AdwCleaner[S0].txt - [2286 octets] - [15/12/2013 20:36:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2346 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by ***** on 15-Dec-13 at 20:43:54.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{0AD8582B-CCB3-4E0A-A34D-E572392F9257}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{1851AB18-2B5A-47DD-A2B7-CC1355B722E3}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{3B67836E-6E24-4768-9BA0-0DF0BB2200F7}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{511C280A-5F92-4543-9C2B-BA743D558564}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{8165E138-FA75-4187-930D-A386A8C491B5}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{B6A10F25-6C55-4823-9C50-39C938B53AD3}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{D0307A6A-6FAA-4841-AABC-E558F3125706}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{E757C92E-684F-4881-A370-1A115531BDEF}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{FEAA820F-A2DD-4C88-A338-C9887383AA8D}
~~~ FireFox
Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\hndmqdcd.default\minidumps [60 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15-Dec-13 at 20:51:25.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-12-2013
Ran by ***** (administrator) on TOSHIBA on 15-12-2013 20:53:34
Running from C:\Users\*****\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
() C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Gemalto N.V.) C:\Users\*****\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files (x86)\USB Server\Networking USB Server\Networking USB Server.exe
(Facebook Inc.) C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [238592 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [picon] - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [357400 2008-09-17] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [LogiScrollApp] - C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
Winlogon\Notify\ScCertProp: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\*****\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27306624 2011-12-01] (Gemalto N.V.)
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)
HKCU\...\Run: [Networking USB Server] - C:\Program Files (x86)\USB Server\Networking USB Server\Networking USB Server.exe [2420736 2010-09-28] ()
HKCU\...\Run: [Facebook Update] - C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-15] (Facebook Inc.)
HKCU\...\Run: [iPhone PC Suite] - C:\Program Files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-09-19] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TUSBSleepChargeSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-05-11] (TOSHIBA)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [TOSDCR] - C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [665424 2008-12-04] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart.lnk
ShortcutTarget: AutoStart.lnk -> C:\Users\*****\AppData\Local\Alt.Binz\download\Gina.Wild.Das.Beste.2.German.2000.XXX.DVDRiP.XviD.rar\Gina.Wild.Das.Beste.2.German.2000.XXX.DVDRiP.XviD\Gina.Wild.Das.Beste.2.German.2000.XXX.DVDRiP.XviD.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBB74419441AFCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - {FDD0832D-A556-4680-A7D1-458F4BBCF248} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech Flow Scroll - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Logitech Flow Scroll - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5-x64 10 C:\Program Files (x86)\Generic\Network Printer Wizard\NPWprint.dll [195584] (Elite Silicon Technology Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hndmqdcd.default
FF Homepage: www.google.de
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\*****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hndmqdcd.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: elemhidehelper - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hndmqdcd.default\Extensions\elemhidehelper@adblockplus.org.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF Extension: Logitech Flow Scroll - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-09] (Adobe Systems)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2008-09-17] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NPWService; C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe [783872 2010-09-29] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2008-09-17] (Intel Corporation)
==================== Drivers (Whitelisted) ====================
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-20] (DT Soft Ltd)
R3 EST_BusEnum; C:\Windows\System32\DRIVERS\GenBus.sys [29696 2009-10-06] ( )
R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [85280 2009-09-10] (O2Micro)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 NUServer64; C:\Windows\System32\DRIVERS\NUServer64.sys [240128 2010-09-17] ( )
