| |
| |||||||
Log-Analyse und Auswertung: Bundestrojaner eingefangen - Widersprüchliche Aussagen der AntivirenprogrammeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.01.2014, 09:57
| #1 |
 |  Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme Hallo, wir haben uns auf dem einzigen Windows Rechner den BKA Trojaner eingefangen (Vermutlich über ein altes Acrobat Reader oder Java würde ich vermuten). Da sich der Rechner noch im abgesicherten Modus starten liess haben wir den Rechner wieder soweit bekommen das er wieder normal startet. Weder Hitman Pro, JRT, Avira, Avast oder Anti Malware finden noch irgendwas verdächtiges beim scannen. Hitman meckert wie zu erwarten über die anderen Virenprogramme aber ansonsten alles iO. Gescannt wurde sowohl im abgesicherten Modus als auch im normalen Windows Modus. RKILL ist der Meinung das alles iO ist. Zusätzlich hat Avast auch gescannt bevor Windows gestartet ist. Per Boot-CD liefen noch Avira, Clam-AV und Kasparsky. Alle ohne größere Befunde ("Defekte Archive" weil teilweise keine aktuellen RARs oder absichtlich passwortgesicherte Dateien geöffnet werden konnten, aber sonst alles gut). Soweit so schön. ABER: Stopzilla meckert bei jedem Scan DisableTaskMgr und DisableRegistryTools an. Nur sind diese Einträge nicht zu finden. Weder im normalen Windows, noch im abgesicherten Modus. Auch die Registry Editoren auf den Notfall-CDs der Anti-Virenhersteller finden diese Einträge nicht. Mach hier Stopzilla Mist, oder habe ich ein größere Problem? ... keine Ahnung ob dazu relevant und überhaupt in irgend einer Verbindung mit dem Virenbefall: Im abgesicherten Modus funktioniert ein Benutzerwechsel, im normalen Windows Modus wird der Bildschirm einfach nur schwarz. |
|
02.01.2014, 11:54
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
02.01.2014, 18:26
| #3 |
| | Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme Hallo,
__________________danke für die Tips. Hatte ich mir auch durchgelesen nur war ich weit weg vom Rechner.  frst.log FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2014 01
Ran by ***** (administrator) on COMPAQ on 02-01-2014 10:28:56
Running from D:\AV
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(COMODO.) C:\Program Files\COMODO\Time Machine\ClientService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SmarThru Office\BackUpSvr.exe
(COMODO.) C:\Program Files\COMODO\Time Machine\CTMTRAY.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-14] (IDT, Inc.)
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [699472 2012-05-04] ()
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [332288 2010-12-17] ()
HKLM\...\Run: [STO Backup Service] - C:\Program Files\SmarThru Office\BackUpSvr.exe [199760 2012-01-13] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [COMODO_TimeMachine] - C:\Program Files\COMODO\Time Machine\CTMTRAY.exe [4910904 2010-07-20] (COMODO.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-02] (AVAST Software)
HKLM\...\runonceex: [ContentMerger] - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
MountPoints2: D - D:\LaunchU3.exe -a
MountPoints2: {0ec2c14c-decd-11de-a1c8-806e6f6e6963} - F:\AUTORUN\AUTORUN.EXE
MountPoints2: {249ac206-4f40-11e2-b24d-0027133a0128} - D:\navi\ai12h32.exe
MountPoints2: {6aecf39a-74aa-11e1-bc5f-0027133a0128} - D:\LaunchU3.exe -a
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-07-16] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-07-16] (Hewlett-Packard)
BootExecute: autocheck autochk * bootdeletesdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - (No Name) - {90eee664-34b1-422a-a782-779af65cdf6d} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {E53F6B79-27AF-4ABE-9875-AA35CEC83E09} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {E53F6B79-27AF-4ABE-9875-AA35CEC83E09} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {90EEE664-34B1-422A-A782-779AF65CDF6D} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\f5funbj5.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @rim.com/npappworld - C:\Program Files\Research In Motion Limited\Browser-Plug-In für BlackBerry App World\npappworld.dll ()
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
========================== Services (Whitelisted) =================
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-02] (AVAST Software)
S4 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-05] (Microsoft Corp.)
R2 ClientService; C:\Program Files\COMODO\Time Machine\ClientService.exe [280888 2010-07-20] (COMODO.)
S4 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 Samsung Network Fax Server; C:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [176640 2012-03-23] (Samsung Electronics Co., Ltd.)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe [221266 2009-07-14] (IDT, Inc.)
S2 StartServer; C:\Program Files\AdvoluxJava\StartServer.exe [154112 2011-04-08] ()
==================== Drivers (Whitelisted) ====================
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-01-02] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [79720 2014-01-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-01-02] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [775952 2014-01-02] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [410528 2014-01-02] (AVAST Software)
R3 aswStm; C:\windows\system32\drivers\aswStm.sys [64168 2014-01-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2014-01-02] ()
R0 CTMFLT; C:\Windows\System32\Drivers\CTMFLT.sys [2097152 2010-07-19] ()
R0 CTMMOUNT; C:\Windows\System32\Drivers\CTMMOUNT.sys [2097152 2010-07-19] ()
R0 CTMSHD; C:\Windows\System32\Drivers\CTMSHD.sys [2097152 2010-07-19] ()
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [53184 2008-04-15] (FTDI Ltd.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-10-04] (GFI Software)
S3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [226080 2012-09-20] (GFI Software)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [95488 2012-09-12] (GFI Software)
R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [95488 2012-09-12] (GFI Software)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [94496 2012-09-20] (GFI Software)
S3 sbwtis; C:\Windows\System32\DRIVERS\sbwtis.sys [75552 2012-09-20] (GFI Software)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-07-02] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 gfiark; system32\drivers\gfiark.sys [x]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-02 10:14 - 2014-01-02 10:14 - 00000000 ____D C:\FRST
2014-01-02 10:11 - 2014-01-02 10:12 - 00000000 ___RD C:\Save
2014-01-02 01:04 - 2014-01-02 01:04 - 00064168 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-01-02 01:04 - 2014-01-02 01:04 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-01-02 01:04 - 2014-01-02 01:04 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVAST Software
2014-01-02 01:04 - 2014-01-02 00:47 - 00775952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-01-02 01:04 - 2014-01-02 00:47 - 00410528 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-01-02 01:04 - 2014-01-02 00:47 - 00270240 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-01-02 01:04 - 2014-01-02 00:47 - 00180248 _____ C:\windows\system32\Drivers\aswVmm.sys
2014-01-02 01:04 - 2014-01-02 00:47 - 00079720 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-01-02 01:04 - 2014-01-02 00:47 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-01-02 01:04 - 2014-01-02 00:47 - 00049944 _____ C:\windows\system32\Drivers\aswRvrt.sys
2014-01-02 00:47 - 2014-01-02 00:47 - 00043152 _____ (AVAST Software) C:\windows\avaED8B.tmp
2014-01-02 00:45 - 2014-01-02 00:45 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-02 00:43 - 2014-01-02 00:43 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-02 00:04 - 2014-01-02 00:04 - 91412976 _____ (AVAST Software) C:\Users\*****\Downloads\avast_free_antivirus_setup (1).exe
2014-01-01 23:47 - 2012-09-20 05:11 - 00094496 _____ (GFI Software) C:\windows\system32\Drivers\sbhips.sys
2014-01-01 23:46 - 2014-01-01 23:46 - 00000000 ____D C:\windows\system32\Drivers\VDD
2014-01-01 23:46 - 2012-09-20 05:11 - 00226080 _____ (GFI Software) C:\windows\system32\Drivers\SbFw.sys
2014-01-01 23:46 - 2012-09-12 20:19 - 00095488 _____ (GFI Software) C:\windows\system32\Drivers\SbFwIm.sys
2014-01-01 23:43 - 2014-01-02 00:01 - 00000000 ____D C:\ProgramData\ParetoLogic
2014-01-01 23:15 - 2014-01-01 23:15 - 00131072 ____N C:\windows\Minidump\010114-40373-01.dmp
2014-01-01 21:39 - 2014-01-01 21:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2014-01-01 21:39 - 2014-01-01 21:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2014-01-01 21:36 - 2014-01-01 21:36 - 00131072 ____N C:\windows\Minidump\010114-74272-01.dmp
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 ____D C:\Users\Administrator
2014-01-01 19:02 - 2014-01-01 12:07 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2014-01-01 19:02 - 2009-12-02 00:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ATI
2014-01-01 19:02 - 2009-12-02 00:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\ATI
2014-01-01 19:02 - 2009-07-27 08:37 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2014-01-01 19:02 - 2009-07-14 05:42 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-01 19:02 - 2009-07-14 05:37 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-01 19:00 - 2014-01-01 19:00 - 00131072 ____N C:\windows\Minidump\010114-61589-01.dmp
