| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TRojan.Betabot Activity 3Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.02.2014, 21:49
| #1 |
| |  TRojan.Betabot Activity 3 Hallo, ich habe mir diesen Trojaner eingefangen und er macht mein Pc sehr langsam und öffnet einfach irgendwelche Programme. Habe den Adw Cleaner schon einmal drüber laufen lassen. # AdwCleaner v3.018 - Bericht erstellt am 10/02/2014 um 21:22:31 # Updated 28/01/2014 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzername : 1 - ANIOL-PC # Gestartet von : C:\Users\1\Downloads\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Ask Ordner Gelöscht : C:\ProgramData\Trymedia Ordner Gelöscht : C:\ProgramData\AlawarWrapper Ordner Gelöscht : C:\Program Files\Common Files\Plasmoo Ordner Gelöscht : C:\Users\Aniol\AppData\Local\PackageAware Ordner Gelöscht : C:\Users\Aniol\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Aniol\AppData\LocalLow\Smartbar Ordner Gelöscht : C:\Users\Aniol\AppData\Roaming\dvdvideosoftiehelpers ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}] Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Schlüssel Gelöscht : HKLM\Software\Uniblue\DriverScanner ***** [ Browser ] ***** -\\ Internet Explorer v8.0.6001.19489 -\\ Mozilla Firefox v27.0 (de) [ Datei : C:\Users\Aniol\AppData\Roaming\Mozilla\Firefox\Profiles\5l468plj.default-1383686704712\prefs.js ] [ Datei : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hpdt8sej.default\prefs.js ] ************************* AdwCleaner[R0].txt - [3579 octets] - [06/02/2014 21:41:55] AdwCleaner[R1].txt - [3698 octets] - [10/02/2014 21:16:37] AdwCleaner[S0].txt - [349 octets] - [06/02/2014 21:55:09] AdwCleaner[S1].txt - [3635 octets] - [10/02/2014 21:22:31] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3695 octets] ########## wäre nett wenn ihr mir helfen könntet. ich könnte auch noch schicken was malwarbytes sagt, da ich diese Program ebenfalls durchlaufen lies. |
|
10.02.2014, 21:52
| #2 |
| /// Malwareteam   | TRojan.Betabot Activity 3 Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld 
__________________ |
|
10.02.2014, 21:53
| #3 | |
| /// Malwareteam | TRojan.Betabot Activity 3 Hallo bachao,
__________________mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:  Regeln zum Ablauf der Bereinigung
Hinweise
Zitat:
.Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Poste folgende Logfiles in deiner nächsten Antwort:
__________________ |
|
10.02.2014, 22:24
| #4 |
| | TRojan.Betabot Activity 3 Hallo Jonas , danke für die HiilfeFRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-02-2014
Ran by 1 at 2014-02-10 22:19:32
Running from C:\Users\1\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Digital Editions 2.0 (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 - Deutsch (Version: 8.3.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11 (Version: 11 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (Version: 2013.0830.1944.33589 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (Version: 6.02.0001 - Microsoft Corporation)
EA Download Manager (Version: 5.1.0.4 - Electronic Arts, Inc.)
EA Installer (Version: 2.3.0.74 - Electronic Arts, Inc.)
Firstload (Version: - Lumaris.net)
Football Manager 2013 version 13.3.3 (Version: 13.3.3 - SEGA)
Free Studio version 4.2 (Version: - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.12.2.422 (Version: 3.12.2.422 - DVDVideoSoft Ltd.)
FUSSBALL MANAGER 11 (Version: - Electronic Arts)
Gigabyte Raid Configurer (Version: 1.00.0000 - Gigabyte Technology Corp.)
Google Earth (Version: 4.2.205.5730 - Google)
Governor of Poker 2 Premium Edition v1.0 Multi (Version: - My Company, Inc.)
Hercules Webcam (Version: - )
Hercules WebCam Station (Version: - )
iCloud (Version: 1.0.2.17 - Apple Inc.)
Infineon USB driver 1.0.0.6 (Version: - Infineon)
iTunes (Version: 11.1.3.8 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 12 (Version: 1.5.0.120 - Sun Microsystems, Inc.)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 16 (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 6 Update 7 (Version: 1.6.0.70 - Sun Microsystems, Inc.)
LG Bluetooth Drivers (Version: 1.1 - LG Electronics)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322 - Microsoft)
MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 27.0 (x86 de) (Version: 27.0 - Mozilla)
Mozilla Maintenance Service (Version: 27.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (Version: 7.02.8507 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Norton Internet Security (Version: 20.4.0.40 - Symantec Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (Version: 4.01.9714 - Apache Software Foundation)
PunkBuster Services (Version: 0.986 - Even Balance, Inc.)
QuickShare (Version: 10.165.60.13189 - Linkury Inc.) <==== ATTENTION
QuickTime (Version: 7.71.80.42 - Apple Inc.)
Reader for PC (Version: 2.0.02.15180 - Sony Corporation)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.5404 - Realtek Semiconductor Corp.)
Safari (Version: 5.34.52.7 - Apple Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype Click to Call (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
T-Online 6.0 (Version: - )
T-Online WLAN-Access Finder (Version: - )
Torchlight II (c) Runic Games version 1 (Version: 1 - )
Unlocker 1.9.0 (Version: 1.9.0 - Cedrick Collomb)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1 - Microsoft Corporation)
USB Flash Port Driver (Version: 1.00.0000 - Infineon Technologies)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
Winamp (Version: 5.5 - Nullsoft, Inc)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live OneCare safety scanner (Version: - Microsoft Corporation)
Windows Live OneCare safety scanner (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) (Version: 04/16/2009 1.0.0.6 - Infineon Technologies)
WinRAR (Version: - )
==================== Restore Points =========================
10-02-2014 20:36:03 Removed SpyHunter
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {026AC9FF-BB50-4B0E-A615-CBFBDAE9B3D4} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {06482CFA-0EA9-434D-9B64-178009CBD8FD} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {386DEB2C-15CE-4169-BFE6-30C878FB3160} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {567F871F-24E7-43B1-97F7-D41EDD11FE29} - System32\Tasks\{C8A8D678-36D0-4D4C-B9D2-950ABA8D54DE} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {6B193CEE-16A0-43B7-89D6-A81DAB0F1E49} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {7D196A68-B3FF-4436-B2F6-E8FF7624496F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: {8E3F801C-814C-4F9D-BB09-B7E373F56FD9} - System32\Tasks\Microsoft\Windows\RestartManager\{64601BF0-8AA3-40da-BD2B-A1F5332126C8} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {B63004E3-DD1A-4A9A-B9E8-E04616F4C3D0} - System32\Tasks\{40D80C82-E859-428F-B95D-0D3F101C0356} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {C0D5C71E-D82D-4AEE-B4DD-7852361C1C57} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {D30A3C46-9159-444A-9AFB-52BEA700B78C} - System32\Tasks\Microsoft\Windows\RestartManager\{06E3B974-EA41-4fd6-9C88-4DDEBE475894} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EF03E76F-19D3-4162-B134-CCAAF3FE8E6D} - System32\Tasks\Microsoft\Windows\RestartManager\{5D5A7394-0ABF-40e5-886A-DE0F5CF7D031} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {F7E5C4DD-DD76-40F3-AF6E-12F631DA2214} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-06] (Adobe Systems Incorporated)
Task: {FD980902-2334-4E84-AE43-1BC03689CBD0} - System32\Tasks\{3612B83D-B174-4B60-8DF9-CBB3CF474984} => Firefox.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/abandoninstall?page=tsProgressBar
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{06FDA24E-180F-4B01-AAFC-6F667AFEE44A}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2012-07-28 02:13 - 2012-07-28 02:13 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2008-01-12 18:41 - 2005-06-28 13:59 - 00053248 _____ () C:\Program Files\Hercules\WebCam Station\PhotoImpression\share\pihook.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 13:58 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2013-05-24 14:02 - 2014-02-10 21:17 - 03583600 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-07-02 14:17 - 2013-12-18 21:05 - 00016808 _____ () C:\Program Files\Java\jre7\bin\jp2native.dll
2014-01-06 20:33 - 2014-01-06 20:33 - 16242056 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00113664 _____ () D:\VLC\libvlc.dll
2013-12-09 01:19 - 2013-12-09 01:19 - 02342912 _____ () D:\VLC\libvlccore.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00246784 _____ () D:\VLC\plugins\access\libdshow_plugin.dll
2013-12-09 01:19 - 2013-12-09 01:19 - 00047616 _____ () D:\VLC\plugins\audio_output\libdirectsound_plugin.dll
2013-12-09 01:19 - 2013-12-09 01:19 - 00050688 _____ () D:\VLC\plugins\audio_output\libwaveout_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00079360 _____ () D:\VLC\plugins\video_output\libdirectdraw_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 02029568 _____ () D:\VLC\plugins\access\liblibbluray_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00100352 _____ () D:\VLC\plugins\access\libaccess_bd_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00258560 _____ () D:\VLC\plugins\access\libdvdnav_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00076288 _____ () D:\VLC\plugins\access\libaccess_vdr_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00046592 _____ () D:\VLC\plugins\access\libfilesystem_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00061440 _____ () D:\VLC\plugins\stream_filter\libsmooth_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00465920 _____ () D:\VLC\plugins\stream_filter\libhttplive_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00719872 _____ () D:\VLC\plugins\stream_filter\libdash_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00114688 _____ () D:\VLC\plugins\access\libzip_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00039936 _____ () D:\VLC\plugins\access\libstream_filter_rar_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00036864 _____ () D:\VLC\plugins\stream_filter\librecord_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00136704 _____ () D:\VLC\plugins\demux\libplaylist_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 01449472 _____ () D:\VLC\plugins\meta_engine\libtaglib_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00300032 _____ () D:\VLC\plugins\lua\liblua_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 01283584 _____ () D:\VLC\plugins\misc\libxml_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00056320 _____ () D:\VLC\plugins\control\libhotkeys_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00038912 _____ () D:\VLC\plugins\control\libglobalhotkeys_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00192512 _____ () D:\VLC\plugins\demux\libmp4_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00091136 _____ () D:\VLC\plugins\demux\libavi_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00069120 _____ () D:\VLC\plugins\demux\libasf_plugin.dll
2013-12-09 01:19 - 2013-12-09 01:19 - 11747840 _____ () D:\VLC\plugins\gui\libqt4_plugin.dll
2013-12-09 01:19 - 2013-12-09 01:19 - 00292864 _____ () D:\VLC\plugins\codec\libpng_plugin.dll
2013-12-09 01:19 - 2013-12-09 01:19 - 00040448 _____ () D:\VLC\plugins\codec\libcdg_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 01297920 _____ () D:\VLC\plugins\codec\libschroedinger_plugin.dll
2013-12-09 01:19 - 2013-12-09 01:19 - 00041472 _____ () D:\VLC\plugins\codec\libdts_plugin.dll
2013-12-09 01:19 - 2013-12-09 01:19 - 00350720 _____ () D:\VLC\plugins\codec\libtheora_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00359424 _____ () D:\VLC\plugins\codec\libfaad_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00209408 _____ () D:\VLC\plugins\codec\libflac_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00049152 _____ () D:\VLC\plugins\codec\libg711_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00037888 _____ () D:\VLC\plugins\codec\libaes3_plugin.dll
2013-12-09 01:19 - 2013-12-09 01:19 - 01384960 _____ () D:\VLC\plugins\codec\liblibass_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00144896 _____ () D:\VLC\plugins\codec\libspeex_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00044032 _____ () D:\VLC\plugins\codec\liblpcm_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 01723904 _____ () D:\VLC\plugins\codec\libvorbis_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00041472 _____ () D:\VLC\plugins\codec\libmpeg_audio_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00048640 _____ () D:\VLC\plugins\codec\libaraw_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00188928 _____ () D:\VLC\plugins\codec\libopus_plugin.dll