R3 NUS_Bus; C:\Windows\System32\DRIVERS\NUS_Bus.sys [30208 2010-01-28] (Elite Silicon Technology Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-15 20:53 - 2013-12-15 20:54 - 00015654 _____ C:\Users\*****\Desktop\FRST.txt
2013-12-15 20:52 - 2013-12-15 20:53 - 01927796 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-12-15 20:51 - 2013-12-15 20:51 - 00001867 _____ C:\Users\*****\Desktop\JRT.txt
2013-12-15 20:43 - 2013-12-15 20:43 - 00000000 ____D C:\Windows\ERUNT
2013-12-15 20:42 - 2013-12-15 20:42 - 01034531 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2013-12-15 20:33 - 2013-12-15 20:36 - 00000000 ____D C:\AdwCleaner
2013-12-15 20:27 - 2013-12-15 20:27 - 01226750 _____ C:\Users\*****\Downloads\adwcleaner.exe
2013-12-15 19:49 - 2013-12-15 19:49 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-12-15 19:48 - 2013-12-15 19:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-15 19:48 - 2013-12-15 19:48 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-15 19:48 - 2013-12-15 19:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-15 19:48 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-15 19:45 - 2013-12-15 19:46 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-15 04:15 - 2013-12-15 04:15 - 00000000 ____D C:\FRST
2013-12-14 02:26 - 2013-12-14 02:30 - 00076516 _____ C:\OTL.Txt
2013-12-03 18:45 - 2013-12-03 18:45 - 00000000 ____D C:\Users\*****\Documents\Nachhilfe BO
2013-11-16 11:44 - 2013-11-16 11:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 09:23 - 2013-10-13 15:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-15 09:23 - 2013-10-13 15:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 09:23 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-15 09:23 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-15 09:23 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-15 09:22 - 2013-10-13 16:58 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 09:22 - 2013-10-13 16:09 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 09:22 - 2013-10-13 15:55 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 09:22 - 2013-10-13 15:48 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 09:22 - 2013-10-13 15:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 09:22 - 2013-10-13 15:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-15 09:22 - 2013-10-13 15:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-15 09:22 - 2013-10-13 15:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 09:22 - 2013-10-13 15:42 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 09:22 - 2013-10-13 15:42 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-15 09:22 - 2013-10-13 15:42 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-15 09:22 - 2013-10-13 15:39 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 09:22 - 2013-10-13 15:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 09:22 - 2013-10-13 15:29 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 09:22 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 09:22 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 09:22 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-15 09:22 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 09:22 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-15 09:22 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 09:22 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-15 09:22 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 09:22 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-15 09:22 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-15 09:22 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 09:22 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 09:22 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
==================== One Month Modified Files and Folders =======
2013-12-15 20:54 - 2013-12-15 20:53 - 00015654 _____ C:\Users\*****\Desktop\FRST.txt
2013-12-15 20:53 - 2013-12-15 20:52 - 01927796 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-12-15 20:51 - 2013-12-15 20:51 - 00001867 _____ C:\Users\*****\Desktop\JRT.txt
2013-12-15 20:46 - 2009-07-14 05:45 - 00018592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-15 20:46 - 2009-07-14 05:45 - 00018592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-15 20:44 - 2011-11-15 04:43 - 01548163 _____ C:\Windows\WindowsUpdate.log
2013-12-15 20:43 - 2013-12-15 20:43 - 00000000 ____D C:\Windows\ERUNT
2013-12-15 20:42 - 2013-12-15 20:42 - 01034531 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2013-12-15 20:38 - 2012-03-30 12:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-15 20:38 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-15 20:37 - 2009-07-14 05:51 - 00064507 _____ C:\Windows\setupact.log
2013-12-15 20:36 - 2013-12-15 20:33 - 00000000 ____D C:\AdwCleaner