2014-01-01 18:54 - 2014-01-01 18:54 - 00131072 ____N C:\windows\Minidump\010114-62384-01.dmp
2014-01-01 16:57 - 2014-01-01 16:58 - 00260576 _____ C:\windows\msxml4-KB2758694-enu.LOG
2014-01-01 16:10 - 2014-01-01 16:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-01 16:10 - 2014-01-01 16:10 - 00000000 ____D C:\Program Files\Adobe
2014-01-01 15:22 - 2014-01-01 15:22 - 02434048 _____ C:\Users\*****\Downloads\msxml.msi
2014-01-01 13:20 - 2014-01-01 13:20 - 00104664 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-01 12:51 - 2014-01-01 12:51 - 00000000 ____D C:\Program Files\MSECache
2014-01-01 12:44 - 2014-01-01 12:44 - 00000000 ___RD C:\Program Files\Skype
2014-01-01 12:44 - 2014-01-01 12:44 - 00000000 ____D C:\Program Files\Common Files\Skype
2014-01-01 12:39 - 2014-01-01 17:32 - 00000000 ____D C:\Users\*****\AppData\Roaming\HpUpdate
2014-01-01 12:28 - 2014-01-01 12:29 - 00000000 ____D C:\Program Files\OpenOffice 4
2014-01-01 12:17 - 2014-01-01 12:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-01 12:17 - 2014-01-01 12:17 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-01 12:07 - 2014-01-01 12:07 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe
2014-01-01 12:07 - 2014-01-01 12:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe
2014-01-01 11:56 - 2014-01-01 11:56 - 00000000 ____D C:\windows\system32\Adobe
2014-01-01 11:55 - 2014-01-01 11:55 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-01-01 11:55 - 2014-01-01 11:55 - 00000000 ____D C:\Program Files\Java
2014-01-01 00:39 - 2014-01-02 10:24 - 00065536 _____ C:\windows\system32\Ikeext.etl
2013-12-31 23:04 - 2013-12-31 23:04 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-31 22:49 - 2014-01-01 17:26 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-31 22:30 - 2013-12-31 22:30 - 00000000 ____D C:\windows\ERUNT
2013-12-31 22:29 - 2014-01-01 16:35 - 00000000 ____D C:\AdwCleaner
2013-12-31 19:07 - 2013-12-31 19:07 - 00003280 ____N C:\bootsqm.dat
2013-12-31 19:04 - 2013-12-31 19:04 - 00000000 __SHD C:\found.000
2013-12-31 14:00 - 2013-12-31 14:00 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-12-31 13:59 - 2014-01-01 15:40 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-31 13:59 - 2013-12-31 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-31 13:58 - 2013-12-31 13:58 - 00029892 _____ C:\windows\system32\.crusader
2013-12-31 13:44 - 2013-12-31 13:58 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-31 13:43 - 2013-12-31 13:43 - 00000000 ____D C:\Users\*****\AppData\Local\Secunia PSI
2013-12-31 13:43 - 2013-12-31 13:43 - 00000000 ____D C:\Program Files\Secunia
2013-12-30 19:11 - 2013-12-31 13:38 - 00000000 ____D C:\windows\system32\MpEngineStore
2013-12-30 17:26 - 2013-12-30 17:28 - 92646672 _____ (Microsoft Corporation) C:\Users\*****\Downloads\msert.exe
2013-12-30 17:21 - 2013-12-30 17:23 - 91412976 _____ (AVAST Software) C:\Users\*****\Downloads\avast_free_antivirus_setup.exe
2013-12-12 10:43 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-12 10:43 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-12 10:42 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-12 10:42 - 2013-10-25 05:45 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-12 10:42 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-12 10:42 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-12 10:42 - 2013-10-25 04:41 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-12 10:42 - 2013-10-25 03:49 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-12-12 09:09 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-12 09:09 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-12 09:09 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-12 09:09 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-12 09:09 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-12 09:09 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-12 09:09 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-12 09:09 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-12 09:09 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-12 09:09 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-12 09:09 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-10 11:45 - 2014-01-01 23:38 - 00029374 _____ C:\windows\IE11_main.log
==================== One Month Modified Files and Folders =======
2014-01-02 10:24 - 2014-01-01 00:39 - 00065536 _____ C:\windows\system32\Ikeext.etl
2014-01-02 10:24 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-02 10:24 - 2009-07-14 05:39 - 00171508 _____ C:\windows\setupact.log
2014-01-02 10:21 - 2009-12-02 00:01 - 01326722 _____ C:\windows\WindowsUpdate.log
2014-01-02 10:18 - 2009-07-14 03:37 - 00000000 ____D C:\windows\tracing
2014-01-02 10:14 - 2014-01-02 10:14 - 00000000 ____D C:\FRST
2014-01-02 10:12 - 2014-01-02 10:11 - 00000000 ___RD C:\Save
2014-01-02 10:12 - 2009-07-14 05:34 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-02 10:12 - 2009-07-14 05:34 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-02 10:03 - 2009-12-01 18:36 - 00402504 _____ C:\windows\PFRO.log
2014-01-02 07:46 - 2013-04-07 08:10 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-02 01:04 - 2014-01-02 01:04 - 00064168 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-01-02 01:04 - 2014-01-02 01:04 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-01-02 01:04 - 2014-01-02 01:04 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVAST Software
2014-01-02 00:47 - 2014-01-02 01:04 - 00775952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-01-02 00:47 - 2014-01-02 01:04 - 00410528 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-01-02 00:47 - 2014-01-02 01:04 - 00270240 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-01-02 00:47 - 2014-01-02 01:04 - 00180248 _____ C:\windows\system32\Drivers\aswVmm.sys
2014-01-02 00:47 - 2014-01-02 01:04 - 00079720 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-01-02 00:47 - 2014-01-02 01:04 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-01-02 00:47 - 2014-01-02 01:04 - 00049944 _____ C:\windows\system32\Drivers\aswRvrt.sys
2014-01-02 00:47 - 2014-01-02 00:47 - 00043152 _____ (AVAST Software) C:\windows\avaED8B.tmp
2014-01-02 00:45 - 2014-01-02 00:45 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-02 00:43 - 2014-01-02 00:43 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-02 00:10 - 2012-09-22 18:55 - 00000000 ____D C:\ProgramData\Avira
2014-01-02 00:04 - 2014-01-02 00:04 - 91412976 _____ (AVAST Software) C:\Users\*****\Downloads\avast_free_antivirus_setup (1).exe
2014-01-02 00:01 - 2014-01-01 23:43 - 00000000 ____D C:\ProgramData\ParetoLogic
2014-01-01 23:46 - 2014-01-01 23:46 - 00000000 ____D C:\windows\system32\Drivers\VDD
2014-01-01 23:46 - 2009-09-09 09:51 - 01677752 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-01 23:38 - 2013-12-10 11:45 - 00029374 _____ C:\windows\IE11_main.log
2014-01-01 23:15 - 2014-01-01 23:15 - 00131072 ____N C:\windows\Minidump\010114-40373-01.dmp
2014-01-01 23:15 - 2010-01-11 08:52 - 00000000 ____D C:\windows\Minidump
2014-01-01 21:39 - 2014-01-01 21:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2014-01-01 21:39 - 2014-01-01 21:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2014-01-01 21:36 - 2014-01-01 21:36 - 00131072 ____N C:\windows\Minidump\010114-74272-01.dmp
2014-01-01 19:21 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 ____D C:\Users\Administrator
2014-01-01 19:00 - 2014-01-01 19:00 - 00131072 ____N C:\windows\Minidump\010114-61589-01.dmp
2014-01-01 18:54 - 2014-01-01 18:54 - 00131072 ____N C:\windows\Minidump\010114-62384-01.dmp
2014-01-01 17:32 - 2014-01-01 12:39 - 00000000 ____D C:\Users\*****\AppData\Roaming\HpUpdate
2014-01-01 17:26 - 2013-12-31 22:49 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2014-01-01 17:24 - 2013-10-04 01:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-01 17:11 - 2009-12-02 18:15 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-01 16:58 - 2014-01-01 16:57 - 00260576 _____ C:\windows\msxml4-KB2758694-enu.LOG
2014-01-01 16:39 - 2010-01-25 18:02 - 00000000 ____D C:\ProgramData\Adobe
2014-01-01 16:36 - 2013-10-09 06:05 - 00000079 _____ C:\windows\wininit.ini
2014-01-01 16:36 - 2010-08-21 21:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-01 16:36 - 2009-12-01 18:19 - 00000000 ____D C:\Users\*****\AppData\Roaming\Adobe
2014-01-01 16:35 - 2013-12-31 22:29 - 00000000 ____D C:\AdwCleaner
2014-01-01 16:11 - 2010-01-25 18:03 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2014-01-01 16:10 - 2014-01-01 16:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-01 16:10 - 2014-01-01 16:10 - 00000000 ____D C:\Program Files\Adobe
2014-01-01 15:53 - 2013-10-04 00:24 - 00000000 ____D C:\Program Files\Lavasoft
2014-01-01 15:40 - 2013-12-31 13:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-01 15:24 - 2009-12-01 19:03 - 00000000 ____D C:\Program Files\MSXML 4.0
2014-01-01 15:22 - 2014-01-01 15:22 - 02434048 _____ C:\Users\*****\Downloads\msxml.msi
2014-01-01 14:51 - 2009-07-14 05:33 - 00507416 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-01 14:45 - 2012-04-15 11:15 - 00000000 ____D C:\Users\*****\AppData\Roaming\Skype
