| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner - Windows7Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.01.2014, 16:59
| #1 |
| |  GVU Trojaner - Windows7 Ich habe mir den GVU-Trojaner eingefangen und jetzt wie hier beschrieben FRST laufen lassen. Folgend das Log und ich wäre für Vorschläge zur weiteren Vorgehensweise sehr dankbar: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 04 Ran by SYSTEM on MININT-E4FKD4P on 20-01-2014 16:46:57 Running from F:\ Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2886416 2012-03-01] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13260944 2012-11-20] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Winlogon: [Shell] C:\Users\Leinad\AppData\Local\Temp\hemxccapeaj.exe [595830 2014-01-20] () <=== ATTENTION HKLM-x32\...\Winlogon: [Shell] C:\Users\Leinad\AppData\Local\Temp\hemxccapeaj.exe [595830 ] () <=== ATTENTION Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [NoViewContextMenu] 1 HKLM\...\Policies\Explorer: [NoDesktop] 1 <===== ATTENTION HKU\Leinad\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro Advanced\DTAgent.exe [3111456 2013-05-13] (Disc Soft Ltd) HKU\Leinad\...\Run: [Windows Update Service] - C:\ProgramData\Windows Update Service0\odoaztybt.exe [52428800 2013-09-17] (Alexander Roshal.) HKU\Leinad\...\Run: [GoogleChromeAutoLaunch_7AD2AFED9D39E992AEB379F21168A69A] - C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe [866584 2014-01-11] (Google Inc.) HKU\Leinad\...\Run: [LightShot] - C:\Users\Leinad\AppData\Local\Skillbrains\lightshot\LightShot.exe [226592 2013-09-27] () HKU\Leinad\...\Policies\system: [DisableTaskMgr] 1 HKU\Leinad\...\Policies\system: [DisableRegistryTools] 1 HKU\Leinad\...\Winlogon: [Userinit] C:\Users\Leinad\AppData\Local\Temp\hemxccapeaj.exe [595830 2014-01-20] () HKU\Leinad\...\Winlogon: [Shell] C:\Users\Leinad\AppData\Local\Temp\hemxccapeaj.exe [595830 2014-01-20] () <==== ATTENTION IFEO\rstrui.exe: [Debugger] bzs_.exe Startup: C:\Users\Leinad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk ShortcutTarget: ja.lnk -> (No File) ==================== Services (Whitelisted) ================= S2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated) S2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [204288 2012-08-02] (Broadcom Corporation) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2552176 2012-09-14] (O&O Software GmbH) S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [746392 2013-03-20] (Tunngle.net GmbH) ==================== Drivers (Whitelisted) ==================== S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-08-13] (DT Soft Ltd) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-07-12] () S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation) S3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [190232 2010-08-05] (Windows (R) Win 7 DDK provider) S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 athr; system32\DRIVERS\athrx.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-20 17:27 - 2014-01-20 17:30 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2014-01-20 16:46 - 2014-01-20 16:46 - 00000000 ____D C:\FRST 2014-01-15 22:58 - 2014-01-20 07:22 - 00000390 _____ C:\Windows\Tasks\update-sys.job 2014-01-15 22:58 - 2014-01-20 06:45 - 00000390 _____ C:\Windows\Tasks\update-S-1-5-21-586411972-1826969491-2776955316-1001.job 2014-01-15 22:58 - 2014-01-15 22:58 - 02727456 _____ (Skillbrains ) C:\Users\Leinad\Downloads\setup-lightshot.exe 2014-01-15 22:58 - 2014-01-15 22:58 - 00003286 _____ C:\Windows\System32\Tasks\update-sys 2014-01-15 22:58 - 2014-01-15 22:58 - 00003266 _____ C:\Windows\System32\Tasks\update-S-1-5-21-586411972-1826969491-2776955316-1001 2014-01-15 22:58 - 2014-01-15 22:58 - 00000443 _____ C:\Users\Leinad\AppData\Local\UserProducts.xml 2014-01-15 22:58 - 2014-01-15 22:58 - 00000003 _____ C:\Users\Leinad\AppData\Local\updater.log 2014-01-15 22:58 - 2014-01-15 22:58 - 00000000 ____D C:\Users\Leinad\AppData\Local\Skillbrains 2014-01-15 22:58 - 2014-01-15 22:58 - 00000000 ____D C:\Program Files (x86)\Skillbrains 2014-01-15 06:48 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys 2014-01-15 06:48 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys 2014-01-15 06:48 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys 2014-01-15 06:48 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys 2014-01-15 06:48 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys 2014-01-15 06:48 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys 2014-01-15 06:48 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys 2014-01-15 06:48 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2014-01-15 06:48 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2014-01-15 01:58 - 2014-01-18 17:19 - 00384013 _____ C:\Users\Leinad\Desktop\gge leinad und chef gold.mcr 2014-01-15 00:34 - 2014-01-15 00:43 - 00000039 _____ C:\Users\Leinad\Desktop\AP Übernahme.txt 2014-01-14 18:41 - 2014-01-14 18:43 - 00029452 _____ C:\Users\Leinad\Desktop\gge gold chrome.mcr 2014-01-14 16:43 - 2014-01-14 16:43 - 00029431 _____ C:\Users\Leinad\Desktop\gge gold.mcr 2014-01-14 14:14 - 2014-01-14 14:32 - 00000000 ____D C:\Program Files (x86)\MacroRecorder 2014-01-14 14:14 - 2014-01-14 14:14 - 00719360 _____ (Jitbit Software ) C:\Users\Leinad\Downloads\MacroRecorderSetup.exe 2014-01-14 14:14 - 2014-01-14 14:14 - 00001102 _____ C:\Users\Public\Desktop\Macro Recorder.lnk 2014-01-14 13:56 - 2014-01-14 14:03 - 00000000 ____D C:\Users\Leinad\Documents\Recorder 2014-01-14 13:56 - 2014-01-14 13:56 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Recorder 2014-01-14 13:54 - 2014-01-14 16:45 - 00000000 ____D C:\Users\Leinad\Downloads\mouseandkeyrec 2014-01-14 13:54 - 2014-01-14 13:54 - 03274843 _____ C:\Users\Leinad\Downloads\mouseandkeyrec.zip 2014-01-14 13:53 - 2014-01-14 13:52 - 00047438 _____ C:\Users\Leinad\Documents\macex_bak000.~mex 2014-01-14 13:48 - 2014-01-14 13:52 - 00047438 _____ C:\Users\Leinad\Documents\macex.mex 2014-01-14 13:47 - 2014-01-14 13:47 - 00000000 ____D C:\ProgramData\Insight Software Solutions 2014-01-14 13:46 - 2014-01-14 13:46 - 23310272 _____ C:\Users\Leinad\Downloads\macex3.exe 2014-01-14 13:44 - 2014-01-14 13:44 - 00000916 _____ C:\Users\Leinad\Desktop\GGE.lnk 2014-01-14 13:42 - 2014-01-14 13:46 - 00000000 ____D C:\Program Files (x86)\Ghost Control 2014-01-14 13:42 - 2014-01-14 13:44 - 00000000 ____D C:\Users\Leinad\Documents\Ghost Control 2014-01-14 13:42 - 2009-12-02 21:57 - 00000032 _____ C:\Windows\SysWOW64\comcnt.sys 2014-01-14 13:42 - 2008-04-14 05:41 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dx8vb.dll 2014-01-14 13:42 - 1998-06-26 00:00 - 00644400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX 2014-01-14 13:42 - 1998-06-24 00:00 - 00164144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMCT232.OCX 2014-01-14 13:42 - 1998-06-24 00:00 - 00115016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.OCX 2014-01-14 13:41 - 2014-01-14 13:41 - 03373928 _____ (N.R.S. ) C:\Users\Leinad\Documents\ghostcontrol3.exe 2014-01-13 21:29 - 2014-01-14 22:30 - 00000019 _____ C:\Users\Leinad\Desktop\Samurai neue Nahrungs-AP.txt 2014-01-13 20:36 - 2014-01-14 22:58 - 00000058 _____ C:\Users\Leinad\Desktop\neue Samurai RSD.txt 2014-01-13 20:36 - 2014-01-13 21:31 - 00000039 _____ C:\Users\Leinad\Desktop\Neues Textdokument (2).txt 2014-01-13 00:20 - 2014-01-20 00:50 - 00001797 _____ C:\Users\Leinad\Desktop\Einheitenbericht.txt 2014-01-12 21:16 - 2014-01-12 23:21 - 00000107 _____ C:\Users\Leinad\Desktop\TS Samurai.txt 2014-01-12 18:18 - 2014-01-12 18:18 - 00002660 _____ C:\Users\Leinad\Desktop\146d2ab98747657b0aa1e08e46ad3786.rsdf 2014-01-11 23:02 - 2014-01-12 09:23 - 00001206 _____ C:\Users\Leinad\Desktop\sam.txt 2014-01-11 21:35 - 2014-01-11 22:19 - 00000017 _____ C:\Users\Leinad\Desktop\nahrungs aps.txt 2014-01-11 06:00 - 2014-01-11 06:30 - 00000175 _____ C:\Users\Leinad\Desktop\Leindörfer.txt 2014-01-09 20:34 - 2014-01-09 20:34 - 00000007 _____ C:\Users\Leinad\Desktop\neue AP.txt 2014-01-09 03:17 - 2014-01-09 03:17 - 00000807 _____ C:\Users\Leinad\Desktop\Tipp für RSD.txt 2014-01-09 02:25 - 2014-01-17 22:59 - 00000627 _____ C:\Users\Leinad\Desktop\winter ziele.txt 2014-01-04 22:49 - 2014-01-04 22:49 - 00000013 _____ C:\Users\Leinad\Desktop\alli kontakt.txt 2013-12-30 23:20 - 2013-12-30 23:22 - 00000000 ____D C:\Users\Leinad\Desktop\Uni 2013-12-30 22:10 - 2014-01-20 07:21 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Skype 2013-12-30 22:10 - 2013-12-30 22:10 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk 2013-12-30 22:10 - 2013-12-30 22:10 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-12-30 22:10 - 2013-12-30 22:10 - 00000000 ____D C:\ProgramData\Skype 2013-12-30 16:30 - 2014-01-09 00:55 - 00001370 _____ C:\Users\Leinad\Desktop\ziele.txt 2013-12-30 07:47 - 2013-12-30 07:47 - 00000000 ____D C:\Users\Leinad\AppData\Local\Macromedia 2013-12-29 18:21 - 2013-12-29 18:21 - 00001127 _____ C:\Users\Leinad\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-29 18:20 - 2013-12-29 18:20 - 00001421 _____ C:\Users\Leinad\Desktop\Internet Explorer.lnk 2013-12-29 18:18 - 2013-12-29 18:19 - 00000000 ____D C:\Users\Leinad\AppData\Local\Mozilla 2013-12-29 18:18 - 2013-12-29 18:18 - 00283096 _____ (Mozilla) C:\Users\Leinad\Downloads\Firefox Setup Stub 26.0.exe 2013-12-29 18:18 - 2013-12-29 18:18 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-12-29 08:17 - 2013-12-29 08:17 - 01233962 _____ C:\Users\Leinad\Downloads\AdwCleaner (1).exe 2013-12-29 08:16 - 2013-12-29 08:16 - 01034531 _____ (Thisisu) C:\Users\Leinad\Downloads\JRT.exe 2013-12-29 08:07 - 2013-12-29 08:08 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Leinad\Downloads\mbam-setup-1.75.0.1300 (1).exe 2013-12-29 08:02 - 2013-12-29 08:02 - 00001442 _____ C:\Users\Leinad\Desktop\RootAlyzer.lnk 2013-12-29 08:01 - 2013-12-29 08:02 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-12-29 08:01 - 2013-12-29 08:01 - 01339719 _____ C:\Users\Leinad\Downloads\rootalyz-0.3.4.47.zip 2013-12-29 08:01 - 2013-12-29 08:01 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-12-29 08:01 - 2013-12-29 08:01 - 00000000 ____D C:\Users\Leinad\Downloads\rootalyz-0.3.4.47 2013-12-29 08:01 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe 2013-12-29 07:57 - 2013-12-29 08:00 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Leinad\Downloads\spybot-2.2.exe 2013-12-29 04:43 - 2013-12-29 05:01 - 00000000 ____D C:\Program Files (x86)\JDownloader 2 2013-12-29 04:43 - 2013-12-29 04:53 - 00000000 ____D C:\Program Files (x86)\JD Backup 2013-12-29 04:40 - 2013-12-29 04:40 - 00002086 _____ C:\Users\Leinad\Desktop\JDownloader 2.lnk 2013-12-29 04:37 - 2014-01-20 04:42 - 00000000 ____D C:\Users\Leinad\AppData\Local\JDownloader v2.0 2013-12-29 04:35 - 2013-12-29 08:12 - 00000000 ____D