2013-12-15 20:34 - 2012-03-30 12:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-15 20:34 - 2012-03-30 12:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-15 20:34 - 2011-11-16 00:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-15 20:27 - 2013-12-15 20:27 - 01226750 _____ C:\Users\*****\Downloads\adwcleaner.exe
2013-12-15 20:21 - 2011-11-15 04:55 - 00028954 _____ C:\Windows\PFRO.log
2013-12-15 20:20 - 2011-11-15 04:59 - 00000000 ___RD C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-15 19:49 - 2013-12-15 19:49 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-12-15 19:49 - 2013-12-15 19:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-15 19:48 - 2013-12-15 19:48 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-15 19:48 - 2013-12-15 19:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-15 19:46 - 2013-12-15 19:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-15 04:15 - 2013-12-15 04:15 - 00000000 ____D C:\FRST
2013-12-14 02:30 - 2013-12-14 02:26 - 00076516 _____ C:\OTL.Txt
2013-12-14 02:21 - 2011-11-15 04:59 - 00000000 ____D C:\Users\*****
2013-12-09 16:21 - 2012-07-15 12:16 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3656519263-3072364745-1712417860-1000UA.job
2013-12-09 15:14 - 2011-11-30 10:37 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc
2013-12-09 13:21 - 2012-07-15 12:16 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3656519263-3072364745-1712417860-1000Core.job
2013-12-03 18:45 - 2013-12-03 18:45 - 00000000 ____D C:\Users\*****\Documents\Nachhilfe BO
2013-11-29 16:44 - 2013-05-17 10:48 - 00000000 ____D C:\Users\*****\Documents\Studitemps
2013-11-21 17:23 - 2012-04-18 21:44 - 00000000 ____D C:\Users\*****\AppData\Local\7BC0F0C3-7F11-4AA3-899B-F004A69C73A3.aplzod
2013-11-21 09:54 - 2011-12-05 17:16 - 00000000 ____D C:\Users\*****\Documents\Jobs
2013-11-19 22:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-19 11:21 - 2011-11-15 04:20 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-19 10:14 - 2011-11-16 00:44 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2013-11-19 09:56 - 2012-04-24 18:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-19 01:53 - 2012-05-03 09:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-19 01:53 - 2011-11-15 07:44 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-19 01:53 - 2011-11-15 07:44 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-18 20:54 - 2009-07-14 06:13 - 00730448 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-18 20:23 - 2013-07-11 21:49 - 00000000 ____D C:\Users\*****\Documents\Banken
2013-11-16 11:45 - 2013-11-16 11:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 10:12 - 2013-01-09 09:06 - 00000000 ___RD C:\Users\*****\Dropbox
2013-11-15 10:12 - 2013-01-09 08:58 - 00000000 ____D C:\Users\*****\AppData\Roaming\Dropbox
2013-11-15 09:33 - 2011-11-15 06:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-15 09:19 - 2013-08-15 11:03 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 09:05 - 2011-11-15 04:23 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\contentDATs.exe
C:\Users\*****\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\LMkRstPt.exe
C:\Users\*****\AppData\Local\Temp\nvAppBar.exe
C:\Users\*****\AppData\Local\Temp\nview.dll
C:\Users\*****\AppData\Local\Temp\nView64.dll
C:\Users\*****\AppData\Local\Temp\nViewSetup.exe
C:\Users\*****\AppData\Local\Temp\nvShell.dll
C:\Users\*****\AppData\Local\Temp\nvTaskBar.exe
C:\Users\*****\AppData\Local\Temp\nvwdmcpl.dll
C:\Users\*****\AppData\Local\Temp\nvwimg.dll
C:\Users\*****\AppData\Local\Temp\nvwimg64.dll
C:\Users\*****\AppData\Local\Temp\NVWRSAR.dll
C:\Users\*****\AppData\Local\Temp\NVWRSCS.dll
C:\Users\*****\AppData\Local\Temp\NVWRSDA.dll
C:\Users\*****\AppData\Local\Temp\NVWRSDE.dll
C:\Users\*****\AppData\Local\Temp\NVWRSEL.dll
C:\Users\*****\AppData\Local\Temp\NVWRSENG.dll
C:\Users\*****\AppData\Local\Temp\NVWRSENU.dll
C:\Users\*****\AppData\Local\Temp\NVWRSES.dll
C:\Users\*****\AppData\Local\Temp\NVWRSESM.dll
C:\Users\*****\AppData\Local\Temp\NVWRSFI.dll
C:\Users\*****\AppData\Local\Temp\NVWRSFR.dll
C:\Users\*****\AppData\Local\Temp\NVWRSHE.dll
C:\Users\*****\AppData\Local\Temp\NVWRSHU.dll
C:\Users\*****\AppData\Local\Temp\NVWRSIT.dll
C:\Users\*****\AppData\Local\Temp\NVWRSJA.dll
C:\Users\*****\AppData\Local\Temp\NVWRSKO.dll
C:\Users\*****\AppData\Local\Temp\NVWRSNL.dll
C:\Users\*****\AppData\Local\Temp\NVWRSNO.dll
C:\Users\*****\AppData\Local\Temp\NVWRSPL.dll
C:\Users\*****\AppData\Local\Temp\NVWRSPT.dll
C:\Users\*****\AppData\Local\Temp\NVWRSPTB.dll
C:\Users\*****\AppData\Local\Temp\NVWRSRU.dll
C:\Users\*****\AppData\Local\Temp\NVWRSSK.dll
C:\Users\*****\AppData\Local\Temp\NVWRSSL.dll
C:\Users\*****\AppData\Local\Temp\NVWRSSV.dll
C:\Users\*****\AppData\Local\Temp\NVWRSTH.dll
C:\Users\*****\AppData\Local\Temp\NVWRSTR.dll
C:\Users\*****\AppData\Local\Temp\NVWRSZHC.dll
C:\Users\*****\AppData\Local\Temp\NVWRSZHT.dll
C:\Users\*****\AppData\Local\Temp\nwiz.exe