2014-01-01 14:01 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Microsoft.NET
2014-01-01 13:20 - 2014-01-01 13:20 - 00104664 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-01 12:51 - 2014-01-01 12:51 - 00000000 ____D C:\Program Files\MSECache
2014-01-01 12:44 - 2014-01-01 12:44 - 00000000 ___RD C:\Program Files\Skype
2014-01-01 12:44 - 2014-01-01 12:44 - 00000000 ____D C:\Program Files\Common Files\Skype
2014-01-01 12:44 - 2012-04-15 11:15 - 00000000 ____D C:\ProgramData\Skype
2014-01-01 12:40 - 2012-07-15 10:56 - 00000000 ____D C:\Program Files\HP
2014-01-01 12:38 - 2009-09-09 10:22 - 00000000 ____D C:\windows\Hewlett-Packard
2014-01-01 12:37 - 2009-12-01 17:40 - 00141104 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-01 12:29 - 2014-01-01 12:28 - 00000000 ____D C:\Program Files\OpenOffice 4
2014-01-01 12:28 - 2011-07-04 18:09 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2014-01-01 12:18 - 2014-01-01 12:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-01 12:18 - 2010-08-21 21:52 - 00001033 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-01 12:17 - 2014-01-01 12:17 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-01 12:17 - 2010-08-21 21:52 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-01 12:07 - 2014-01-01 19:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2014-01-01 12:07 - 2014-01-01 12:07 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe
2014-01-01 12:07 - 2014-01-01 12:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe
2014-01-01 11:56 - 2014-01-01 11:56 - 00000000 ____D C:\windows\system32\Adobe
2014-01-01 11:55 - 2014-01-01 11:55 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-01-01 11:55 - 2014-01-01 11:55 - 00000000 ____D C:\Program Files\Java
2014-01-01 11:54 - 2009-12-01 18:15 - 00000000 ____D C:\windows\system32\appmgmt
2013-12-31 23:04 - 2013-12-31 23:04 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-31 22:49 - 2013-10-04 00:20 - 00000644 _____ C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-12-31 22:49 - 2013-10-04 00:20 - 00000616 _____ C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-12-31 22:49 - 2013-10-04 00:20 - 00000446 _____ C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-12-31 22:32 - 2011-04-05 18:09 - 00000000 ____D C:\ProgramData\ICQ
2013-12-31 22:30 - 2013-12-31 22:30 - 00000000 ____D C:\windows\ERUNT
2013-12-31 19:07 - 2013-12-31 19:07 - 00003280 ____N C:\bootsqm.dat
2013-12-31 19:04 - 2013-12-31 19:04 - 00000000 __SHD C:\found.000
2013-12-31 14:00 - 2013-12-31 14:00 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-12-31 13:59 - 2013-12-31 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-31 13:58 - 2013-12-31 13:58 - 00029892 _____ C:\windows\system32\.crusader
2013-12-31 13:58 - 2013-12-31 13:44 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-31 13:43 - 2013-12-31 13:43 - 00000000 ____D C:\Users\*****\AppData\Local\Secunia PSI
2013-12-31 13:43 - 2013-12-31 13:43 - 00000000 ____D C:\Program Files\Secunia
2013-12-31 13:38 - 2013-12-30 19:11 - 00000000 ____D C:\windows\system32\MpEngineStore
2013-12-31 13:38 - 2010-06-16 10:55 - 00047104 ___SH C:\Users\*****\Thumbs.db
2013-12-30 17:28 - 2013-12-30 17:26 - 92646672 _____ (Microsoft Corporation) C:\Users\*****\Downloads\msert.exe
2013-12-30 17:23 - 2013-12-30 17:21 - 91412976 _____ (AVAST Software) C:\Users\*****\Downloads\avast_free_antivirus_setup.exe
2013-12-30 17:01 - 2013-10-04 07:04 - 00000000 ____D C:\Program Files\CCleaner
2013-12-15 13:48 - 2009-07-14 03:37 - 00000000 ____D C:\windows\rescache
2013-12-15 10:51 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\de-DE
2013-12-12 10:52 - 2009-07-14 03:04 - 00000562 _____ C:\windows\win.ini
2013-12-12 10:49 - 2013-07-18 10:10 - 00000000 ____D C:\windows\system32\MRT
2013-12-12 10:44 - 2009-12-01 18:28 - 88123800 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-11 09:46 - 2012-06-27 07:00 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-12-11 09:46 - 2012-06-27 07:00 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\install_reader11_de_gtbd_chrd_dn_aaa_aih.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-30 08:53
==================== End Of Log ============================
gmer.log Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit quick scan 2014-01-02 10:36:43
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 rev. 0,00MB
Running: gmer_2.1.19163.exe; Driver: C:\Users\*****\AppData\Local\Temp\uxldqpoc.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwEnumerateKey [0x830A4DE0]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwEnumerateValueKey [0x830A7246]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryDirectoryFile [0x83071F82]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQuerySystemInformation [0x8306DF45]
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\Ntfs \Ntfs CTMFLT.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat CTMFLT.sys
AttachedDevice \Driver\tdx \Device\Ip SbFw.sys
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys
AttachedDevice \Driver\tdx \Device\Tcp SbFw.sys
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys
AttachedDevice \Driver\tdx \Device\Udp SbFw.sys
AttachedDevice \Driver\tdx \Device\RawIp SbFw.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
---- Services - GMER 2.1 ----
Service C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (*** hidden *** ) [AUTO] !SASCORE <-- ROOTKIT !!!
Service system32\DRIVERS\avgntflt.sys (*** hidden *** ) [AUTO] avgntflt <-- ROOTKIT !!!
Service system32\DRIVERS\avipbb.sys (*** hidden *** ) [SYSTEM] avipbb <-- ROOTKIT !!!
Service system32\DRIVERS\avkmgr.sys (*** hidden *** ) [SYSTEM] avkmgr <-- ROOTKIT !!!
Service C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (*** hidden *** ) [MANUAL] hpqcxs08 <-- ROOTKIT !!!
Service C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (*** hidden *** ) [AUTO] hpqddsvc <-- ROOTKIT !!!
Service system32\drivers\is3srv.sys (*** hidden *** ) [BOOT] is3srv <-- ROOTKIT !!!
Service system32\DRIVERS\ssmdrv.sys (*** hidden *** ) [SYSTEM] ssmdrv <-- ROOTKIT !!!
Service system32\DRIVERS\szkg.sys (*** hidden *** ) [BOOT] szkg5 <-- ROOTKIT !!!
Service system32\drivers\szkgfs.sys (*** hidden *** ) [BOOT] szkgfs <-- ROOTKIT !!!
---- EOF - GMER 2.1 ----
Ein additional hat er nicht angezeigt (vielleicht war ich auch nur zu blöd ;( ). Alte Logs habe ich leider nicht mehr da die per Boot-CD ja nirgends gespeichert werden und ich eigentlich guter Hoffnung war das ganze so loszuwerden. |
|
03.01.2014, 11:43
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundestrojaner eingefangen - Widersprüchliche Aussagen der AntivirenprogrammeZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.01.2014, 15:12
| #5 |
| | Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme ... so dann hier die beiden logs. FRST: Code:
ATTFilter can result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-01-2014 01
Ran by ***** (administrator) on COMPAQ on 03-01-2014 15:04:35
Running from D:\AV
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(COMODO.) C:\Program Files\COMODO\Time Machine\ClientService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SmarThru Office\BackUpSvr.exe
(COMODO.) C:\Program Files\COMODO\Time Machine\CTMTRAY.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-14] (IDT, Inc.)
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [699472 2012-05-04] ()
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [332288 2010-12-17] ()
HKLM\...\Run: [STO Backup Service] - C:\Program Files\SmarThru Office\BackUpSvr.exe [199760 2012-01-13] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [COMODO_TimeMachine] - C:\Program Files\COMODO\Time Machine\CTMTRAY.exe [4910904 2010-07-20] (COMODO.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-02] (AVAST Software)
HKLM\...\runonceex: [ContentMerger] - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
MountPoints2: D - D:\LaunchU3.exe -a
MountPoints2: {0ec2c14c-decd-11de-a1c8-806e6f6e6963} - F:\AUTORUN\AUTORUN.EXE
MountPoints2: {249ac206-4f40-11e2-b24d-0027133a0128} - D:\navi\ai12h32.exe
MountPoints2: {6aecf39a-74aa-11e1-bc5f-0027133a0128} - D:\LaunchU3.exe -a
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-07-16] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-07-16] (Hewlett-Packard)
BootExecute: autocheck autochk * bootdeletesdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - (No Name) - {90eee664-34b1-422a-a782-779af65cdf6d} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {E53F6B79-27AF-4ABE-9875-AA35CEC83E09} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {E53F6B79-27AF-4ABE-9875-AA35CEC83E09} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {90EEE664-34B1-422A-A782-779AF65CDF6D} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\f5funbj5.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @rim.com/npappworld - C:\Program Files\Research In Motion Limited\Browser-Plug-In für BlackBerry App World\npappworld.dll ()
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
========================== Services (Whitelisted) =================
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-02] (AVAST Software)
S4 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-05] (Microsoft Corp.)