C:\ProgramData\WPM 2013-12-29 04:34 - 2013-12-29 04:34 - 00081488 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\Leinad\Downloads\WebInstaller.exe 2013-12-29 04:34 - 2013-12-29 04:34 - 00077976 _____ (AppWork GmbH) C:\Users\Leinad\Downloads\WebInstallerJD2.exe 2013-12-29 03:51 - 2013-12-29 03:50 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-12-29 03:51 - 2013-12-29 03:50 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-12-29 03:51 - 2013-12-29 03:50 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-12-29 03:51 - 2013-12-29 03:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-12-28 16:13 - 2013-12-29 07:48 - 00000123 _____ C:\Users\Leinad\Desktop\Goodgame Empire Zeug.txt 2013-12-24 06:14 - 2013-12-24 06:14 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (3).exe 2013-12-24 06:10 - 2013-12-24 06:10 - 00000000 ____D C:\2f1e1235fb3978355243e40a64e4da86 2013-12-24 06:09 - 2014-01-16 03:01 - 00000000 ____D C:\Windows\System32\MRT 2013-12-24 06:08 - 2013-12-24 06:08 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (2).exe 2013-12-23 20:58 - 2013-12-23 20:58 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (1).exe ==================== One Month Modified Files and Folders ======= 2014-01-20 17:30 - 2014-01-20 17:27 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2014-01-20 16:46 - 2014-01-20 16:46 - 00000000 ____D C:\FRST 2014-01-20 16:36 - 2013-07-13 11:01 - 00020996 _____ C:\Windows\setupact.log 2014-01-20 16:36 - 2012-12-29 01:55 - 00958094 _____ C:\Windows\System32\oodbs.lor 2014-01-20 16:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-20 16:03 - 2012-12-28 23:36 - 01201880 _____ C:\Windows\WindowsUpdate.log 2014-01-20 15:46 - 2012-12-29 02:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-20 15:45 - 2013-07-13 11:25 - 00286078 _____ C:\Windows\PFRO.log 2014-01-20 15:29 - 2011-04-12 08:43 - 05300664 _____ C:\Windows\System32\perfh007.dat 2014-01-20 15:29 - 2011-04-12 08:43 - 01632718 _____ C:\Windows\System32\perfc007.dat 2014-01-20 15:29 - 2009-07-14 06:13 - 00007064 _____ C:\Windows\System32\PerfStringBackup.INI 2014-01-20 07:38 - 2012-12-29 01:09 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\vlc 2014-01-20 07:22 - 2014-01-15 22:58 - 00000390 _____ C:\Windows\Tasks\update-sys.job 2014-01-20 07:21 - 2013-12-30 22:10 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Skype 2014-01-20 06:49 - 2012-12-29 01:07 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-586411972-1826969491-2776955316-1001UA.job 2014-01-20 06:45 - 2014-01-15 22:58 - 00000390 _____ C:\Windows\Tasks\update-S-1-5-21-586411972-1826969491-2776955316-1001.job 2014-01-20 04:42 - 2013-12-29 04:37 - 00000000 ____D C:\Users\Leinad\AppData\Local\JDownloader v2.0 2014-01-20 00:50 - 2014-01-13 00:20 - 00001797 _____ C:\Users\Leinad\Desktop\Einheitenbericht.txt 2014-01-19 21:49 - 2012-12-29 01:07 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-586411972-1826969491-2776955316-1001Core.job 2014-01-19 18:50 - 2013-06-19 10:12 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\TS3Client 2014-01-18 19:45 - 2009-07-14 05:45 - 00021248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-18 19:45 - 2009-07-14 05:45 - 00021248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-18 17:19 - 2014-01-15 01:58 - 00384013 _____ C:\Users\Leinad\Desktop\gge leinad und chef gold.mcr 2014-01-17 22:59 - 2014-01-09 02:25 - 00000627 _____ C:\Users\Leinad\Desktop\winter ziele.txt 2014-01-16 16:21 - 2009-07-14 05:45 - 02054608 _____ C:\Windows\System32\FNTCACHE.DAT 2014-01-16 03:04 - 2013-12-24 06:09 - 00000000 ____D C:\Windows\System32\MRT 2014-01-16 03:00 - 2012-12-13 09:31 - 86054176 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-01-15 22:58 - 2014-01-15 22:58 - 02727456 _____ (Skillbrains ) C:\Users\Leinad\Downloads\setup-lightshot.exe 2014-01-15 22:58 - 2014-01-15 22:58 - 00003286 _____ C:\Windows\System32\Tasks\update-sys 2014-01-15 22:58 - 2014-01-15 22:58 - 00003266 _____ C:\Windows\System32\Tasks\update-S-1-5-21-586411972-1826969491-2776955316-1001 2014-01-15 22:58 - 2014-01-15 22:58 - 00000443 _____ C:\Users\Leinad\AppData\Local\UserProducts.xml 2014-01-15 22:58 - 2014-01-15 22:58 - 00000003 _____ C:\Users\Leinad\AppData\Local\updater.log 2014-01-15 22:58 - 2014-01-15 22:58 - 00000000 ____D C:\Users\Leinad\AppData\Local\Skillbrains 2014-01-15 22:58 - 2014-01-15 22:58 - 00000000 ____D C:\Program Files (x86)\Skillbrains 2014-01-15 00:43 - 2014-01-15 00:34 - 00000039 _____ C:\Users\Leinad\Desktop\AP Übernahme.txt 2014-01-14 22:58 - 2014-01-13 20:36 - 00000058 _____ C:\Users\Leinad\Desktop\neue Samurai RSD.txt 2014-01-14 22:30 - 2014-01-13 21:29 - 00000019 _____ C:\Users\Leinad\Desktop\Samurai neue Nahrungs-AP.txt 2014-01-14 18:43 - 2014-01-14 18:41 - 00029452 _____ C:\Users\Leinad\Desktop\gge gold chrome.mcr 2014-01-14 16:45 - 2014-01-14 13:54 - 00000000 ____D C:\Users\Leinad\Downloads\mouseandkeyrec 2014-01-14 16:43 - 2014-01-14 16:43 - 00029431 _____ C:\Users\Leinad\Desktop\gge gold.mcr 2014-01-14 14:32 - 2014-01-14 14:14 - 00000000 ____D C:\Program Files (x86)\MacroRecorder 2014-01-14 14:14 - 2014-01-14 14:14 - 00719360 _____ (Jitbit Software ) C:\Users\Leinad\Downloads\MacroRecorderSetup.exe 2014-01-14 14:14 - 2014-01-14 14:14 - 00001102 _____ C:\Users\Public\Desktop\Macro Recorder.lnk 2014-01-14 14:03 - 2014-01-14 13:56 - 00000000 ____D C:\Users\Leinad\Documents\Recorder 2014-01-14 13:56 - 2014-01-14 13:56 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Recorder 2014-01-14 13:54 - 2014-01-14 13:54 - 03274843 _____ C:\Users\Leinad\Downloads\mouseandkeyrec.zip 2014-01-14 13:52 - 2014-01-14 13:53 - 00047438 _____ C:\Users\Leinad\Documents\macex_bak000.~mex 2014-01-14 13:52 - 2014-01-14 13:48 - 00047438 _____ C:\Users\Leinad\Documents\macex.mex 2014-01-14 13:47 - 2014-01-14 13:47 - 00000000 ____D C:\ProgramData\Insight Software Solutions 2014-01-14 13:46 - 2014-01-14 13:46 - 23310272 _____ C:\Users\Leinad\Downloads\macex3.exe 2014-01-14 13:46 - 2014-01-14 13:42 - 00000000 ____D C:\Program Files (x86)\Ghost Control 2014-01-14 13:44 - 2014-01-14 13:44 - 00000916 _____ C:\Users\Leinad\Desktop\GGE.lnk 2014-01-14 13:44 - 2014-01-14 13:42 - 00000000 ____D C:\Users\Leinad\Documents\Ghost Control 2014-01-14 13:41 - 2014-01-14 13:41 - 03373928 _____ (N.R.S. ) C:\Users\Leinad\Documents\ghostcontrol3.exe 2014-01-13 21:31 - 2014-01-13 20:36 - 00000039 _____ C:\Users\Leinad\Desktop\Neues Textdokument (2).txt 2014-01-12 23:21 - 2014-01-12 21:16 - 00000107 _____ C:\Users\Leinad\Desktop\TS Samurai.txt 2014-01-12 18:18 - 2014-01-12 18:18 - 00002660 _____ C:\Users\Leinad\Desktop\146d2ab98747657b0aa1e08e46ad3786.rsdf 2014-01-12 09:23 - 2014-01-11 23:02 - 00001206 _____ C:\Users\Leinad\Desktop\sam.txt 2014-01-11 22:19 - 2014-01-11 21:35 - 00000017 _____ C:\Users\Leinad\Desktop\nahrungs aps.txt 2014-01-11 06:30 - 2014-01-11 06:00 - 00000175 _____ C:\Users\Leinad\Desktop\Leindörfer.txt 2014-01-09 20:34 - 2014-01-09 20:34 - 00000007 _____ C:\Users\Leinad\Desktop\neue AP.txt 2014-01-09 03:32 - 2013-10-29 21:19 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk 2014-01-09 03:17 - 2014-01-09 03:17 - 00000807 _____ C:\Users\Leinad\Desktop\Tipp für RSD.txt 2014-01-09 00:55 - 2013-12-30 16:30 - 00001370 _____ C:\Users\Leinad\Desktop\ziele.txt 2014-01-05 01:06 - 2013-01-03 13:06 - 00000000 ____D C:\Users\Leinad\AppData\Local\Adobe 2014-01-04 22:49 - 2014-01-04 22:49 - 00000013 _____ C:\Users\Leinad\Desktop\alli kontakt.txt 2013-12-30 23:30 - 2013-11-13 16:53 - 00000000 ____D C:\Program Files (x86)\Space Rangers HD A War Apart 2013-12-30 23:29 - 2013-08-12 22:26 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\3909 2013-12-30 23:29 - 2013-01-01 21:59 - 00000000 ____D C:\Program Files (x86)\Steam 2013-12-30 23:25 - 2013-03-15 02:19 - 00000000 ____D C:\Users\Leinad\Documents\SimCity 4 2013-12-30 23:22 - 2013-12-30 23:20 - 00000000 ____D C:\Users\Leinad\Desktop\Uni 2013-12-30 22:28 - 2013-06-19 10:10 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2013-12-30 22:10 - 2013-12-30 22:10 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk 2013-12-30 22:10 - 2013-12-30 22:10 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-12-30 22:10 - 2013-12-30 22:10 - 00000000 ____D C:\ProgramData\Skype 2013-12-30 07:51 - 2012-12-29 02:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-30 07:47 - 2013-12-30 07:47 - 00000000 ____D C:\Users\Leinad\AppData\Local\Macromedia 2013-12-29 18:21 - 2013-12-29 18:21 - 00001127 _____ C:\Users\Leinad\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-29 18:20 - 2013-12-29 18:20 - 00001421 _____ C:\Users\Leinad\Desktop\Internet Explorer.lnk 2013-12-29 18:19 - 2013-12-29 18:18 - 00000000 ____D C:\Users\Leinad\AppData\Local\Mozilla 2013-12-29 18:18 - 2013-12-29 18:18 - 00283096 _____ (Mozilla) C:\Users\Leinad\Downloads\Firefox Setup Stub 26.0.exe 2013-12-29 18:18 - 2013-12-29 18:18 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-12-29 18:18 - 2013-07-11 02:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-29 18:18 - 2012-12-29 02:33 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Mozilla 2013-12-29 12:16 - 2012-12-29 00:43 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013 2013-12-29 08:17 - 2013-12-29 08:17 - 01233962 _____ C:\Users\Leinad\Downloads\AdwCleaner (1).exe 2013-12-29 08:17 - 2013-07-13 11:32 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-29 08:17 - 2013-07-13 11:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-29 08:16 - 2013-12-29 08:16 - 01034531 _____ (Thisisu) C:\Users\Leinad\Downloads\JRT.exe 2013-12-29 08:12 - 2013-12-29 04:35 - 00000000 ____D C:\ProgramData\WPM 2013-12-29 08:08 - 2013-12-29 08:07 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Leinad\Downloads\mbam-setup-1.75.0.1300 (1).exe 2013-12-29 08:04 - 2013-07-12 18:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-12-29 08:02 - 2013-12-29 08:02 - 00001442 _____ C:\Users\Leinad\Desktop\RootAlyzer.lnk 2013-12-29 08:02 - 2013-12-29 08:01 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-12-29 08:01 - 2013-12-29 08:01 - 01339719 _____ C:\Users\Leinad\Downloads\rootalyz-0.3.4.47.zip 2013-12-29 08:01 - 2013-12-29 08:01 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-12-29 08:01 - 2013-12-29 08:01 - 00000000 ____D C:\Users\Leinad\Downloads\rootalyz-0.3.4.47 2013-12-29 08:00 - 2013-12-29 07:57 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Leinad\Downloads\spybot-2.2.exe 2013-12-29 07:48 - 2013-12-28 16:13 - 00000123 _____ C:\Users\Leinad\Desktop\Goodgame Empire Zeug.txt 2013-12-29 05:01 - 2013-12-29 04:43 - 00000000 ____D C:\Program Files (x86)\JDownloader 2 2013-12-29 04:53 - 2013-12-29 04:43 - 00000000 ____D C:\Program Files (x86)\JD Backup 2013-12-29 04:40 - 2013-12-29 04:40 - 00002086 _____ C:\Users\Leinad\Desktop\JDownloader 2.lnk 2013-12-29 04:34 - 2013-12-29 04:34 - 00081488 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\Leinad\Downloads\WebInstaller.exe 2013-12-29 04:34 - 2013-12-29 04:34 - 00077976 _____ (AppWork GmbH) C:\Users\Leinad\Downloads\WebInstallerJD2.exe 2013-12-29 03:51 - 2013-10-29 21:33 - 00000000 ____D C:\ProgramData\Oracle 2013-12-29 03:50 - 2013-12-29 03:51 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-12-29 03:50 - 2013-12-29 03:51 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-12-29 03:50 - 2013-12-29 03:51 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-12-29 03:50 - 2013-12-29 03:51 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-12-29 03:48 - 2013-04-17 23:07 - 00000000 ____D C:\Games 2013-12-28 18:05 - 2012-12-29 00:42 - 00000000 ____D C:\ProgramData\TuneUp Software 2013-12-24 06:14 - 2013-12-24 06:14 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (3).exe 2013-12-24 06:10 - 2013-12-24 06:10 - 00000000 ____D C:\2f1e1235fb3978355243e40a64e4da86 2013-12-24 06:08 - 2013-12-24 06:08 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (2).exe 2013-12-23 20:58 - 2013-12-23 20:58 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (1).exe 2013-12-23 10:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache Some content of TEMP: ==================== C:\Users\Leinad\AppData\Local\Temp\eauninstall.exe C:\Users\Leinad\AppData\Local\Temp\hemxccapeaj.exe C:\Users\Leinad\AppData\Local\Temp\SC4_uninst.exe C:\Users\Leinad\AppData\Local\Temp\SimCity 4 Deluxe_uninst.exe C:\Users\Leinad\AppData\Local\Temp\vlc-2.1.2-win64.