![]() |
Plagegeister aller Art und deren Bekämpfung: bundestrojaner, abges. modus nicht möglichWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #1 |
| ![]() bundestrojaner, abges. modus nicht möglich hallo, ich habe mir blöderweise den Bundes(GVU) trojaner eingefangen. ich komme auch nicht mehr in den abgesicherten modus, wenn ich es auswähle, lädt er bis zu einem gewissen punkt und fährt dann wieder runter und im normalen modus wieder hoch und ich kann wiederr nichts auf dem desktop machen. ICh habe diesen post gefunden http://www.trojaner-board.de/132035-...ml#post1026550 und binb nun nach diesem vorgegangen. ich hab den scan mit frst schon durchgeührt Erster scan: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by SYSTEM on MININT-A1IG1QV on 21-03-2014 16:24:52 Running from G:\ Windows 7 Home Premium (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16395880 2009-10-03] (NVIDIA Corporation) HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-09] (Conexant Systems, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated) HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated) HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [262912 2009-08-20] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [Camera Assistant Software] - C:\Program Files (x86)\Video Web Camera\traybar.exe [600688 2009-10-01] (Chicony) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-01] (Dritek System Inc.) HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-09-21] (Apple Inc.) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\Default\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\PackardBell\run_PackardBel HKU\Default User\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\PackardBell\run_PackardBel HKU\Jenni\...\Run: [Akamai NetSession Interface] - C:\Users\Jenni\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.) HKU\Jenni\...\Run: [Spotify Web Helper] - C:\Users\Jenni\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-15] (Spotify Ltd) HKU\Jenni\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Users\Jenni\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=f45a006ca92847d29577d16f6b811e1a-0d2c6ae7cd0fdc05a335f8b48cb960b3d5b15849 /CMPID=1213b HKU\Jenni\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20728480 2014-01-14] (Skype Technologies S.A.) HKU\Jenni\...\Run: [Steam] - C:\me programme\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation) HKU\Jenni\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) HKU\Jenni\...\Policies\Explorer: [DisallowRun] 1 AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355040 2014-03-03] (Conduit) AppInit_DLLs: C:\PROGRA~3\WebTouch\WEBTOU~1.DLL => C:\ProgramData\WebTouch\WebTouch_x64.dll [4247040 2013-12-30] () AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-03-03] (Conduit) AppInit_DLLs-x32: c:\progra~3\webtouch\webtouch.dll => "c:\progra~3\webtouch\webtouch.dll" File Not Found Startup: C:\Users\Jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0j6gdi7.lnk ShortcutTarget: 0j6gdi7.lnk -> C:\ProgramData\7idg6j0.gsa () Startup: C:\Users\Jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\Jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\Jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk ShortcutTarget: net.lnk -> C:\Users\Jenni\AppData\Roaming\Windows Net Data\net.exe (Windows Net) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Services (Whitelisted) ================= S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.) S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-07-19] (Perfect World Entertainment Inc) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-23] (AVG Technologies CZ, s.r.o.) S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [397176 2012-08-16] (BlueStack Systems, Inc.) S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-08-16] (BlueStack Systems, Inc.) S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2454816 2014-03-03] (Conduit) S2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated) S2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated) S2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [62720 2009-08-20] (NewTech Infosystems, Inc.) