|
Log-Analyse und Auswertung: Windows 7 (2x): Bekanntter hat Viren nach Nutzung seiner externen HDD an meinen Rechnern - bin ich infiziert?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.01.2014, 21:47 | #1 |
| Windows 7 (2x): Bekanntter hat Viren nach Nutzung seiner externen HDD an meinen Rechnern - bin ich infiziert? Hallo liebes Forum, ein sehr Computer-affiner Bekannter hat nach dem Tausch von Daten bei mir auf seiner externen HDD folgenden Viren entdeckt, gescannt mit CamAV unter Linux: - Win.Trojan.Agent (516645?) - Win.Trojan.Rammit - Win.Trojan.Delf (12000?) Eventuell waren auch noch mehr Treffer - da bin ich mir nicht sicher. Ich habe zu Hause 2 Windows 7 x64 Rechner (Laptop und PC) und nach Eurer Anleitung beide Computer gescannt. Selbst habe ich jeweils AVG Free installiert, die haben aber nie ein Problem gemeldet, was mich stutzig macht. Die Logs Eurer Tools habe ich in 2 Zipfiles angehängt, da sie ansonsten zu groß sind. Wichtig: Da ich AVG nicht deaktivieren konnte, habe ich GMER im abgesichteren Modus (allerdings ohne Netzwerktreiber) durchgeführt. Es kam die Meldung, dass keine Modifikationen gefunden werden konnten und das Log war leer. Hab ich was falsch gemacht? So, ich hoffe, dass ich alles richtig gemacht habe und ihr was mit den Logs anfangen könnt. Tausend Dank schonmal, Willibald! Geändert von Willibald07 (10.01.2014 um 21:53 Uhr) |
10.01.2014, 23:15 | #2 |
/// the machine /// TB-Ausbilder | Windows 7 (2x): Bekanntter hat Viren nach Nutzung seiner externen HDD an meinen Rechnern - bin ich infiziert? Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
11.01.2014, 10:18 | #3 |
| Windows 7 (2x): Bekanntter hat Viren nach Nutzung seiner externen HDD an meinen Rechnern - bin ich infiziert? Hi,
__________________das "in mehrere Posts aufteilen" habe ich wohl überlesen. Ich habe auf "erstellen" geklickt und bekam die Meldung, dass ich Anhänge machen sollte. Nunja, hier nochmal in einzelnen Posts. LAPTOP DEFOGGER Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:54 on 10/01/2014 (MyUser) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- LAPTOP FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2014 Ran by MyUser (administrator) on X230 on 10-01-2014 20:56:27 Running from D:\Users\MyUser\Desktop\virus Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe ( ) C:\Windows\System32\lxducoms.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumsdmon.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [PSQLLauncher] - C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [85864 2012-09-21] (Authentec Inc.) HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1612504 2013-11-11] (COMODO) HKLM\...\Run: [lxdumon.exe] - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-02-04] () HKLM\...\Run: [lxduamon] - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [16040 2010-02-04] () HKLM\...\Run: [ApplyEsf-eDocPrintPro] - C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe [443392 2013-04-27] (May Software) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor) HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation) HKLM-x32\...\Run: [PWMTRV] - C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [6000936 2013-01-09] (Lenovo Group Limited) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Lexmark 5600-6600 Series] - C:\Program Files (x86)\Lexmark 5600-6600 Series\fm3032.exe [311976 2010-02-04] () HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-08-30] (Cisco Systems, Inc.) HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x665A34908F1ECE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () Tcpip\Parameters: [DhcpNameServer] 62.109.121.1 62.109.121.2 FireFox: ======== FF ProfilePath: d:\Users\MyUser\AppData\Roaming\Mozilla\Firefox\Profiles\uj2b6my5.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-01-09] (Lenovo.) S2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.) R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( ) R2 lxdu_device; C:\Windows\SysWow64\lxducoms.exe [589824 2009-10-16] ( ) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [709144 2013-11-14] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48872 2013-09-24] (COMODO) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-09-24] (COMODO) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-17] (Synaptics Incorporated) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-08-30] (Cisco Systems, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-10 20:54 - 2014-01-10 20:54 - 00000000 ____D C:\FRST 2014-01-10 20:54 - 2014-01-10 20:54 - 00000000 _____ d:\Users\MyUser\defogger_reenable 2014-01-10 20:53 - 2014-01-10 20:56 - 00000000 ____D d:\Users\MyUser\Desktop\virus 2014-01-01 00:19 - 2014-01-01 00:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-31 21:13 - 2014-01-09 15:02 - 00000000 ____D d:\Users\MyUser\AppData\Roaming\dvdcss 2013-12-14 15:42 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-14 15:42 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-14 15:42 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-14 15:42 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-14 15:41 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-14 15:41 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-14 15:41 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-14 15:41 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-14 15:41 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-14 15:41 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-14 15:41 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-14 15:41 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-14 15:41 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-14 15:41 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-14 15:41 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-14 15:41 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-14 15:41 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-14 15:41 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-14 15:41 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-14 