R2 ClientService; C:\Program Files\COMODO\Time Machine\ClientService.exe [280888 2010-07-20] (COMODO.)
S4 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 Samsung Network Fax Server; C:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [176640 2012-03-23] (Samsung Electronics Co., Ltd.)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe [221266 2009-07-14] (IDT, Inc.)
S2 StartServer; C:\Program Files\AdvoluxJava\StartServer.exe [154112 2011-04-08] ()
==================== Drivers (Whitelisted) ====================
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-01-02] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [79720 2014-01-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-01-02] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [775952 2014-01-02] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [410528 2014-01-02] (AVAST Software)
R3 aswStm; C:\windows\system32\drivers\aswStm.sys [64168 2014-01-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2014-01-02] ()
R0 CTMFLT; C:\Windows\System32\Drivers\CTMFLT.sys [2097152 2010-07-19] ()
R0 CTMMOUNT; C:\Windows\System32\Drivers\CTMMOUNT.sys [2097152 2010-07-19] ()
R0 CTMSHD; C:\Windows\System32\Drivers\CTMSHD.sys [2097152 2010-07-19] ()
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [53184 2008-04-15] (FTDI Ltd.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-10-04] (GFI Software)
S3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [226080 2012-09-20] (GFI Software)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [95488 2012-09-12] (GFI Software)
R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [95488 2012-09-12] (GFI Software)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [94496 2012-09-20] (GFI Software)
S3 sbwtis; C:\Windows\System32\DRIVERS\sbwtis.sys [75552 2012-09-20] (GFI Software)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-07-02] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 gfiark; system32\drivers\gfiark.sys [x]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-02 18:20 - 2014-01-02 18:20 - 00131072 ____N C:\windows\Minidump\010214-44756-01.dmp
2014-01-02 10:14 - 2014-01-03 15:04 - 00000000 ____D C:\FRST
2014-01-02 10:11 - 2014-01-02 10:12 - 00000000 ___RD C:\Save
2014-01-02 01:04 - 2014-01-02 01:04 - 00064168 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-01-02 01:04 - 2014-01-02 01:04 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-01-02 01:04 - 2014-01-02 01:04 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVAST Software
2014-01-02 01:04 - 2014-01-02 00:47 - 00775952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-01-02 01:04 - 2014-01-02 00:47 - 00410528 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-01-02 01:04 - 2014-01-02 00:47 - 00270240 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-01-02 01:04 - 2014-01-02 00:47 - 00180248 _____ C:\windows\system32\Drivers\aswVmm.sys
2014-01-02 01:04 - 2014-01-02 00:47 - 00079720 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-01-02 01:04 - 2014-01-02 00:47 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-01-02 01:04 - 2014-01-02 00:47 - 00049944 _____ C:\windows\system32\Drivers\aswRvrt.sys
2014-01-02 00:47 - 2014-01-02 00:47 - 00043152 _____ (AVAST Software) C:\windows\avaED8B.tmp
2014-01-02 00:45 - 2014-01-02 00:45 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-02 00:43 - 2014-01-02 00:43 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-02 00:04 - 2014-01-02 00:04 - 91412976 _____ (AVAST Software) C:\Users\*****\Downloads\avast_free_antivirus_setup (1).exe
2014-01-01 23:47 - 2012-09-20 05:11 - 00094496 _____ (GFI Software) C:\windows\system32\Drivers\sbhips.sys
2014-01-01 23:46 - 2014-01-01 23:46 - 00000000 ____D C:\windows\system32\Drivers\VDD
2014-01-01 23:46 - 2012-09-20 05:11 - 00226080 _____ (GFI Software) C:\windows\system32\Drivers\SbFw.sys
2014-01-01 23:46 - 2012-09-12 20:19 - 00095488 _____ (GFI Software) C:\windows\system32\Drivers\SbFwIm.sys
2014-01-01 23:43 - 2014-01-02 00:01 - 00000000 ____D C:\ProgramData\ParetoLogic
2014-01-01 23:15 - 2014-01-01 23:15 - 00131072 ____N C:\windows\Minidump\010114-40373-01.dmp
2014-01-01 21:39 - 2014-01-01 21:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2014-01-01 21:39 - 2014-01-01 21:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2014-01-01 21:36 - 2014-01-01 21:36 - 00131072 ____N C:\windows\Minidump\010114-74272-01.dmp
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 ____D C:\Users\Administrator
2014-01-01 19:02 - 2014-01-01 12:07 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2014-01-01 19:02 - 2009-12-02 00:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ATI
2014-01-01 19:02 - 2009-12-02 00:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\ATI
2014-01-01 19:02 - 2009-07-27 08:37 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2014-01-01 19:02 - 2009-07-14 05:42 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-01 19:02 - 2009-07-14 05:37 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-01 19:00 - 2014-01-01 19:00 - 00131072 ____N C:\windows\Minidump\010114-61589-01.dmp
2014-01-01 18:54 - 2014-01-01 18:54 - 00131072 ____N C:\windows\Minidump\010114-62384-01.dmp
2014-01-01 16:57 - 2014-01-01 16:58 - 00260576 _____ C:\windows\msxml4-KB2758694-enu.LOG
2014-01-01 16:10 - 2014-01-01 16:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-01 16:10 - 2014-01-01 16:10 - 00000000 ____D C:\Program Files\Adobe
2014-01-01 15:22 - 2014-01-01 15:22 - 02434048 _____ C:\Users\*****\Downloads\msxml.msi
2014-01-01 13:20 - 2014-01-01 13:20 - 00104664 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-01 12:51 - 2014-01-01 12:51 - 00000000 ____D C:\Program Files\MSECache
2014-01-01 12:44 - 2014-01-01 12:44 - 00000000 ___RD C:\Program Files\Skype
2014-01-01 12:44 - 2014-01-01 12:44 - 00000000 ____D C:\Program Files\Common Files\Skype
2014-01-01 12:39 - 2014-01-01 17:32 - 00000000 ____D C:\Users\*****\AppData\Roaming\HpUpdate
2014-01-01 12:28 - 2014-01-01 12:29 - 00000000 ____D C:\Program Files\OpenOffice 4
2014-01-01 12:17 - 2014-01-01 12:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-01 12:17 - 2014-01-01 12:17 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-01 12:07 - 2014-01-01 12:07 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe
2014-01-01 12:07 - 2014-01-01 12:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe
2014-01-01 11:56 - 2014-01-01 11:56 - 00000000 ____D C:\windows\system32\Adobe
2014-01-01 11:55 - 2014-01-01 11:55 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-01-01 11:55 - 2014-01-01 11:55 - 00000000 ____D C:\Program Files\Java
2014-01-01 00:39 - 2014-01-03 12:49 - 00065536 _____ C:\windows\system32\Ikeext.etl
2013-12-31 23:04 - 2013-12-31 23:04 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-31 22:49 - 2014-01-01 17:26 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-31 22:30 - 2013-12-31 22:30 - 00000000 ____D C:\windows\ERUNT
2013-12-31 22:29 - 2014-01-01 16:35 - 00000000 ____D C:\AdwCleaner
2013-12-31 19:04 - 2013-12-31 19:04 - 00000000 __SHD C:\found.000
2013-12-31 14:00 - 2013-12-31 14:00 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-12-31 13:59 - 2014-01-01 15:40 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-31 13:59 - 2013-12-31 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-31 13:58 - 2013-12-31 13:58 - 00029892 _____ C:\windows\system32\.crusader
2013-12-31 13:44 - 2013-12-31 13:58 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-31 13:43 - 2013-12-31 13:43 - 00000000 ____D C:\Users\*****\AppData\Local\Secunia PSI
2013-12-31 13:43 - 2013-12-31 13:43 - 00000000 ____D C:\Program Files\Secunia
2013-12-30 19:11 - 2013-12-31 13:38 - 00000000 ____D C:\windows\system32\MpEngineStore
2013-12-30 17:26 - 2013-12-30 17:28 - 92646672 _____ (Microsoft Corporation) C:\Users\*****\Downloads\msert.exe
2013-12-30 17:21 - 2013-12-30 17:23 - 91412976 _____ (AVAST Software) C:\Users\*****\Downloads\avast_free_antivirus_setup.exe
2013-12-12 10:43 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-12 10:43 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-12 10:42 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-12 10:42 - 2013-10-25 05:45 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-12 10:42 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-12 10:42 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-12 10:42 - 2013-10-25 05:43 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-12 10:42 - 2013-10-25 04:41 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-12 10:42 - 2013-10-25 03:49 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-12-12 09:09 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-12 09:09 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-12 09:09 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-12 09:09 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-12 09:09 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-12 09:09 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-12 09:09 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-12 09:09 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-12 09:09 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-12 09:09 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-12 09:09 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-10 11:45 - 2014-01-02 10:43 - 00033527 _____ C:\windows\IE11_main.log
==================== One Month Modified Files and Folders =======