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2014-01-01 00:23:30 Restore point made on: 2014-01-07 18:05:59 Restore point made on: 2014-01-14 09:22:41 Restore point made on: 2014-01-14 13:47:22 Restore point made on: 2014-01-14 13:55:29 Restore point made on: 2014-01-14 16:53:38 Restore point made on: 2014-01-16 03:00:33 ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 3958.71 MB Available physical RAM: 3321.17 MB Total Pagefile: 3956.91 MB Available Pagefile: 3314.67 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:698.54 GB) (Free:185.59 GB) NTFS Drive f: (LEINADSTICK) (Removable) (Total:29.87 GB) (Free:29.86 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: A1350D26) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=699 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 30 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=30 GB) - (Type=0C) LastRegBack: 2014-01-19 19:08 ==================== End Of Log ============================ |
|
20.01.2014, 17:03
| #2 |
| /// TB-Ausbilder   | GVU Trojaner - Windows7 Hi,
__________________startet der Rechner nach folgendem Fix wieder normal? Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\...\Winlogon: [Shell] C:\Users\Leinad\AppData\Local\Temp\hemxccapeaj.exe [595830 2014-01-20] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell] C:\Users\Leinad\AppData\Local\Temp\hemxccapeaj.exe [595830 ] () <=== ATTENTION
HKLM\...\Policies\Explorer: [NoViewContextMenu] 1
HKLM\...\Policies\Explorer: [NoDesktop] 1 <===== ATTENTION
HKU\Leinad\...\Policies\system: [DisableTaskMgr] 1
HKU\Leinad\...\Policies\system: [DisableRegistryTools] 1
HKU\Leinad\...\Run: [Windows Update Service] - C:\ProgramData\Windows Update Service0\odoaztybt.exe [52428800 2013-09-17] (Alexander Roshal.)
HKU\Leinad\...\Winlogon: [Userinit] C:\Users\Leinad\AppData\Local\Temp\hemxccapeaj.exe [595830 2014-01-20] ()
HKU\Leinad\...\Winlogon: [Shell] C:\Users\Leinad\AppData\Local\Temp\hemxccapeaj.exe [595830 2014-01-20] () <==== ATTENTION
IFEO\rstrui.exe: [Debugger] bzs_.exe
Startup: C:\Users\Leinad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk -> (No File)
C:\Users\Leinad\AppData\Local\Temp\*.exe
C:\ProgramData\Windows Update Service0
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________ |
|
20.01.2014, 17:11
| #3 |
| | GVU Trojaner - Windows7 Danke für die schnelle Antwort. Hier das Ergebnis:
__________________Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2014 04
Ran by SYSTEM at 2014-01-20 17:10:23 Run:1
Running from F:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
HKLM\...\Winlogon: [Shell] C:\Users\Leinad\AppData\Local\Temp\hemxccapeaj.exe [595830 2014-01-20] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell] C:\Users\Leinad\AppData\Local\Temp\hemxccapeaj.exe [595830 ] () <=== ATTENTION
HKLM\...\Policies\Explorer: [NoViewContextMenu] 1
HKLM\...\Policies\Explorer: [NoDesktop] 1 <===== ATTENTION
HKU\Leinad\...\Policies\system: [DisableTaskMgr] 1
HKU\Leinad\...\Policies\system: [DisableRegistryTools] 1
HKU\Leinad\...\Run: [Windows Update Service] - C:\ProgramData\Windows Update Service0\odoaztybt.exe [52428800 2013-09-17] (Alexander Roshal.)
HKU\Leinad\...\Winlogon: [Userinit] C:\Users\Leinad\AppData\Local\Temp\hemxccapeaj.exe [595830 2014-01-20] ()
HKU\Leinad\...\Winlogon: [Shell] C:\Users\Leinad\AppData\Local\Temp\hemxccapeaj.exe [595830 2014-01-20] () <==== ATTENTION
IFEO\rstrui.exe: [Debugger] bzs_.exe
Startup: C:\Users\Leinad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk -> (No File)
C:\Users\Leinad\AppData\Local\Temp\*.exe
C:\ProgramData\Windows Update Service0
*****************
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => Value deleted successfully.
HKU\Leinad\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr => Value deleted successfully.
HKU\Leinad\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => Value deleted successfully.
HKU\Leinad\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Update Service => Value deleted successfully.
HKU\Leinad\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value deleted successfully.
HKU\Leinad\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => Key deleted successfully.
C:\Users\Leinad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk => Moved successfully.
ShortcutTarget: ja.lnk -> (No File) not found.
C:\Users\Leinad\AppData\Local\Temp\*.exe => Moved successfully.
C:\ProgramData\Windows Update Service0 => Moved successfully.
==== End of Fixlog ====
|
|
20.01.2014, 18:57
| #4 |
| /// TB-Ausbilder | GVU Trojaner - Windows7 Und startet der Rechner wieder ohne der Sperrbildschirm? Falls ja, dann verschiebe die frst64.exe vom USB-Stick auf den Desktop.
__________________ cheers, Leo |
|
20.01.2014, 19:41
| #5 |
| | GVU Trojaner - Windows7 Ja ich konnte wieder ganz normal Windows starten. Hier die Ergebnisse des Scans: Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2014 04
Ran by Leinad at 2014-01-20 19:40:27
Running from C:\Users\Leinad\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
1.3M WebCam (x32 Version: 2.103.13.11 - ALi)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Digital Editions 2.0 (x32 Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (x32 Version: 2.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 12 v.12.0.3 (x32 Version: 12.0.3 - Ashampoo GmbH & Co. KG)
Broadcom 802.11 Network Adapter (Version: 5.100.82.95 - Broadcom Corporation)
Broadcom NetXtreme-I Netlink Driver and Management Installer (Version: 15.4.13.1 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.03 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Crusader Kings II (x32 Version: - Paradox Development Studio)
DAEMON Tools Pro Advanced (x32 Version: - )
Driver Genius (x32 Version: 12.0 - )
Dropbox (HKCU Version: 1.6.16 - Dropbox, Inc.)
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
Europa Universalis IV (x32 Version: - Paradox Development Studio)
Europa Universalis IV (x32 Version: - Paradox Interactive)
FTL version 1.03.3 (x32 Version: 1.03.3 - Subset Games)
Google Chrome (HKCU Version: 32.0.1700.76 - Google Inc.)
HD Tune Pro 5.00 (x32 Version: - EFD Software)
Hearts of Iron III (x32 Version: - Paradox Interactive)
HWiNFO64 Version 4.08 (Version: 4.08 - Martin Malík - REALiX)
IrfanView (remove only) (x32 Version: 4.35 - Irfan Skiljan)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 2 (Version: 2.0 - AppWork GmbH)
JDownloader 2 (x32 Version: 2 - AppWork GmbH)
K-Lite Codec Pack 9.6.5 (64-bit) (Version: 9.6.5 - )
K-Lite Mega Codec Pack 9.6.5 (x32 Version: 9.6.5 - )
lightshot-4.4.2.10 (x32 Version: 4.4.2.10 - Skillbrains)
Macro Recorder 5.7.1 (x32 Version: 5.7.1 - Jitbit Software)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (x32 Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)
NSU (x32 Version: 2.02.1030 - ZyXEL)
O&O Defrag Professional (Version: 16.0.139 - O&O Software GmbH)
OpenAL (x32 Version: - )
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime (x32 Version: 7.73.80.64 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
SABnzbd 0.7.11 (x32 Version: 0.7.11 - The SABnzbd Team)
Sins of a Solar Empire: Trinity (x32 Version: - )
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SopCast 3.5.0 (x32 Version: 3.5.0 - www.sopcast.com)
Spybot - Search & Destroy (x32 Version: 2.2.25 - Safer-Networking Ltd.)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (Version: 16.0.2.0 - Synaptics Incorporated)
TeamSpeak 3 Client (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
Tunngle beta (x32 Version: - Tunngle.net GmbH)
Unity Web Player (HKCU Version: - Unity Technologies ApS)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
31-12-2013 23:23:19 Windows Update
07-01-2014 17:05:33 Windows Update
14-01-2014 08:22:31 Windows Update
14-01-2014 12:47:04 Install Macro Express 3
14-01-2014 12:55:23 Recorder wird installiert
14-01-2014 15:48:30 Recorder wird entfernt
16-01-2014 02:00:13 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2014-01-20 18:46 - 00450671 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {100EAD7C-B020-4BA3-8A7C-B318D36B02FC} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {6D12D26F-203E-4A32-8F72-EFBD17272670} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {75FF9CCB-97CE-437E-BFF9-A737EDEBA54E} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: {7D96F7B9-248C-47C1-B498-16C8AEFB9413} - System32\Tasks\Windows Update Check - 0x1FE004EA => C:\ProgramData\Windows
Task: {7F977D1C-4214-44AE-92B6-A0099CDAD028} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {996A1C28-BC2C-4812-8C67-35CF2D24244B} - System32\Tasks\Google Updater and Installer => C:\Users\Leinad\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-29] (Google Inc.)
Task: {9B4D629E-0485-4355-AB7A-E3848ACAFE37} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {9DDF2013-45BF-4972-9D6B-78C704B5254D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-586411972-1826969491-2776955316-1001UA => C:\Users\Leinad\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-29] (Google Inc.)
Task: {BA4524C1-AC4E-412E-BEA6-34F68B6E22D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-586411972-1826969491-2776955316-1001Core => C:\Users\Leinad\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-29] (Google Inc.)