2013-12-09 01:19 - 2013-12-09 01:19 - 00040448 _____ () D:\VLC\plugins\codec\liba52_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00042496 _____ () D:\VLC\plugins\codec\libspudec_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 09262080 _____ () D:\VLC\plugins\codec\libavcodec_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00731136 _____ () D:\VLC\plugins\text_renderer\libfreetype_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00052224 _____ () D:\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00044032 _____ () D:\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00384000 _____ () D:\VLC\plugins\video_filter\libswscale_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00137728 _____ () D:\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00051712 _____ () D:\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00043008 _____ () D:\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00076800 _____ () D:\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00038912 _____ () D:\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00037376 _____ () D:\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00055808 _____ () D:\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00041984 _____ () D:\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00043008 _____ () D:\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00040448 _____ () D:\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00037376 _____ () D:\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00036864 _____ () D:\VLC\plugins\video_filter\libscale_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00035840 _____ () D:\VLC\plugins\video_filter\libyuvp_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00079872 _____ () D:\VLC\plugins\video_output\libdirect3d_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00034816 _____ () D:\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 00040960 _____ () D:\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2013-12-09 01:18 - 2013-12-09 01:18 - 01518592 _____ () D:\VLC\plugins\audio_filter\libsamplerate_plugin.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Aniol:zylomtest
AlternateDataStreams: C:\Users\Aniol:zylomtr{000HQ7FF-AD7A-3FG3-VK8A-25GG67KOIVUV}
AlternateDataStreams: C:\ProgramData\TEMP:834DD57E
AlternateDataStreams: C:\ProgramData\TEMP:C980DA7D
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/06/2014 09:12:11 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\1\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HPDT8SEJ.DEFAULT\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/06/2014 09:12:11 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\1\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HPDT8SEJ.DEFAULT\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/06/2014 09:10:33 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\1\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HPDT8SEJ.DEFAULT\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/06/2014 09:10:33 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\1\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HPDT8SEJ.DEFAULT\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/06/2014 09:05:39 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\1\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HPDT8SEJ.DEFAULT\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/06/2014 09:05:39 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\1\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HPDT8SEJ.DEFAULT\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/03/2014 10:30:56 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Installed SpyHunter; Hr = 0x8004231f).
Error: (02/03/2014 10:30:41 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Installed SpyHunter; Hr = 0x8004231f).
Error: (02/03/2014 10:29:21 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\ANIOL\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5L468PLJ.DEFAULT-1383686704712\CACHE\7\7C> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/03/2014 10:29:21 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\ANIOL\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5L468PLJ.DEFAULT-1383686704712\CACHE\7\7C> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (02/10/2014 09:25:45 PM) (Source: Service Control Manager) (User: )
Description: incdrm
Error: (02/10/2014 09:15:29 PM) (Source: Service Control Manager) (User: )
Description: incdrm
Error: (02/06/2014 10:47:46 PM) (Source: Service Control Manager) (User: )
Description: incdrm
Error: (02/06/2014 10:46:17 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 06.02.2014 um 22:44:38 unerwartet heruntergefahren.
Error: (02/06/2014 09:04:24 PM) (Source: Service Control Manager) (User: )
Description: incdrm
Error: (02/03/2014 10:27:38 PM) (Source: DCOM) (User: )
Description: {2A802A8F-CE0F-4564-9479-F5B8DB80E7F3}
Error: (02/03/2014 10:27:09 PM) (Source: Service Control Manager) (User: )
Description: incdrm
Error: (02/03/2014 09:39:25 PM) (Source: Service Control Manager) (User: )
Description: incdrm
Error: (02/03/2014 07:38:29 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (02/03/2014 07:14:06 PM) (Source: Service Control Manager) (User: )
Description: incdrm
Microsoft Office Sessions:
=========================
Error: (02/06/2014 09:12:11 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\1\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HPDT8SEJ.DEFAULT\SAFEBROWSING
Error: (02/06/2014 09:12:11 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\1\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HPDT8SEJ.DEFAULT\SAFEBROWSING
Error: (02/06/2014 09:10:33 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\1\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HPDT8SEJ.DEFAULT\SAFEBROWSING
Error: (02/06/2014 09:10:33 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\1\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HPDT8SEJ.DEFAULT\SAFEBROWSING
Error: (02/06/2014 09:05:39 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\1\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HPDT8SEJ.DEFAULT\SAFEBROWSING
Error: (02/06/2014 09:05:39 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\1\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HPDT8SEJ.DEFAULT\SAFEBROWSING
Error: (02/03/2014 10:30:56 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled SpyHunter0x8004231f
Error: (02/03/2014 10:30:41 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled SpyHunter0x8004231f
Error: (02/03/2014 10:29:21 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\ANIOL\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5L468PLJ.DEFAULT-1383686704712\CACHE\7\7C
Error: (02/03/2014 10:29:21 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\ANIOL\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5L468PLJ.DEFAULT-1383686704712\CACHE\7\7C
CodeIntegrity Errors:
===================================
Date: 2014-02-10 22:19:09.846
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 22:19:09.392
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 22:19:09.009
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 22:19:08.656
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 22:19:03.568
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20140121.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 22:19:03.224
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20140121.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 22:19:02.906
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20140121.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 22:19:02.597
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20140121.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 22:01:01.337
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 22:01:01.016
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 82%
Total physical RAM: 2045.77 MB
Available physical RAM: 350.1 MB
Total Pagefile: 4338.5 MB
Available Pagefile: 2380.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.05 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:39.06 GB) (Free:0.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:193.82 GB) (Free:7.47 GB) NTFS
Drive f: (NORTON) (CDROM) (Total:0.6 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: F35C8908)
Partition 1: (Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=194 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2014
Ran by 1 (administrator) on ANIOL-PC on 10-02-2014 22:18:56
Running from C:\Users\1\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) D:\Itunes\iTunesHelper.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Malwarebytes Corporation) D:\Malwarebytes' Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jp2launcher.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\java.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jp2launcher.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\java.exe
(VideoLAN) D:\VLC\vlc.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [X]
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - D:\Itunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4435968 2007-04-23] (Realtek Semiconductor)
HKU\.DEFAULT\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-21-1887794185-3127723800-2398774616-1004\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe [839560 2014-01-06] (Adobe Systems Incorporated)
Startup: C:\Users\Aniol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk
ShortcutTarget: Product Registration.lnk -> C:\Users\1\AppData\Local\Temp\is-IMSSM.tmp\ATR1.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.web.de/runonce
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2
HKLM\Software\Microsoft\Internet Explorer\Main,Update_Check_Page = hxxp://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {1AA803F4-CD29-4604-B1A5-1A1D7ECA7015} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {1AA803F4-CD29-4604-B1A5-1A1D7ECA7015} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=sb&qsrc=2869
SearchScopes: HKCU - {BBB3829B-6ADC-4B83-8464-BBC45634CE94} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {D4607F03-416A-4727-9CCC-CCC0952AE5B8} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: WEB.DE Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hpdt8sej.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - D:\Itunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @sony.com/ReaderDesktop - D:\Reader for pc\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - D:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - D:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - D:\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-05-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFF [2013-10-09]
========================== Services (Whitelisted) =================
S4 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1550896 2007-05-15] (Nero AG)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2008-06-05] ()
S4 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [107832 2008-06-05] ()
S4 serviceIEConfig; C:\Windows\System32\ieconfig_1und1_svc.exe [662416 2009-11-07] (mquadr.at softwareengineering und consulting gmbh)
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
==================== Drivers (Whitelisted) ====================
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
S3 AVMUNET; C:\Windows\System32\DRIVERS\avmunet.sys [15104 2005-03-02] (AVM GmbH)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20140121.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB.sys [16896 2009-05-12] (Danish Wireless Design A/S)
S3 gdrv; C:\Windows\gdrv.sys [15600 2007-11-04] (Windows (R) 2000 DDK provider)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20140207.001\IDSvix86.sys [394456 2014-01-22] (Symantec Corporation)
R4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [118576 2007-05-15] (Nero AG)
R1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [37040 2007-05-15] (Nero AG)
U1 InCDrec; C:\Windows\system32\Drivers\InCDrec.sys [16304 2007-05-15] (Nero AG)
S1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [38576 2007-05-15] (Nero AG)
R0 JGOGO; C:\Windows\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron )
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [44928 2007-02-16] (JMicron Technology Corp.)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-02-10] (Malwarebytes Corporation)
S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys [17536 2006-10-09] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20140210.001\NAVENG.SYS [93272 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20140210.001\NAVEX15.SYS [1612376 2013-08-29] (Symantec Corporation)
R3 ovt530; C:\Windows\System32\Drivers\ov530vid.sys [161792 2005-03-15] (OmniVision Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-11-11] ()
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
S3 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2009-10-21] ()
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-19] (LG Electronics Inc.)