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-30] () S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-03] (Acer) S2 Winmgmt; C:\ProgramData\0j6gdi7.faa [332532 2014-03-20] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.) S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.) S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-09-30] (AVG Technologies CZ, s.r.o.) S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-09] (AVG Technologies CZ, s.r.o.) S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.) S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [74616 2012-08-16] (BlueStack Systems) S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-21 16:24 - 2014-03-21 16:24 - 00000000 ____D () C:\FRST 2014-03-20 16:18 - 2014-03-21 06:40 - 95027928 ____T () C:\ProgramData\0j6gdi7.bbr 2014-03-20 16:18 - 2014-03-20 16:18 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\0j6gdi7.faa 2014-03-20 16:18 - 2014-03-20 16:18 - 00110592 _____ () C:\ProgramData\7idg6j0.gsa 2014-03-19 17:50 - 2014-03-19 17:50 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-03-19 17:49 - 2014-03-19 17:49 - 00283192 _____ (Mozilla) C:\Users\Jenni\Downloads\Firefox Setup Stub 28.0.exe 2014-03-19 17:17 - 2014-03-19 17:17 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-19 17:17 - 2014-03-19 17:17 - 00000000 _____ () C:\autoexec.bat 2014-03-19 17:15 - 2014-03-19 17:39 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP 2014-03-13 16:10 - 2014-02-28 22:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-03-13 16:10 - 2014-02-28 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-03-13 16:10 - 2014-02-28 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2014-03-13 16:10 - 2014-02-28 20:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-03-13 16:10 - 2014-02-28 20:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-03-13 16:10 - 2014-02-28 20:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2014-03-13 16:10 - 2014-02-28 20:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2014-03-13 16:10 - 2014-02-28 20:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2014-03-13 16:10 - 2014-02-28 20:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2014-03-13 16:10 - 2014-02-28 20:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2014-03-13 16:10 - 2014-02-28 20:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2014-03-13 16:10 - 2014-02-28 20:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2014-03-13 16:10 - 2014-02-28 20:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 16:10 - 2014-02-28 20:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2014-03-13 16:10 - 2014-02-28 20:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-03-13 16:10 - 2014-02-28 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-13 16:10 - 2014-02-28 20:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2014-03-13 16:10 - 2014-02-28 19:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-03-13 16:10 - 2014-02-28 19:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-13 16:10 - 2014-02-28 19:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-13 16:10 - 2014-02-28 19:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 16:10 - 2014-02-28 19:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 16:10 - 2014-02-28 19:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-13 16:10 - 2014-02-28 19:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-03-13 16:10 - 2014-02-28 19:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-13 16:10 - 2014-02-28 19:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-13 16:10 - 2014-02-28 19:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-13 16:10 - 2014-02-28 19:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-03-13 16:10 - 2014-02-28 19:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-03-13 16:10 - 2014-02-28 19:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-13 16:10 - 2014-02-28 19:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 16:10 - 2014-02-28 19:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-03-13 16:10 - 2014-02-28 19:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 16:10 - 2014-02-28 19:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-13 16:10 - 2014-02-28 18:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 16:10 - 2014-02-28 18:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-03-13 16:10 - 2014-02-28 18:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 16:10 - 2014-02-28 18:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 16:10 - 2014-02-28 18:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2014-03-13 16:10 - 2014-02-28 18:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-13 16:08 - 2014-02-06 17:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2014-03-13 16:08 - 2014-01-28 18:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll 2014-03-13 16:08 - 2014-01-28 18:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-13 16:08 - 2014-01-27 18:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2014-03-13 16:03 - 2014-02-03 18:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2014-03-13 16:03 - 2014-02-03 18:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll 2014-03-13 16:03 - 2014-02-03 18:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-13 16:03 - 2014-02-03 18:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 03:44 - 2014-03-13 03:44 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software 2014-03-13 03:44 - 2014-03-13 03:44 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software 2014-03-12 08:59 - 2014-03-12 08:59 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-03-06 08:24 - 2014-03-06 08:24 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect 2014-03-02 12:35 - 2014-03-02 12:35 - 00006144 ____H () C:\Users\Jenni\Desktop\photothumb.db 2014-02-28 07:34 - 2014-02-28 07:34 - 00000000 ____D () C:\Windows\de 2014-02-28 07:28 - 2014-02-28 07:28 - 00000000 ____D () C:\Program Files\Windows Live 2014-02-28 07:21 - 2014-02-28 07:21 - 00000360 _____ () C:\Windows\DirectX.log 2014-02-28 07:15 - 2014-02-28 07:57 - 00000000 ____D () C:\Users\Jenni\AppData\Local\Windows Live 2014-02-28 07:04 - 2014-02-28 07:04 - 01245376 _____ (Microsoft Corporation) C:\Users\Jenni\Downloads\wlsetup-web.exe 2014-02-28 06:58 - 2014-02-28 07:02 - 142602520 _____ (Microsoft Corporation) C:\Users\Jenni\Downloads\wlsetup-all_16.4.3508.0205.exe 2014-02-28 05:28 - 2014-02-28 05:28 - 00000000 ____D () C:\Users\Jenni\Documents\PC Speed Maximizer 2014-02-28 05:24 - 2014-02-28 05:24 - 00000000 ____D () C:\Users\Jenni\Documents\Optimizer Pro 2014-02-28 05:22 - 2014-03-06 08:25 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-02-28 05:22 - 2014-02-28 07:56 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer 2014-02-28 05:22 - 2014-02-28 06:43 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 2014-02-28 05:22 - 2014-02-28 05:35 - 00000000 ____D () C:\Fraps 2014-02-28 05:22 - 2014-02-28 05:23 - 00000000 ____D () C:\Users\Jenni\AppData\Local\SearchProtect 2014-02-28 05:22 - 2014-02-28 05:22 - 00000574 _____ () C:\Users\Public\Desktop\Fraps.lnk 2014-02-28 05:21 - 2014-02-28 05:21 - 00000000 ____D () C:\Users\Jenni\Downloads\Fraps_TSV14W5RV 2014-02-28 05:19 - 2014-02-28 05:19 - 00657576 _____ (Conduit) C:\Users\Jenni\Downloads\Fraps_TSV14W5RV.exe 2014-02-22 06:26 - 2014-03-21 06:10 - 00156100 _____ () C:\Windows\PFRO.log 2014-02-20 16:22 - 2014-02-20 16:43 - 00000000 ____D () C:\ProgramData\TTuBeAdblocKeR 2014-02-20 16:22 - 2014-02-20 16:22 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-02-20 16:22 - 2014-02-20 16:22 - 00000000 ____D () C:\ProgramData\dkpdnlnenoabajepnpjajmmeegcmcjhh 2014-02-19 12:19 - 2014-02-22 18:00 - 00016255 _____ () C:\Users\Jenni\Desktop\Gildenübersicht.xlsx 2014-02-19 10:47 - 2014-02-19 12:17 - 00015914 _____ () C:\Users\Jenni\Downloads\Gildenübersicht.xlsx 2014-02-19 09:38 - 2014-02-19 09:38 - 00005878 _____ () C:\Users\Jenni\Downloads\Mitgliederliste Vespera.ods ==================== One Month Modified Files and Folders ======= 2014-03-21 16:24 - 2014-03-21 16:24 - 00000000 ____D () C:\FRST 2014-03-21 06:40 - 2014-03-20 16:18 - 95027928 ____T () C:\ProgramData\0j6gdi7.bbr 2014-03-21 06:39 - 2014-02-14 08:26 - 00026880 _____ () C:\Windows\setupact.log 2014-03-21 06:39 - 2013-01-22 08:53 - 00000388 ____H () C:\Windows\Tasks\{5AA22384-1FF1-4676-BA9B-EFBF7EFECE99}.job 2014-03-21 06:39 - 2013-01-13 15:14 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-21 06:39 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-21 06:34 - 2014-02-12 06:34 - 00000000 ____D () C:\Users\Jenni\AppData\Roaming\Skype 2014-03-21 06:31 - 2009-11-13 03:02 - 01912246 _____ () C:\Windows\WindowsUpdate.log 2014-03-21 06:30 - 2012-08-27 06:22 - 00000000 ___RD () C:\Users\Jenni\Dropbox 2014-03-21 06:30 - 2012-08-27 06:21 - 00000000 ____D () C:\Users\Jenni\AppData\Roaming\Dropbox 2014-03-21 06:14 - 2009-07-13 20:45 - 00017376 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-21 06:14 - 2009-07-13 20:45 - 00017376 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-21 06:10 - 2014-02-22 06:26 - 00156100 _____ () C:\Windows\PFRO.log 2014-03-21 06:10 - 2012-07-02 10:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-21 06:08 - 2013-02-04 17:46 - 00000000 ____D () C:\Users\Jenni\AppData\Roaming\Spotify 2014-03-21 06:05 - 2013-01-13 15:14 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-21 06:03 - 2014-01-06 