Task: {C1687034-753E-45EE-91E6-8FEDE7A97A21} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {F37A5E2E-A1BA-4845-8FC6-477D95844F2E} - System32\Tasks\update-S-1-5-21-586411972-1826969491-2776955316-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-586411972-1826969491-2776955316-1001Core.job => C:\Users\Leinad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-586411972-1826969491-2776955316-1001UA.job => C:\Users\Leinad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-586411972-1826969491-2776955316-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Loaded Modules (whitelisted) =============
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-05-14 16:33 - 2013-05-14 16:33 - 00002560 _____ () C:\Program Files (x86)\DAEMON Tools Pro Advanced\MSIMG32.dll
2013-12-29 08:01 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-12-29 08:01 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-12-29 08:01 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-12-29 08:01 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-12-29 08:01 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-01-16 01:53 - 2014-01-11 11:28 - 00715544 _____ () C:\Users\Leinad\AppData\Local\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
2014-01-16 01:53 - 2014-01-11 11:28 - 00100120 _____ () C:\Users\Leinad\AppData\Local\Google\Chrome\Application\32.0.1700.76\libegl.dll
2014-01-16 01:53 - 2014-01-11 11:29 - 04055320 _____ () C:\Users\Leinad\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-16 01:53 - 2014-01-11 11:29 - 00399640 _____ () C:\Users\Leinad\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-16 01:53 - 2014-01-11 11:28 - 01634584 _____ () C:\Users\Leinad\AppData\Local\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/20/2014 05:25:11 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (01/20/2014 05:25:11 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (01/20/2014 05:25:11 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (01/20/2014 05:19:23 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (01/20/2014 03:49:56 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (01/20/2014 03:45:44 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (01/20/2014 03:29:41 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (01/20/2014 03:29:41 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (01/20/2014 03:29:41 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (01/20/2014 03:23:38 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
System errors:
=============
Error: (01/20/2014 06:53:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (01/20/2014 06:53:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (01/20/2014 06:53:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (01/20/2014 06:53:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (01/20/2014 06:53:19 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
Error: (01/20/2014 06:53:19 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
Error: (01/20/2014 05:19:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (01/20/2014 05:19:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (01/20/2014 05:19:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (01/20/2014 05:19:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Microsoft Office Sessions:
=========================
Error: (01/20/2014 05:25:11 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (01/20/2014 05:25:11 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (01/20/2014 05:25:11 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (01/20/2014 05:19:23 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/20/2014 03:49:56 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/20/2014 03:45:44 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/20/2014 03:29:41 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (01/20/2014 03:29:41 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (01/20/2014 03:29:41 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (01/20/2014 03:23:38 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2013-12-30 11:05:22.132
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-30 11:05:22.131
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-30 11:05:22.129
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-30 11:05:22.112
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-30 11:05:22.110
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-30 11:05:22.109
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-29 19:00:32.823
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-29 19:00:32.821
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-29 19:00:32.820
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-29 18:35:55.769
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 48%
Total physical RAM: 3958.71 MB
Available physical RAM: 2042.04 MB
Total Pagefile: 7915.6 MB
Available Pagefile: 5996.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:698.54 GB) (Free:185.54 GB) NTFS
Drive f: (LEINADSTICK) (Removable) (Total:29.87 GB) (Free:29.86 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: A1350D26)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=699 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 30 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 04
Ran by Leinad (administrator) on LEINLAP on 20-01-2014 19:39:40
Running from C:\Users\Leinad\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe
(Skillbrains) C:\Users\Leinad\AppData\Local\Skillbrains\lightshot\4.4.2.10\Lightshot.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro Advanced\DTShellHlp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Google Inc.) C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2886416 2012-03-01] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13260944 2012-11-20] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKCU\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro Advanced\DTAgent.exe [3111456 2013-05-13] (Disc Soft Ltd)
HKCU\...\Run: [GoogleChromeAutoLaunch_7AD2AFED9D39E992AEB379F21168A69A] - C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe [866584 2014-01-11] (Google Inc.)
HKCU\...\Run: [LightShot] - C:\Users\Leinad\AppData\Local\Skillbrains\lightshot\LightShot.exe [226592 2013-09-27] ()
HKCU\...\Policies\Explorer: [NoViewContextMenu] 1
MountPoints2: {ebf7cddd-2aaf-11e3-9bb8-88ae1d985a3e} - F:\HTC_Sync_Manager_PC.exe
==================== Internet (Whitelisted) ====================
ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9A710BC4912ECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388288126&from=cor&uid=ST750LX003-1AC154_W200MS6CXXXXW200MS6C&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388288126&from=cor&uid=ST750LX003-1AC154_W200MS6CXXXXW200MS6C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388288126&from=cor&uid=ST750LX003-1AC154_W200MS6CXXXXW200MS6C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388288126&from=cor&uid=ST750LX003-1AC154_W200MS6CXXXXW200MS6C&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388288126&from=cor&uid=ST750LX003-1AC154_W200MS6CXXXXW200MS6C&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388288126&from=cor&uid=ST750LX003-1AC154_W200MS6CXXXXW200MS6C&q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Leinad\AppData\Roaming\Mozilla\Firefox\Profiles\1vom9fni.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Leinad\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Leinad\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Leinad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR Extension: (Google Drive) - C:\Users\Leinad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-12]
CHR Extension: (Adblock Plus) - C:\Users\Leinad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-12]
CHR Extension: (JDownloader Integration for Google Chrome\u2122) - C:\Users\Leinad\AppData\Local\Google\Chrome\User Data\Default\Extensions\laeghehalempfenbefbjbhccjcoakpmm [2013-12-12]
CHR Extension: (Two-Click JDownloader) - C:\Users\Leinad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljhooappahaeilmbekgcokgjjplambgo [2013-12-12]
CHR Extension: (Premiumize.me) - C:\Users\Leinad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm [2013-12-12]
CHR Extension: (Dark Horizon) - C:\Users\Leinad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncjjeokpcnllmmbbipeaagmdpdpiadin [2013-12-12]
CHR Extension: (Google Wallet) - C:\Users\Leinad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [204288 2012-08-02] (Broadcom Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2552176 2012-09-14] (O&O Software GmbH)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [746392 2013-03-20] (Tunngle.net GmbH)
==================== Drivers (Whitelisted) ====================
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-08-13] (DT Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-07-12] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [190232 2010-08-05] (Windows (R) Win 7 DDK provider)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 athr; system32\DRIVERS\athrx.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-20 19:39 - 2014-01-20 19:40 - 00013809 _____ C:\Users\Leinad\Desktop\FRST.txt
2014-01-20 19:39 - 2014-01-20 16:33 - 02076672 _____ (Farbar) C:\Users\Leinad\Desktop\FRST64.exe
2014-01-20 18:46 - 2013-05-31 16:18 - 00000854 _____ C:\Windows\system32\Drivers\etc\hosts.20140120-184626.backup
2014-01-20 17:27 - 2014-01-20 17:30 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2014-01-20 16:46 - 2014-01-20 16:46 - 00000000 ____D C:\FRST
2014-01-15 22:58 - 2014-01-20 19:22 - 00000390 _____ C:\Windows\Tasks\update-sys.job
2014-01-15 22:58 - 2014-01-20 18:45 - 00000390 _____ C:\Windows\Tasks\update-S-1-5-21-586411972-1826969491-2776955316-1001.job
2014-01-15 22:58 - 2014-01-15 22:58 - 02727456 _____ (Skillbrains ) C:\Users\Leinad\Downloads\setup-lightshot.exe
2014-01-15 22:58 - 2014-01-15 22:58 - 00003286 _____ C:\Windows\System32\Tasks\update-sys
2014-01-15 22:58 - 2014-01-15 22:58 - 00003266 _____ C:\Windows\System32\Tasks\update-S-1-5-21-586411972-1826969491-2776955316-1001
2014-01-15 22:58 - 2014-01-15 22:58 - 00000443 _____ C:\Users\Leinad\AppData\Local\UserProducts.xml
2014-01-15 22:58 - 2014-01-15 22:58 - 00000003 _____ C:\Users\Leinad\AppData\Local\updater.log
2014-01-15 22:58 - 2014-01-15 22:58 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2014-01-15 22:58 - 2014-01-15 22:58 - 00000000 ____D C:\Users\Leinad\AppData\Local\Skillbrains
2014-01-15 22:58 - 2014-01-15 22:58 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2014-01-15 06:48 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 06:48 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 06:48 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 06:48 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 06:48 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 06:48 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 06:48 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 06:48 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 06:48 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 01:58 - 2014-01-18 17:19 - 00384013 _____ C:\Users\Leinad\Desktop\gge leinad und chef gold.mcr
2014-01-15 00:34 - 2014-01-15 00:43 - 00000039 _____ C:\Users\Leinad\Desktop\AP Übernahme.txt
2014-01-14 18:41 - 2014-01-14 18:43 - 00029452 _____ C:\Users\Leinad\Desktop\gge gold chrome.mcr
2014-01-14 16:43 - 2014-01-14 16:43 - 00029431 _____ C:\Users\Leinad\Desktop\gge gold.mcr
2014-01-14 14:14 - 2014-01-14 14:32 - 00000000 ____D C:\Program Files (x86)\MacroRecorder