U3 azjeu0wp; C:\Windows\system32\Drivers\azjeu0wp.sys [0 ] (Microsoft Corporation)
S3 Afc; system32\drivers\Afc.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 dtwmnic5; system32\DRIVERS\dtwmnic5.sys [X]
R3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 UnlockerDriver5; D:\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-10 22:18 - 2014-02-10 22:19 - 00018318 _____ () C:\Users\1\Downloads\FRST.txt
2014-02-10 22:18 - 2014-02-10 22:18 - 01139200 _____ (Farbar) C:\Users\1\Downloads\FRST.exe
2014-02-10 22:18 - 2014-02-10 22:18 - 00000000 ____D () C:\FRST
2014-02-06 23:09 - 2014-02-10 22:14 - 00000000 ____D () C:\Users\1\AppData\Roaming\Skype
2014-02-06 21:41 - 2014-02-10 21:22 - 00000000 ____D () C:\AdwCleaner
2014-02-06 21:33 - 2014-02-06 21:33 - 01166132 _____ () C:\Users\1\Downloads\adwcleaner.exe
2014-02-06 21:32 - 2014-02-10 21:48 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-06 21:14 - 2014-02-06 21:15 - 00000000 ____D () C:\Users\1\AppData\Roaming\Firstload
2014-02-06 21:14 - 2014-02-06 21:14 - 00000000 ____D () C:\Users\1\Documents\Firstload
2014-02-03 22:52 - 2014-02-10 22:12 - 00000000 ____D () C:\Users\1\AppData\Roaming\vlc
2014-02-03 22:51 - 2014-02-10 22:11 - 00016896 _____ () C:\Users\1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-03 22:51 - 2014-02-03 22:51 - 00000000 ____D () C:\Users\1\AppData\Roaming\T-Online
2014-02-03 22:30 - 2014-02-03 22:30 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-03 22:29 - 2014-02-03 22:29 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\1\Downloads\SpyHunter-Installer.exe
2014-02-03 22:29 - 2014-02-03 22:29 - 00000680 _____ () C:\Users\1\AppData\Local\d3d9caps.dat
2014-02-03 22:13 - 2014-02-10 21:36 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-02-03 22:08 - 2014-02-03 22:08 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-02-03 22:06 - 2014-02-03 22:06 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Aniol\Downloads\SpyHunter-Installer.exe
2014-02-03 21:56 - 2014-02-03 21:56 - 00033288 _____ () C:\{1CC20377-3E0C-4A61-9315-7DCAABADF80E}
2014-02-03 21:37 - 2014-02-06 22:46 - 00001952 _____ () C:\Windows\PFRO.log
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\1\AppData\Roaming\Macromedia
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\1\AppData\Roaming\Adobe
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\1\AppData\Local\Macromedia
2014-02-03 21:23 - 2014-02-03 21:23 - 00000000 ____D () C:\Users\1\AppData\Roaming\Mozilla
2014-02-03 21:23 - 2014-02-03 21:23 - 00000000 ____D () C:\Users\1\AppData\Local\Mozilla
2014-02-03 19:44 - 2014-02-03 19:44 - 00000000 ____D () C:\Users\1\AppData\Roaming\ATI
2014-02-03 19:44 - 2014-02-03 19:44 - 00000000 ____D () C:\Users\1\AppData\Local\ATI
2014-01-30 23:26 - 2014-01-30 23:26 - 00002608 _____ () C:\{B6EF3CC7-B2D2-4504-BE4F-71B12B1FE8C4}
2014-01-30 21:41 - 2014-01-30 21:41 - 00002088 _____ () C:\{06124B29-E47E-4E24-97E3-A6A106514E09}
2014-01-30 21:05 - 2014-01-30 21:05 - 107690016 _____ () C:\Windows\MEMORY.DMP
2014-01-30 21:05 - 2014-01-30 21:05 - 00137248 _____ () C:\Windows\Minidump\Mini013014-01.dmp
2014-01-20 19:20 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-20 19:20 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-20 19:20 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-20 19:20 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-20 19:19 - 2014-01-20 19:20 - 00005384 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
==================== One Month Modified Files and Folders =======
2014-02-10 22:19 - 2014-02-10 22:18 - 00018318 _____ () C:\Users\1\Downloads\FRST.txt
2014-02-10 22:19 - 2007-11-05 19:19 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{06FDA24E-180F-4B01-AAFC-6F667AFEE44A}.job
2014-02-10 22:18 - 2014-02-10 22:18 - 01139200 _____ (Farbar) C:\Users\1\Downloads\FRST.exe
2014-02-10 22:18 - 2014-02-10 22:18 - 00000000 ____D () C:\FRST
2014-02-10 22:14 - 2014-02-06 23:09 - 00000000 ____D () C:\Users\1\AppData\Roaming\Skype
2014-02-10 22:12 - 2014-02-03 22:52 - 00000000 ____D () C:\Users\1\AppData\Roaming\vlc
2014-02-10 22:11 - 2014-02-03 22:51 - 00016896 _____ () C:\Users\1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-10 21:48 - 2014-02-06 21:32 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-10 21:37 - 2012-04-12 13:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-10 21:36 - 2014-02-03 22:13 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-02-10 21:29 - 2013-11-04 15:17 - 00914978 _____ () C:\Windows\WindowsUpdate.log
2014-02-10 21:24 - 2012-05-03 14:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-10 21:24 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-10 21:24 - 2006-11-02 13:47 - 00004176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-10 21:24 - 2006-11-02 13:47 - 00004176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-10 21:22 - 2014-02-06 21:41 - 00000000 ____D () C:\AdwCleaner
2014-02-10 21:22 - 2006-11-02 14:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-10 21:17 - 2013-05-24 14:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-06 23:16 - 2010-08-01 12:08 - 00000000 ____D () C:\Users\Aniol\AppData\Roaming\Skype
2014-02-06 23:09 - 2012-04-29 08:29 - 00002489 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-06 23:09 - 2009-07-26 19:28 - 00000000 ____D () C:\ProgramData\Skype
2014-02-06 22:46 - 2014-02-03 21:37 - 00001952 _____ () C:\Windows\PFRO.log
2014-02-06 21:33 - 2014-02-06 21:33 - 01166132 _____ () C:\Users\1\Downloads\adwcleaner.exe
2014-02-06 21:15 - 2014-02-06 21:14 - 00000000 ____D () C:\Users\1\AppData\Roaming\Firstload
2014-02-06 21:14 - 2014-02-06 21:14 - 00000000 ____D () C:\Users\1\Documents\Firstload
2014-02-03 22:51 - 2014-02-03 22:51 - 00000000 ____D () C:\Users\1\AppData\Roaming\T-Online
2014-02-03 22:51 - 2013-06-11 14:17 - 00000000 ____D () C:\Users\1\AppData\Local\VirtualStore
2014-02-03 22:30 - 2014-02-03 22:30 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-03 22:29 - 2014-02-03 22:29 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\1\Downloads\SpyHunter-Installer.exe
2014-02-03 22:29 - 2014-02-03 22:29 - 00000680 _____ () C:\Users\1\AppData\Local\d3d9caps.dat
2014-02-03 22:08 - 2014-02-03 22:08 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-02-03 22:06 - 2014-02-03 22:06 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Aniol\Downloads\SpyHunter-Installer.exe
2014-02-03 21:56 - 2014-02-03 21:56 - 00033288 _____ () C:\{1CC20377-3E0C-4A61-9315-7DCAABADF80E}
2014-02-03 21:47 - 2013-07-05 17:56 - 00000000 ____D () C:\Users\Aniol\AppData\Local\CrashDumps
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\1\AppData\Roaming\Macromedia
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\1\AppData\Roaming\Adobe
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\1\AppData\Local\Macromedia
2014-02-03 21:23 - 2014-02-03 21:23 - 00000000 ____D () C:\Users\1\AppData\Roaming\Mozilla
2014-02-03 21:23 - 2014-02-03 21:23 - 00000000 ____D () C:\Users\1\AppData\Local\Mozilla
2014-02-03 19:45 - 2013-06-11 14:18 - 00058384 _____ () C:\Users\1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-03 19:44 - 2014-02-03 19:44 - 00000000 ____D () C:\Users\1\AppData\Roaming\ATI
2014-02-03 19:44 - 2014-02-03 19:44 - 00000000 ____D () C:\Users\1\AppData\Local\ATI
2014-01-30 23:26 - 2014-01-30 23:26 - 00002608 _____ () C:\{B6EF3CC7-B2D2-4504-BE4F-71B12B1FE8C4}
2014-01-30 22:34 - 2012-06-05 18:54 - 00000000 ____D () C:\Users\Aniol\AppData\Roaming\vlc
2014-01-30 22:32 - 2007-11-04 21:35 - 00157184 _____ () C:\Users\Aniol\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-30 21:41 - 2014-01-30 21:41 - 00002088 _____ () C:\{06124B29-E47E-4E24-97E3-A6A106514E09}
2014-01-30 21:05 - 2014-01-30 21:05 - 107690016 _____ () C:\Windows\MEMORY.DMP
2014-01-30 21:05 - 2014-01-30 21:05 - 00137248 _____ () C:\Windows\Minidump\Mini013014-01.dmp
2014-01-30 21:05 - 2009-02-12 15:47 - 00000000 ____D () C:\Windows\Minidump
2014-01-27 20:29 - 2012-06-05 18:22 - 00000000 ____D () C:\Users\Aniol\AppData\Roaming\Firstload
2014-01-27 20:15 - 2007-11-03 21:35 - 00008944 _____ () C:\Users\Aniol\AppData\Local\d3d9caps.dat
2014-01-20 19:20 - 2014-01-20 19:19 - 00005384 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-20 19:20 - 2008-08-03 20:10 - 00000000 ____D () C:\Program Files\Java
2014-01-16 23:36 - 2013-08-15 20:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 23:34 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-14 22:20 - 2006-11-02 11:33 - 01597068 _____ () C:\Windows\system32\PerfStringBackup.INI
Files to move or delete:
====================
C:\Users\Aniol\AppData\Roaming\skype.ini
Some content of TEMP:
====================
C:\Users\1\AppData\Local\Temp\AskSLib.dll
C:\Users\1\AppData\Local\Temp\Quarantine.exe
C:\Users\1\AppData\Local\Temp\SHSetup.exe
C:\Users\Aniol\AppData\Local\Temp\icqsetup.exe
C:\Users\Aniol\AppData\Local\Temp\SHSetup.exe
C:\Users\Aniol\AppData\Local\Temp\uu-s5x8y.dll
C:\Users\Aniol\AppData\Local\Temp\v080qlmg.dll
C:\Users\Aniol\AppData\Local\Temp\z4rd43a6.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-10 21:30