15:41 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-14 15:41 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-14 15:41 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-14 15:41 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-14 15:40 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-14 15:40 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-14 15:40 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-14 15:40 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-14 15:40 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-14 15:40 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-14 15:40 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-14 15:40 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-14 15:40 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-14 15:40 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-14 15:40 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-14 15:40 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-12 10:08 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-12 10:08 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-12 10:08 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-12 10:08 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-12 10:08 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-12 10:08 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-12 10:08 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-12 10:08 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-12 10:08 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-12 10:08 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-12 10:08 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-12 10:08 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-12 10:08 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-12 10:08 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-12 10:08 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-12 10:08 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-12 10:08 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-12 10:08 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-12 10:08 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys ==================== One Month Modified Files and Folders ======= 2014-01-10 20:56 - 2014-01-10 20:53 - 00000000 ____D d:\Users\MyUser\Desktop\virus 2014-01-10 20:54 - 2014-01-10 20:54 - 00000000 ____D C:\FRST 2014-01-10 20:54 - 2014-01-10 20:54 - 00000000 _____ d:\Users\MyUser\defogger_reenable 2014-01-10 20:54 - 2013-03-10 21:53 - 00000000 ____D d:\Users\MyUser 2014-01-10 20:50 - 2013-06-09 08:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-10 20:02 - 2013-03-10 21:44 - 01822860 _____ C:\Windows\WindowsUpdate.log 2014-01-10 17:21 - 2013-03-11 21:09 - 00000000 ____D C:\ProgramData\MFAData 2014-01-10 13:53 - 2009-07-14 05:51 - 00063046 _____ C:\Windows\setupact.log 2014-01-09 15:14 - 2013-10-12 16:08 - 00000000 ____D d:\Users\MyUser\AppData\Roaming\vlc 2014-01-09 15:02 - 2013-12-31 21:13 - 00000000 ____D d:\Users\MyUser\AppData\Roaming\dvdcss 2014-01-09 09:30 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-09 09:30 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-09 09:27 - 2009-07-14 06:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-09 09:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-04 19:45 - 2013-03-11 20:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2014-01-01 00:19 - 2014-01-01 00:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-14 19:18 - 2013-07-31 21:07 - 00000000 ____D C:\Windows\system32\MRT 2013-12-14 19:17 - 2013-03-10 22:35 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-14 17:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-12-14 15:58 - 2009-07-14 05:45 - 00339464 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-14 15:41 - 2013-03-11 21:45 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-11 14:50 - 2013-06-09 08:52 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-11 14:50 - 2013-03-10 22:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-11 14:50 - 2013-03-10 22:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== d:\Users\MyUser\AppData\Local\Temp\setup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-09 12:17 ==================== End Of Log ============================ ------------------------------------------------------------------- LAPTOP ADDITION Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2014 Ran by MyUser at 2014-01-10 20:57:16 Running from D:\Users\MyUser\Desktop\virus Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275} FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov) Adobe Digital Editions 2.0 (x32 Version: 2.0.1 - Adobe Systems Incorporated) Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 4.4 64-bit (Version: 4.4.1 - Adobe) Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated) AVG 2014 (Version: 14.0.3658 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden AVG 2014 (Version: 2014.0.4259 - AVG Technologies) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04066 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04066 - Cisco Systems, Inc.) Hidden COMODO Internet Security (Version: 6.0.2566.2708 - COMODO Security Solutions Inc.) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft) Dolby Advanced Audio v2 (x32 Version: 7.2.8000.17 - Dolby Laboratories Inc) eDocPrintPro (Version: 3.18.4 - MAY Computer) Energie-Manager (x32 Version: 6.40 - ) gs_x64 (Version: 9.06 - MAY-Computer) Integrated Camera Driver Installer Package Ver.1.2.1.18 (x32 Version: 1.2.1.18 - RICOH) Intel PROSet Wireless (Version: - ) Hidden Intel(R) Network Connections Drivers (Version: 16.8 - Intel) Intel(R) Processor Graphics (x32 Version: 9.17.10.2843 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.225 - Intel Corporation) Intel® PROSet/Wireless WiFi-Software (Version: 15.02.0000.1258 - Intel Corporation) Lenovo Patch Utility (x32 Version: 1.3.0.9 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (Version: 1.3.0.9 - Lenovo Group Limited) Lenovo Power Management Driver (Version: 1.67.03.13 - ) Lexmark (x32 Version: 1.0.0.0 - ) Lexmark 5600-6600 Series (Version: - Lexmark International, Inc.) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Standard 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Standard 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6914 - Realtek Semiconductor Corp.) RICOH_Media_Driver_v2.14.18.01 (x32 Version: 2.14.18.01 - RICOH) SAS Enterprise Guide 4.3 OnDemand for Academics (x32 Version: 4.3.0.0 - SAS Institute Inc.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.5.1.2700 - Broadcom Corporation) ThinkPad UltraNav Driver (Version: 16.2.19.7 - ) ThinkVantage Fingerprint Software (Version: 5.9.8.7264 - Authentec Inc.) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.1.0 (x32 Version: 2.1.0 - VideoLAN) ==================== Restore Points ========================= 25-10-2013 10:41:33 Scheduled Checkpoint 02-11-2013 13:39:10 Scheduled Checkpoint 10-11-2013 12:59:46 Scheduled Checkpoint 14-11-2013 08:25:42 Windows Update 21-11-2013 12:22:51 Scheduled Checkpoint 27-11-2013 09:10:51 Windows Update 04-12-2013 12:51:27 Scheduled Checkpoint 12-12-2013 12:43:47 Scheduled Checkpoint 14-12-2013 14:40:15 Windows Update 14-12-2013 18:17:21 Windows Update 31-12-2013 23:17:57 Scheduled Checkpoint 08-01-2014 16:17:09 Scheduled Checkpoint ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0E6CF8C1-CD5F-4ABA-909B-3B93ABD7F56F} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2013-11-20] (COMODO) Task: {7595FA46-2565-4FE8-A2F8-3DFFDD5C908B} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe Task: {9252B879-4741-46E5-9C96-EFF0C1FD1196} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated) Task: {9F964E42-F320-4B34-847D-88C590E2D53A} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO) Task: {A9D46B18-C618-4FB0-B627-2E6B6C9E914D} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [2010-02-04] () Task: {CCEC5D8B-7ED7-4262-8672-D0306CCFD782} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2013-01-09] (Lenovo Group Limited) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-04-02 12:47 - 2009-05-14 05:24 - 00045568 _____ () C:\Windows\System32\LXDUPMON.DLL 2013-04-02 12:47 - 2010-02-04 03:20 - 00086016 _____ () C:\Windows\System32\LXDUOEM.DLL 2013-04-02 12:47 - 2010-02-04 03:18 - 00081408 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\ipcmt64.dll 2013-03-11 21:29 - 2009-10-16 16:07 - 00186880 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdudrpp.dll 2013-03-10 22:10 - 2013-01-09 06:40 - 00094208 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL 2013-03-10 22:00 - 2012-08-24 18:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-08-30 23:11 - 2013-08-30 23:11 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2013-04-02 12:47 - 2010-02-04 03:28 - 00380928 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll 2013-04-02 12:47 - 2009-10-16 09:53 - 00188416 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll 2013-04-02 12:47 - 2010-02-04 03:28 - 01036288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduDRS.dll 2013-04-02 12:47 - 2010-02-04 03:28 - 00081920 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll 2013-04-02 12:47 - 2010-02-04 03:17 - 00069632 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll 2013-04-02 12:47 - 2010-01-21 04:09 - 00028672 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\App4R.Monitor.Common.dll 2013-04-02 12:47 - 2010-01-21 04:09 - 00036864 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\App4R.Monitor.Core.dll 2013-04-02 12:47 - 2010-01-21 04:08 - 00065536 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll 2013-04-02 12:47 - 2008-03-25 02:53 - 00012288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/09/2014 03:04:05 PM) (Source: Application Error) (User: ) Description: Faulting application name: vlc.exe, version: 2.1.0.0, time stamp: 0x523f7ac4 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000374 Fault offset: 0x000ce753 Faulting process id: 0x91c Faulting application start time: 0xvlc.exe0 Faulting application path: vlc.exe1 Faulting module path: vlc.exe2 Report Id: vlc.exe3 Error: (11/25/2013 00:34:03 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (11/25/2013 00:34:03 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (11/25/2013 00:24:21 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (11/25/2013 00:24:21 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (11/10/2013 04:00:01 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (11/10/2013 04:00:01 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (11/10/2013 03:56:49 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (11/10/2013 03:56:49 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (11/10/2013 03:56:01 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (01/09/2014 09:23:41 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (01/09/2014 09:23:39 AM) (Source: Service Control Manager) (User: ) Description: The lxduCATSCustConnectService service failed to start due to the following error: %%1053 Error: (01/09/2014 09:23:39 AM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect. Error: (01/09/2014 09:23:22 AM) (Source: volmgr) (User: ) Description: Crash dump initialization failed! Error: (01/07/2014 10:33:42 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (01/07/2014 10:33:40 AM) (Source: Service Control Manager) (User: ) Description: The lxduCATSCustConnectService service failed to start due to the following error: %%1053 Error: (01/07/2014 10:33:40 AM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect. Error: (01/07/2014 10:33:21 AM) (Source: volmgr) (User: ) Description: Crash dump initialization failed! Error: (01/06/2014 05:02:16 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (01/06/2014 05:02:14 PM) (Source: Service Control Manager) (User: ) Description: The lxduCATSCustConnectService service failed to start due to the following error: %%1053 Microsoft Office Sessions: ========================= Error: (01/09/2014 03:04:05 PM) (Source: Application Error)(User: ) Description: vlc.exe2.1.0.0523f7ac4ntdll.dll6.1.7601.18247521ea8e7c0000374000ce75391c01cf0d43a0a45274C:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Windows\SysWOW64\ntdll.dlle61b197b-7936-11e3-b4f6-7ce9d3e4dfae Error: (11/25/2013 00:34:03 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Lexmark 5600-6600 Series\Job Status\MFC80U.DLL Error: (11/25/2013 00:34:03 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Lexmark 5600-6600 Series\Job Status\MFC80U.DLL Error: (11/25/2013 00:24:21 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Lexmark 5600-6600 Series\Job Status\MFC80U.DLL Error: (11/25/2013 00:24:21 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Lexmark 5600-6600 Series\Job Status\MFC80U.DLL Error: (11/10/2013 04:00:01 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Lexmark 5600-6600 Series\Job Status\MFC80U.DLL Error: (11/10/2013 04:00:01 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Lexmark 5600-6600 Series\Job Status\MFC80U.DLL Error: (11/10/2013 03:56:49 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Lexmark 5600-6600 Series\Job Status\MFC80U.DLL Error: (11/10/2013 03:56:49 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Lexmark 5600-6600 Series\Job Status\MFC80U.DLL Error: (11/10/2013 03:56:01 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Lexmark 5600-6600 Series\Job Status\MFC80U.DLL ==================== Memory info =========================== Percentage of memory in use: 22% Total physical RAM: 11983.79 MB Available physical RAM: 9250.42 MB Total Pagefile: 11981.97 MB Available Pagefile: 9868.92 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:119.24 GB) (Free:80 GB) NTFS Drive d: (Data) (Fixed) (Total:465.66 GB) (Free:420.39 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: FED25F5A) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: FED25F42) Partition 1: (Not Active) - (Size=119 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
11.01.2014, 10:25 | #4 |
| Windows 7 (2x): Bekanntter hat Viren nach Nutzung seiner externen HDD an meinen Rechnern - bin ich infiziert? LAPTOP GMER Tja, das ist leider immer noch zu groß (~60k Zeichen). Deshalb leider als Anhang. |
11.01.2014, 20:32 | #5 |
| Windows 7 (2x): Bekanntter hat Viren nach Nutzung seiner externen HDD an meinen Rechnern - bin ich infiziert? So, und hier kommen nochmal die Log Files für den PC. Wie Gesagt, hat GMER ein leeres Logfile produziert und die Meldung "No Modifications could be found" gebracht. => Allerdings musste ich dies im abgesicherten Modus durchführen. PC DEFOGGER Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:45 on 10/01/2014 (MyUser) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- PC FRST FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2014 Ran by MyUser (administrator) on MEDIAKISTE on 10-01-2014 20:47:40 Running from E:\UserData\MyUser\Desktop\virus Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgchsva.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe (COMODO) C:\Program Files\COMODO\COMODO\COMODO Internet Security\cmdagent.exe (AMD) C:\Windows\System32\atiesrxx.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\Program Files (x86)\Steuersparerklaerung 2012\AAVUpdateManager\aavus.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe (COMODO) C:\Program Files\COMODO\COMODO\COMODO Internet Security\cfp.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Elgato Systems) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumsdmon.exe (Akamai Technologies, Inc.) C:\Users\MyUser\AppData\Local\Akamai\netsession_win.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgtray.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Akamai Technologies, Inc.) C:\Users\MyUser\AppData\Local\Akamai\netsession_win.exe (Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe ( ) C:\Windows\System32\lxducoms.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [lxduamon] - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [16040 2009-09-04] () HKLM\...\Run: [lxdumon.exe] - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2009-09-04] () HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-08] (COMODO) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-04-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AVG9_TRAY] - C:\Program Files (x86)\AVG\AVG9\avgtray.exe [2077536 2012-01-27] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162408 2012-07-12] (Geek Software GmbH) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-08-30] (Cisco Systems, Inc.) HKCU\...\Run: [Remote Control Editor] - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1844296 2011-11-09] (Elgato Systems) HKCU\...\Run: [Thunderbird] - "C:\Program Files (x86)\Mozilla Thunderbird\thunderbird" -turbo HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\MyUser\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) AppInit_DLLs: C:\Windows\System32\guard64.dll [390392 2012-11-08] (COMODO) AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll [301264 2012-11-08] (COMODO) Startup: C:\Users\MyUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ==================== Internet (Whitelisted) ==================== ProxyServer: socks=gate.ec.auckland.ac.nz:1080 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x783D7E18F3F8C901 SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKCU - DefaultScope {39D1E3AC-94FB-4B3A-9C59-D3F51C773AD2} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {39D1E3AC-94FB-4B3A-9C59-D3F51C773AD2} URL = hxxp://www.google.de/search?q={searchTerms} BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - \bin\jp2ssv.dll No File BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ura-emea.siemens.com/dana-cached/sc/JuniperSetupClient.