2014-01-14 14:14 - 2014-01-14 14:14 - 00719360 _____ (Jitbit Software ) C:\Users\Leinad\Downloads\MacroRecorderSetup.exe
2014-01-14 14:14 - 2014-01-14 14:14 - 00001102 _____ C:\Users\Public\Desktop\Macro Recorder.lnk
2014-01-14 13:56 - 2014-01-14 14:03 - 00000000 ____D C:\Users\Leinad\Documents\Recorder
2014-01-14 13:56 - 2014-01-14 13:56 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Recorder
2014-01-14 13:54 - 2014-01-14 16:45 - 00000000 ____D C:\Users\Leinad\Downloads\mouseandkeyrec
2014-01-14 13:54 - 2014-01-14 13:54 - 03274843 _____ C:\Users\Leinad\Downloads\mouseandkeyrec.zip
2014-01-14 13:53 - 2014-01-14 13:52 - 00047438 _____ C:\Users\Leinad\Documents\macex_bak000.~mex
2014-01-14 13:48 - 2014-01-14 13:52 - 00047438 _____ C:\Users\Leinad\Documents\macex.mex
2014-01-14 13:47 - 2014-01-14 13:47 - 00000000 ____D C:\ProgramData\Insight Software Solutions
2014-01-14 13:46 - 2014-01-14 13:46 - 23310272 _____ C:\Users\Leinad\Downloads\macex3.exe
2014-01-14 13:44 - 2014-01-14 13:44 - 00000916 _____ C:\Users\Leinad\Desktop\GGE.lnk
2014-01-14 13:42 - 2014-01-14 13:46 - 00000000 ____D C:\Program Files (x86)\Ghost Control
2014-01-14 13:42 - 2014-01-14 13:44 - 00000000 ____D C:\Users\Leinad\Documents\Ghost Control
2014-01-14 13:42 - 2009-12-02 21:57 - 00000032 _____ C:\Windows\SysWOW64\comcnt.sys
2014-01-14 13:42 - 2008-04-14 05:41 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dx8vb.dll
2014-01-14 13:42 - 1998-06-26 00:00 - 00644400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-01-14 13:42 - 1998-06-24 00:00 - 00164144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMCT232.OCX
2014-01-14 13:42 - 1998-06-24 00:00 - 00115016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.OCX
2014-01-14 13:41 - 2014-01-14 13:41 - 03373928 _____ (N.R.S. ) C:\Users\Leinad\Documents\ghostcontrol3.exe
2014-01-13 21:29 - 2014-01-14 22:30 - 00000019 _____ C:\Users\Leinad\Desktop\Samurai neue Nahrungs-AP.txt
2014-01-13 20:36 - 2014-01-14 22:58 - 00000058 _____ C:\Users\Leinad\Desktop\neue Samurai RSD.txt
2014-01-13 20:36 - 2014-01-13 21:31 - 00000039 _____ C:\Users\Leinad\Desktop\Neues Textdokument (2).txt
2014-01-13 00:20 - 2014-01-20 00:50 - 00001797 _____ C:\Users\Leinad\Desktop\Einheitenbericht.txt
2014-01-12 21:16 - 2014-01-12 23:21 - 00000107 _____ C:\Users\Leinad\Desktop\TS Samurai.txt
2014-01-12 18:18 - 2014-01-12 18:18 - 00002660 _____ C:\Users\Leinad\Desktop\146d2ab98747657b0aa1e08e46ad3786.rsdf
2014-01-11 23:02 - 2014-01-12 09:23 - 00001206 _____ C:\Users\Leinad\Desktop\sam.txt
2014-01-11 21:35 - 2014-01-11 22:19 - 00000017 _____ C:\Users\Leinad\Desktop\nahrungs aps.txt
2014-01-11 06:00 - 2014-01-11 06:30 - 00000175 _____ C:\Users\Leinad\Desktop\Leindörfer.txt
2014-01-09 20:34 - 2014-01-09 20:34 - 00000007 _____ C:\Users\Leinad\Desktop\neue AP.txt
2014-01-09 03:17 - 2014-01-09 03:17 - 00000807 _____ C:\Users\Leinad\Desktop\Tipp für RSD.txt
2014-01-09 02:25 - 2014-01-17 22:59 - 00000627 _____ C:\Users\Leinad\Desktop\winter ziele.txt
2014-01-04 22:49 - 2014-01-04 22:49 - 00000013 _____ C:\Users\Leinad\Desktop\alli kontakt.txt
2013-12-30 23:20 - 2013-12-30 23:22 - 00000000 ____D C:\Users\Leinad\Desktop\Uni
2013-12-30 22:10 - 2014-01-20 07:21 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Skype
2013-12-30 22:10 - 2013-12-30 22:10 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-30 22:10 - 2013-12-30 22:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-30 22:10 - 2013-12-30 22:10 - 00000000 ____D C:\ProgramData\Skype
2013-12-30 16:30 - 2014-01-09 00:55 - 00001370 _____ C:\Users\Leinad\Desktop\ziele.txt
2013-12-30 07:47 - 2013-12-30 07:47 - 00000000 ____D C:\Users\Leinad\AppData\Local\Macromedia
2013-12-29 18:21 - 2013-12-29 18:21 - 00001127 _____ C:\Users\Leinad\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-29 18:20 - 2013-12-29 18:20 - 00001421 _____ C:\Users\Leinad\Desktop\Internet Explorer.lnk
2013-12-29 18:18 - 2013-12-29 18:19 - 00000000 ____D C:\Users\Leinad\AppData\Local\Mozilla
2013-12-29 18:18 - 2013-12-29 18:18 - 00283096 _____ (Mozilla) C:\Users\Leinad\Downloads\Firefox Setup Stub 26.0.exe
2013-12-29 18:18 - 2013-12-29 18:18 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-29 08:17 - 2013-12-29 08:17 - 01233962 _____ C:\Users\Leinad\Downloads\AdwCleaner (1).exe
2013-12-29 08:16 - 2013-12-29 08:16 - 01034531 _____ (Thisisu) C:\Users\Leinad\Downloads\JRT.exe
2013-12-29 08:07 - 2013-12-29 08:08 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Leinad\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-12-29 08:02 - 2013-12-29 08:02 - 00001442 _____ C:\Users\Leinad\Desktop\RootAlyzer.lnk
2013-12-29 08:01 - 2013-12-29 08:02 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-29 08:01 - 2013-12-29 08:01 - 01339719 _____ C:\Users\Leinad\Downloads\rootalyz-0.3.4.47.zip
2013-12-29 08:01 - 2013-12-29 08:01 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-29 08:01 - 2013-12-29 08:01 - 00000000 ____D C:\Users\Leinad\Downloads\rootalyz-0.3.4.47
2013-12-29 08:01 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-12-29 07:57 - 2013-12-29 08:00 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Leinad\Downloads\spybot-2.2.exe
2013-12-29 04:43 - 2013-12-29 05:01 - 00000000 ____D C:\Program Files (x86)\JDownloader 2
2013-12-29 04:43 - 2013-12-29 04:53 - 00000000 ____D C:\Program Files (x86)\JD Backup
2013-12-29 04:40 - 2013-12-29 04:40 - 00002086 _____ C:\Users\Leinad\Desktop\JDownloader 2.lnk
2013-12-29 04:40 - 2013-12-29 04:40 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2013-12-29 04:37 - 2014-01-20 04:42 - 00000000 ____D C:\Users\Leinad\AppData\Local\JDownloader v2.0
2013-12-29 04:35 - 2013-12-29 08:12 - 00000000 ____D C:\ProgramData\WPM
2013-12-29 04:34 - 2013-12-29 04:34 - 00081488 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\Leinad\Downloads\WebInstaller.exe
2013-12-29 04:34 - 2013-12-29 04:34 - 00077976 _____ (AppWork GmbH) C:\Users\Leinad\Downloads\WebInstallerJD2.exe
2013-12-29 03:51 - 2013-12-29 03:50 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-29 03:51 - 2013-12-29 03:50 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-29 03:51 - 2013-12-29 03:50 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-29 03:51 - 2013-12-29 03:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-28 16:13 - 2013-12-29 07:48 - 00000123 _____ C:\Users\Leinad\Desktop\Goodgame Empire Zeug.txt
2013-12-24 06:14 - 2013-12-24 06:14 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (3).exe
2013-12-24 06:10 - 2013-12-24 06:10 - 00000000 ____D C:\2f1e1235fb3978355243e40a64e4da86
2013-12-24 06:09 - 2014-01-16 03:04 - 00000000 ____D C:\Windows\system32\MRT
2013-12-24 06:08 - 2013-12-24 06:08 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (2).exe
2013-12-23 20:58 - 2013-12-23 20:58 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (1).exe
==================== One Month Modified Files and Folders =======
2014-01-20 19:40 - 2014-01-20 19:39 - 00013809 _____ C:\Users\Leinad\Desktop\FRST.txt
2014-01-20 19:22 - 2014-01-15 22:58 - 00000390 _____ C:\Windows\Tasks\update-sys.job
2014-01-20 18:54 - 2012-12-28 23:36 - 01216072 _____ C:\Windows\WindowsUpdate.log
2014-01-20 18:49 - 2012-12-29 01:07 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-586411972-1826969491-2776955316-1001UA.job
2014-01-20 18:46 - 2012-12-29 02:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-20 18:45 - 2014-01-15 22:58 - 00000390 _____ C:\Windows\Tasks\update-S-1-5-21-586411972-1826969491-2776955316-1001.job
2014-01-20 18:24 - 2013-07-12 18:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-20 17:30 - 2014-01-20 17:27 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2014-01-20 17:25 - 2011-04-12 08:43 - 05315636 _____ C:\Windows\system32\perfh007.dat
2014-01-20 17:25 - 2011-04-12 08:43 - 01637634 _____ C:\Windows\system32\perfc007.dat
2014-01-20 17:25 - 2009-07-14 06:13 - 00007064 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-20 17:19 - 2013-07-13 11:01 - 00021052 _____ C:\Windows\setupact.log
2014-01-20 17:19 - 2012-12-29 01:55 - 00959370 _____ C:\Windows\system32\oodbs.lor
2014-01-20 17:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-20 17:10 - 2012-12-28 23:37 - 00000000 ___RD C:\Users\Leinad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-20 16:46 - 2014-01-20 16:46 - 00000000 ____D C:\FRST
2014-01-20 16:33 - 2014-01-20 19:39 - 02076672 _____ (Farbar) C:\Users\Leinad\Desktop\FRST64.exe
2014-01-20 15:45 - 2013-07-13 11:25 - 00286078 _____ C:\Windows\PFRO.log
2014-01-20 07:38 - 2012-12-29 01:09 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\vlc
2014-01-20 07:21 - 2013-12-30 22:10 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Skype
2014-01-20 04:42 - 2013-12-29 04:37 - 00000000 ____D C:\Users\Leinad\AppData\Local\JDownloader v2.0
2014-01-20 00:50 - 2014-01-13 00:20 - 00001797 _____ C:\Users\Leinad\Desktop\Einheitenbericht.txt
2014-01-19 21:49 - 2012-12-29 01:07 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-586411972-1826969491-2776955316-1001Core.job
2014-01-19 18:50 - 2013-06-19 10:12 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\TS3Client
2014-01-18 19:45 - 2009-07-14 05:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-18 19:45 - 2009-07-14 05:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-18 17:19 - 2014-01-15 01:58 - 00384013 _____ C:\Users\Leinad\Desktop\gge leinad und chef gold.mcr
2014-01-17 22:59 - 2014-01-09 02:25 - 00000627 _____ C:\Users\Leinad\Desktop\winter ziele.txt
2014-01-16 16:21 - 2009-07-14 05:45 - 02054608 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 03:04 - 2013-12-24 06:09 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 03:00 - 2012-12-13 09:31 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 22:58 - 2014-01-15 22:58 - 02727456 _____ (Skillbrains ) C:\Users\Leinad\Downloads\setup-lightshot.exe
2014-01-15 22:58 - 2014-01-15 22:58 - 00003286 _____ C:\Windows\System32\Tasks\update-sys
2014-01-15 22:58 - 2014-01-15 22:58 - 00003266 _____ C:\Windows\System32\Tasks\update-S-1-5-21-586411972-1826969491-2776955316-1001
2014-01-15 22:58 - 2014-01-15 22:58 - 00000443 _____ C:\Users\Leinad\AppData\Local\UserProducts.xml
2014-01-15 22:58 - 2014-01-15 22:58 - 00000003 _____ C:\Users\Leinad\AppData\Local\updater.log
2014-01-15 22:58 - 2014-01-15 22:58 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2014-01-15 22:58 - 2014-01-15 22:58 - 00000000 ____D C:\Users\Leinad\AppData\Local\Skillbrains
2014-01-15 22:58 - 2014-01-15 22:58 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2014-01-15 00:43 - 2014-01-15 00:34 - 00000039 _____ C:\Users\Leinad\Desktop\AP Übernahme.txt
2014-01-14 22:58 - 2014-01-13 20:36 - 00000058 _____ C:\Users\Leinad\Desktop\neue Samurai RSD.txt
2014-01-14 22:30 - 2014-01-13 21:29 - 00000019 _____ C:\Users\Leinad\Desktop\Samurai neue Nahrungs-AP.txt
2014-01-14 18:43 - 2014-01-14 18:41 - 00029452 _____ C:\Users\Leinad\Desktop\gge gold chrome.mcr
2014-01-14 16:45 - 2014-01-14 13:54 - 00000000 ____D C:\Users\Leinad\Downloads\mouseandkeyrec
2014-01-14 16:43 - 2014-01-14 16:43 - 00029431 _____ C:\Users\Leinad\Desktop\gge gold.mcr
2014-01-14 14:32 - 2014-01-14 14:14 - 00000000 ____D C:\Program Files (x86)\MacroRecorder
2014-01-14 14:14 - 2014-01-14 14:14 - 00719360 _____ (Jitbit Software ) C:\Users\Leinad\Downloads\MacroRecorderSetup.exe
2014-01-14 14:14 - 2014-01-14 14:14 - 00001102 _____ C:\Users\Public\Desktop\Macro Recorder.lnk
2014-01-14 14:03 - 2014-01-14 13:56 - 00000000 ____D C:\Users\Leinad\Documents\Recorder