==================== End Of Log ============================
--- --- --- --- --- --- Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.02.06.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19489 1 :: ANIOL-PC [administrator] 10.02.2014 21:48:19 mbam-log-2014-02-10 (21-48-19).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 246080 Time elapsed: 17 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
|
11.02.2014, 23:31
| #5 |
| /// Malwareteam | TRojan.Betabot Activity 3 Schritt 1 Bitte deinstalliere folgende Programme:
Windows XP: Start -> Systemsteuerung -> Kategorieansicht auswählen (falls nicht voreingestellt) -> Softwareund wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7). Schritt 2 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.web.de/runonce
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {1AA803F4-CD29-4604-B1A5-1A1D7ECA7015} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {1AA803F4-CD29-4604-B1A5-1A1D7ECA7015} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=sb&qsrc=2869
SearchScopes: HKCU - {BBB3829B-6ADC-4B83-8464-BBC45634CE94} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {D4607F03-416A-4727-9CCC-CCC0952AE5B8} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
S4 serviceIEConfig; C:\Windows\System32\ieconfig_1und1_svc.exe [662416 2009-11-07] (mquadr.at softwareengineering und consulting gmbh)
R3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2014-02-03 22:30 - 2014-02-03 22:30 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-03 22:29 - 2014-02-03 22:29 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\1\Downloads\SpyHunter-Installer.exe
2014-02-03 22:06 - 2014-02-03 22:06 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Aniol\Downloads\SpyHunter-Installer.exe
2014-02-03 22:13 - 2014-02-10 21:36 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
AlternateDataStreams: C:\ProgramData\TEMP:834DD57E
AlternateDataStreams: C:\ProgramData\TEMP:C980DA7D
C:\Users\Aniol\AppData\Roaming\skype.ini
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 3 ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
Gibt es noch Probleme mit dem Rechner? Poste folgende Logfiles in deiner nächsten Antwort:
__________________ Gruß, Jonas |
|
13.02.2014, 23:20
| #6 |
| | TRojan.Betabot Activity 3 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-02-2014 Ran by 1 at 2014-02-13 20:32:27 Run:1 Running from C:\Users\1\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.web.de/runonce HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {1AA803F4-CD29-4604-B1A5-1A1D7ECA7015} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin SearchScopes: HKCU - {1AA803F4-CD29-4604-B1A5-1A1D7ECA7015} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=sb&qsrc=2869 SearchScopes: HKCU - {BBB3829B-6ADC-4B83-8464-BBC45634CE94} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin SearchScopes: HKCU - {D4607F03-416A-4727-9CCC-CCC0952AE5B8} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin S4 serviceIEConfig; C:\Windows\System32\ieconfig_1und1_svc.exe [662416 2009-11-07] (mquadr.at softwareengineering und consulting gmbh) R3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] 2014-02-03 22:30 - 2014-02-03 22:30 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-02-03 22:29 - 2014-02-03 22:29 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\1\Downloads\SpyHunter-Installer.exe 2014-02-03 22:06 - 2014-02-03 22:06 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Aniol\Downloads\SpyHunter-Installer.exe 2014-02-03 22:13 - 2014-02-10 21:36 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP AlternateDataStreams: C:\ProgramData\TEMP:834DD57E AlternateDataStreams: C:\ProgramData\TEMP:C980DA7D C:\Users\Aniol\AppData\Roaming\skype.ini ***************** HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\First Home Page => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1AA803F4-CD29-4604-B1A5-1A1D7ECA7015} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{1AA803F4-CD29-4604-B1A5-1A1D7ECA7015} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BBB3829B-6ADC-4B83-8464-BBC45634CE94} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{BBB3829B-6ADC-4B83-8464-BBC45634CE94} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D4607F03-416A-4727-9CCC-CCC0952AE5B8} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{D4607F03-416A-4727-9CCC-CCC0952AE5B8} => Key not found. serviceIEConfig => Service deleted successfully. esgiguard => Service deleted successfully. C:\Program Files\Enigma Software Group => Moved successfully. C:\Users\1\Downloads\SpyHunter-Installer.exe => Moved successfully. C:\Users\Aniol\Downloads\SpyHunter-Installer.exe => Moved successfully. C:\Windows\455F074C814E4520B69B5584BD90400C.TMP => Moved successfully. C:\ProgramData\TEMP => ":834DD57E" ADS removed successfully. C:\ProgramData\TEMP => ":C980DA7D" ADS removed successfully. C:\Users\Aniol\AppData\Roaming\skype.ini => Moved successfully. ==== End of Fixlog ==== sorry für die späte antwort war beruflich unterwegs der eset scan läuft gerade poste ich gleich zusammen mit dem frst scan ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=e0dd1ee12cc6c146bc41b38922df1006 # engine=17063 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-02-13 10:09:04 # local_time=2014-02-13 11:09:04 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=3591 16777213 100 93 606174 154925929 0 0 # compatibility_mode=5892 16776574 100 100 21368214 229862072 0 0 # scanned=192658 # found=3 # cleaned=0 # scan_time=9150 sh=7E2CD664CDB0CF9E06DB0EABE6143E3EF3591824 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Aniol\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\f59fdb-3bd6fb39" sh=66446326F6A774D9BBF64561E42A623684F237EF ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Aniol\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\2a7c4fbb-5e4c7937" sh=B626424CD4CF8F8A6E802F4AA475DE60D5E356CB ft=1 fh=c71c0011bc02fdfc vn="a variant of Win32/Injector.AMXL trojan" ac=I fn="D:\FILME\CCleaner 4 00 4064 (Final) + Crack\CCleaner.4.00.4064.(Final).+.Crack.exe" FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014
Ran by 1 (administrator) on ANIOL-PC on 13-02-2014 23:18:34
Running from C:\Users\1\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [X]
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - D:\Itunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4435968 2007-04-23] (Realtek Semiconductor)
HKU\.DEFAULT\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com)
Startup: C:\Users\Aniol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk
ShortcutTarget: Product Registration.lnk -> C:\Users\1\AppData\Local\Temp\is-IMSSM.tmp\ATR1.exe (No File)
==================== Internet (Whitelisted) ====================
HKLM\Software\Microsoft\Internet Explorer\Main,Update_Check_Page = Download Internet Explorer - Browser
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: WEB.DE Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} MSN Games - Free Online Games
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hpdt8sej.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - D:\Itunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @sony.com/ReaderDesktop - D:\Reader for pc\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - D:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - D:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - D:\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-05-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFF [2013-10-09]
========================== Services (Whitelisted) =================
S4 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1550896 2007-05-15] (Nero AG)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2008-06-05] ()
S4 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [107832 2008-06-05] ()
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
==================== Drivers (Whitelisted) ====================
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
S3 AVMUNET; C:\Windows\System32\DRIVERS\avmunet.sys [15104 2005-03-02] (AVM GmbH)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20140121.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB.sys [16896 2009-05-12] (Danish Wireless Design A/S)
S3 gdrv; C:\Windows\gdrv.sys [15600 2007-11-04] (Windows (R) 2000 DDK provider)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20140212.001\IDSvix86.sys [394456 2014-01-22] (Symantec Corporation)
R4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [118576 2007-05-15] (Nero AG)
R1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [37040 2007-05-15] (Nero AG)
U1 InCDrec; C:\Windows\system32\Drivers\InCDrec.sys [16304 2007-05-15] (Nero AG)
S1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [38576 2007-05-15] (Nero AG)
R0 JGOGO; C:\Windows\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron )
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [44928 2007-02-16] (JMicron Technology Corp.)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.)