2014-01-03 15:04 - 2014-01-02 10:14 - 00000000 ____D C:\FRST
2014-01-03 15:03 - 2009-12-02 00:01 - 01384765 _____ C:\windows\WindowsUpdate.log
2014-01-03 15:02 - 2013-04-07 08:10 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-03 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\windows\tracing
2014-01-03 12:58 - 2009-07-14 05:34 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 12:58 - 2009-07-14 05:34 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-03 12:49 - 2014-01-01 00:39 - 00065536 _____ C:\windows\system32\Ikeext.etl
2014-01-03 12:49 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-03 12:49 - 2009-07-14 05:39 - 00171676 _____ C:\windows\setupact.log
2014-01-02 18:20 - 2014-01-02 18:20 - 00131072 ____N C:\windows\Minidump\010214-44756-01.dmp
2014-01-02 18:20 - 2010-01-11 08:52 - 00000000 ____D C:\windows\Minidump
2014-01-02 10:43 - 2013-12-10 11:45 - 00033527 _____ C:\windows\IE11_main.log
2014-01-02 10:12 - 2014-01-02 10:11 - 00000000 ___RD C:\Save
2014-01-02 10:03 - 2009-12-01 18:36 - 00402504 _____ C:\windows\PFRO.log
2014-01-02 01:04 - 2014-01-02 01:04 - 00064168 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-01-02 01:04 - 2014-01-02 01:04 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-01-02 01:04 - 2014-01-02 01:04 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVAST Software
2014-01-02 00:47 - 2014-01-02 01:04 - 00775952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-01-02 00:47 - 2014-01-02 01:04 - 00410528 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-01-02 00:47 - 2014-01-02 01:04 - 00270240 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-01-02 00:47 - 2014-01-02 01:04 - 00180248 _____ C:\windows\system32\Drivers\aswVmm.sys
2014-01-02 00:47 - 2014-01-02 01:04 - 00079720 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-01-02 00:47 - 2014-01-02 01:04 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-01-02 00:47 - 2014-01-02 01:04 - 00049944 _____ C:\windows\system32\Drivers\aswRvrt.sys
2014-01-02 00:47 - 2014-01-02 00:47 - 00043152 _____ (AVAST Software) C:\windows\avaED8B.tmp
2014-01-02 00:45 - 2014-01-02 00:45 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-02 00:43 - 2014-01-02 00:43 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-02 00:10 - 2012-09-22 18:55 - 00000000 ____D C:\ProgramData\Avira
2014-01-02 00:04 - 2014-01-02 00:04 - 91412976 _____ (AVAST Software) C:\Users\*****\Downloads\avast_free_antivirus_setup (1).exe
2014-01-02 00:01 - 2014-01-01 23:43 - 00000000 ____D C:\ProgramData\ParetoLogic
2014-01-01 23:46 - 2014-01-01 23:46 - 00000000 ____D C:\windows\system32\Drivers\VDD
2014-01-01 23:46 - 2009-09-09 09:51 - 01677752 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-01 23:15 - 2014-01-01 23:15 - 00131072 ____N C:\windows\Minidump\010114-40373-01.dmp
2014-01-01 21:39 - 2014-01-01 21:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2014-01-01 21:39 - 2014-01-01 21:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2014-01-01 21:36 - 2014-01-01 21:36 - 00131072 ____N C:\windows\Minidump\010114-74272-01.dmp
2014-01-01 19:21 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2014-01-01 19:02 - 2014-01-01 19:02 - 00000000 ____D C:\Users\Administrator
2014-01-01 19:00 - 2014-01-01 19:00 - 00131072 ____N C:\windows\Minidump\010114-61589-01.dmp
2014-01-01 18:54 - 2014-01-01 18:54 - 00131072 ____N C:\windows\Minidump\010114-62384-01.dmp
2014-01-01 17:32 - 2014-01-01 12:39 - 00000000 ____D C:\Users\*****\AppData\Roaming\HpUpdate
2014-01-01 17:26 - 2013-12-31 22:49 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2014-01-01 17:24 - 2013-10-04 01:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-01 17:11 - 2009-12-02 18:15 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-01 16:58 - 2014-01-01 16:57 - 00260576 _____ C:\windows\msxml4-KB2758694-enu.LOG
2014-01-01 16:39 - 2010-01-25 18:02 - 00000000 ____D C:\ProgramData\Adobe
2014-01-01 16:36 - 2013-10-09 06:05 - 00000079 _____ C:\windows\wininit.ini
2014-01-01 16:36 - 2010-08-21 21:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-01 16:36 - 2009-12-01 18:19 - 00000000 ____D C:\Users\*****\AppData\Roaming\Adobe
2014-01-01 16:35 - 2013-12-31 22:29 - 00000000 ____D C:\AdwCleaner
2014-01-01 16:11 - 2010-01-25 18:03 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2014-01-01 16:10 - 2014-01-01 16:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-01 16:10 - 2014-01-01 16:10 - 00000000 ____D C:\Program Files\Adobe
2014-01-01 15:53 - 2013-10-04 00:24 - 00000000 ____D C:\Program Files\Lavasoft
2014-01-01 15:40 - 2013-12-31 13:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-01 15:24 - 2009-12-01 19:03 - 00000000 ____D C:\Program Files\MSXML 4.0
2014-01-01 15:22 - 2014-01-01 15:22 - 02434048 _____ C:\Users\*****\Downloads\msxml.msi
2014-01-01 14:51 - 2009-07-14 05:33 - 00507416 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-01 14:45 - 2012-04-15 11:15 - 00000000 ____D C:\Users\*****\AppData\Roaming\Skype
2014-01-01 14:01 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Microsoft.NET
2014-01-01 13:20 - 2014-01-01 13:20 - 00104664 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-01 12:51 - 2014-01-01 12:51 - 00000000 ____D C:\Program Files\MSECache
2014-01-01 12:44 - 2014-01-01 12:44 - 00000000 ___RD C:\Program Files\Skype
2014-01-01 12:44 - 2014-01-01 12:44 - 00000000 ____D C:\Program Files\Common Files\Skype
2014-01-01 12:44 - 2012-04-15 11:15 - 00000000 ____D C:\ProgramData\Skype
2014-01-01 12:40 - 2012-07-15 10:56 - 00000000 ____D C:\Program Files\HP
2014-01-01 12:38 - 2009-09-09 10:22 - 00000000 ____D C:\windows\Hewlett-Packard
2014-01-01 12:37 - 2009-12-01 17:40 - 00141104 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-01 12:29 - 2014-01-01 12:28 - 00000000 ____D C:\Program Files\OpenOffice 4
2014-01-01 12:28 - 2011-07-04 18:09 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2014-01-01 12:18 - 2014-01-01 12:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-01 12:18 - 2010-08-21 21:52 - 00001033 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-01 12:17 - 2014-01-01 12:17 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-01 12:17 - 2010-08-21 21:52 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-01 12:07 - 2014-01-01 19:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2014-01-01 12:07 - 2014-01-01 12:07 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe
2014-01-01 12:07 - 2014-01-01 12:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe
2014-01-01 11:56 - 2014-01-01 11:56 - 00000000 ____D C:\windows\system32\Adobe
2014-01-01 11:55 - 2014-01-01 11:55 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-01-01 11:55 - 2014-01-01 11:55 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-01-01 11:55 - 2014-01-01 11:55 - 00000000 ____D C:\Program Files\Java
2014-01-01 11:54 - 2009-12-01 18:15 - 00000000 ____D C:\windows\system32\appmgmt
2013-12-31 23:04 - 2013-12-31 23:04 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-31 22:49 - 2013-10-04 00:20 - 00000644 _____ C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-12-31 22:49 - 2013-10-04 00:20 - 00000616 _____ C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-12-31 22:49 - 2013-10-04 00:20 - 00000446 _____ C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-12-31 22:32 - 2011-04-05 18:09 - 00000000 ____D C:\ProgramData\ICQ
2013-12-31 22:30 - 2013-12-31 22:30 - 00000000 ____D C:\windows\ERUNT
2013-12-31 19:04 - 2013-12-31 19:04 - 00000000 __SHD C:\found.000
2013-12-31 14:00 - 2013-12-31 14:00 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-12-31 13:59 - 2013-12-31 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-31 13:58 - 2013-12-31 13:58 - 00029892 _____ C:\windows\system32\.crusader
2013-12-31 13:58 - 2013-12-31 13:44 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-31 13:43 - 2013-12-31 13:43 - 00000000 ____D C:\Users\*****\AppData\Local\Secunia PSI
2013-12-31 13:43 - 2013-12-31 13:43 - 00000000 ____D C:\Program Files\Secunia
2013-12-31 13:38 - 2013-12-30 19:11 - 00000000 ____D C:\windows\system32\MpEngineStore
2013-12-31 13:38 - 2010-06-16 10:55 - 00047104 ___SH C:\Users\*****\Thumbs.db
2013-12-30 17:28 - 2013-12-30 17:26 - 92646672 _____ (Microsoft Corporation) C:\Users\*****\Downloads\msert.exe
2013-12-30 17:23 - 2013-12-30 17:21 - 91412976 _____ (AVAST Software) C:\Users\*****\Downloads\avast_free_antivirus_setup.exe
2013-12-30 17:01 - 2013-10-04 07:04 - 00000000 ____D C:\Program Files\CCleaner
2013-12-15 13:48 - 2009-07-14 03:37 - 00000000 ____D C:\windows\rescache
2013-12-15 10:51 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\de-DE
2013-12-12 10:52 - 2009-07-14 03:04 - 00000562 _____ C:\windows\win.ini
2013-12-12 10:49 - 2013-07-18 10:10 - 00000000 ____D C:\windows\system32\MRT
2013-12-12 10:44 - 2009-12-01 18:28 - 88123800 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-11 09:46 - 2012-06-27 07:00 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-12-11 09:46 - 2012-06-27 07:00 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\install_reader11_de_gtbd_chrd_dn_aaa_aih.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-30 08:53
==================== End Of Log ============================
addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-01-2014 01
Ran by ***** at 2014-01-03 15:06:03
Running from D:\AV
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (Version: 12.0.7.148 - Adobe Systems, Inc.)