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: 131.188.12.8 vpn.rrze.uni-erlangen.de Tcpip\Parameters: [DhcpNameServer] 62.109.121.1 62.109.121.2 FireFox: ======== FF ProfilePath: C:\Users\MyUser\AppData\Roaming\Mozilla\Firefox\Profiles\uag4khha.default-1385673285218 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.3.2427702\npmathplugin.dll (Wolfram Research, Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: FireFTP - C:\Users\MyUser\AppData\Roaming\Mozilla\Firefox\Profiles\uag4khha.default-1385673285218\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox ==================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Program Files (x86)\Steuersparerklaerung 2012\AAVUpdateManager\aavus.exe [128296 2008-10-24] () S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-13] (Adobe Systems) R2 avg9wd; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [308136 2010-07-15] (AVG Technologies CZ, s.r.o.) R2 cmdAgent; C:\Program Files\COMODO\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-08] (COMODO) S2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.) R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1044136 2009-08-19] ( ) R2 lxdu_device; C:\Windows\SysWow64\lxducoms.exe [594600 2009-08-19] ( ) ==================== Drivers (Whitelisted) ==================== R1 AvgLdx64; C:\Windows\System32\Drivers\avgldx64.sys [282976 2013-01-16] (AVG Technologies CZ, s.r.o.) R1 AvgMfx64; C:\Windows\System32\Drivers\avgmfx64.sys [35664 2011-09-12] (AVG Technologies CZ, s.r.o.) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-08] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-08] (COMODO) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2010-01-20] () R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-08] (COMODO) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 TTCinergyT2; C:\Windows\System32\DRIVERS\TTCinergyT2BDA.sys [42016 2007-07-12] (TerraTec Electronic GmbH) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-07-19] (Cisco Systems, Inc.) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-10 20:47 - 2014-01-10 20:47 - 00000000 ____D C:\FRST 2014-01-10 20:45 - 2014-01-10 20:45 - 00000000 _____ C:\Users\MyUser\defogger_reenable 2014-01-07 19:58 - 2014-01-07 19:58 - 00001351 _____ C:\Users\MyUser\AppData\Local\recently-used.xbel 2014-01-01 09:32 - 2014-01-01 09:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-15 19:45 - 2013-12-15 19:46 - 00000000 ____D C:\Program Files (x86)\inkscape 2013-12-11 19:48 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-11 19:48 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-11 19:48 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-11 19:48 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-11 19:41 - 2013-12-11 19:41 - 00772020 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-12-11 19:31 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-11 19:31 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-11 19:31 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-11 19:31 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-11 19:31 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-11 19:31 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-11 19:31 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-11 19:31 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-11 19:31 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-11 19:31 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-11 19:31 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-11 19:31 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-11 19:31 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-11 19:31 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-11 19:31 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-11 19:31 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-11 19:31 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-11 19:31 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-11 19:31 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-11 19:31 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-11 19:31 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-11 19:31 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-11 19:31 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-11 19:31 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-11 19:31 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-11 19:31 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-11 19:31 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-11 19:31 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-11 19:31 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-11 19:31 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-11 19:31 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-11 19:20 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-11 19:20 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-11 19:20 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-11 19:20 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-11 19:19 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-11 19:19 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-11 19:19 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-11 19:19 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-11 19:19 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-11 19:19 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-11 19:19 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-11 19:17 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-11 19:17 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-11 19:17 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-11 19:17 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-11 19:17 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-11 19:17 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-11 19:17 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-11 19:17 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-11 10:03 - 2013-12-11 19:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird ==================== One Month Modified Files and Folders ======= 2014-01-10 20:47 - 2014-01-10 20:47 - 00000000 ____D C:\FRST 2014-01-10 20:45 - 2014-01-10 20:45 - 00000000 _____ C:\Users\MyUser\defogger_reenable 2014-01-10 20:45 - 2010-01-19 23:01 - 00000000 ____D C:\Users\MyUser 2014-01-10 20:24 - 2012-04-12 20:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-10 20:24 - 2010-01-19 23:21 - 01423820 _____ C:\Windows\WindowsUpdate.log 2014-01-10 12:14 - 2009-07-14 06:13 - 00791698 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-10 10:41 - 2010-12-12 17:31 - 00000000 ____D C:\Windows\Minidump 2014-01-10 10:35 - 2010-03-24 10:20 - 00000000 ____D C:\Windows\system32\Drivers\Avg 2014-01-08 21:04 - 2009-04-22 10:00 - 00021952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-08 21:04 - 2009-04-22 10:00 - 00021952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-07 19:58 - 2014-01-07 19:58 - 00001351 _____ C:\Users\MyUser\AppData\Local\recently-used.xbel 2014-01-07 09:28 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-07 09:27 - 2012-04-25 13:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2014-01-01 19:05 - 2010-02-14 13:51 - 00000000 ____D C:\Users\MyUser\AppData\Roaming\vlc 2014-01-01 09:33 - 2014-01-01 09:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-15 19:46 - 2013-12-15 19:45 - 00000000 ____D C:\Program Files (x86)\inkscape 2013-12-13 22:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-12-13 19:36 - 2009-07-14 05:45 - 00410112 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-13 19:35 - 2009-06-14 09:28 - 00360208 _____ C:\Windows\PFRO.log 2013-12-11 19:41 - 2013-12-11 19:41 - 00772020 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-12-11 19:35 - 2010-01-29 09:53 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-11 19:29 - 2013-07-13 19:24 - 00000000 ____D C:\Windows\system32\MRT 2013-12-11 19:24 - 2010-01-20 18:22 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-11 19:15 - 2013-12-11 10:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-09 19:34 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- ----------------------------------------------- PC ADDITION Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2014 Ran by MyUser at 2014-01-10 20:49:02 Running from E:\UserData\MyUser\Desktop\virus Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG Anti-Virus Free (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AS: AVG Anti-Virus Free (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: COMODO Defense+ (Disabled - Up to date) {FEEA52D5-051E-08DD-07EF-2F009097607D} FW: COMODO Firewall (Enabled) {7DB03214-694B-060B-1600-BD4715C36DBB} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (x32 Version: - Microsoft) @BIOS Ver.2.04 (x32 Version: 2.04 - GIGABYTE) 7-Zip 4.65 (x64 edition) (Version: 4.65.00.0 - Igor Pavlov) AAVUpdateManager (x32 Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH) Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.0.0 - Adobe Systems) Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.0.0 - Adobe Systems) Hidden Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden Adobe Bridge 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden Adobe Common File Installer (x32 Version: 1.00.0000 - Adobe System Incorporated) Hidden Adobe Digital Editions (x32 Version: - ) Adobe Digital Editions 2.0 (x32 Version: 2.0.1 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (x32 Version: 10.0.22.87 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Help Center 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden Adobe Photoshop Lightroom 4.3 64-bit (Version: 4.3.1 - Adobe) Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated) Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated) Adobe Stock Photos 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden Akamai NetSession Interface (HKCU Version: - Akamai Technologies, Inc) AMD Catalyst Install Manager (Version: 3.0.838.0 - Advanced Micro Devices, Inc.) AMD Media Foundation Decoders (Version: 1.0.60728.1742 - Advanced Micro Devices, Inc.) Hidden Apple Application Support (x32 Version: 2.3 - Apple Inc.) Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.) AVG Free 9.0 (x32 Version: - AVG Technologies) AviSynth 2.5 (x32 Version: - ) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (x32 Version: 2009.0428.2132.36839 - ATI) Hidden Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0428.2132.36839 - ATI) Hidden Catalyst Control Center Graphics Full New (x32 Version: 2009.0428.2132.36839 - ATI) Hidden Catalyst Control Center Graphics Light (x32 Version: 2009.0428.2132.36839 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0428.2132.36839 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0428.2132.36839 - ATI) Hidden Catalyst Control Center HydraVision Full (x32 Version: 2009.0428.2132.36839 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2011.0728.1756.30366 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2009.0428.2131.36839 - ATI) Hidden ccc-core-static (x32 Version: 2009.0428.2132.36839 - ATI) Hidden ccc-utility64 (Version: 2009.0428.2132.36839 - ATI) Hidden Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04066 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04066 - Cisco Systems, Inc.) Hidden Citavi (x32 Version: 3.1.15.0 - Swiss Academic Software) COMODO Internet Security (Version: 4.1.19277.920 - COMODO Group Inc.) Dia (remove only) (x32 Version: - ) DVD Rebuilder (x32 Version: Free v0.98.2 - jdobbs softworks and rockas association) eDocPrintPro v3.13.4 (Version: 3.13.4 - MAY-Computer) FastPictureViewer Codec Pack 3.5.0.88 (x32 Version: 3.5.0.88 - Axel Rietschin Software Developments) FUJIdirekt Bestellsoftware 4.2 (x32 Version: - ) GIMP 2.8.2 (Version: 2.8.2 - The GIMP Team) Juniper Networks Host Checker (HKCU Version: 7.1.9.20893 - Juniper Networks) Juniper Networks, Inc. Setup Client (HKCU Version: 7.1.9.20595 - Juniper Networks, Inc.) Lexmark 5600-6600 Series (Version: - Lexmark International, Inc.) Lexmark Printable Web (x32 Version: 1.0.0.0 - ) Logitech Webcam Software (x32 Version: 2.0 - Logitech Inc. Inc.) LWS Twitter (x32 Version: 13.00.1216.0 - Logitech) Hidden Mathematica Extras 8.0 (2427702) (Version: 8.0.3 - Wolfram Research, Inc.) Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Camera Codec Pack (Version: 16.4.1734.1104 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla) Mozilla Thunderbird 24.2.0 (x86 en-US) (x32 Version: 24.2.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation) myphotobook.de (x32 Version: 1.4.15 - myphotobook GmbH) myphotobook.de (x32 Version: 1.4.15 - myphotobook GmbH) Hidden Notepad++ (x32 Version: 6.1.1 - ) PDF24 Creator 4.7.0 (x32 Version: - PDF24.org) Poladroid (x32 Version: 0.9.6.0 - Poladroid.net) PSPad editor (x32 Version: - Jan Fiala) QuickTime (x32 Version: 7.73.80.64 - Apple Inc.) R for Windows 2.14.1 (Version: 2.14.1 - R Development Core Team) RStudio (x32 Version: 0.94.110 - RStudio) Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.) Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0 - Adobe Systems Incorporated) Steuer-Spar-Erklärung 2013 (x32 Version: 18.09 - Wolters Kluwer Deutschland GmbH) TerraTec Home Cinema (x32 Version: 6.25.6 - ) Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft) Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 8.0.0.35 - GRISOFT, s.r.o.) Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.) VLC media player 2.0.1 (x32 Version: 2.0.1 - VideoLAN) Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30 - Microsoft Corporation) Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp) Windows Movie Maker 2.6 (x32 Version: 2.6.4038.0 - Microsoft Corporation) Wolfram CDF Player (M-WIN-D 8.0.3 2427703) (x32 Version: 8.0.3 - Wolfram Research, Inc.) XMedia Recode 2.2.7.7 (x32 Version: 2.2.7.7 - Sebastian Dörfler) ==================== Restore Points ========================= 08-01-2014 12:15:46 Scheduled Checkpoint ==================== Hosts content: ========================== 2009-07-14 03:34 - 2013-06-24 10:42 - 00000890 ____A C:\Windows\system32\Drivers\etc\hosts 131.188.12.8 vpn.rrze.uni-erlangen.de ==================== Scheduled Tasks (whitelisted) ============= Task: {1BA62541-96A7-4F7C-8310-CECFDB75CE27} - System32\Tasks\{6BB34D95-0F69-4C87-BD9E-3E041EE9DD59} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112/de/privacy Task: {42333021-6732-48F5-8927-C322D7AAB020} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated) Task: {5DF4EAF4-445B-48B0-B052-CF394FC17887} - System32\Tasks\{4EEEBC52-7B5F-4179-A5BD-BDF84EE6C4F8} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.) Task: {6DB92B7B-1DC3-4F95-808C-C0327EA4F60B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {95CF8801-F677-4ADD-873E-A0FE1EABB68D} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [2009-09-04] () Task: {B6E58200-CB12-4141-81F0-1ACA274F5ED7} - System32\Tasks\{C6274884-061E-4E21-84F4-8D7A639A9C2E} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar Task: {DADD1330-75BC-4C51-97CD-1923E41F05ED} - System32\Tasks\{7773475C-4813-49DB-8192-B0D679B2C829} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112/de/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2008-10-30 13:39 - 2008-10-30 13:39 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-01-19 23:06 - 2010-01-19 23:06 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2013-10-10 22:48 - 2013-08-30 23:11 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2009-06-14 09:16 - 2009-09-04 07:23 - 00380928 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll 2009-06-14 09:16 - 2009-08-19 16:39 - 00188416 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll 2009-06-14 09:16 - 2009-08-19 16:39 - 00073728 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducats.dll 2009-06-14 09:16 - 2009-09-04 07:23 - 01036288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduDRS.dll 2009-06-14 09:16 - 2009-09-04 07:24 - 00081920 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll 2009-06-14 09:16 - 2009-09-04 07:15 - 00069632 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll 2009-06-14 09:16 - 2009-02-12 02:38 - 00028672 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\App4R.Monitor.Common.dll 2009-06-14 09:16 - 2009-02-12 02:38 - 00036864 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\App4R.Monitor.Core.dll 2009-06-14 09:16 - 2009-02-12 02:37 - 00065536 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll 2009-06-14 09:16 - 2008-03-25 04:53 - 00012288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll 2014-01-01 09:33 - 2014-01-01 09:33 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/10/2014 11:55:27 AM) (Source: Application Error) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677 Exception code: 0xe06d7363 Fault offset: 0x000000000000940d Faulting process id: 0x89c Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (01/04/2014 09:31:00 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid. Error: (01/03/2014 09:54:54 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid. Error: (01/01/2014 09:32:14 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid. Error: (12/15/2013 07:42:29 PM) (Source: Application Error) (User: ) Description: Faulting application name: inkscape.exe, version: 0.46.0.0, time stamp: 0x4a663029 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x8fd70000 Faulting process id: 0x1014 Faulting application start time: 0xinkscape.exe0 Faulting application path: inkscape.exe1 Faulting module path: inkscape.exe2 Report Id: inkscape.exe3 Error: (12/15/2013 07:42:11 PM) (Source: Application Error) (User: ) Description: Faulting application name: inkscape.exe, version: 0.46.0.0, time stamp: 0x4a663029 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x8fd00000 Faulting process id: 0xb8c Faulting application start time: 0xinkscape.exe0 Faulting application path: inkscape.exe1 Faulting module path: inkscape.exe2 Report Id: inkscape.exe3 Error: (12/15/2013 11:24:59 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid. Error: (12/13/2013 10:12:51 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid. Error: (12/13/2013 09:01:41 AM) (Source: Application Error) (User: ) Description: Faulting application name: firefox.exe, version: 25.0.1.5064, time stamp: 0x5282f204 Faulting module name: xul.dll, version: 25.0.1.5064, time stamp: 0x5282f10e Exception code: 0xc0000005 Fault offset: 