13:29 - 00000000 ____D () C:\ProgramData\MFAData 2014-03-21 05:59 - 2012-07-13 12:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-20 16:18 - 2014-03-20 16:18 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\0j6gdi7.faa 2014-03-20 16:18 - 2014-03-20 16:18 - 00110592 _____ () C:\ProgramData\7idg6j0.gsa 2014-03-20 13:03 - 2012-06-24 05:27 - 00000000 ____D () C:\Users\Jenni\AppData\Roaming\TS3Client 2014-03-19 17:50 - 2014-03-19 17:50 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-03-19 17:50 - 2014-02-15 03:05 - 00000000 ____D () C:\Program Files (x86)\mozilla firefox 2014-03-19 17:49 - 2014-03-19 17:49 - 00283192 _____ (Mozilla) C:\Users\Jenni\Downloads\Firefox Setup Stub 28.0.exe 2014-03-19 17:39 - 2014-03-19 17:15 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP 2014-03-19 17:17 - 2014-03-19 17:17 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-19 17:17 - 2014-03-19 17:17 - 00000000 _____ () C:\autoexec.bat 2014-03-19 13:58 - 2013-02-04 17:47 - 00000000 ____D () C:\Users\Jenni\AppData\Local\Spotify 2014-03-19 13:50 - 2013-08-15 03:35 - 00000000 ____D () C:\Windows\System32\MRT 2014-03-19 13:46 - 2011-01-30 12:31 - 90015360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-03-17 05:30 - 2012-06-24 05:26 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client 2014-03-14 09:47 - 2009-07-13 20:45 - 00370184 _____ () C:\Windows\System32\FNTCACHE.DAT 2014-03-14 09:45 - 2013-03-13 18:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 09:45 - 2013-03-13 18:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-13 03:44 - 2014-03-13 03:44 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software 2014-03-13 03:44 - 2014-03-13 03:44 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software 2014-03-13 03:44 - 2014-01-06 13:36 - 00000993 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-03-12 09:00 - 2012-07-13 12:31 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-12 09:00 - 2012-06-23 10:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-12 09:00 - 2011-06-02 08:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-12 08:59 - 2014-03-12 08:59 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-03-12 06:32 - 2013-03-26 03:00 - 00000000 ____D () C:\Users\Jenni\Documents\ABew 2014-03-06 08:25 - 2014-02-28 05:22 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-03-06 08:24 - 2014-03-06 08:24 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect 2014-03-02 12:35 - 2014-03-02 12:35 - 00006144 ____H () C:\Users\Jenni\Desktop\photothumb.db 2014-02-28 22:05 - 2014-03-13 16:10 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-02-28 21:17 - 2014-03-13 16:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-02-28 21:16 - 2014-03-13 16:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2014-02-28 20:58 - 2014-03-13 16:10 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-02-28 20:52 - 2014-03-13 16:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-02-28 20:51 - 2014-03-13 16:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2014-02-28 20:42 - 2014-03-13 16:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2014-02-28 20:40 - 2014-03-13 16:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2014-02-28 20:37 - 2014-03-13 16:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2014-02-28 20:33 - 2014-03-13 16:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2014-02-28 20:33 - 2014-03-13 16:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2014-02-28 20:32 - 2014-03-13 16:10 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2014-02-28 20:30 - 2014-03-13 16:10 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-28 20:23 - 2014-03-13 16:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2014-02-28 20:17 - 2014-03-13 16:10 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-02-28 20:11 - 2014-03-13 16:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-28 20:02 - 2014-03-13 16:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2014-02-28 19:54 - 2014-03-13 16:10 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-02-28 19:52 - 2014-03-13 16:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-28 19:51 - 2014-03-13 16:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-28 19:47 - 2014-03-13 16:10 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-28 19:43 - 2014-03-13 16:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-28 19:43 - 2014-03-13 16:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-28 19:42 - 2014-03-13 16:10 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-02-28 