S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys [17536 2006-10-09] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20140213.002\NAVENG.SYS [93272 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20140213.002\NAVEX15.SYS [1612376 2013-08-29] (Symantec Corporation)
R3 ovt530; C:\Windows\System32\Drivers\ov530vid.sys [161792 2005-03-15] (OmniVision Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-11-11] ()
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
S3 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2009-10-21] ()
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-19] (LG Electronics Inc.)
U3 ag379csh; C:\Windows\system32\Drivers\ag379csh.sys [0 ] (Microsoft Corporation)
S3 Afc; system32\drivers\Afc.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 dtwmnic5; system32\DRIVERS\dtwmnic5.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 UnlockerDriver5; D:\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-13 23:18 - 2014-02-13 23:18 - 00014968 _____ () C:\Users\1\Desktop\FRST.txt
2014-02-13 21:56 - 2014-02-13 21:56 - 00000000 ____D () C:\Users\1\AppData\Roaming\WinRAR
2014-02-13 20:34 - 2014-02-13 20:34 - 00000000 ____D () C:\Program Files\ESET
2014-02-13 20:33 - 2014-02-13 20:33 - 02347384 _____ (ESET) C:\Users\1\Downloads\esetsmartinstaller_enu.exe
2014-02-13 20:29 - 2014-02-13 20:29 - 00000000 ____D () C:\Users\1\Downloads\FRST-OlderVersion
2014-02-10 22:19 - 2014-02-10 22:20 - 00035186 _____ () C:\Users\1\Downloads\Addition.txt
2014-02-10 22:18 - 2014-02-13 23:18 - 00000000 ____D () C:\FRST
2014-02-10 22:18 - 2014-02-13 20:29 - 01141248 _____ (Farbar) C:\Users\1\Desktop\FRST.exe
2014-02-10 22:18 - 2014-02-10 22:20 - 00028584 _____ () C:\Users\1\Downloads\FRST.txt
2014-02-06 23:09 - 2014-02-13 21:41 - 00000000 ____D () C:\Users\1\AppData\Roaming\Skype
2014-02-06 21:41 - 2014-02-10 21:22 - 00000000 ____D () C:\AdwCleaner
2014-02-06 21:33 - 2014-02-06 21:33 - 01166132 _____ () C:\Users\1\Downloads\adwcleaner.exe
2014-02-06 21:14 - 2014-02-06 21:15 - 00000000 ____D () C:\Users\1\AppData\Roaming\Firstload
2014-02-06 21:14 - 2014-02-06 21:14 - 00000000 ____D () C:\Users\1\Documents\Firstload
2014-02-03 22:52 - 2014-02-13 23:03 - 00000000 ____D () C:\Users\1\AppData\Roaming\vlc
2014-02-03 22:51 - 2014-02-13 22:56 - 00028160 _____ () C:\Users\1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-03 22:51 - 2014-02-03 22:51 - 00000000 ____D () C:\Users\1\AppData\Roaming\T-Online
2014-02-03 22:29 - 2014-02-03 22:29 - 00000680 _____ () C:\Users\1\AppData\Local\d3d9caps.dat
2014-02-03 22:08 - 2014-02-03 22:08 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-02-03 21:56 - 2014-02-03 21:56 - 00033288 _____ () C:\{1CC20377-3E0C-4A61-9315-7DCAABADF80E}
2014-02-03 21:37 - 2014-02-06 22:46 - 00001952 _____ () C:\Windows\PFRO.log
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\1\AppData\Roaming\Macromedia
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\1\AppData\Roaming\Adobe
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\1\AppData\Local\Macromedia
2014-02-03 21:23 - 2014-02-03 21:23 - 00000000 ____D () C:\Users\1\AppData\Roaming\Mozilla
2014-02-03 21:23 - 2014-02-03 21:23 - 00000000 ____D () C:\Users\1\AppData\Local\Mozilla
2014-02-03 19:44 - 2014-02-03 19:44 - 00000000 ____D () C:\Users\1\AppData\Roaming\ATI
2014-02-03 19:44 - 2014-02-03 19:44 - 00000000 ____D () C:\Users\1\AppData\Local\ATI
2014-01-30 23:26 - 2014-01-30 23:26 - 00002608 _____ () C:\{B6EF3CC7-B2D2-4504-BE4F-71B12B1FE8C4}
2014-01-30 21:41 - 2014-01-30 21:41 - 00002088 _____ () C:\{06124B29-E47E-4E24-97E3-A6A106514E09}
2014-01-30 21:05 - 2014-01-30 21:05 - 107690016 _____ () C:\Windows\MEMORY.DMP
2014-01-30 21:05 - 2014-01-30 21:05 - 00137248 _____ () C:\Windows\Minidump\Mini013014-01.dmp
2014-01-20 19:20 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-20 19:20 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-20 19:20 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-20 19:20 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-20 19:19 - 2014-01-20 19:20 - 00005384 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
==================== One Month Modified Files and Folders =======
2014-02-13 23:18 - 2014-02-13 23:18 - 00014968 _____ () C:\Users\1\Desktop\FRST.txt
2014-02-13 23:18 - 2014-02-10 22:18 - 00000000 ____D () C:\FRST
2014-02-13 23:14 - 2007-11-05 19:19 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{06FDA24E-180F-4B01-AAFC-6F667AFEE44A}.job
2014-02-13 23:03 - 2014-02-03 22:52 - 00000000 ____D () C:\Users\1\AppData\Roaming\vlc
2014-02-13 22:57 - 2013-11-04 15:17 - 01058944 _____ () C:\Windows\WindowsUpdate.log
2014-02-13 22:56 - 2014-02-03 22:51 - 00028160 _____ () C:\Users\1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-13 22:37 - 2012-04-12 13:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-13 22:08 - 2006-11-02 13:47 - 00004176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-13 22:08 - 2006-11-02 13:47 - 00004176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-13 22:00 - 2009-07-26 19:28 - 00000000 ____D () C:\ProgramData\Skype
2014-02-13 21:56 - 2014-02-13 21:56 - 00000000 ____D () C:\Users\1\AppData\Roaming\WinRAR
2014-02-13 21:41 - 2014-02-06 23:09 - 00000000 ____D () C:\Users\1\AppData\Roaming\Skype
2014-02-13 20:34 - 2014-02-13 20:34 - 00000000 ____D () C:\Program Files\ESET
2014-02-13 20:33 - 2014-02-13 20:33 - 02347384 _____ (ESET) C:\Users\1\Downloads\esetsmartinstaller_enu.exe
2014-02-13 20:29 - 2014-02-13 20:29 - 00000000 ____D () C:\Users\1\Downloads\FRST-OlderVersion
2014-02-13 20:29 - 2014-02-10 22:18 - 01141248 _____ (Farbar) C:\Users\1\Desktop\FRST.exe
2014-02-13 20:08 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-11 06:53 - 2006-11-02 14:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-10 22:20 - 2014-02-10 22:19 - 00035186 _____ () C:\Users\1\Downloads\Addition.txt
2014-02-10 22:20 - 2014-02-10 22:18 - 00028584 _____ () C:\Users\1\Downloads\FRST.txt
2014-02-10 21:24 - 2012-05-03 14:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-10 21:22 - 2014-02-06 21:41 - 00000000 ____D () C:\AdwCleaner
2014-02-10 21:17 - 2013-05-24 14:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-06 23:16 - 2010-08-01 12:08 - 00000000 ____D () C:\Users\Aniol\AppData\Roaming\Skype
2014-02-06 23:09 - 2012-04-29 08:29 - 00002489 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-06 22:46 - 2014-02-03 21:37 - 00001952 _____ () C:\Windows\PFRO.log
2014-02-06 21:33 - 2014-02-06 21:33 - 01166132 _____ () C:\Users\1\Downloads\adwcleaner.exe
2014-02-06 21:15 - 2014-02-06 21:14 - 00000000 ____D () C:\Users\1\AppData\Roaming\Firstload
2014-02-06 21:14 - 2014-02-06 21:14 - 00000000 ____D () C:\Users\1\Documents\Firstload
2014-02-03 22:51 - 2014-02-03 22:51 - 00000000 ____D () C:\Users\1\AppData\Roaming\T-Online
2014-02-03 22:51 - 2013-06-11 14:17 - 00000000 ____D () C:\Users\1\AppData\Local\VirtualStore
2014-02-03 22:29 - 2014-02-03 22:29 - 00000680 _____ () C:\Users\1\AppData\Local\d3d9caps.dat
2014-02-03 22:08 - 2014-02-03 22:08 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-02-03 21:56 - 2014-02-03 21:56 - 00033288 _____ () C:\{1CC20377-3E0C-4A61-9315-7DCAABADF80E}
2014-02-03 21:47 - 2013-07-05 17:56 - 00000000 ____D () C:\Users\Aniol\AppData\Local\CrashDumps
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\1\AppData\Roaming\Macromedia
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\1\AppData\Roaming\Adobe
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\1\AppData\Local\Macromedia
2014-02-03 21:23 - 2014-02-03 21:23 - 00000000 ____D () C:\Users\1\AppData\Roaming\Mozilla
2014-02-03 21:23 - 2014-02-03 21:23 - 00000000 ____D () C:\Users\1\AppData\Local\Mozilla
2014-02-03 19:45 - 2013-06-11 14:18 - 00058384 _____ () C:\Users\1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-03 19:44 - 2014-02-03 19:44 - 00000000 ____D () C:\Users\1\AppData\Roaming\ATI
2014-02-03 19:44 - 2014-02-03 19:44 - 00000000 ____D () C:\Users\1\AppData\Local\ATI
2014-01-30 23:26 - 2014-01-30 23:26 - 00002608 _____ () C:\{B6EF3CC7-B2D2-4504-BE4F-71B12B1FE8C4}
2014-01-30 22:34 - 2012-06-05 18:54 - 00000000 ____D () C:\Users\Aniol\AppData\Roaming\vlc