C:\Users\*****\AppData\Local\Temp\ose00000.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\saUpg64.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\*****\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\*****\AppData\Local\Temp\WZCPlugin_VISTA.exe
C:\Users\*****\AppData\Local\Temp\_is2D31.exe
C:\Users\*****\AppData\Local\Temp\_is4CA.exe
C:\Users\*****\AppData\Local\Temp\_is4DBB.exe
C:\Users\*****\AppData\Local\Temp\_isB1DA.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-22 14:40
==================== End Of Log ============================
Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-12-2013
Ran by ***** at 2013-12-15 20:55:50
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 9.20 (x32)
ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1395.4512)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Bridge 1.0 (x32 Version: 001.000.001)
Adobe Common File Installer (x32 Version: 1.00.001)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Help Center 1.0 (x32 Version: 1.0.1)
Adobe Photoshop CS2 (x32 Version: 9.0)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1)
ALPS Touch Pad Driver (Version: 7.202.302.109)
Alt.Binz 0.25.0 (x32 Version: 0.25.0)
Alt.Binz v0.28.5 (x32)
Apple Application Support (x32 Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (x32 Version: 2.1.3.127)
AuthenTec TrueSuite (Version: 2.0.0.57)
Bluetooth Stack for Windows by Toshiba (Version: v7.00.10(T))
Bonjour (Version: 3.0.0.10)
calibre (x32 Version: 0.9.24)
CDBurnerXP (x32 Version: 4.4.1.3243)
Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7)
CyberLink PhotoDirector 3 (x32 Version: 3.0.3618)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.45.4.0314)
Dropbox (HKCU Version: 2.0.22)
Druckerdeinstallation für EPSON SX110 Series
Epson Easy Photo Print 2 (x32 Version: 2.1.0.0)
Epson Event Manager (x32 Version: 2.20.00)
EPSON Scan (x32)
Epson Stylus SX110_TX110 Handbuch (x32)
eReg (x32 Version: 1.20.138.34)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
iCloud (Version: 2.1.1.3)
ImgBurn (x32 Version: 2.5.6.0)
Intel(R) Management Engine Interface
Intel® Active Management Technology
iTunes (Version: 11.0.1.12)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Logitech Flow Scroll 4.0 (Version: 4.00.33)
Logitech SetPoint 6.32 (Version: 6.32.20)
LSI V92 MOH Application
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
Network Printer Wizard (Version: 2.0.1.2)
Network Printer Wizard (x32 Version: 2.0.1.2)
Networking USB Server (Version: 0.10.0917.1204)
Networking USB Server (x32 Version: 0.10.0917.1204)
NVIDIA Drivers (Version: 1.5)
NVIDIA nView Desktop Manager
PDF Architect (x32 Version: 1.0.41.8362)
PDFCreator (x32 Version: 1.6.2)
pdfforge Toolbar v6.5 (x32 Version: 6.5) <==== ATTENTION
Picasa 3 (x32 Version: 3.9)
PVSonyDll (Version: 1.00.0001)
RarZilla Free Unrar (x32 Version: 3.33)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 (x32 Version: 3.54.02)
RUBICon (x32 Version: 2.0.25)
SanDiskSecureAccess_Manager.exe (HKCU Version: 1.0.0)
SecureW2 EAP Suite 2.0.4 for Windows (x32)
Skype Click to Call (x32 Version: 6.13.13771)
Skype™ 6.6 (x32 Version: 6.6.106)
TOSHIBA Disc Creator (Version: 2.1.0.1 for x64)
TOSHIBA DVD PLAYER (x32 Version: 3.01.0.11-A)
TOSHIBA HDD Protection (Version: 2.2.0.0)
TOSHIBA Software Modem (Version: 2.2.97)
TOSHIBA USB Sleep and Charge Utility (x32 Version: 1.2.2.0)
TOSHIBA Value Added Package (Version: 1.2.27.64)
TOSHIBA Value Added Package (x32 Version: 1.2.27.64)
TOSHIBA Web Camera Application (x32 Version: 1.1.2.3)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
==================== Restore Points =========================
15-12-2013 18:54:40 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
Task: {14ECF880-60F8-4110-950A-4FC46EC16189} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => Rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
Task: {78AFE4A5-D0A7-47F4-99D7-686707075001} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3656519263-3072364745-1712417860-1000Core => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-15] (Facebook Inc.)
Task: {7F0A0FB9-1270-4196-9853-AD1247F5A09A} - System32\Tasks\{A6E8681B-5D99-4EDF-B2AF-CC698736374B} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124.259/de/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {859E806D-914F-46A0-8B07-0E720997409B} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3656519263-3072364745-1712417860-1000 => Rundll32.exe portabledeviceapi.dll,#1
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => Rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
Task: {9BE7323E-F4E1-4FEA-94A6-F0B3FA2A10AF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-15] (Adobe Systems Incorporated)
Task: {A7AC1ECE-ADAF-4038-86CF-97D59D4018D4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3656519263-3072364745-1712417860-1000UA => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-15] (Facebook Inc.)