19:40 - 2014-03-13 16:10 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-28 19:38 - 2014-03-13 16:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-28 19:37 - 2014-03-13 16:10 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-28 19:35 - 2014-03-13 16:10 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-02-28 19:18 - 2014-03-13 16:10 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-02-28 19:16 - 2014-03-13 16:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-28 19:14 - 2014-03-13 16:10 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-28 19:10 - 2014-03-13 16:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-02-28 19:03 - 2014-03-13 16:10 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-28 19:00 - 2014-03-13 16:10 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-28 18:57 - 2014-03-13 16:10 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-28 18:38 - 2014-03-13 16:10 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-02-28 18:32 - 2014-03-13 16:10 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-28 18:27 - 2014-03-13 16:10 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-28 18:25 - 2014-03-13 16:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2014-02-28 18:25 - 2014-03-13 16:10 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-28 07:57 - 2014-02-28 07:15 - 00000000 ____D () C:\Users\Jenni\AppData\Local\Windows Live 2014-02-28 07:56 - 2014-02-28 05:22 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer 2014-02-28 07:56 - 2013-12-22 21:46 - 00000000 ____D () C:\Program Files (x86)\Wondershare 2014-02-28 07:54 - 2013-01-01 10:20 - 00000000 ____D () C:\Program Files (x86)\Freeciv-2.1.6-gtk2 2014-02-28 07:34 - 2014-02-28 07:34 - 00000000 ____D () C:\Windows\de 2014-02-28 07:32 - 2009-11-13 03:18 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-02-28 07:28 - 2014-02-28 07:28 - 00000000 ____D () C:\Program Files\Windows Live 2014-02-28 07:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-02-28 07:21 - 2014-02-28 07:21 - 00000360 _____ () C:\Windows\DirectX.log 2014-02-28 07:04 - 2014-02-28 07:04 - 01245376 _____ (Microsoft Corporation) C:\Users\Jenni\Downloads\wlsetup-web.exe 2014-02-28 07:02 - 2014-02-28 06:58 - 142602520 _____ (Microsoft Corporation) C:\Users\Jenni\Downloads\wlsetup-all_16.4.3508.0205.exe 2014-02-28 06:43 - 2014-02-28 05:22 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 2014-02-28 05:35 - 2014-02-28 05:22 - 00000000 ____D () C:\Fraps 2014-02-28 05:28 - 2014-02-28 05:28 - 00000000 ____D () C:\Users\Jenni\Documents\PC Speed Maximizer 2014-02-28 05:24 - 2014-02-28 05:24 - 00000000 ____D () C:\Users\Jenni\Documents\Optimizer Pro 2014-02-28 05:23 - 2014-02-28 05:22 - 00000000 ____D () C:\Users\Jenni\AppData\Local\SearchProtect 2014-02-28 05:22 - 2014-02-28 05:22 - 00000574 _____ () C:\Users\Public\Desktop\Fraps.lnk 2014-02-28 05:21 - 2014-02-28 05:21 - 00000000 ____D () C:\Users\Jenni\Downloads\Fraps_TSV14W5RV 2014-02-28 05:19 - 2014-02-28 05:19 - 00657576 _____ (Conduit) C:\Users\Jenni\Downloads\Fraps_TSV14W5RV.exe 2014-02-22 18:00 - 2014-02-19 12:19 - 00016255 _____ () C:\Users\Jenni\Desktop\Gildenübersicht.xlsx 2014-02-20 16:43 - 2014-02-20 16:22 - 00000000 ____D () C:\ProgramData\TTuBeAdblocKeR 2014-02-20 16:22 - 2014-02-20 16:22 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-02-20 16:22 - 2014-02-20 16:22 - 00000000 ____D () C:\ProgramData\dkpdnlnenoabajepnpjajmmeegcmcjhh 2014-02-20 16:22 - 2013-12-31 17:40 - 00000000 ____D () C:\ProgramData\b2825e0011eb9fe 2014-02-20 16:22 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\System32\GroupPolicy 2014-02-19 12:19 - 2013-10-26 23:38 - 00000000 ____D () C:\Users\Jenni\Documents\Excel 2014-02-19 12:17 - 2014-02-19 10:47 - 00015914 _____ () C:\Users\Jenni\Downloads\Gildenübersicht.xlsx 2014-02-19 09:38 - 2014-02-19 09:38 - 00005878 _____ () C:\Users\Jenni\Downloads\Mitgliederliste Vespera.ods 2014-02-19 04:04 - 2014-02-18 05:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird Files to move or delete: ==================== C:\Windows\Tasks\{5AA22384-1FF1-4676-BA9B-EFBF7EFECE99}.job Some content of TEMP: ==================== C:\Users\Jenni\AppData\Local\Temp\nsl4B85.exe C:\Users\Jenni\AppData\Local\Temp\nsq54C9.exe C:\Users\Jenni\AppData\Local\Temp\nsr1425.exe C:\Users\Jenni\AppData\Local\Temp\nsr1B28.exe C:\Users\Jenni\AppData\Local\Temp\pcspeedmaxsetup.exe C:\Users\Jenni\AppData\Local\Temp\SHSetup.exe C:\Users\Jenni\AppData\Local\Temp\SPSetup.exe C:\Users\Jenni\AppData\Local\Temp\~+JF669828932335508636.