2014-01-30 22:32 - 2007-11-04 21:35 - 00157184 _____ () C:\Users\Aniol\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-30 21:41 - 2014-01-30 21:41 - 00002088 _____ () C:\{06124B29-E47E-4E24-97E3-A6A106514E09}
2014-01-30 21:05 - 2014-01-30 21:05 - 107690016 _____ () C:\Windows\MEMORY.DMP
2014-01-30 21:05 - 2014-01-30 21:05 - 00137248 _____ () C:\Windows\Minidump\Mini013014-01.dmp
2014-01-30 21:05 - 2009-02-12 15:47 - 00000000 ____D () C:\Windows\Minidump
2014-01-27 20:29 - 2012-06-05 18:22 - 00000000 ____D () C:\Users\Aniol\AppData\Roaming\Firstload
2014-01-27 20:15 - 2007-11-03 21:35 - 00008944 _____ () C:\Users\Aniol\AppData\Local\d3d9caps.dat
2014-01-20 19:20 - 2014-01-20 19:19 - 00005384 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-20 19:20 - 2008-08-03 20:10 - 00000000 ____D () C:\Program Files\Java
2014-01-16 23:36 - 2013-08-15 20:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 23:34 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-14 22:20 - 2006-11-02 11:33 - 01597068 _____ () C:\Windows\system32\PerfStringBackup.INI
Some content of TEMP:
====================
C:\Users\1\AppData\Local\Temp\AskSLib.dll
C:\Users\1\AppData\Local\Temp\Quarantine.exe
C:\Users\1\AppData\Local\Temp\SHSetup.exe
C:\Users\Aniol\AppData\Local\Temp\icqsetup.exe
C:\Users\Aniol\AppData\Local\Temp\SHSetup.exe
C:\Users\Aniol\AppData\Local\Temp\uu-s5x8y.dll
C:\Users\Aniol\AppData\Local\Temp\v080qlmg.dll
C:\Users\Aniol\AppData\Local\Temp\z4rd43a6.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-13 20:14
==================== End Of Log ============================
--- --- --- --- --- --- Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-02-2014 Ran by 1 at 2014-02-13 20:32:27 Run:1 Running from C:\Users\1\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.web.de/runonce HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {1AA803F4-CD29-4604-B1A5-1A1D7ECA7015} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin SearchScopes: HKCU - {1AA803F4-CD29-4604-B1A5-1A1D7ECA7015} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=sb&qsrc=2869 SearchScopes: HKCU - {BBB3829B-6ADC-4B83-8464-BBC45634CE94} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin SearchScopes: HKCU - {D4607F03-416A-4727-9CCC-CCC0952AE5B8} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin S4 serviceIEConfig; C:\Windows\System32\ieconfig_1und1_svc.exe [662416 2009-11-07] (mquadr.at softwareengineering und consulting gmbh) R3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] 2014-02-03 22:30 - 2014-02-03 22:30 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-02-03 22:29 - 2014-02-03 22:29 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\1\Downloads\SpyHunter-Installer.exe 2014-02-03 22:06 - 2014-02-03 22:06 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Aniol\Downloads\SpyHunter-Installer.exe 2014-02-03 22:13 - 2014-02-10 21:36 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP AlternateDataStreams: C:\ProgramData\TEMP:834DD57E AlternateDataStreams: C:\ProgramData\TEMP:C980DA7D C:\Users\Aniol\AppData\Roaming\skype.ini ***************** HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\First Home Page => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1AA803F4-CD29-4604-B1A5-1A1D7ECA7015} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{1AA803F4-CD29-4604-B1A5-1A1D7ECA7015} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BBB3829B-6ADC-4B83-8464-BBC45634CE94} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{BBB3829B-6ADC-4B83-8464-BBC45634CE94} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D4607F03-416A-4727-9CCC-CCC0952AE5B8} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{D4607F03-416A-4727-9CCC-CCC0952AE5B8} => Key not found. serviceIEConfig => Service deleted successfully. esgiguard => Service deleted successfully. C:\Program Files\Enigma Software Group => Moved successfully. C:\Users\1\Downloads\SpyHunter-Installer.exe => Moved successfully. C:\Users\Aniol\Downloads\SpyHunter-Installer.exe => Moved successfully. C:\Windows\455F074C814E4520B69B5584BD90400C.TMP => Moved successfully. C:\ProgramData\TEMP => ":834DD57E" ADS removed successfully. C:\ProgramData\TEMP => ":C980DA7D" ADS removed successfully. C:\Users\Aniol\AppData\Roaming\skype.ini => Moved successfully. ==== End of Fixlog ==== ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=e0dd1ee12cc6c146bc41b38922df1006 # engine=17063 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-02-13 10:09:04 # local_time=2014-02-13 11:09:04 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=3591 16777213 100 93 606174 154925929 0 0 # compatibility_mode=5892 16776574 100 100 21368214 229862072 0 0 # scanned=192658 # found=3 # cleaned=0 # scan_time=9150 sh=7E2CD664CDB0CF9E06DB0EABE6143E3EF3591824 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Aniol\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\f59fdb-3bd6fb39" sh=66446326F6A774D9BBF64561E42A623684F237EF ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Aniol\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\2a7c4fbb-5e4c7937" sh=B626424CD4CF8F8A6E802F4AA475DE60D5E356CB ft=1 fh=c71c0011bc02fdfc vn="a variant of Win32/Injector.AMXL trojan" ac=I fn="D:\FILME\CCleaner 4 00 4064 (Final) + Crack\CCleaner.4.00.4064.(Final).+.Crack.exe" FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014
Ran by 1 (administrator) on ANIOL-PC on 13-02-2014 23:18:34
Running from C:\Users\1\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [X]
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - D:\Itunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4435968 2007-04-23] (Realtek Semiconductor)
HKU\.DEFAULT\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com)
Startup: C:\Users\Aniol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk
ShortcutTarget: Product Registration.lnk -> C:\Users\1\AppData\Local\Temp\is-IMSSM.tmp\ATR1.exe (No File)
==================== Internet (Whitelisted) ====================
HKLM\Software\Microsoft\Internet Explorer\Main,Update_Check_Page = Download Internet Explorer - Browser
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: WEB.DE Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} MSN Games - Free Online Games
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hpdt8sej.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - D:\Itunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @sony.com/ReaderDesktop - D:\Reader for pc\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - D:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - D:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - D:\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-05-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFF [2013-10-09]
========================== Services (Whitelisted) =================
S4 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1550896 2007-05-15] (Nero AG)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2008-06-05] ()
S4 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [107832 2008-06-05] ()
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
==================== Drivers (Whitelisted) ====================
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
S3 AVMUNET; C:\Windows\System32\DRIVERS\avmunet.sys [15104 2005-03-02] (AVM GmbH)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20140121.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB.sys [16896 2009-05-12] (Danish Wireless Design A/S)
S3 gdrv; C:\Windows\gdrv.sys [15600 2007-11-04] (Windows (R) 2000 DDK provider)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20140212.001\IDSvix86.sys [394456 2014-01-22] (Symantec Corporation)
R4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [118576 2007-05-15] (Nero AG)
R1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [37040 2007-05-15] (Nero AG)
U1 InCDrec; C:\Windows\system32\Drivers\InCDrec.sys [16304 2007-05-15] (Nero AG)
S1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [38576 2007-05-15] (Nero AG)
R0 JGOGO; C:\Windows\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron )
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [44928 2007-02-16] (JMicron Technology Corp.)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.)