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe aepdu.dll,AePduRunUpdate
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => Rundll32.exe /d acproxy.dll,PerformAutochkOperations
Task: {DF4F692C-C0CC-46FF-89FA-7DCF1738E706} - System32\Tasks\ESTsoft RunAsStdUser 1457500539Task => C:\Program Files (x86)\ESTsoft\ALZip\ALZip.exe
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => Rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
Task: {F4AE0959-4CF2-45A4-A02C-C9EEF74C4312} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3656519263-3072364745-1712417860-1000Core.job => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3656519263-3072364745-1712417860-1000UA.job => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe
==================== Loaded Modules (whitelisted) =============
2009-07-16 15:27 - 2009-07-16 15:27 - 07244600 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-16 15:27 - 2009-07-16 15:27 - 00051512 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-26 02:38 - 2009-07-26 02:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2011-10-07 10:39 - 2011-10-07 10:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-12-17 17:14 - 2012-12-17 17:14 - 00954848 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-04 11:49 - 2011-03-04 11:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2011-04-12 11:58 - 2011-05-06 22:21 - 11485824 _____ () C:\Users\*****\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
2010-09-28 09:05 - 2010-09-28 09:05 - 00241664 _____ () C:\Program Files (x86)\USB Server\Networking USB Server\DCPDLL.dll
2010-09-28 09:05 - 2010-09-28 09:05 - 00086016 _____ () C:\Program Files (x86)\USB Server\Networking USB Server\ESTLogDLL.dll
2010-09-28 09:05 - 2010-09-28 09:05 - 00430080 _____ () C:\Program Files (x86)\USB Server\Networking USB Server\PSMDLL.dll
2010-09-28 09:05 - 2010-09-28 09:05 - 00086016 _____ () C:\Program Files (x86)\USB Server\Networking USB Server\UNTPDLL.dll
2012-04-10 15:22 - 2008-12-03 13:05 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2012-04-10 15:22 - 2008-11-26 09:56 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2013-11-16 11:44 - 2013-11-16 11:44 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 2027.24 MB
Available physical RAM: 873.25 MB
Total Pagefile: 4054.48 MB
Available Pagefile: 2637.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.95 GB) (Free:7.37 GB) NTFS
Drive d: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 413C413C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
16.12.2013, 11:56
| #10 |
| /// the machine /// TB-Ausbilder | AKM Trojaner hat meine Freundin erwischtESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.12.2013, 22:49
| #11 |
| | AKM Trojaner hat meine Freundin erwischt Hi, haben den Rechner noch nicht wirklich ausprobiert, warten sozusagen noch auf gruenes Licht von dir, dass der Laptop wieder trojanerfrei betrieben werden kann Hier nun die Logs:ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e9d96215fac78a4fa114f0b9e00424b5
# engine=16289
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-16 09:35:33
# local_time=2013-12-16 10:35:33 (+0100, W. Europe Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 13515189 138859583 0 0
# scanned=195740
# found=2
# cleaned=0
# scan_time=11532
sh=9AB1F3FE1D54496B0FD41C4007A3D716C11BE0F8 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\7d39fba9-415ad5e1"
sh=CDD3253D2DF4C210EB831DF7796486B349795BD2 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.PAH trojan" ac=I fn="C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\2c1d23f7-592b48c7"
Code:
ATTFilter Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Java version out of Date! Adobe Flash Player 11.9.900.170 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (25.0.1) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 5% ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-12-2013 02
Ran by ***** (administrator) on TOSHIBA on 16-12-2013 22:43:24
Running from C:\Users\*****\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
() C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Gemalto N.V.) C:\Users\*****\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files (x86)\USB Server\Networking USB Server\Networking USB Server.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\*****\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [238592 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [picon] - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [357400 2008-09-17] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [LogiScrollApp] - C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
Winlogon\Notify\ScCertProp: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\*****\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27306624 2011-12-01] (Gemalto N.V.)
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)
HKCU\...\Run: [Networking USB Server] - C:\Program Files (x86)\USB Server\Networking USB Server\Networking USB Server.exe [2420736 2010-09-28] ()
HKCU\...\Run: [Facebook Update] - C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-15] (Facebook Inc.)
HKCU\...\Run: [iPhone PC Suite] - C:\Program Files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-09-19] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TUSBSleepChargeSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-05-11] (TOSHIBA)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [TOSDCR] - C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [665424 2008-12-04] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart.lnk