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2014-02-28 07:18:29 Restore point made on: 2014-02-28 07:20:44 Restore point made on: 2014-02-28 07:22:53 Restore point made on: 2014-02-28 07:24:51 Restore point made on: 2014-02-28 07:28:32 Restore point made on: 2014-03-01 04:36:28 Restore point made on: 2014-03-11 12:03:18 Restore point made on: 2014-03-11 13:07:18 Restore point made on: 2014-03-14 05:21:30 Restore point made on: 2014-03-19 13:45:39 Restore point made on: 2014-03-19 17:16:34 Restore point made on: 2014-03-19 17:30:13 Restore point made on: 2014-03-19 17:32:52 ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 4090.93 MB Available physical RAM: 3355.97 MB Total Pagefile: 4089.08 MB Available Pagefile: 3357.32 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:286.27 GB) (Free:54.46 GB) NTFS Drive e: (PQSERVICE) (Fixed) (Total:11.72 GB) (Free:2.49 GB) NTFS Drive g: () (Removable) (Total:7.49 GB) (Free:7.48 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 97969796) Partition 1: (Not Active) - (Size=12 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 8 GB) (Disk ID: 0042D5AE) Partition 1: (Active) - (Size=7 GB) - (Type=0B) LastRegBack: 2014-02-14 09:59 ==================== End Of Log ============================ Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by SYSTEM at 2014-03-21 16:39:00 Run:1 Running from G:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [x] HKLM-x32\...\Run: [Sweetpacks Communicator] - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.) HKU\Jason\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Jason\AppData\Local\Temp\qtwfkjkvgwxcqrffj.exe [55296 2013-07-15] (NVIDIA Corporation) <===== ATTENTION HKU\Jason\...\Winlogon: [Shell] cmd.exe [344576 2009-07-13] (Microsoft Corporation) <==== ATTENTION HKU\Jason\...\Command Processor: "C:\Users\Jason\AppData\Local\Temp\qtwfkjkvgwxcqrffj.exe" <===== ATTENTION! 2013-07-15 20:19 - 2013-07-15 20:19 - 01084737 _____ C:\ProgramData\2433f433 2013-07-15 20:19 - 2013-07-15 20:19 - 01084723 _____ C:\Users\Jason\AppData\Local\2433f433 2013-07-15 20:19 - 2013-07-15 20:19 - 01084706 _____ C:\Users\Jason\AppData\Roaming\2433f433 2013-06-28 14:51 - 2013-06-28 14:51 - 00000004 _____ C:\Users\Jason\AppData\Roaming\skype.ini C:\Users\Jason\AppData\Local\Temp\qtwfkjkvgwxcqrffj.exe C:\Windows\Installer\{3e72d9c3-89be-4ac9-acc4-ecec699b634d}\L C:\Windows\Installer\{3e72d9c3-89be-4ac9-acc4-ecec699b634d}\L\00000004.@ C:\Windows\Installer\{3e72d9c3-89be-4ac9-acc4-ecec699b634d}\L\201d3dde C:\Users\Jason\AppData\Local\{3e72d9c3-89be-4ac9-acc4-ecec699b634d}\L C:\Users\Jason\AppData\Roaming\skype.ini C:\ProgramData\to_r0tsef.pad C:\ProgramData\pmt_0piot.pad C:\ProgramData\ldsw_0paos.pad C:\ProgramData\79879354.pad C:\ProgramData\682757624.pad C:\ProgramData\345818429.pad ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator => Value not found. HKU\Jason\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value not found. HKU\Jason\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found. HKU\Jason\Software\Microsoft\Command Processor\\AutoRun => Value not found. "C:\ProgramData\2433f433" => File/Directory not found. "C:\Users\Jason\AppData\Local\2433f433" => File/Directory not found. "C:\Users\Jason\AppData\Roaming\2433f433" => File/Directory not found. "C:\Users\Jason\AppData\Roaming\skype.ini" => File/Directory not found. "C:\Users\Jason\AppData\Local\Temp\qtwfkjkvgwxcqrffj.exe" => File/Directory not found. "C:\Windows\Installer\{3e72d9c3-89be-4ac9-acc4-ecec699b634d}\L" => File/Directory not found. "C:\Windows\Installer\{3e72d9c3-89be-4ac9-acc4-ecec699b634d}\L\00000004.@" => File/Directory not found. "C:\Windows\Installer\{3e72d9c3-89be-4ac9-acc4-ecec699b634d}\L\201d3dde" => File/Directory not found. "C:\Users\Jason\AppData\Local\{3e72d9c3-89be-4ac9-acc4-ecec699b634d}\L" => File/Directory not found. "C:\Users\Jason\AppData\Roaming\skype.ini" => File/Directory not found. "C:\ProgramData\to_r0tsef.pad" => File/Directory not found. "C:\ProgramData\pmt_0piot.pad" => File/Directory not found. "C:\ProgramData\ldsw_0paos.pad" => File/Directory not found. "C:\ProgramData\79879354.pad" => File/Directory not found. "C:\ProgramData\682757624.pad" => File/Directory not found. "C:\ProgramData\345818429.pad" => File/Directory not found. ==== End of Fixlog ==== könnte bitte jmd helfen |
![]() | #2 |
/// the machine /// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() bundestrojaner, abges. modus nicht möglich wer hat den fix gebaut? Frisches FRST log bitte.