S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys [17536 2006-10-09] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20140213.002\NAVENG.SYS [93272 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20140213.002\NAVEX15.SYS [1612376 2013-08-29] (Symantec Corporation)
R3 ovt530; C:\Windows\System32\Drivers\ov530vid.sys [161792 2005-03-15] (OmniVision Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-11-11] ()
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
S3 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2009-10-21] ()
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-19] (LG Electronics Inc.)
U3 ag379csh; C:\Windows\system32\Drivers\ag379csh.sys [0 ] (Microsoft Corporation)
S3 Afc; system32\drivers\Afc.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 dtwmnic5; system32\DRIVERS\dtwmnic5.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 UnlockerDriver5; D:\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-13 23:18 - 2014-02-13 23:18 - 00014968 _____ () C:\Users\1\Desktop\FRST.txt
2014-02-13 21:56 - 2014-02-13 21:56 - 00000000 ____D () C:\Users\1\AppData\Roaming\WinRAR
2014-02-13 20:34 - 2014-02-13 20:34 - 00000000 ____D () C:\Program Files\ESET
2014-02-13 20:33 - 2014-02-13 20:33 - 02347384 _____ (ESET) C:\Users\1\Downloads\esetsmartinstaller_enu.exe
2014-02-13 20:29 - 2014-02-13 20:29 - 00000000 ____D () C:\Users\1\Downloads\FRST-OlderVersion
2014-02-10 22:19 - 2014-02-10 22:20 - 00035186 _____ () C:\Users\1\Downloads\Addition.txt
2014-02-10 22:18 - 2014-02-13 23:18 - 00000000 ____D () C:\FRST
2014-02-10 22:18 - 2014-02-13 20:29 - 01141248 _____ (Farbar) C:\Users\1\Desktop\FRST.exe
2014-02-10 22:18 - 2014-02-10 22:20 - 00028584 _____ () C:\Users\1\Downloads\FRST.txt
2014-02-06 23:09 - 2014-02-13 21:41 - 00000000 ____D () C:\Users\1\AppData\Roaming\Skype
2014-02-06 21:41 - 2014-02-10 21:22 - 00000000 ____D () C:\AdwCleaner
2014-02-06 21:33 - 2014-02-06 21:33 - 01166132 _____ () C:\Users\1\Downloads\adwcleaner.exe
2014-02-06 21:14 - 2014-02-06 21:15 - 00000000 ____D () C:\Users\1\AppData\Roaming\Firstload
2014-02-06 21:14 - 2014-02-06 21:14 - 00000000 ____D () C:\Users\1\Documents\Firstload
2014-02-03 22:52 - 2014-02-13 23:03 - 00000000 ____D () C:\Users\1\AppData\Roaming\vlc
2014-02-03 22:51 - 2014-02-13 22:56 - 00028160 _____ () C:\Users\1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-03 22:51 - 2014-02-03 22:51 - 00000000 ____D () C:\Users\1\AppData\Roaming\T-Online
2014-02-03 22:29 - 2014-02-03 22:29 - 00000680 _____ () C:\Users\1\AppData\Local\d3d9caps.dat
2014-02-03 22:08 - 2014-02-03 22:08 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-02-03 21:56 - 2014-02-03 21:56 - 00033288 _____ () C:\{1CC20377-3E0C-4A61-9315-7DCAABADF80E}
2014-02-03 21:37 - 2014-02-06 22:46 - 00001952 _____ () C:\Windows\PFRO.log
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\1\AppData\Roaming\Macromedia
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\1\AppData\Roaming\Adobe
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\1\AppData\Local\Macromedia
2014-02-03 21:23 - 2014-02-03 21:23 - 00000000 ____D () C:\Users\1\AppData\Roaming\Mozilla
2014-02-03 21:23 - 2014-02-03 21:23 - 00000000 ____D () C:\Users\1\AppData\Local\Mozilla
2014-02-03 19:44 - 2014-02-03 19:44 - 00000000 ____D () C:\Users\1\AppData\Roaming\ATI
2014-02-03 19:44 - 2014-02-03 19:44 - 00000000 ____D () C:\Users\1\AppData\Local\ATI
2014-01-30 23:26 - 2014-01-30 23:26 - 00002608 _____ () C:\{B6EF3CC7-B2D2-4504-BE4F-71B12B1FE8C4}
2014-01-30 21:41 - 2014-01-30 21:41 - 00002088 _____ () C:\{06124B29-E47E-4E24-97E3-A6A106514E09}
2014-01-30 21:05 - 2014-01-30 21:05 - 107690016 _____ () C:\Windows\MEMORY.DMP
2014-01-30 21:05 - 2014-01-30 21:05 - 00137248 _____ () C:\Windows\Minidump\Mini013014-01.dmp
2014-01-20 19:20 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-20 19:20 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-20 19:20 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-20 19:20 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-20 19:19 - 2014-01-20 19:20 - 00005384 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
==================== One Month Modified Files and Folders =======
2014-02-13 23:18 - 2014-02-13 23:18 - 00014968 _____ () C:\Users\1\Desktop\FRST.txt
2014-02-13 23:18 - 2014-02-10 22:18 - 00000000 ____D () C:\FRST
2014-02-13 23:14 - 2007-11-05 19:19 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{06FDA24E-180F-4B01-AAFC-6F667AFEE44A}.job
2014-02-13 23:03 - 2014-02-03 22:52 - 00000000 ____D () C:\Users\1\AppData\Roaming\vlc
2014-02-13 22:57 - 2013-11-04 15:17 - 01058944 _____ () C:\Windows\WindowsUpdate.log
2014-02-13 22:56 - 2014-02-03 22:51 - 00028160 _____ () C:\Users\1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-13 22:37 - 2012-04-12 13:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-13 22:08 - 2006-11-02 13:47 - 00004176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-13 22:08 - 2006-11-02 13:47 - 00004176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-13 22:00 - 2009-07-26 19:28 - 00000000 ____D () C:\ProgramData\Skype
2014-02-13 21:56 - 2014-02-13 21:56 - 00000000 ____D () C:\Users\1\AppData\Roaming\WinRAR
2014-02-13 21:41 - 2014-02-06 23:09 - 00000000 ____D () C:\Users\1\AppData\Roaming\Skype
2014-02-13 20:34 - 2014-02-13 20:34 - 00000000 ____D () C:\Program Files\ESET
2014-02-13 20:33 - 2014-02-13 20:33 - 02347384 _____ (ESET) C:\Users\1\Downloads\esetsmartinstaller_enu.exe
2014-02-13 20:29 - 2014-02-13 20:29 - 00000000 ____D () C:\Users\1\Downloads\FRST-OlderVersion
2014-02-13 20:29 - 2014-02-10 22:18 - 01141248 _____ (Farbar) C:\Users\1\Desktop\FRST.exe
2014-02-13 20:08 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-11 06:53 - 2006-11-02 14:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-10 22:20 - 2014-02-10 22:19 - 00035186 _____ () C:\Users\1\Downloads\Addition.txt
2014-02-10 22:20 - 2014-02-10 22:18 - 00028584 _____ () C:\Users\1\Downloads\FRST.txt
2014-02-10 21:24 - 2012-05-03 14:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-10 21:22 - 2014-02-06 21:41 - 00000000 ____D () C:\AdwCleaner
2014-02-10 21:17 - 2013-05-24 14:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-06 23:16 - 2010-08-01 12:08 - 00000000 ____D () C:\Users\Aniol\AppData\Roaming\Skype
2014-02-06 23:09 - 2012-04-29 08:29 - 00002489 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-06 22:46 - 2014-02-03 21:37 - 00001952 _____ () C:\Windows\PFRO.log
2014-02-06 21:33 - 2014-02-06 21:33 - 01166132 _____ () C:\Users\1\Downloads\adwcleaner.exe
2014-02-06 21:15 - 2014-02-06 21:14 - 00000000 ____D () C:\Users\1\AppData\Roaming\Firstload
2014-02-06 21:14 - 2014-02-06 21:14 - 00000000 ____D () C:\Users\1\Documents\Firstload
2014-02-03 22:51 - 2014-02-03 22:51 - 00000000 ____D () C:\Users\1\AppData\Roaming\T-Online
2014-02-03 22:51 - 2013-06-11 14:17 - 00000000 ____D () C:\Users\1\AppData\Local\VirtualStore
2014-02-03 22:29 - 2014-02-03 22:29 - 00000680 _____ () C:\Users\1\AppData\Local\d3d9caps.dat
2014-02-03 22:08 - 2014-02-03 22:08 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-02-03 21:56 - 2014-02-03 21:56 - 00033288 _____ () C:\{1CC20377-3E0C-4A61-9315-7DCAABADF80E}
2014-02-03 21:47 - 2013-07-05 17:56 - 00000000 ____D () C:\Users\Aniol\AppData\Local\CrashDumps
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\1\AppData\Roaming\Macromedia