2014-01-14 13:56 - 2014-01-14 13:56 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Recorder
2014-01-14 13:54 - 2014-01-14 13:54 - 03274843 _____ C:\Users\Leinad\Downloads\mouseandkeyrec.zip
2014-01-14 13:52 - 2014-01-14 13:53 - 00047438 _____ C:\Users\Leinad\Documents\macex_bak000.~mex
2014-01-14 13:52 - 2014-01-14 13:48 - 00047438 _____ C:\Users\Leinad\Documents\macex.mex
2014-01-14 13:47 - 2014-01-14 13:47 - 00000000 ____D C:\ProgramData\Insight Software Solutions
2014-01-14 13:46 - 2014-01-14 13:46 - 23310272 _____ C:\Users\Leinad\Downloads\macex3.exe
2014-01-14 13:46 - 2014-01-14 13:42 - 00000000 ____D C:\Program Files (x86)\Ghost Control
2014-01-14 13:44 - 2014-01-14 13:44 - 00000916 _____ C:\Users\Leinad\Desktop\GGE.lnk
2014-01-14 13:44 - 2014-01-14 13:42 - 00000000 ____D C:\Users\Leinad\Documents\Ghost Control
2014-01-14 13:41 - 2014-01-14 13:41 - 03373928 _____ (N.R.S. ) C:\Users\Leinad\Documents\ghostcontrol3.exe
2014-01-13 21:31 - 2014-01-13 20:36 - 00000039 _____ C:\Users\Leinad\Desktop\Neues Textdokument (2).txt
2014-01-12 23:21 - 2014-01-12 21:16 - 00000107 _____ C:\Users\Leinad\Desktop\TS Samurai.txt
2014-01-12 18:18 - 2014-01-12 18:18 - 00002660 _____ C:\Users\Leinad\Desktop\146d2ab98747657b0aa1e08e46ad3786.rsdf
2014-01-12 09:23 - 2014-01-11 23:02 - 00001206 _____ C:\Users\Leinad\Desktop\sam.txt
2014-01-11 22:19 - 2014-01-11 21:35 - 00000017 _____ C:\Users\Leinad\Desktop\nahrungs aps.txt
2014-01-11 06:30 - 2014-01-11 06:00 - 00000175 _____ C:\Users\Leinad\Desktop\Leindörfer.txt
2014-01-09 20:34 - 2014-01-09 20:34 - 00000007 _____ C:\Users\Leinad\Desktop\neue AP.txt
2014-01-09 03:32 - 2013-10-29 21:19 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-09 03:17 - 2014-01-09 03:17 - 00000807 _____ C:\Users\Leinad\Desktop\Tipp für RSD.txt
2014-01-09 00:55 - 2013-12-30 16:30 - 00001370 _____ C:\Users\Leinad\Desktop\ziele.txt
2014-01-05 01:06 - 2013-01-03 13:06 - 00000000 ____D C:\Users\Leinad\AppData\Local\Adobe
2014-01-04 22:49 - 2014-01-04 22:49 - 00000013 _____ C:\Users\Leinad\Desktop\alli kontakt.txt
2013-12-30 23:30 - 2013-11-13 16:53 - 00000000 ____D C:\Program Files (x86)\Space Rangers HD A War Apart
2013-12-30 23:29 - 2013-08-12 22:26 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\3909
2013-12-30 23:29 - 2013-01-01 21:59 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-30 23:25 - 2013-03-15 02:19 - 00000000 ____D C:\Users\Leinad\Documents\SimCity 4
2013-12-30 23:22 - 2013-12-30 23:20 - 00000000 ____D C:\Users\Leinad\Desktop\Uni
2013-12-30 22:28 - 2013-06-19 10:10 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-12-30 22:10 - 2013-12-30 22:10 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-30 22:10 - 2013-12-30 22:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-30 22:10 - 2013-12-30 22:10 - 00000000 ____D C:\ProgramData\Skype
2013-12-30 07:51 - 2012-12-29 02:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-30 07:47 - 2013-12-30 07:47 - 00000000 ____D C:\Users\Leinad\AppData\Local\Macromedia
2013-12-29 18:21 - 2013-12-29 18:21 - 00001127 _____ C:\Users\Leinad\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-29 18:20 - 2013-12-29 18:20 - 00001421 _____ C:\Users\Leinad\Desktop\Internet Explorer.lnk
2013-12-29 18:19 - 2013-12-29 18:18 - 00000000 ____D C:\Users\Leinad\AppData\Local\Mozilla
2013-12-29 18:18 - 2013-12-29 18:18 - 00283096 _____ (Mozilla) C:\Users\Leinad\Downloads\Firefox Setup Stub 26.0.exe
2013-12-29 18:18 - 2013-12-29 18:18 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-29 18:18 - 2013-07-11 02:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-29 18:18 - 2012-12-29 02:33 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Mozilla
2013-12-29 12:16 - 2012-12-29 00:43 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013
2013-12-29 08:17 - 2013-12-29 08:17 - 01233962 _____ C:\Users\Leinad\Downloads\AdwCleaner (1).exe
2013-12-29 08:17 - 2013-07-13 11:32 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-29 08:17 - 2013-07-13 11:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-29 08:16 - 2013-12-29 08:16 - 01034531 _____ (Thisisu) C:\Users\Leinad\Downloads\JRT.exe
2013-12-29 08:12 - 2013-12-29 04:35 - 00000000 ____D C:\ProgramData\WPM
2013-12-29 08:11 - 2013-07-04 02:31 - 00001421 _____ C:\Users\Leinad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-29 08:08 - 2013-12-29 08:07 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Leinad\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-12-29 08:02 - 2013-12-29 08:02 - 00001442 _____ C:\Users\Leinad\Desktop\RootAlyzer.lnk
2013-12-29 08:02 - 2013-12-29 08:01 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-29 08:01 - 2013-12-29 08:01 - 01339719 _____ C:\Users\Leinad\Downloads\rootalyz-0.3.4.47.zip
2013-12-29 08:01 - 2013-12-29 08:01 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-29 08:01 - 2013-12-29 08:01 - 00000000 ____D C:\Users\Leinad\Downloads\rootalyz-0.3.4.47
2013-12-29 08:00 - 2013-12-29 07:57 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Leinad\Downloads\spybot-2.2.exe
2013-12-29 07:48 - 2013-12-28 16:13 - 00000123 _____ C:\Users\Leinad\Desktop\Goodgame Empire Zeug.txt
2013-12-29 05:01 - 2013-12-29 04:43 - 00000000 ____D C:\Program Files (x86)\JDownloader 2
2013-12-29 04:53 - 2013-12-29 04:43 - 00000000 ____D C:\Program Files (x86)\JD Backup
2013-12-29 04:40 - 2013-12-29 04:40 - 00002086 _____ C:\Users\Leinad\Desktop\JDownloader 2.lnk
2013-12-29 04:40 - 2013-12-29 04:40 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2013-12-29 04:34 - 2013-12-29 04:34 - 00081488 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\Leinad\Downloads\WebInstaller.exe
2013-12-29 04:34 - 2013-12-29 04:34 - 00077976 _____ (AppWork GmbH) C:\Users\Leinad\Downloads\WebInstallerJD2.exe
2013-12-29 03:51 - 2013-10-29 21:33 - 00000000 ____D C:\ProgramData\Oracle
2013-12-29 03:50 - 2013-12-29 03:51 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-29 03:50 - 2013-12-29 03:51 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-29 03:50 - 2013-12-29 03:51 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-29 03:50 - 2013-12-29 03:51 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-29 03:48 - 2013-04-17 23:07 - 00000000 ____D C:\Games
2013-12-28 18:05 - 2012-12-29 00:42 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-12-24 06:14 - 2013-12-24 06:14 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (3).exe
2013-12-24 06:10 - 2013-12-24 06:10 - 00000000 ____D C:\2f1e1235fb3978355243e40a64e4da86
2013-12-24 06:08 - 2013-12-24 06:08 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (2).exe
2013-12-23 20:58 - 2013-12-23 20:58 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (1).exe
2013-12-23 10:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 19:08
==================== End Of Log ============================
|
|
20.01.2014, 20:27
| #6 |
| /// TB-Ausbilder | GVU Trojaner - Windows7 Und wie läuft der Rechner? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Policies\Explorer: [NoViewContextMenu] 1
ProxyServer: :0
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388288126&from=cor&uid=ST750LX003-1AC154_W200MS6CXXXXW200MS6C&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388288126&from=cor&uid=ST750LX003-1AC154_W200MS6CXXXXW200MS6C&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388288126&from=cor&uid=ST750LX003-1AC154_W200MS6CXXXXW200MS6C&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388288126&from=cor&uid=ST750LX003-1AC154_W200MS6CXXXXW200MS6C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388288126&from=cor&uid=ST750LX003-1AC154_W200MS6CXXXXW200MS6C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388288126&from=cor&uid=ST750LX003-1AC154_W200MS6CXXXXW200MS6C&q={searchTerms}
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2
Schritt 3 ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
__________________ --> GVU Trojaner - Windows7 |
|
20.01.2014, 23:24
| #7 |
| | GVU Trojaner - Windows7 Mein Laptop scheint jetzt wieder ganz normal zu laufen und ich gehe jetzt die angebenen Schritte durch. Ergebnis von Schritt 1: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2014 04
Ran by Leinad at 2014-01-20 20:39:28 Run:2
Running from C:\Users\Leinad\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKCU\...\Policies\Explorer: [NoViewContextMenu] 1
ProxyServer: :0
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388288126&from=cor&uid=ST750LX003-1AC154_W200MS6CXXXXW200MS6C&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388288126&from=cor&uid=ST750LX003-1AC154_W200MS6CXXXXW200MS6C&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388288126&from=cor&uid=ST750LX003-1AC154_W200MS6CXXXXW200MS6C&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388288126&from=cor&uid=ST750LX003-1AC154_W200MS6CXXXXW200MS6C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388288126&from=cor&uid=ST750LX003-1AC154_W200MS6CXXXXW200MS6C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388288126&from=cor&uid=ST750LX003-1AC154_W200MS6CXXXXW200MS6C&q={searchTerms}
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
==== End of Fixlog ====
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.20.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Leinad :: LEINLAP [Administrator] 20.01.2014 20:44:32 mbam-log-2014-01-20 (20-44-32).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 210523 Laufzeit: 2 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.29.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Leinad :: LEINLAP [Administrator] 20.01.2014 19:01:22 mbam-log-2014-01-20 (19-01-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 530151 Laufzeit: 55 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoViewContextMenu (PUM.RightClick.Disabled) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions|NoBrowserContextMenu (PUM.RightClick.Disabled) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions|NoBrowserContextMenu (PUM.RightClick.Disabled) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=cd598f6f85f46c46b98bbad8b0e04102
# engine=16724
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-20 10:05:35
# local_time=2014-01-20 11:05:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 12363 141885385 0 0
# scanned=327788
# found=4
# cleaned=0
# scan_time=7885
sh=43E50FF58C2FE632AFCDDBB84962C1430C176271 ft=1 fh=e7d57ad8d81faeec vn="Win32/LockScreen.BEI trojan" ac=I fn="C:\FRST\Quarantine\hemxccapeaj.exe"
sh=5074711DE453DFCF34DD3B8FAC1BA458D5892E6C ft=1 fh=c71c0011c239a9ab vn="a variant of Win32/Injector.ANLT trojan" ac=I fn="C:\FRST\Quarantine\Windows Update Service0\odoaztybt.exe"
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 04
Ran by Leinad (administrator) on LEINLAP on 20-01-2014 23:22:13
Running from C:\Users\Leinad\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skillbrains) C:\Users\Leinad\AppData\Local\Skillbrains\lightshot\4.4.2.10\Lightshot.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro Advanced\DTShellHlp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
() C:\Program Files (x86)\Skillbrains\Updater\1.7.0.5\Updater.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2886416 2012-03-01] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13260944 2012-11-20] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKCU\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro Advanced\DTAgent.exe [3111456 2013-05-13] (Disc Soft Ltd)
HKCU\...\Run: [GoogleChromeAutoLaunch_7AD2AFED9D39E992AEB379F21168A69A] - C:\Users\Leinad\AppData\Local\Google\Chrome\Application\chrome.exe [866584 2014-01-11] (Google Inc.)