ShortcutTarget: AutoStart.lnk -> C:\Users\*****\AppData\Local\Alt.Binz\download\Gina.Wild.Das.Beste.2.German.2000.XXX.DVDRiP.XviD.rar\Gina.Wild.Das.Beste.2.German.2000.XXX.DVDRiP.XviD\Gina.Wild.Das.Beste.2.German.2000.XXX.DVDRiP.XviD.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBB74419441AFCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - {FDD0832D-A556-4680-A7D1-458F4BBCF248} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech Flow Scroll - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Logitech Flow Scroll - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5-x64 10 C:\Program Files (x86)\Generic\Network Printer Wizard\NPWprint.dll [195584] (Elite Silicon Technology Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hndmqdcd.default
FF Homepage: www.google.de
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\*****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hndmqdcd.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: elemhidehelper - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hndmqdcd.default\Extensions\elemhidehelper@adblockplus.org.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF Extension: Logitech Flow Scroll - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-09] (Adobe Systems)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2008-09-17] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NPWService; C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe [783872 2010-09-29] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2008-09-17] (Intel Corporation)
==================== Drivers (Whitelisted) ====================
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-20] (DT Soft Ltd)
R3 EST_BusEnum; C:\Windows\System32\DRIVERS\GenBus.sys [29696 2009-10-06] ( )
R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [85280 2009-09-10] (O2Micro)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 NUServer64; C:\Windows\System32\DRIVERS\NUServer64.sys [240128 2010-09-17] ( )
R3 NUS_Bus; C:\Windows\System32\DRIVERS\NUS_Bus.sys [30208 2010-01-28] (Elite Silicon Technology Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-16 22:43 - 2013-12-16 22:43 - 00000000 ____D C:\Users\*****\Desktop\FRST-OlderVersion
2013-12-16 22:37 - 2013-12-16 22:37 - 00891200 _____ C:\Users\*****\Desktop\SecurityCheck.exe
2013-12-16 19:21 - 2013-12-16 19:21 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-16 19:19 - 2013-12-16 19:20 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_enu.exe
2013-12-15 21:13 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-15 21:13 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-15 21:13 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-15 21:12 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-15 21:09 - 2013-11-15 03:09 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-15 21:09 - 2013-11-15 02:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-15 21:09 - 2013-11-15 02:37 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-15 21:09 - 2013-11-15 02:29 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-15 21:09 - 2013-11-15 02:29 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-15 21:09 - 2013-11-15 02:28 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-15 21:09 - 2013-11-15 02:28 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-15 21:09 - 2013-11-15 02:25 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-15 21:09 - 2013-11-15 02:22 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-15 21:09 - 2013-11-15 02:20 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-15 21:09 - 2013-11-15 02:20 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-15 21:09 - 2013-11-15 02:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-15 21:09 - 2013-11-15 02:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-15 21:09 - 2013-11-15 02:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-15 21:09 - 2013-11-15 02:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-15 21:09 - 2013-11-15 02:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-15 21:09 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-15 21:09 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-15 21:09 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-15 21:09 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-15 21:09 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-15 21:09 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-15 21:09 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-15 21:09 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-15 21:09 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-15 21:09 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-15 21:09 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-15 21:09 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-15 21:09 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-15 21:09 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-15 21:09 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-15 21:09 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-15 20:55 - 2013-12-15 21:03 - 00016284 _____ C:\Users\*****\Desktop\Addition.txt
2013-12-15 20:53 - 2013-12-16 22:43 - 00015731 _____ C:\Users\*****\Desktop\FRST.txt
2013-12-15 20:52 - 2013-12-16 22:43 - 01927940 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-12-15 20:51 - 2013-12-15 21:03 - 00001845 _____ C:\Users\*****\Desktop\JRT.txt
2013-12-15 20:43 - 2013-12-15 20:43 - 00000000 ____D C:\Windows\ERUNT
2013-12-15 20:42 - 2013-12-15 20:42 - 01034531 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2013-12-15 20:33 - 2013-12-15 20:36 - 00000000 ____D C:\AdwCleaner