Amazon MP3-Downloader 1.0.9 (Version: - )
ATI Catalyst Install Manager (Version: 3.0.732.0 - ATI Technologies, Inc.)
avast! Free Antivirus (Version: 9.0.2011 - Avast Software)
Bing-Desktop (Version: 1.3.167.0 - Microsoft Corporation)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.32 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.32 - Research in Motion Ltd.) Hidden
BlackBerry Device Software Updater (Version: 7.0.0.31 - Research In Motion Ltd)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.30.21.0 - Broadcom Corporation)
Browser-Plug-In für BlackBerry App World (Version: 4.0.1.6 - Research In Motion Limited)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4500 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0804.1118.18368 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0804.1118.18368 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0804.1118.18368 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0804.1118.18368 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0804.1118.18368 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0804.1118.18368 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Czech (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Danish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Dutch (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help English (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Finnish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help French (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help German (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Greek (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Italian (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Japanese (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Korean (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Polish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Russian (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Spanish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Swedish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Thai (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Turkish (Version: 2009.0804.1117.18368 - ATI) Hidden
ccc-core-static (Version: 2009.0804.1118.18368 - ATI) Hidden
ccc-utility (Version: 2009.0804.1118.18368 - ATI) Hidden
CCleaner (Version: 4.09 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
COMODO Time Machine (Version: 2.8.155286.178 - COMODO)
Configo (Version: 2.1.5.0 - Philips)
CPQ Wallpaper (Version: 1.0.1.1 - Hewlett-Packard)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
dm-Fotowelt (Version: - )
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
ElsterFormular (Version: 14.0.0.10899 - Landesfinanzdirektion Thüringen)
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Common Access Service Library (Version: 3.0.28.1 - Hewlett-Packard)
HP Customer Experience Enhancements (Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP ESU for Microsoft Windows 7 (Version: 1.0.1.1 - Hewlett-Packard)
HP Integrated Module with Bluetooth wireless technology (Version: 6.2.0.9602 - Broadcom Corporation)
HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4 (Version: 13.0 - HP)
HP Product Detection (Version: 11.14.0001 - HP)
HP Quick Launch Buttons (Version: 6.50.4.2 - Hewlett-Packard)
HP Setup (Version: 1.2.3215.3078 - Hewlett-Packard)
HP Software Setup (Version: 1.0.0.15 - Hewlett-Packard)
HP Support Assistant (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Update (Version: 5.005.000.001 - Hewlett-Packard)
HP User Guides 0133 (Version: 1.02.0001 - Hewlett-Packard)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (Version: 1.0.25.0 - Roxio)
HP Webcam Driver (Version: 5.8.50008.0 - Sonix)
HP Wireless Assistant (Version: 3.50.9.1 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
ICQ7.4 (Version: 7.4 - ICQ)
iDRS(tm) OCR Software by I.R.I.S (Version: 1.00.13.00 - Samsung Electronics Co., Ltd.)
IDT Audio (Version: 1.0.6222.0 - IDT)
InsOManager Version 2010 Einzelplatz Demoversion für Office 200 (Version: 2010 Einzelplatz Demoversion für Office 2007, 2010 - DVconnect)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
LightScribe System Software (Version: 1.18.6.1 - LightScribe)
LSI HDA Modem (Version: 2.2.100 - LSI Corporation)
Macromedia Shockwave Player (Version: - )
Marvell Miniport Driver (Version: 10.70.5.3 - Marvell)
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft AutoRoute 2006 (Version: 13.00.08.2400 - Microsoft Corporation)
Microsoft Digital Image Library 9 - Blocker (Version: 9.00.0000 - Microsoft Corporation) Hidden
Microsoft Encarta 2006 Enzyklopädie Standard (Version: 2006 - Microsoft Corporation)
Microsoft Foto 2006 Standard Edition (Version: 11.0.0422 - Microsoft Corporation)
Microsoft Foto 2006 Standard Edition Bibliothek (Version: 11.0.0422 - Microsoft Corporation) Hidden
Microsoft Foto 2006 Standard Edition Editor (Version: 11.0.0422 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2002 (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Works (Version: 08.05.0822 - Microsoft Corporation)
Microsoft Works Suite-Add-Ins für Microsoft Word (Version: 8.0.0.0000 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation)
NAVIGON Fresh 3.4.1 (Version: 3.4.1 - NAVIGON)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
NWB SteuerXpert (Version: 9.1.0 - Verlag Neue Wirtschafts-Briefe GmbH & Co. KG )
OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP)
OpenOffice 4.0.0 (Version: 4.00.9702 - Apache Software Foundation)
PDF Complete Special Edition (Version: 3.5.108 - PDF Complete, Inc)
Photo Notifier and Animation Creator (Version: 1.0.0.1009 - Ihr Firmenname) Hidden
Photo Notifier and Animation Creator (Version: 1.0.0.1009 - IncrediMail Ltd.)
PS_AIO_04_C4500_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Business (Version: 10.3 - Roxio)
Roxio Creator Business v10 (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.8.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio MyDVD (Version: 10.3.349 - Roxio) Hidden
Samsung Easy Printer Manager (Version: 1.02.06.10 - Samsung Electronics Co., Ltd.)
Samsung ML-1610 Series (Version: - )
Samsung ML-1610 Series SmartPanel (Version: - )
Samsung Network PC Fax (Version: 1.05.29.00 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (Version: 1.04.45.00 - Samsung Electronics Co., Ltd.)
Samsung SCX-472x Series (Version: 1.15 (28.05.2012) - Samsung Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Setup-Start von Microsoft Works Suite 2006 (Version: - )
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
SmarThru Office (Version: 2.08.018 - Samsung Electronics Co., Ltd.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Stellarium 0.9.0 (Version: - )
StreamTransport version: 1.0.2.2171 (Version: - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 13.2.6.2 - Synaptics Incorporated)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (Version: 7.55a - Ghisler Software GmbH)
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows 7 Default Setting (Version: 1.0.0.6 - Hewlett-Packard)
Windows Live Anmelde-Assistent (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (Version: 14.0.8014.1029 - Microsoft Corporation)
Works Update (Version: 8.0.0.0000 - Microsoft Corporation) Hidden
==================== Restore Points =========================
10-12-2013 10:44:27 Windows Update
12-12-2013 09:40:38 Windows Update
16-12-2013 10:23:18 Windows Update
26-12-2013 18:22:01 Windows Update
30-12-2013 18:37:17 Windows Update
01-01-2014 11:39:08 Installed HP Update.
01-01-2014 11:41:35 Installed HP Product Detection
01-01-2014 11:46:51 AA11
01-01-2014 11:51:25 Installed Microsoft Office PowerPoint Viewer 2007 (English)
01-01-2014 14:19:50 Installed MSXML 4.0 SP3 Parser
01-01-2014 14:50:16 AA11
01-01-2014 15:45:47 Windows Update
01-01-2014 16:04:32 Windows Update
01-01-2014 16:32:59 Windows Update
01-01-2014 18:12:25 STOPzilla Restore Point.
01-01-2014 18:15:30 Windows Update
01-01-2014 22:33:14 STOPzilla Restore Point.