HKCU\...\Run: [LightShot] - C:\Users\Leinad\AppData\Local\Skillbrains\lightshot\LightShot.exe [226592 2013-09-27] ()
MountPoints2: {ebf7cddd-2aaf-11e3-9bb8-88ae1d985a3e} - F:\HTC_Sync_Manager_PC.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9A710BC4912ECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Leinad\AppData\Roaming\Mozilla\Firefox\Profiles\1vom9fni.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Leinad\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Leinad\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Leinad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR Extension: (Google Drive) - C:\Users\Leinad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-12]
CHR Extension: (Adblock Plus) - C:\Users\Leinad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-12]
CHR Extension: (JDownloader Integration for Google Chrome\u2122) - C:\Users\Leinad\AppData\Local\Google\Chrome\User Data\Default\Extensions\laeghehalempfenbefbjbhccjcoakpmm [2013-12-12]
CHR Extension: (Two-Click JDownloader) - C:\Users\Leinad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljhooappahaeilmbekgcokgjjplambgo [2013-12-12]
CHR Extension: (Premiumize.me) - C:\Users\Leinad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm [2013-12-12]
CHR Extension: (Dark Horizon) - C:\Users\Leinad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncjjeokpcnllmmbbipeaagmdpdpiadin [2013-12-12]
CHR Extension: (Google Wallet) - C:\Users\Leinad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [204288 2012-08-02] (Broadcom Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2552176 2012-09-14] (O&O Software GmbH)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [746392 2013-03-20] (Tunngle.net GmbH)
==================== Drivers (Whitelisted) ====================
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-08-13] (DT Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-07-12] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [190232 2010-08-05] (Windows (R) Win 7 DDK provider)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 athr; system32\DRIVERS\athrx.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-20 20:45 - 2014-01-20 20:45 - 02347384 _____ (ESET) C:\Users\Leinad\Downloads\esetsmartinstaller_enu.exe
2014-01-20 19:40 - 2014-01-20 19:40 - 00029544 _____ C:\Users\Leinad\Desktop\Addition.txt
2014-01-20 19:39 - 2014-01-20 23:22 - 00012748 _____ C:\Users\Leinad\Desktop\FRST.txt
2014-01-20 19:39 - 2014-01-20 16:33 - 02076672 _____ (Farbar) C:\Users\Leinad\Desktop\FRST64.exe
2014-01-20 18:46 - 2013-05-31 16:18 - 00000854 _____ C:\Windows\system32\Drivers\etc\hosts.20140120-184626.backup
2014-01-20 17:27 - 2014-01-20 17:30 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2014-01-20 16:46 - 2014-01-20 16:46 - 00000000 ____D C:\FRST
2014-01-15 22:58 - 2014-01-20 23:22 - 00000390 _____ C:\Windows\Tasks\update-sys.job
2014-01-15 22:58 - 2014-01-20 22:45 - 00000390 _____ C:\Windows\Tasks\update-S-1-5-21-586411972-1826969491-2776955316-1001.job
2014-01-15 22:58 - 2014-01-15 22:58 - 02727456 _____ (Skillbrains ) C:\Users\Leinad\Downloads\setup-lightshot.exe
2014-01-15 22:58 - 2014-01-15 22:58 - 00003286 _____ C:\Windows\System32\Tasks\update-sys
2014-01-15 22:58 - 2014-01-15 22:58 - 00003266 _____ C:\Windows\System32\Tasks\update-S-1-5-21-586411972-1826969491-2776955316-1001
2014-01-15 22:58 - 2014-01-15 22:58 - 00000443 _____ C:\Users\Leinad\AppData\Local\UserProducts.xml
2014-01-15 22:58 - 2014-01-15 22:58 - 00000003 _____ C:\Users\Leinad\AppData\Local\updater.log
2014-01-15 22:58 - 2014-01-15 22:58 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2014-01-15 22:58 - 2014-01-15 22:58 - 00000000 ____D C:\Users\Leinad\AppData\Local\Skillbrains
2014-01-15 22:58 - 2014-01-15 22:58 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2014-01-15 06:48 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 06:48 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 06:48 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 06:48 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 06:48 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 06:48 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 06:48 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 06:48 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 06:48 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 01:58 - 2014-01-18 17:19 - 00384013 _____ C:\Users\Leinad\Desktop\gge leinad und chef gold.mcr
2014-01-15 00:34 - 2014-01-15 00:43 - 00000039 _____ C:\Users\Leinad\Desktop\AP Übernahme.txt
2014-01-14 18:41 - 2014-01-14 18:43 - 00029452 _____ C:\Users\Leinad\Desktop\gge gold chrome.mcr
2014-01-14 16:43 - 2014-01-14 16:43 - 00029431 _____ C:\Users\Leinad\Desktop\gge gold.mcr
2014-01-14 14:14 - 2014-01-14 14:32 - 00000000 ____D C:\Program Files (x86)\MacroRecorder
2014-01-14 14:14 - 2014-01-14 14:14 - 00719360 _____ (Jitbit Software ) C:\Users\Leinad\Downloads\MacroRecorderSetup.exe
2014-01-14 14:14 - 2014-01-14 14:14 - 00001102 _____ C:\Users\Public\Desktop\Macro Recorder.lnk
2014-01-14 13:56 - 2014-01-14 14:03 - 00000000 ____D C:\Users\Leinad\Documents\Recorder
2014-01-14 13:56 - 2014-01-14 13:56 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Recorder
2014-01-14 13:54 - 2014-01-14 16:45 - 00000000 ____D C:\Users\Leinad\Downloads\mouseandkeyrec
2014-01-14 13:54 - 2014-01-14 13:54 - 03274843 _____ C:\Users\Leinad\Downloads\mouseandkeyrec.zip
2014-01-14 13:53 - 2014-01-14 13:52 - 00047438 _____ C:\Users\Leinad\Documents\macex_bak000.~mex
2014-01-14 13:48 - 2014-01-14 13:52 - 00047438 _____ C:\Users\Leinad\Documents\macex.mex
2014-01-14 13:47 - 2014-01-14 13:47 - 00000000 ____D C:\ProgramData\Insight Software Solutions
2014-01-14 13:46 - 2014-01-14 13:46 - 23310272 _____ C:\Users\Leinad\Downloads\macex3.exe
2014-01-14 13:44 - 2014-01-14 13:44 - 00000916 _____ C:\Users\Leinad\Desktop\GGE.lnk
2014-01-14 13:42 - 2014-01-14 13:46 - 00000000 ____D C:\Program Files (x86)\Ghost Control
2014-01-14 13:42 - 2014-01-14 13:44 - 00000000 ____D C:\Users\Leinad\Documents\Ghost Control
2014-01-14 13:42 - 2009-12-02 21:57 - 00000032 _____ C:\Windows\SysWOW64\comcnt.sys
2014-01-14 13:42 - 2008-04-14 05:41 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dx8vb.dll
2014-01-14 13:42 - 1998-06-26 00:00 - 00644400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-01-14 13:42 - 1998-06-24 00:00 - 00164144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMCT232.OCX
2014-01-14 13:42 - 1998-06-24 00:00 - 00115016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.OCX
2014-01-14 13:41 - 2014-01-14 13:41 - 03373928 _____ (N.R.S. ) C:\Users\Leinad\Documents\ghostcontrol3.exe
2014-01-13 21:29 - 2014-01-14 22:30 - 00000019 _____ C:\Users\Leinad\Desktop\Samurai neue Nahrungs-AP.txt
2014-01-13 20:36 - 2014-01-14 22:58 - 00000058 _____ C:\Users\Leinad\Desktop\neue Samurai RSD.txt
2014-01-13 20:36 - 2014-01-13 21:31 - 00000039 _____ C:\Users\Leinad\Desktop\Neues Textdokument (2).txt
2014-01-13 00:20 - 2014-01-20 00:50 - 00001797 _____ C:\Users\Leinad\Desktop\Einheitenbericht.txt
2014-01-12 21:16 - 2014-01-12 23:21 - 00000107 _____ C:\Users\Leinad\Desktop\TS Samurai.txt
2014-01-12 18:18 - 2014-01-12 18:18 - 00002660 _____ C:\Users\Leinad\Desktop\146d2ab98747657b0aa1e08e46ad3786.rsdf
2014-01-11 23:02 - 2014-01-12 09:23 - 00001206 _____ C:\Users\Leinad\Desktop\sam.txt
2014-01-11 21:35 - 2014-01-11 22:19 - 00000017 _____ C:\Users\Leinad\Desktop\nahrungs aps.txt
2014-01-11 06:00 - 2014-01-11 06:30 - 00000175 _____ C:\Users\Leinad\Desktop\Leindörfer.txt
2014-01-09 20:34 - 2014-01-09 20:34 - 00000007 _____ C:\Users\Leinad\Desktop\neue AP.txt
2014-01-09 03:17 - 2014-01-09 03:17 - 00000807 _____ C:\Users\Leinad\Desktop\Tipp für RSD.txt
2014-01-09 02:25 - 2014-01-17 22:59 - 00000627 _____ C:\Users\Leinad\Desktop\winter ziele.txt
2014-01-04 22:49 - 2014-01-04 22:49 - 00000013 _____ C:\Users\Leinad\Desktop\alli kontakt.txt
2013-12-30 23:20 - 2013-12-30 23:22 - 00000000 ____D C:\Users\Leinad\Desktop\Uni
2013-12-30 22:10 - 2014-01-20 07:21 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Skype
2013-12-30 22:10 - 2013-12-30 22:10 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-30 22:10 - 2013-12-30 22:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-30 22:10 - 2013-12-30 22:10 - 00000000 ____D C:\ProgramData\Skype
2013-12-30 16:30 - 2014-01-09 00:55 - 00001370 _____ C:\Users\Leinad\Desktop\ziele.txt
2013-12-30 07:47 - 2013-12-30 07:47 - 00000000 ____D C:\Users\Leinad\AppData\Local\Macromedia
2013-12-29 18:21 - 2013-12-29 18:21 - 00001127 _____ C:\Users\Leinad\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-29 18:20 - 2013-12-29 18:20 - 00001421 _____ C:\Users\Leinad\Desktop\Internet Explorer.lnk
2013-12-29 18:18 - 2013-12-29 18:19 - 00000000 ____D C:\Users\Leinad\AppData\Local\Mozilla
2013-12-29 18:18 - 2013-12-29 18:18 - 00283096 _____ (Mozilla) C:\Users\Leinad\Downloads\Firefox Setup Stub 26.0.exe
2013-12-29 18:18 - 2013-12-29 18:18 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-29 08:17 - 2013-12-29 08:17 - 01233962 _____ C:\Users\Leinad\Downloads\AdwCleaner (1).exe
2013-12-29 08:16 - 2013-12-29 08:16 - 01034531 _____ (Thisisu) C:\Users\Leinad\Downloads\JRT.exe
2013-12-29 08:07 - 2013-12-29 08:08 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Leinad\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-12-29 08:02 - 2013-12-29 08:02 - 00001442 _____ C:\Users\Leinad\Desktop\RootAlyzer.lnk
2013-12-29 08:01 - 2013-12-29 08:02 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-29 08:01 - 2013-12-29 08:01 - 01339719 _____ C:\Users\Leinad\Downloads\rootalyz-0.3.4.47.zip
2013-12-29 08:01 - 2013-12-29 08:01 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-29 08:01 - 2013-12-29 08:01 - 00000000 ____D C:\Users\Leinad\Downloads\rootalyz-0.3.4.47
2013-12-29 08:01 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-12-29 07:57 - 2013-12-29 08:00 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Leinad\Downloads\spybot-2.2.exe
2013-12-29 04:43 - 2013-12-29 05:01 - 00000000 ____D C:\Program Files (x86)\JDownloader 2
2013-12-29 04:43 - 2013-12-29 04:53 - 00000000 ____D C:\Program Files (x86)\JD Backup
2013-12-29 04:40 - 2013-12-29 04:40 - 00002086 _____ C:\Users\Leinad\Desktop\JDownloader 2.lnk
2013-12-29 04:40 - 2013-12-29 04:40 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2013-12-29 04:37 - 2014-01-20 04:42 - 00000000 ____D C:\Users\Leinad\AppData\Local\JDownloader v2.0
2013-12-29 04:35 - 2013-12-29 08:12 - 00000000 ____D C:\ProgramData\WPM
2013-12-29 04:34 - 2013-12-29 04:34 - 00081488 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\Leinad\Downloads\WebInstaller.exe
2013-12-29 04:34 - 2013-12-29 04:34 - 00077976 _____ (AppWork GmbH) C:\Users\Leinad\Downloads\WebInstallerJD2.exe
2013-12-29 03:51 - 2013-12-29 03:50 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-29 03:51 - 2013-12-29 03:50 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-29 03:51 - 2013-12-29 03:50 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-29 03:51 - 2013-12-29 03:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-28 16:13 - 2013-12-29 07:48 - 00000123 _____ C:\Users\Leinad\Desktop\Goodgame Empire Zeug.txt
2013-12-24 06:14 - 2013-12-24 06:14 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (3).exe
2013-12-24 06:10 - 2013-12-24 06:10 - 00000000 ____D C:\2f1e1235fb3978355243e40a64e4da86
2013-12-24 06:09 - 2014-01-16 03:04 - 00000000 ____D C:\Windows\system32\MRT
2013-12-24 06:08 - 2013-12-24 06:08 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (2).exe
2013-12-23 20:58 - 2013-12-23 20:58 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (1).exe
==================== One Month Modified Files and Folders =======
2014-01-20 23:22 - 2014-01-20 19:39 - 00012748 _____ C:\Users\Leinad\Desktop\FRST.txt
2014-01-20 23:22 - 2014-01-15 22:58 - 00000390 _____ C:\Windows\Tasks\update-sys.job
2014-01-20 23:20 - 2013-04-17 23:07 - 00000000 ____D C:\Games
2014-01-20 22:49 - 2012-12-29 01:07 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-586411972-1826969491-2776955316-1001UA.job
2014-01-20 22:46 - 2012-12-29 02:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-20 22:45 - 2014-01-15 22:58 - 00000390 _____ C:\Windows\Tasks\update-S-1-5-21-586411972-1826969491-2776955316-1001.job