0x00118f87 Faulting process id: 0x1388 Faulting application start time: 0xfirefox.exe0 Faulting application path: firefox.exe1 Faulting module path: firefox.exe2 Report Id: firefox.exe3 Error: (12/12/2013 01:24:07 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid. System errors: ============= Error: (01/09/2014 09:39:29 PM) (Source: Server) (User: ) Description: The server could not bind to the transport \Device\NetBT_Tcpip_{A92E68C2-F425-4224-A57B-9CD4902598D7} because another computer on the network has the same name. The server could not start. Error: (01/07/2014 07:29:35 PM) (Source: Server) (User: ) Description: The server could not bind to the transport \Device\NetBT_Tcpip_{A92E68C2-F425-4224-A57B-9CD4902598D7} because another computer on the network has the same name. The server could not start. Error: (01/07/2014 09:29:06 AM) (Source: atapi) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (01/07/2014 09:28:12 AM) (Source: Service Control Manager) (User: ) Description: The lxduCATSCustConnectService service failed to start due to the following error: %%1053 Error: (01/07/2014 09:28:12 AM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect. Error: (01/07/2014 09:26:41 AM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (01/06/2014 11:38:33 AM) (Source: volsnap) (User: ) Description: The shadow copies of volume F: were aborted during detection because a critical control file could not be opened. Error: (01/04/2014 09:09:28 AM) (Source: Server) (User: ) Description: The server could not bind to the transport \Device\NetBT_Tcpip_{A92E68C2-F425-4224-A57B-9CD4902598D7} because another computer on the network has the same name. The server could not start. Error: (01/03/2014 09:20:39 PM) (Source: atapi) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (12/31/2013 06:37:19 PM) (Source: Service Control Manager) (User: ) Description: The lxduCATSCustConnectService service failed to start due to the following error: %%1053 Microsoft Office Sessions: ========================= Error: (04/29/2010 02:09:52 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17086 seconds with 960 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2013-10-01 13:11:17.088 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-02-25 10:48:40.814 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2009-07-04 10:59:22.948 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2009-07-04 08:43:51.471 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2009-07-03 16:28:49.045 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2009-07-03 06:38:27.253 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2009-07-02 21:43:16.534 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2009-07-02 20:32:02.278 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2009-07-02 20:06:20.430 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2009-07-02 19:45:42.775 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 48% Total physical RAM: 3966.49 MB Available physical RAM: 2034.31 MB Total Pagefile: 8060.67 MB Available Pagefile: 5623.24 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:99.9 GB) (Free:45.36 GB) NTFS Drive e: (Data) (Fixed) (Total:831.51 GB) (Free:135.97 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 000224F3) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=832 GB) - (Type=07 NTFS) ==================== End Of Log ============================ PC GMER Code:
ATTFilter Wie gesagt leer. Allerdings im abgesichteren Modus (ohne Netzwerktreiber) durchgeführt ============================================================================= Hallo nochmal. Also, im Laufe des Tags habe ich beide Rechner mit der AntivirusLiveCD gescannt. Die nimmt hierfür ClamAV 0.98 und updated vor dem Scan die Virendefinition. Auf dem Laptop hat sie angeblich eine DLL (srswow.dll) aus den Thinkpad Audio Driver Installer gefunden, die mit dem Win.Trojan.Ramnit-1765 infiziert sei. Diese habe ich gelöscht. Auf dem PC hat sie 10 Dateien gefunden, die mit dem W32.Virut.Gen.D-159 infiziert seien. Alle im Office-Umfeld (Excel.exe, excelconv.exe, VBA6.dll und msp Pakete des Office aus C:\Windows\Installer). Nun habe ich diese 10 Files bei VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 37 AntiVirus Engines! scannen lassen, mit folgendem Ergebnis: Einzig der ClamAV findet einen Infekt, alle anderen 35 Scanner nicht. Insofern glaube ich, dass ich einfach dem anscheinend übersensiblen ClamAV meines Bekannten auf den Leim gegangen bin und möchte es hierbei belassen. Wahrscheinlich lege ich mir noch ne Boot-CD zu, um regelmäßig die Computer von einem anderen OS aus zu scannen. Vielleicht wird's die heute verwendete Antivirus Live CD oder vielleicht die Desinfec't - mal schauen. Auf jeden Fall will ich Eure Zeit nicht für einen falschen Alarm rauben. Grüße, Willibald Geändert von Willibald07 (11.01.2014 um 20:32 Uhr) |
12.01.2014, 08:58 | #6 |
/// the machine /// TB-Ausbilder | Windows 7 (2x): Bekanntter hat Viren nach Nutzung seiner externen HDD an meinen Rechnern - bin ich infiziert? das waren alles Fehlalarme, und die Logs sind sauber
__________________ --> Windows 7 (2x): Bekanntter hat Viren nach Nutzung seiner externen HDD an meinen Rechnern - bin ich infiziert? |
12.01.2014, 11:31 | #7 |
| Windows 7 (2x): Bekanntter hat Viren nach Nutzung seiner externen HDD an meinen Rechnern - bin ich infiziert? Ich muss sage, dass es mir so wesentlich lieber ist, als wenn was dran gewesen wäre . Trotzdem danke nochmal! |
13.01.2014, 09:59 | #8 |
/// the machine /// TB-Ausbilder | Windows 7 (2x): Bekanntter hat Viren nach Nutzung seiner externen HDD an meinen Rechnern - bin ich infiziert? Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 7 (2x): Bekanntter hat Viren nach Nutzung seiner externen HDD an meinen Rechnern - bin ich infiziert? |
anleitung, avg, bin ich infiziert, daten, deaktivieren, entdeck, falsch, folge, folgende, forum, free, gmer, infiziert, installiert, laptop, linux, meldung, modus, netzwerk, problem, rechner, tools, viren, wichtig, windows, windows 7 |