01-01-2014 22:35:45 Windows Update
01-01-2014 23:44:42 avast! antivirus system restore point
01-01-2014 23:55:12 Removed STOPzilla
02-01-2014 00:02:31 avast! antivirus system restore point
02-01-2014 09:41:15 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:04 - 2013-10-03 18:24 - 00000860 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {048DC40D-A99D-484C-9D7A-8240F017F868} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-03-05] (Microsoft)
Task: {4EE40DB0-3056-4618-B421-67AD1967E463} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6B35D262-C62A-45B6-8986-14AC6E40A9C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {7FDD18BA-3803-45AE-9340-9D64884D307B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-02] (AVAST Software)
Task: {CCD95444-E5A0-40E0-A6A9-6A53069A1E5A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {F7A22D00-782D-4583-9160-3B013BD6C77D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {FD95E9EB-882F-4564-98FB-6F0F16C95CF3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
==================== Loaded Modules (whitelisted) =============
2003-07-11 02:09 - 2003-07-11 02:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll
2010-12-17 18:13 - 2010-12-17 18:13 - 00049664 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2010-07-16 04:18 - 2010-07-16 04:18 - 00476160 _____ () C:\Program Files\COMODO\Time Machine\styles\comodo.theme
2014-01-02 00:46 - 2014-01-02 00:47 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:5A868D37
AlternateDataStreams: C:\Users\*****\Desktop\03 - Six Feet Under (Main Theme).mp3:Roxio EMC Stream
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/03/2014 00:45:29 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16750 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1a78
Startzeit: 01cf08793a94c700
Endzeit: 20
Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
Berichts-ID:
Error: (01/03/2014 11:08:36 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/03/2014 11:07:20 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/03/2014 11:03:27 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/03/2014 11:00:03 AM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "Z:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (01/03/2014 10:43:39 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SearchProtocolHost.exe, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0c63a
Name des fehlerhaften Moduls: MSMAPI32.DLL, Version: 11.0.8323.0, Zeitstempel: 0x4b7ea430
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012955
ID des fehlerhaften Prozesses: 0x1838
Startzeit der fehlerhaften Anwendung: 0xSearchProtocolHost.exe0
Pfad der fehlerhaften Anwendung: SearchProtocolHost.exe1
Pfad des fehlerhaften Moduls: SearchProtocolHost.exe2
Berichtskennung: SearchProtocolHost.exe3
Error: (01/03/2014 10:41:00 AM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16750 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1d60
Startzeit: 01cf0867d79d0f4b
Endzeit: 10
Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
Berichts-ID: 24dbbf85-745b-11e3-aa1c-0027133a0128
Error: (01/03/2014 10:37:44 AM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16750 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c9c
Startzeit: 01cf08675639fb51
Endzeit: 10
Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
Berichts-ID:
Error: (01/02/2014 07:08:48 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16750 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 134c
Startzeit: 01cf07e553ae269a
Endzeit: 27
Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
Berichts-ID:
Error: (01/02/2014 07:06:09 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16750 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 21c
Startzeit: 01cf07e52e54522a
Endzeit: 20
Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
Berichts-ID:
System errors:
=============
Error: (01/03/2014 03:02:07 PM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (01/03/2014 00:49:42 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.
Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 10
Prozessor-ID: 0
Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.
Error: (01/03/2014 00:49:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (01/03/2014 00:48:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/03/2014 00:48:56 PM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (01/03/2014 00:48:56 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (01/03/2014 00:48:51 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (01/03/2014 00:48:33 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (01/03/2014 00:48:33 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (01/03/2014 00:44:17 PM) (Source: atikmdag) (User: )
Description: Display is not active
Microsoft Office Sessions:
=========================
Error: (01/03/2014 00:45:29 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.167501a7801cf08793a94c70020C:\Program Files\Internet Explorer\iexplore.exe
Error: (01/03/2014 11:08:36 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\SAMSUNG\samsung scx-472x series\Setup\Setup\bin\wiainst64.exe
Error: (01/03/2014 11:07:20 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe
Error: (01/03/2014 11:03:27 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe
Error: (01/03/2014 11:00:03 AM) (Source: Windows Backup)(User: )
Description: Z:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (01/03/2014 10:43:39 AM) (Source: Application Error)(User: )
Description: SearchProtocolHost.exe7.0.7601.176104dc0c63aMSMAPI32.DLL11.0.8323.04b7ea430c000000500012955183801cf07e6348e72faC:\windows\system32\SearchProtocolHost.exeC:\Program Files\Common Files\SYSTEM\MSMAPI\1031\MSMAPI32.DLL85b64942-745b-11e3-aa1c-0027133a0128
Error: (01/03/2014 10:41:00 AM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.167501d6001cf0867d79d0f4b10C:\Program Files\Internet Explorer\iexplore.exe24dbbf85-745b-11e3-aa1c-0027133a0128
Error: (01/03/2014 10:37:44 AM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.16750c9c01cf08675639fb5110C:\Program Files\Internet Explorer\iexplore.exe
Error: (01/02/2014 07:08:48 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.16750134c01cf07e553ae269a27C:\Program Files\Internet Explorer\iexplore.exe
Error: (01/02/2014 07:06:09 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.1675021c01cf07e52e54522a20C:\Program Files\Internet Explorer\iexplore.exe
==================== Memory info ===========================
Percentage of memory in use: 80%
Total physical RAM: 1788.82 MB
Available physical RAM: 355.64 MB
Total Pagefile: 3577.65 MB
Available Pagefile: 1815.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.26 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:280.8 GB) (Free:208.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (USB DISK) (Removable) (Total:7.46 GB) (Free:5.28 GB) FAT32
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
==================== End Of Log ============================
|
|
04.01.2014, 12:11
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme |
|
04.01.2014, 17:05
| #7 |
| | Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme Dann hier die Datei: Code:
ATTFilter ComboFix 14-01-04.03 - ***** 04.01.2014 13:41:14.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1789.885 [GMT 1:00]
ausgef¸hrt von:: c:\users\*****\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Lˆschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\avaED8B.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-04 bis 2014-01-04 ))))))))))))))))))))))))))))))
.
.
2014-01-04 12:53 . 2014-01-04 12:53 -------- d-----w- c:\users\*****\AppData\Local\temp
2014-01-04 12:53 . 2014-01-04 12:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-03 22:51 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9903646-F896-4A69-89F9-EF7588057D24}\mpengine.dll
2014-01-02 09:14 . 2014-01-03 14:04 -------- d-----w- C:\FRST
2014-01-02 09:11 . 2014-01-02 09:12 -------- d-----r- C:\Save
2014-01-02 00:04 . 2014-01-02 00:04 -------- d-----w- c:\users\*****\AppData\Roaming\AVAST Software
2014-01-02 00:04 . 2014-01-02 00:04 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-02 00:04 . 2014-01-01 23:47 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-02 00:04 . 2014-01-01 23:47 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-02 00:04 . 2014-01-01 23:47 410528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-02 00:04 . 2014-01-01 23:47 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-02 00:04 . 2014-01-01 23:47 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-02 00:04 . 2014-01-01 23:47 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-01-02 00:04 . 2014-01-01 23:47 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-02 00:04 . 2014-01-02 00:04 43152 ----a-w- c:\windows\avastSS.scr
2014-01-01 23:45 . 2014-01-01 23:45 -------- d-----w- c:\program files\AVAST Software
2014-01-01 23:43 . 2014-01-01 23:43 -------- d-----w- c:\programdata\AVAST Software
2014-01-01 22:47 . 2012-09-20 04:11 94496 ----a-w- c:\windows\system32\drivers\sbhips.sys
2014-01-01 22:46 . 2012-09-12 19:19 95488 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2014-01-01 22:46 . 2012-09-20 04:11 226080 ----a-w- c:\windows\system32\drivers\SbFw.sys
2014-01-01 22:46 . 2014-01-01 22:46 -------- d-----w- c:\windows\system32\drivers\VDD
2014-01-01 22:43 . 2014-01-01 23:01 -------- d-----w- c:\programdata\ParetoLogic
2014-01-01 18:02 . 2014-01-01 18:02 -------- d-----w- c:\users\Administrator
2014-01-01 15:10 . 2014-01-01 15:10 -------- d-----w- c:\program files\Common Files\Adobe
2014-01-01 12:20 . 2014-01-01 12:20 104664 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-01 11:51 . 2014-01-01 11:51 -------- d-----w- c:\program files\MSECache
2014-01-01 11:44 . 2014-01-01 11:44 -------- d-----w- c:\program files\Common Files\Skype
2014-01-01 11:44 . 2014-01-01 11:44 -------- d-----r- c:\program files\Skype
2014-01-01 11:39 . 2014-01-01 16:32 -------- d-----w- c:\users\*****\AppData\Roaming\HpUpdate
2014-01-01 11:28 . 2014-01-01 11:29 -------- d-----w- c:\program files\OpenOffice 4
2014-01-01 11:07 . 2014-01-01 11:07 -------- d-----w- c:\users\Default\AppData\Local\Adobe
2014-01-01 10:56 . 2014-01-01 10:56 -------- d-----w- c:\windows\system32\Adobe
2014-01-01 10:55 . 2014-01-01 10:55 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-01 10:55 . 2014-01-01 10:55 -------- d-----w- c:\program files\Java
2013-12-31 22:04 . 2013-12-31 22:04 -------- d-----w- c:\programdata\Lavasoft
2013-12-31 21:49 . 2014-01-01 16:26 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-12-31 21:30 . 2013-12-31 21:30 -------- d-----w- c:\windows\ERUNT
2013-12-31 21:29 . 2014-01-01 15:35 -------- d-----w- C:\AdwCleaner
2013-12-31 18:04 . 2013-12-31 18:04 -------- d-----w- C:\found.000
2013-12-31 13:00 . 2013-12-31 13:00 -------- d-----w- c:\users\*****\AppData\Roaming\Malwarebytes
2013-12-31 12:59 . 2013-12-31 12:59 -------- d-----w- c:\programdata\Malwarebytes
2013-12-31 12:59 . 2014-01-01 14:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-31 12:44 . 2013-12-31 12:58 -------- d-----w- c:\programdata\HitmanPro