2014-01-20 21:56 - 2012-12-28 23:36 - 01221094 _____ C:\Windows\WindowsUpdate.log
2014-01-20 21:49 - 2012-12-29 01:07 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-586411972-1826969491-2776955316-1001Core.job
2014-01-20 20:45 - 2014-01-20 20:45 - 02347384 _____ (ESET) C:\Users\Leinad\Downloads\esetsmartinstaller_enu.exe
2014-01-20 20:41 - 2011-04-12 08:43 - 05345580 _____ C:\Windows\system32\perfh007.dat
2014-01-20 20:41 - 2011-04-12 08:43 - 01647466 _____ C:\Windows\system32\perfc007.dat
2014-01-20 20:41 - 2009-07-14 06:13 - 00007064 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-20 20:23 - 2013-12-12 10:52 - 00000000 ____D C:\Windows\Minidump
2014-01-20 20:23 - 2012-12-13 08:17 - 00000000 ____D C:\Windows\Panther
2014-01-20 19:40 - 2014-01-20 19:40 - 00029544 _____ C:\Users\Leinad\Desktop\Addition.txt
2014-01-20 18:24 - 2013-07-12 18:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-20 17:30 - 2014-01-20 17:27 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2014-01-20 17:19 - 2012-12-29 01:55 - 00959370 _____ C:\Windows\system32\oodbs.lor
2014-01-20 17:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-20 17:10 - 2012-12-28 23:37 - 00000000 ___RD C:\Users\Leinad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-20 16:46 - 2014-01-20 16:46 - 00000000 ____D C:\FRST
2014-01-20 16:33 - 2014-01-20 19:39 - 02076672 _____ (Farbar) C:\Users\Leinad\Desktop\FRST64.exe
2014-01-20 07:38 - 2012-12-29 01:09 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\vlc
2014-01-20 07:21 - 2013-12-30 22:10 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Skype
2014-01-20 04:42 - 2013-12-29 04:37 - 00000000 ____D C:\Users\Leinad\AppData\Local\JDownloader v2.0
2014-01-20 00:50 - 2014-01-13 00:20 - 00001797 _____ C:\Users\Leinad\Desktop\Einheitenbericht.txt
2014-01-19 18:50 - 2013-06-19 10:12 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\TS3Client
2014-01-18 19:45 - 2009-07-14 05:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-18 19:45 - 2009-07-14 05:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-18 17:19 - 2014-01-15 01:58 - 00384013 _____ C:\Users\Leinad\Desktop\gge leinad und chef gold.mcr
2014-01-17 22:59 - 2014-01-09 02:25 - 00000627 _____ C:\Users\Leinad\Desktop\winter ziele.txt
2014-01-16 16:21 - 2009-07-14 05:45 - 02054608 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 03:04 - 2013-12-24 06:09 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 03:00 - 2012-12-13 09:31 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 22:58 - 2014-01-15 22:58 - 02727456 _____ (Skillbrains ) C:\Users\Leinad\Downloads\setup-lightshot.exe
2014-01-15 22:58 - 2014-01-15 22:58 - 00003286 _____ C:\Windows\System32\Tasks\update-sys
2014-01-15 22:58 - 2014-01-15 22:58 - 00003266 _____ C:\Windows\System32\Tasks\update-S-1-5-21-586411972-1826969491-2776955316-1001
2014-01-15 22:58 - 2014-01-15 22:58 - 00000443 _____ C:\Users\Leinad\AppData\Local\UserProducts.xml
2014-01-15 22:58 - 2014-01-15 22:58 - 00000003 _____ C:\Users\Leinad\AppData\Local\updater.log
2014-01-15 22:58 - 2014-01-15 22:58 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2014-01-15 22:58 - 2014-01-15 22:58 - 00000000 ____D C:\Users\Leinad\AppData\Local\Skillbrains
2014-01-15 22:58 - 2014-01-15 22:58 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2014-01-15 00:43 - 2014-01-15 00:34 - 00000039 _____ C:\Users\Leinad\Desktop\AP Übernahme.txt
2014-01-14 22:58 - 2014-01-13 20:36 - 00000058 _____ C:\Users\Leinad\Desktop\neue Samurai RSD.txt
2014-01-14 22:30 - 2014-01-13 21:29 - 00000019 _____ C:\Users\Leinad\Desktop\Samurai neue Nahrungs-AP.txt
2014-01-14 18:43 - 2014-01-14 18:41 - 00029452 _____ C:\Users\Leinad\Desktop\gge gold chrome.mcr
2014-01-14 16:45 - 2014-01-14 13:54 - 00000000 ____D C:\Users\Leinad\Downloads\mouseandkeyrec
2014-01-14 16:43 - 2014-01-14 16:43 - 00029431 _____ C:\Users\Leinad\Desktop\gge gold.mcr
2014-01-14 14:32 - 2014-01-14 14:14 - 00000000 ____D C:\Program Files (x86)\MacroRecorder
2014-01-14 14:14 - 2014-01-14 14:14 - 00719360 _____ (Jitbit Software ) C:\Users\Leinad\Downloads\MacroRecorderSetup.exe
2014-01-14 14:14 - 2014-01-14 14:14 - 00001102 _____ C:\Users\Public\Desktop\Macro Recorder.lnk
2014-01-14 14:03 - 2014-01-14 13:56 - 00000000 ____D C:\Users\Leinad\Documents\Recorder
2014-01-14 13:56 - 2014-01-14 13:56 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Recorder
2014-01-14 13:54 - 2014-01-14 13:54 - 03274843 _____ C:\Users\Leinad\Downloads\mouseandkeyrec.zip
2014-01-14 13:52 - 2014-01-14 13:53 - 00047438 _____ C:\Users\Leinad\Documents\macex_bak000.~mex
2014-01-14 13:52 - 2014-01-14 13:48 - 00047438 _____ C:\Users\Leinad\Documents\macex.mex
2014-01-14 13:47 - 2014-01-14 13:47 - 00000000 ____D C:\ProgramData\Insight Software Solutions
2014-01-14 13:46 - 2014-01-14 13:46 - 23310272 _____ C:\Users\Leinad\Downloads\macex3.exe
2014-01-14 13:46 - 2014-01-14 13:42 - 00000000 ____D C:\Program Files (x86)\Ghost Control
2014-01-14 13:44 - 2014-01-14 13:44 - 00000916 _____ C:\Users\Leinad\Desktop\GGE.lnk
2014-01-14 13:44 - 2014-01-14 13:42 - 00000000 ____D C:\Users\Leinad\Documents\Ghost Control
2014-01-14 13:41 - 2014-01-14 13:41 - 03373928 _____ (N.R.S. ) C:\Users\Leinad\Documents\ghostcontrol3.exe
2014-01-13 21:31 - 2014-01-13 20:36 - 00000039 _____ C:\Users\Leinad\Desktop\Neues Textdokument (2).txt
2014-01-12 23:21 - 2014-01-12 21:16 - 00000107 _____ C:\Users\Leinad\Desktop\TS Samurai.txt
2014-01-12 18:18 - 2014-01-12 18:18 - 00002660 _____ C:\Users\Leinad\Desktop\146d2ab98747657b0aa1e08e46ad3786.rsdf
2014-01-12 09:23 - 2014-01-11 23:02 - 00001206 _____ C:\Users\Leinad\Desktop\sam.txt
2014-01-11 22:19 - 2014-01-11 21:35 - 00000017 _____ C:\Users\Leinad\Desktop\nahrungs aps.txt
2014-01-11 06:30 - 2014-01-11 06:00 - 00000175 _____ C:\Users\Leinad\Desktop\Leindörfer.txt
2014-01-09 20:34 - 2014-01-09 20:34 - 00000007 _____ C:\Users\Leinad\Desktop\neue AP.txt
2014-01-09 03:32 - 2013-10-29 21:19 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-09 03:17 - 2014-01-09 03:17 - 00000807 _____ C:\Users\Leinad\Desktop\Tipp für RSD.txt
2014-01-09 00:55 - 2013-12-30 16:30 - 00001370 _____ C:\Users\Leinad\Desktop\ziele.txt
2014-01-05 01:06 - 2013-01-03 13:06 - 00000000 ____D C:\Users\Leinad\AppData\Local\Adobe
2014-01-04 22:49 - 2014-01-04 22:49 - 00000013 _____ C:\Users\Leinad\Desktop\alli kontakt.txt
2013-12-30 23:30 - 2013-11-13 16:53 - 00000000 ____D C:\Program Files (x86)\Space Rangers HD A War Apart
2013-12-30 23:29 - 2013-08-12 22:26 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\3909
2013-12-30 23:29 - 2013-01-01 21:59 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-30 23:25 - 2013-03-15 02:19 - 00000000 ____D C:\Users\Leinad\Documents\SimCity 4
2013-12-30 23:22 - 2013-12-30 23:20 - 00000000 ____D C:\Users\Leinad\Desktop\Uni
2013-12-30 22:28 - 2013-06-19 10:10 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-12-30 22:10 - 2013-12-30 22:10 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-30 22:10 - 2013-12-30 22:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-30 22:10 - 2013-12-30 22:10 - 00000000 ____D C:\ProgramData\Skype
2013-12-30 07:51 - 2012-12-29 02:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-30 07:47 - 2013-12-30 07:47 - 00000000 ____D C:\Users\Leinad\AppData\Local\Macromedia
2013-12-29 18:21 - 2013-12-29 18:21 - 00001127 _____ C:\Users\Leinad\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-29 18:20 - 2013-12-29 18:20 - 00001421 _____ C:\Users\Leinad\Desktop\Internet Explorer.lnk
2013-12-29 18:19 - 2013-12-29 18:18 - 00000000 ____D C:\Users\Leinad\AppData\Local\Mozilla
2013-12-29 18:18 - 2013-12-29 18:18 - 00283096 _____ (Mozilla) C:\Users\Leinad\Downloads\Firefox Setup Stub 26.0.exe
2013-12-29 18:18 - 2013-12-29 18:18 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-29 18:18 - 2013-07-11 02:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-29 18:18 - 2012-12-29 02:33 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Mozilla
2013-12-29 12:16 - 2012-12-29 00:43 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013
2013-12-29 08:17 - 2013-12-29 08:17 - 01233962 _____ C:\Users\Leinad\Downloads\AdwCleaner (1).exe
2013-12-29 08:17 - 2013-07-13 11:32 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-29 08:17 - 2013-07-13 11:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-29 08:16 - 2013-12-29 08:16 - 01034531 _____ (Thisisu) C:\Users\Leinad\Downloads\JRT.exe
2013-12-29 08:12 - 2013-12-29 04:35 - 00000000 ____D C:\ProgramData\WPM
2013-12-29 08:11 - 2013-07-04 02:31 - 00001421 _____ C:\Users\Leinad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-29 08:08 - 2013-12-29 08:07 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Leinad\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-12-29 08:02 - 2013-12-29 08:02 - 00001442 _____ C:\Users\Leinad\Desktop\RootAlyzer.lnk
2013-12-29 08:02 - 2013-12-29 08:01 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-29 08:01 - 2013-12-29 08:01 - 01339719 _____ C:\Users\Leinad\Downloads\rootalyz-0.3.4.47.zip
2013-12-29 08:01 - 2013-12-29 08:01 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-29 08:01 - 2013-12-29 08:01 - 00000000 ____D C:\Users\Leinad\Downloads\rootalyz-0.3.4.47
2013-12-29 08:00 - 2013-12-29 07:57 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Leinad\Downloads\spybot-2.2.exe
2013-12-29 07:48 - 2013-12-28 16:13 - 00000123 _____ C:\Users\Leinad\Desktop\Goodgame Empire Zeug.txt
2013-12-29 05:01 - 2013-12-29 04:43 - 00000000 ____D C:\Program Files (x86)\JDownloader 2
2013-12-29 04:53 - 2013-12-29 04:43 - 00000000 ____D C:\Program Files (x86)\JD Backup
2013-12-29 04:40 - 2013-12-29 04:40 - 00002086 _____ C:\Users\Leinad\Desktop\JDownloader 2.lnk
2013-12-29 04:40 - 2013-12-29 04:40 - 00000000 ____D C:\Users\Leinad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2013-12-29 04:34 - 2013-12-29 04:34 - 00081488 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\Leinad\Downloads\WebInstaller.exe
2013-12-29 04:34 - 2013-12-29 04:34 - 00077976 _____ (AppWork GmbH) C:\Users\Leinad\Downloads\WebInstallerJD2.exe
2013-12-29 03:51 - 2013-10-29 21:33 - 00000000 ____D C:\ProgramData\Oracle
2013-12-29 03:50 - 2013-12-29 03:51 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-29 03:50 - 2013-12-29 03:51 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-29 03:50 - 2013-12-29 03:51 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-29 03:50 - 2013-12-29 03:51 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-28 18:05 - 2012-12-29 00:42 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-12-24 06:14 - 2013-12-24 06:14 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (3).exe
2013-12-24 06:10 - 2013-12-24 06:10 - 00000000 ____D C:\2f1e1235fb3978355243e40a64e4da86
2013-12-24 06:08 - 2013-12-24 06:08 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (2).exe
2013-12-23 20:58 - 2013-12-23 20:58 - 00915368 _____ (Oracle Corporation) C:\Users\Leinad\Downloads\chromeinstall-7u45 (1).exe
2013-12-23 10:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 19:08
==================== End Of Log ============================
Geändert von LinkesAuge (20.01.2014 um 20:50 Uhr) |
|
20.01.2014, 23:45
| #8 |
| /// TB-Ausbilder | GVU Trojaner - Windows7 Gut, Flashplayer und Java updaten und wir räumen auf. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts  Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
21.01.2014, 01:05
| #9 |
| | GVU Trojaner - Windows7 Ok alles gemacht und die Tipps werde ich in Zukunft mal (genauer) befolgen.  Vielen dank für die ausführliche und super schnelle Hilfe, ihr macht hier wirklich tolle Arbeit! |
|
21.01.2014, 01:06
| #10 |
| /// TB-Ausbilder | GVU Trojaner - Windows7 Freut mich, dass wir helfen konnten.  Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu GVU Trojaner - Windows7 |
| aartemis, aartemis entfernen, adobe flash player, association, download, explorer.exe, firefox, goodgame, kaspersky, microsoft, pum.rightclick.disabled, pup.optional.crossrider.a, registry, safer networking, svchost.exe, win32/injector.anlt, win32/lockscreen.bei, winlogon |
Linear-Darstellung