__________________ |
![]() | #3 |
| ![]() bundestrojaner, abges. modus nicht möglich der fix wurde von jmd hier im Forum gepostet, bei einem beitrag (finde ich gerade nicht mehr, schon zuviel nachgesehn)
__________________frst log=der erste scan? den nochmal durchführen? das wäre der scan dann nochmal, von gerade eben: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by SYSTEM on MININT-6K5KKCD on 21-03-2014 17:49:38 Running from G:\ Windows 7 Home Premium (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16395880 2009-10-03] (NVIDIA Corporation) HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-09] (Conexant Systems, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated) HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated) HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [262912 2009-08-20] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [Camera Assistant Software] - C:\Program Files (x86)\Video Web Camera\traybar.exe [600688 2009-10-01] (Chicony) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-01] (Dritek System Inc.) HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-09-21] (Apple Inc.) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\Default\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\PackardBell\run_PackardBel HKU\Default User\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\PackardBell\run_PackardBel HKU\Jenni\...\Run: [Akamai NetSession Interface] - C:\Users\Jenni\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.) HKU\Jenni\...\Run: [Spotify Web Helper] - C:\Users\Jenni\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-15] (Spotify Ltd) HKU\Jenni\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Users\Jenni\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=f45a006ca92847d29577d16f6b811e1a-0d2c6ae7cd0fdc05a335f8b48cb960b3d5b15849 /CMPID=1213b HKU\Jenni\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20728480 2014-01-14] (Skype Technologies S.A.) HKU\Jenni\...\Run: [Steam] - C:\me programme\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation) HKU\Jenni\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) HKU\Jenni\...\Policies\Explorer: [DisallowRun] 1 AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355040 2014-03-03] (Conduit) AppInit_DLLs: C:\PROGRA~3\WebTouch\WEBTOU~1.DLL => C:\ProgramData\WebTouch\WebTouch_x64.dll [4247040 2013-12-30] () AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-03-03] (Conduit) AppInit_DLLs-x32: c:\progra~3\webtouch\webtouch.dll => "c:\progra~3\webtouch\webtouch.dll" File Not Found Startup: C:\Users\Jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0j6gdi7.lnk ShortcutTarget: 0j6gdi7.lnk -> C:\ProgramData\7idg6j0.gsa () Startup: C:\Users\Jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\Jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\Jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk ShortcutTarget: net.lnk -> C:\Users\Jenni\AppData\Roaming\Windows Net Data\net.exe (Windows Net) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Services (Whitelisted) ================= S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.) S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-07-19] (Perfect World Entertainment Inc) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-23] (AVG Technologies CZ, s.r.o.) S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [397176 2012-08-16] (BlueStack Systems, Inc.) S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-08-16] (BlueStack Systems, Inc.) S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2454816 2014-03-03] (Conduit) S2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated) S2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated) S2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [62720 2009-08-20] (NewTech Infosystems, Inc.) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-30] () S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-03] (Acer) S2 Winmgmt; C:\ProgramData\0j6gdi7.faa [332532 2014-03-20] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.) S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.) S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-09-30] (AVG Technologies CZ, s.r.o.) S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-09] (AVG Technologies CZ, s.r.o.) S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.) S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [74616 2012-08-16] (BlueStack Systems) S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-21 16:24 - 2014-03-21 17:49 - 00000000 ____D () C:\FRST 2014-03-20 16:18 - 2014-03-21 07:44 - 95027928 ____T () C:\ProgramData\0j6gdi7.bbr 2014-03-20 16:18 - 2014-03-20 16:18 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\0j6gdi7.faa 2014-03-20 16:18 - 2014-03-20 16:18 - 00110592 _____ () C:\ProgramData\7idg6j0.gsa 2014-03-19 17:50 - 2014-03-19 17:50 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-03-19 17:49 - 2014-03-19 17:49 - 00283192 _____ (Mozilla) C:\Users\Jenni\Downloads\Firefox Setup Stub 28.0.exe 2014-03-19 17:17 - 2014-03-19 17:17 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-19 17:17 - 2014-03-19 17:17 - 00000000 _____ () C:\autoexec.bat 2014-03-19 17:15 - 2014-03-19 17:39 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP 2014-03-13 16:10 - 2014-02-28 22:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-03-13 16:10 - 2014-02-28 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-03-13 16:10 - 2014-02-28 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2014-03-13 16:10 - 2014-02-28 20:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-03-13 16:10 - 2014-02-28 20:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-03-13 16:10 - 2014-02-28 20:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2014-03-13 16:10 - 2014-02-28 20:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2014-03-13 16:10 - 