2013-12-15 20:27 - 2013-12-15 20:27 - 01226750 _____ C:\Users\*****\Downloads\adwcleaner.exe
2013-12-15 19:54 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-15 19:54 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-15 19:54 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-15 19:54 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-15 19:54 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-15 19:54 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-15 19:54 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-15 19:54 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-15 19:54 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-15 19:54 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-15 19:54 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-15 19:53 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-15 19:53 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-15 19:53 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-15 19:53 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-15 19:53 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-15 19:53 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-15 19:53 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-15 19:53 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-15 19:49 - 2013-12-15 19:49 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-12-15 19:48 - 2013-12-15 19:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-15 19:48 - 2013-12-15 19:48 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-15 19:48 - 2013-12-15 19:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-15 19:48 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-15 19:45 - 2013-12-15 19:46 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-15 04:15 - 2013-12-16 22:43 - 00000000 ____D C:\FRST
2013-12-14 02:26 - 2013-12-14 02:30 - 00076516 _____ C:\OTL.Txt
2013-12-03 18:45 - 2013-12-03 18:45 - 00000000 ____D C:\Users\*****\Documents\Nachhilfe BO
2013-11-16 11:44 - 2013-11-16 11:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-12-16 22:43 - 2013-12-16 22:43 - 00000000 ____D C:\Users\*****\Desktop\FRST-OlderVersion
2013-12-16 22:43 - 2013-12-15 20:53 - 00015731 _____ C:\Users\*****\Desktop\FRST.txt
2013-12-16 22:43 - 2013-12-15 20:52 - 01927940 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-12-16 22:43 - 2013-12-15 04:15 - 00000000 ____D C:\FRST
2013-12-16 22:37 - 2013-12-16 22:37 - 00891200 _____ C:\Users\*****\Desktop\SecurityCheck.exe
2013-12-16 22:34 - 2012-03-30 12:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-16 22:29 - 2011-11-15 04:43 - 02044503 _____ C:\Windows\WindowsUpdate.log
2013-12-16 22:21 - 2012-07-15 12:16 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3656519263-3072364745-1712417860-1000UA.job
2013-12-16 19:35 - 2012-03-30 12:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-16 19:35 - 2012-03-30 12:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-16 19:35 - 2011-11-16 00:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-16 19:21 - 2013-12-16 19:21 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-16 19:21 - 2009-07-14 05:45 - 00018592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-16 19:21 - 2009-07-14 05:45 - 00018592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-16 19:20 - 2013-12-16 19:19 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_enu.exe
2013-12-16 19:19 - 2009-07-14 06:13 - 00730448 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-16 19:13 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-16 19:12 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-16 19:12 - 2009-07-14 05:51 - 00064619 _____ C:\Windows\setupact.log
2013-12-16 19:12 - 2009-07-14 05:45 - 00413344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-15 21:12 - 2011-11-15 06:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-15 21:06 - 2013-08-15 11:03 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 21:06 - 2011-11-15 04:23 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-15 21:03 - 2013-12-15 20:55 - 00016284 _____ C:\Users\*****\Desktop\Addition.txt
2013-12-15 21:03 - 2013-12-15 20:51 - 00001845 _____ C:\Users\*****\Desktop\JRT.txt
2013-12-15 20:43 - 2013-12-15 20:43 - 00000000 ____D C:\Windows\ERUNT
2013-12-15 20:42 - 2013-12-15 20:42 - 01034531 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2013-12-15 20:36 - 2013-12-15 20:33 - 00000000 ____D C:\AdwCleaner
2013-12-15 20:27 - 2013-12-15 20:27 - 01226750 _____ C:\Users\*****\Downloads\adwcleaner.exe
2013-12-15 20:21 - 2011-11-15 04:55 - 00028954 _____ C:\Windows\PFRO.log
2013-12-15 20:20 - 2011-11-15 04:59 - 00000000 ___RD C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-15 19:49 - 2013-12-15 19:49 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-12-15 19:49 - 2013-12-15 19:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-15 19:48 - 2013-12-15 19:48 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-15 19:48 - 2013-12-15 19:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-15 19:46 - 2013-12-15 19:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-14 02:30 - 2013-12-14 02:26 - 00076516 _____ C:\OTL.Txt
2013-12-14 02:21 - 2011-11-15 04:59 - 00000000 ____D C:\Users\*****
2013-12-09 15:14 - 2011-11-30 10:37 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc
2013-12-09 13:21 - 2012-07-15 12:16 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3656519263-3072364745-1712417860-1000Core.job
2013-12-03 18:45 - 2013-12-03 18:45 - 00000000 ____D C:\Users\*****\Documents\Nachhilfe BO
2013-11-29 16:44 - 2013-05-17 10:48 - 00000000 ____D C:\Users\*****\Documents\Studitemps