2013-12-31 12:43 . 2013-12-31 12:43 -------- d-----w- c:\users\*****\AppData\Local\Secunia PSI
2013-12-31 12:43 . 2013-12-31 12:43 -------- d-----w- c:\program files\Secunia
2013-12-30 18:42 . 2013-12-30 18:42 -------- d-----w- c:\windows\Migration
2013-12-30 18:11 . 2013-12-31 12:38 -------- d-----w- c:\windows\system32\MpEngineStore
2013-12-12 09:43 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-12 09:43 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 08:09 . 2013-10-30 02:19 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-12-12 08:09 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-12 08:09 . 2013-10-12 02:04 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 08:09 . 2013-10-12 02:03 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 08:09 . 2013-10-12 01:15 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-12 08:09 . 2013-10-12 01:15 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-12 08:09 . 2013-11-23 18:26 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-12 08:09 . 2013-10-04 01:17 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 08:09 . 2013-10-04 01:49 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-12 08:09 . 2013-10-30 01:27 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 08:09 . 2013-11-12 02:07 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 08:46 . 2012-06-27 06:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 08:46 . 2012-06-27 06:00 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-26 11:25 . 2009-12-01 17:21 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-12 02:03 . 2013-11-14 06:15 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01 . 2013-11-14 06:15 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01 . 2013-11-14 06:15 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-01 23:46 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-13 458844]
"Samsung PanelMgr"="c:\windows\samsung\panelmgr\SSMMgr.exe" [2012-05-04 699472]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 332288]
"STO Backup Service"="c:\program files\SmarThru Office\BackUpSvr.exe" [2012-01-13 199760]
"COMODO_TimeMachine"="c:\program files\COMODO\Time Machine\CTMTRAY.exe" [2010-07-20 4910904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-01 3764024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-09-05 14:03 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-10-28 11:18 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2009-06-18 16:07 563736 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R2 StartServer;StartServer;c:\program files\AdvoluxJava\StartServer.exe [2011-04-08 154112]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-01-02 64168]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2012-09-12 95488]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-09-20 94496]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2012-09-20 75552]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R4 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-06-05 173192]
R4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-10-03 13560]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-01-01 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-01-01 410528]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-09-20 226080]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-01-01 67824]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [2012-03-23 176640]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-14 5120]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2012-09-12 95488]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 08:46]
.
.
------- Zus‰tzlicher Suchlauf -------
.
uStart Page = hxxp://www.spiegel.de/
IE: Bild an &Bluetooth-Ger‰t senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Ger‰t senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\f5funbj5.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseintr‰ge - - - -
.
URLSearchHooks-{90eee664-34b1-422a-a782-779af65cdf6d} - (no file)
WebBrowser-{90EEE664-34B1-422A-A782-779AF65CDF6D} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-Ad-Aware Browsing Protection - c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601
.
CreateFile("\\.\PHYSICALDRIVE0"): Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
copy of MBR has been found in sector 22 !
copy of MBR has been found in sector 23 !
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-04 13:56:01
ComboFix-quarantined-files.txt 2014-01-04 12:56
.
Vor Suchlauf: 15 Verzeichnis(se), 225.156.247.552 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 225.055.961.088 Bytes frei
.
- - End Of File - - A4B87F54C93C8EE694DF36E04DB3F670
3C39E28DFC87C0C77116C91AC4B874B7
|
|
05.01.2014, 01:55
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.01.2014, 10:38
| #9 |
| | Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme Hallo, habe das ganze nach der Anleitung durchgeführt (Denke ich jedenfalls). Es wurden auch Bedrohungen gefunden, allerdings wurde auch ohne Neustart "Behoben" angezeigt. Habe den Rechner trotzdem neu gestartet, beim zweiten Lauf wurden aber wieder die selben Files angemerkt. Hier die Logs dazu: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
Database version: v2014.01.04.08
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
***** :: COMPAQ [limited]
05.01.2014 09:44:09
mbar-log-2014-01-05 (09-44-09).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 253860
Time elapsed: 21 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 7
C:\WINDOWS\SYSTEM32\drivers\afd.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\cng.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\drmk.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\hidclass.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\hidparse.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\dxgkrnl.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\ksecdd.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
Database version: v2014.01.04.08
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
***** :: COMPAQ [limited]
05.01.2014 08:57:20
mbar-log-2014-01-05 (08-57-20).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 254720
Time elapsed: 24 minute(s), 47 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 7
C:\WINDOWS\SYSTEM32\drivers\afd.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\cng.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\drmk.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\hidclass.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\hidparse.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\dxgkrnl.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\ksecdd.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
05.01.2014, 19:52
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundestrojaner eingefangen - Widersprüchliche Aussagen der AntivirenprogrammeZitat:
Wiederholen bitte. MBAR starten per Rechtsklick => als Admin ausführen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.01.2014, 23:04
| #11 |
| | Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme Hallo, nein. Wurde mit Rechtsklick als Adminstrator ausgeführt und die Windows Abfrage ob man das wirklich wolle habe ich auch mit Ja beantwortet. |
|
05.01.2014, 23:07
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme Bitte nochmal explizit mit Adminrechten starten über Rechtsklick => als Admin ausführen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.01.2014, 23:21
| #13 |
| | Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme Wie geschrieben habe ich genau das gemacht.  |
|
05.01.2014, 23:22
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme Bitte mach es nochmal. Und den Scan wiederholen. Vorher MBAR updaten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.01.2014, 23:08
| #15 |
| | Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme Hallo, so nun nochmal gemacht. Allerdings mit dem selben Ergebnis. Scan im Windows Normalmodus, gestartet mit rechter Maus und Admin: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
Database version: v2014.01.05.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
***** :: COMPAQ [limited]
05.01.2014 23:24:34
mbar-log-2014-01-05 (23-24-34).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 253874
Time elapsed: 22 minute(s), 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 7
C:\WINDOWS\SYSTEM32\drivers\afd.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\cng.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\drmk.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\hidclass.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\hidparse.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\dxgkrnl.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\ksecdd.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
Database version: v2014.01.05.04
Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.16476
***** :: COMPAQ [administrator]
05.01.2014 23:59:38
mbar-log-2014-01-05 (23-59-38).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 46123
Time elapsed: 3 minute(s), 46 second(s) [aborted]
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 7
C:\WINDOWS\SYSTEM32\drivers\afd.sys (Unknown.Rootkit.Driver) -> No action taken.
C:\WINDOWS\SYSTEM32\drivers\cng.sys (Unknown.Rootkit.Driver) -> No action taken.
C:\WINDOWS\SYSTEM32\drivers\drmk.sys (Unknown.Rootkit.Driver) -> No action taken.
C:\WINDOWS\SYSTEM32\drivers\hidclass.sys (Unknown.Rootkit.Driver) -> No action taken.
C:\WINDOWS\SYSTEM32\drivers\hidparse.sys (Unknown.Rootkit.Driver) -> No action taken.
C:\WINDOWS\SYSTEM32\drivers\dxgkrnl.sys (Unknown.Rootkit.Driver) -> No action taken.
C:\WINDOWS\SYSTEM32\drivers\ksecdd.sys (Unknown.Rootkit.Driver) -> No action taken.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
Database version: v2014.01.06.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
***** :: COMPAQ [limited]
06.01.2014 05:19:30
mbar-log-2014-01-06 (05-19-30).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 253923
Time elapsed: 24 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 7
C:\WINDOWS\SYSTEM32\drivers\afd.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\cng.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\drmk.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\hidclass.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\hidparse.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\dxgkrnl.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\WINDOWS\SYSTEM32\drivers\ksecdd.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Zu keiner Zeit habe ich eine Meldung bekommen den Rechner neu zu starten. Trotzdem habe ich das nach jedem Scan gemacht. Neues Sympthom seit heute: google lässt sich nicht mehr im Browser aufrufen. |
|
| Themen zu Bundestrojaner eingefangen - Widersprüchliche Aussagen der Antivirenprogramme |
| abgesicherten, acrobat, aktuelle, anti, antivirenprogramm, avast, avira, befall, bildschirm, bundestrojaner, dateien, einfach, funktioniert, gen, java, malware, problem, programm, programme, rechner, scan, starten, trojaner, verbindung, windows |
Linear-Darstellung