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\1\AppData\Roaming\Adobe
2014-02-03 21:25 - 2014-02-03 21:25 - 00000000 ____D () C:\Users\1\AppData\Local\Macromedia
2014-02-03 21:23 - 2014-02-03 21:23 - 00000000 ____D () C:\Users\1\AppData\Roaming\Mozilla
2014-02-03 21:23 - 2014-02-03 21:23 - 00000000 ____D () C:\Users\1\AppData\Local\Mozilla
2014-02-03 19:45 - 2013-06-11 14:18 - 00058384 _____ () C:\Users\1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-03 19:44 - 2014-02-03 19:44 - 00000000 ____D () C:\Users\1\AppData\Roaming\ATI
2014-02-03 19:44 - 2014-02-03 19:44 - 00000000 ____D () C:\Users\1\AppData\Local\ATI
2014-01-30 23:26 - 2014-01-30 23:26 - 00002608 _____ () C:\{B6EF3CC7-B2D2-4504-BE4F-71B12B1FE8C4}
2014-01-30 22:34 - 2012-06-05 18:54 - 00000000 ____D () C:\Users\Aniol\AppData\Roaming\vlc
2014-01-30 22:32 - 2007-11-04 21:35 - 00157184 _____ () C:\Users\Aniol\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-30 21:41 - 2014-01-30 21:41 - 00002088 _____ () C:\{06124B29-E47E-4E24-97E3-A6A106514E09}
2014-01-30 21:05 - 2014-01-30 21:05 - 107690016 _____ () C:\Windows\MEMORY.DMP
2014-01-30 21:05 - 2014-01-30 21:05 - 00137248 _____ () C:\Windows\Minidump\Mini013014-01.dmp
2014-01-30 21:05 - 2009-02-12 15:47 - 00000000 ____D () C:\Windows\Minidump
2014-01-27 20:29 - 2012-06-05 18:22 - 00000000 ____D () C:\Users\Aniol\AppData\Roaming\Firstload
2014-01-27 20:15 - 2007-11-03 21:35 - 00008944 _____ () C:\Users\Aniol\AppData\Local\d3d9caps.dat
2014-01-20 19:20 - 2014-01-20 19:19 - 00005384 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-20 19:20 - 2008-08-03 20:10 - 00000000 ____D () C:\Program Files\Java
2014-01-16 23:36 - 2013-08-15 20:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 23:34 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-14 22:20 - 2006-11-02 11:33 - 01597068 _____ () C:\Windows\system32\PerfStringBackup.INI
Some content of TEMP:
====================
C:\Users\1\AppData\Local\Temp\AskSLib.dll
C:\Users\1\AppData\Local\Temp\Quarantine.exe
C:\Users\1\AppData\Local\Temp\SHSetup.exe
C:\Users\Aniol\AppData\Local\Temp\icqsetup.exe
C:\Users\Aniol\AppData\Local\Temp\SHSetup.exe
C:\Users\Aniol\AppData\Local\Temp\uu-s5x8y.dll
C:\Users\Aniol\AppData\Local\Temp\v080qlmg.dll
C:\Users\Aniol\AppData\Local\Temp\z4rd43a6.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-13 20:14
==================== End Of Log ============================
--- --- --- Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-02-2014 Ran by 1 at 2014-02-13 20:32:27 Run:1 Running from C:\Users\1\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.web.de/runonce HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {1AA803F4-CD29-4604-B1A5-1A1D7ECA7015} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin SearchScopes: HKCU - {1AA803F4-CD29-4604-B1A5-1A1D7ECA7015} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=sb&qsrc=2869 SearchScopes: HKCU - {BBB3829B-6ADC-4B83-8464-BBC45634CE94} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin SearchScopes: HKCU - {D4607F03-416A-4727-9CCC-CCC0952AE5B8} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin S4 serviceIEConfig; C:\Windows\System32\ieconfig_1und1_svc.exe [662416 2009-11-07] (mquadr.at softwareengineering und consulting gmbh) R3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] 2014-02-03 22:30 - 2014-02-03 22:30 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-02-03 22:29 - 2014-02-03 22:29 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\1\Downloads\SpyHunter-Installer.exe 2014-02-03 22:06 - 2014-02-03 22:06 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Aniol\Downloads\SpyHunter-Installer.exe 2014-02-03 22:13 - 2014-02-10 21:36 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP AlternateDataStreams: C:\ProgramData\TEMP:834DD57E AlternateDataStreams: C:\ProgramData\TEMP:C980DA7D C:\Users\Aniol\AppData\Roaming\skype.ini ***************** HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\First Home Page => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1AA803F4-CD29-4604-B1A5-1A1D7ECA7015} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{1AA803F4-CD29-4604-B1A5-1A1D7ECA7015} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BBB3829B-6ADC-4B83-8464-BBC45634CE94} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{BBB3829B-6ADC-4B83-8464-BBC45634CE94} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D4607F03-416A-4727-9CCC-CCC0952AE5B8} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{D4607F03-416A-4727-9CCC-CCC0952AE5B8} => Key not found. serviceIEConfig => Service deleted successfully. esgiguard => Service deleted successfully. C:\Program Files\Enigma Software Group => Moved successfully. C:\Users\1\Downloads\SpyHunter-Installer.exe => Moved successfully. C:\Users\Aniol\Downloads\SpyHunter-Installer.exe => Moved successfully. C:\Windows\455F074C814E4520B69B5584BD90400C.TMP => Moved successfully. C:\ProgramData\TEMP => ":834DD57E" ADS removed successfully. C:\ProgramData\TEMP => ":C980DA7D" ADS removed successfully. C:\Users\Aniol\AppData\Roaming\skype.ini => Moved successfully. ==== End of Fixlog ==== |
|
14.02.2014, 19:30
| #7 | |||||||||
| /// Malwareteam | TRojan.Betabot Activity 3Zitat:
.Schritt 1 Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Updates Veraltete Software deinstalliere
Windows XP: Start -> Systemsteuerung -> Kategorieansicht auswählen (falls nicht voreingestellt) -> Softwareund wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7/8). Adobe Reader 11.0.06
Cleanup Falls du Malwarebytes Anti-Malware und den ESET Online Scanner nicht mehr behalten möchtest, kannst du diese über die Systemsteuerung deinstallieren. Ich empfehle dir, mindestens ein Programm zu behalten (näheres in den Tipps). Windows XP: Start --> Systemsteuerung --> Kategorieansicht auswählen (falls nicht voreingestellt) --> SoftwareDie Reihenfolge ist hier entscheidend.
In deinen Logfiles sehe ich keine schädlichen Einträge mehr, du bist in meinen Augen Clean. Für die Zukunft habe ich dir Tipps aufgeschrieben, damit du uns in nächster Zeit nicht mehr brauchst .Tipps - Frequently Asked Questions (FAQ)/Häufig gestellte Fragen Welcher Antivirenscanner ist der Beste?
Aber Updates muss ich immer installieren, oder?
Ok, muss ich auf etwas achten, wenn ich im Internet surfe?
Welche Programme sollte ich nicht verwenden?
Gibt es noch weitere Tipps, um mich zu schützen?
Wenn du die Arbeit des Trojaner-Boards unterstützen möchtest, kannst du gerne spenden .Ich wünsche dir eine schöne und malwarefreie Zeit  .
__________________ Gruß, Jonas |
|
17.02.2014, 14:58
| #8 |
| /// Malwareteam | TRojan.Betabot Activity 3 Hallo bachao, schön, dass wir dir helfen konnten  .Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht, damit erhalte ich keine Benachrichtungen über neue Antworten in diesem Thread. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder Andere bitte hier klicken und einen eigenen Thread erstellen.
__________________ Gruß, Jonas |
|
| Themen zu TRojan.Betabot Activity 3 |
| appdata, bericht, betriebssystem, browser, dateien, explorer, firefox, gelöscht, gen, google, home, internet, internet explorer, langsam, microsoft, mozilla, ordner, pc sehr langsam, registrierungsdatenbank, roaming, software, trojaner, vista, windows, windows vista, öffnet |
Linear-Darstellung