2013-11-23 19:26 - 2013-12-15 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 18:47 - 2013-12-15 19:54 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-21 17:23 - 2012-04-18 21:44 - 00000000 ____D C:\Users\*****\AppData\Local\7BC0F0C3-7F11-4AA3-899B-F004A69C73A3.aplzod
2013-11-21 09:54 - 2011-12-05 17:16 - 00000000 ____D C:\Users\*****\Documents\Jobs
2013-11-19 22:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-19 11:21 - 2011-11-15 04:20 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-19 10:14 - 2011-11-16 00:44 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2013-11-19 09:56 - 2012-04-24 18:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-19 01:53 - 2012-05-03 09:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-19 01:53 - 2011-11-15 07:44 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-19 01:53 - 2011-11-15 07:44 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-18 20:23 - 2013-07-11 21:49 - 00000000 ____D C:\Users\*****\Documents\Banken
2013-11-16 11:45 - 2013-11-16 11:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\contentDATs.exe
C:\Users\*****\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\LMkRstPt.exe
C:\Users\*****\AppData\Local\Temp\nvAppBar.exe
C:\Users\*****\AppData\Local\Temp\nview.dll
C:\Users\*****\AppData\Local\Temp\nView64.dll
C:\Users\*****\AppData\Local\Temp\nViewSetup.exe
C:\Users\*****\AppData\Local\Temp\nvShell.dll
C:\Users\*****\AppData\Local\Temp\nvTaskBar.exe
C:\Users\*****\AppData\Local\Temp\nvwdmcpl.dll
C:\Users\*****\AppData\Local\Temp\nvwimg.dll
C:\Users\*****\AppData\Local\Temp\nvwimg64.dll
C:\Users\*****\AppData\Local\Temp\NVWRSAR.dll
C:\Users\*****\AppData\Local\Temp\NVWRSCS.dll
C:\Users\*****\AppData\Local\Temp\NVWRSDA.dll
C:\Users\*****\AppData\Local\Temp\NVWRSDE.dll
C:\Users\*****\AppData\Local\Temp\NVWRSEL.dll
C:\Users\*****\AppData\Local\Temp\NVWRSENG.dll
C:\Users\*****\AppData\Local\Temp\NVWRSENU.dll
C:\Users\*****\AppData\Local\Temp\NVWRSES.dll
C:\Users\*****\AppData\Local\Temp\NVWRSESM.dll
C:\Users\*****\AppData\Local\Temp\NVWRSFI.dll
C:\Users\*****\AppData\Local\Temp\NVWRSFR.dll
C:\Users\*****\AppData\Local\Temp\NVWRSHE.dll
C:\Users\*****\AppData\Local\Temp\NVWRSHU.dll
C:\Users\*****\AppData\Local\Temp\NVWRSIT.dll
C:\Users\*****\AppData\Local\Temp\NVWRSJA.dll
C:\Users\*****\AppData\Local\Temp\NVWRSKO.dll
C:\Users\*****\AppData\Local\Temp\NVWRSNL.dll
C:\Users\*****\AppData\Local\Temp\NVWRSNO.dll
C:\Users\*****\AppData\Local\Temp\NVWRSPL.dll
C:\Users\*****\AppData\Local\Temp\NVWRSPT.dll
C:\Users\*****\AppData\Local\Temp\NVWRSPTB.dll
C:\Users\*****\AppData\Local\Temp\NVWRSRU.dll
C:\Users\*****\AppData\Local\Temp\NVWRSSK.dll
C:\Users\*****\AppData\Local\Temp\NVWRSSL.dll
C:\Users\*****\AppData\Local\Temp\NVWRSSV.dll
C:\Users\*****\AppData\Local\Temp\NVWRSTH.dll
C:\Users\*****\AppData\Local\Temp\NVWRSTR.dll
C:\Users\*****\AppData\Local\Temp\NVWRSZHC.dll
C:\Users\*****\AppData\Local\Temp\NVWRSZHT.dll
C:\Users\*****\AppData\Local\Temp\nwiz.exe
C:\Users\*****\AppData\Local\Temp\ose00000.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\saUpg64.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\*****\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\*****\AppData\Local\Temp\WZCPlugin_VISTA.exe
C:\Users\*****\AppData\Local\Temp\_is2D31.exe
C:\Users\*****\AppData\Local\Temp\_is4CA.exe
C:\Users\*****\AppData\Local\Temp\_is4DBB.exe
C:\Users\*****\AppData\Local\Temp\_isB1DA.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-22 14:40
==================== End Of Log ============================
Danke schon einmal! Gruss |
|
17.12.2013, 12:10
| #12 |
| /// the machine /// TB-Ausbilder | AKM Trojaner hat meine Freundin erwischt Java und Adobe updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.12.2013, 20:17
| #13 |
| | AKM Trojaner hat meine Freundin erwischt Hi, Updates sind erfolgt, Firefox mit den entsprechenden Add-Ons verstärkt, Viren-Scanner installiert. Beim Durchlaufen von TFC gibt es jedoch ein kleines Problem: Beim Start (Rechtsklick & "Run as Administrator") klappt alles soweit, klicke dann auf Start und erhalte prompt die folgende Meldung: "Windows has encountered a critical error and will restart automatically in one Minute" Nach einer Minute startet das System tatsächlich von sich aus neu, ohne dass ich hier eine Eingreifmöglichkeit habe. TFC läuft folglich auch nicht komplett durch bzw. beim 6 Durchlauf wurde das Programm dann fertig. Beim ESET Log habe ich gesehen, dass er dort 2 Warnungen hatte. Könnte das damit zusammenhängen? Werde DelFix dann nach deiner Antwort einsetzen und die Programme entfernen. Gruß |
|
18.12.2013, 10:37
| #14 |
| /// the machine /// TB-Ausbilder | AKM Trojaner hat meine Freundin erwischt Nee das hängt nit zusammen. TFC nochmal versuchen, wenn es nicht geht dann: Löschen von Dateien mithilfe der Datenträgerbereinigung - Hilfe zu Microsoft*Windows How do I clear the Java cache?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.12.2013, 13:10
| #15 |
| | AKM Trojaner hat meine Freundin erwischt Hi, TFC wollte nicht, habe dann wie von dir verlinkt die Daten händisch bereinigt. Laptop schnurrt wieder wie am ersten Tag, vielen lieben Dank! Meine Freundin ist wieder glücklich und ich folglich auch wieder Nochmals danke und ein Frohes Fest und einen Guten Rutsch wünschen wir! |
|
| Themen zu AKM Trojaner hat meine Freundin erwischt |
| abgesicherte, abgesicherten, anschauen, bereits, community, einfach, hoffe, netzwerkverbindung, pup.optional.bandoo, pup.optional.bundle, pup.optional.opencandy, pup.optional.softonic, pup.optional.softonic.a, rechner, start, trojan.autoit, trojaner, youtube |
Linear-Darstellung