2014-02-28 20:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2014-03-13 16:10 - 2014-02-28 20:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2014-03-13 16:10 - 2014-02-28 20:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2014-03-13 16:10 - 2014-02-28 20:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2014-03-13 16:10 - 2014-02-28 20:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2014-03-13 16:10 - 2014-02-28 20:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 16:10 - 2014-02-28 20:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2014-03-13 16:10 - 2014-02-28 20:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-03-13 16:10 - 2014-02-28 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-13 16:10 - 2014-02-28 20:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2014-03-13 16:10 - 2014-02-28 19:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-03-13 16:10 - 2014-02-28 19:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-13 16:10 - 2014-02-28 19:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-13 16:10 - 2014-02-28 19:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 16:10 - 2014-02-28 19:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 16:10 - 2014-02-28 19:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-13 16:10 - 2014-02-28 19:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-03-13 16:10 - 2014-02-28 19:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-13 16:10 - 2014-02-28 19:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-13 16:10 - 2014-02-28 19:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-13 16:10 - 2014-02-28 19:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-03-13 16:10 - 2014-02-28 19:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-03-13 16:10 - 2014-02-28 19:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-13 16:10 - 2014-02-28 19:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 16:10 - 2014-02-28 19:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-03-13 16:10 - 2014-02-28 19:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 16:10 - 2014-02-28 19:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-13 16:10 - 2014-02-28 18:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 16:10 - 2014-02-28 18:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-03-13 16:10 - 2014-02-28 18:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 16:10 - 2014-02-28 18:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 16:10 - 2014-02-28 18:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2014-03-13 16:10 - 2014-02-28 18:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-13 16:08 - 2014-02-06 17:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2014-03-13 16:08 - 2014-01-28 18:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll 2014-03-13 16:08 - 2014-01-28 18:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-13 16:08 - 2014-01-27 18:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2014-03-13 16:03 - 2014-02-03 18:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2014-03-13 16:03 - 2014-02-03 18:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll 2014-03-13 16:03 - 2014-02-03 18:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-13 16:03 - 2014-02-03 18:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 03:44 - 2014-03-13 03:44 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software 2014-03-13 03:44 - 2014-03-13 03:44 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software 2014-03-12 08:59 - 2014-03-12 08:59 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-03-06 08:24 - 2014-03-06 08:24 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect 2014-03-02 12:35 - 2014-03-02 12:35 - 00006144 ____H () C:\Users\Jenni\Desktop\photothumb.db 2014-02-28 07:34 - 2014-02-28 07:34 - 00000000 ____D () C:\Windows\de 2014-02-28 07:28 - 2014-02-28 07:28 - 00000000 ____D () C:\Program Files\Windows Live 2014-02-28 07:21 - 2014-02-28 07:21 - 00000360 _____ () C:\Windows\DirectX.log 2014-02-28 07:15 - 2014-02-28 07:57 - 00000000 ____D () C:\Users\Jenni\AppData\Local\Windows Live 2014-02-28 07:04 - 2014-02-28 07:04 - 01245376 _____ (Microsoft Corporation) C:\Users\Jenni\Downloads\wlsetup-web.exe 2014-02-28 06:58 - 2014-02-28 07:02 - 142602520 _____ (Microsoft Corporation) C:\Users\Jenni\Downloads\wlsetup-all_16.4.3508.0205.exe 2014-02-28 05:28 - 2014-02-28 05:28 - 00000000 ____D () C:\Users\Jenni\Documents\PC Speed Maximizer 2014-02-28 05:24 - 2014-02-28 05:24 - 00000000 ____D () C:\Users\Jenni\Documents\Optimizer Pro 2014-02-28 05:22 - 2014-03-06 08:25 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-02-28 05:22 - 2014-02-28 07:56 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer 2014-02-28 05:22 - 2014-02-28 06:43 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 2014-02-28 05:22 - 2014-02-28 05:35 - 00000000 ____D () C:\Fraps 2014-02-28 05:22 - 2014-02-28 05:23 - 00000000 ____D () C:\Users\Jenni\AppData\Local\SearchProtect 2014-02-28 05:22 - 2014-02-28 05:22 - 00000574 _____ () C:\Users\Public\Desktop\Fraps.lnk 2014-02-28 05:21 - 2014-02-28 05:21 - 00000000 ____D () C:\Users\Jenni\Downloads\Fraps_TSV14W5RV 2014-02-28 05:19 - 2014-02-28 05:19 - 00657576 _____ (Conduit) C:\Users\Jenni\Downloads\Fraps_TSV14W5RV.exe 2014-02-22 06:26 - 2014-03-21 06:10 - 00156100 _____ () C:\Windows\PFRO.log 2014-02-20 16:22 - 2014-02-20 16:43 - 00000000 ____D () C:\ProgramData\TTuBeAdblocKeR 2014-02-20 16:22 - 2014-02-20 16:22 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-02-20 16:22 - 2014-02-20 16:22 - 00000000 ____D () C:\ProgramData\dkpdnlnenoabajepnpjajmmeegcmcjhh 2014-02-19 12:19 - 2014-02-22 18:00 - 00016255 _____ () C:\Users\Jenni\Desktop\Gildenübersicht.xlsx 2014-02-19 10:47 - 2014-02-19 12:17 - 00015914 _____ () C:\Users\Jenni\Downloads\Gildenübersicht.xlsx 2014-02-19 09:38 - 2014-02-19 09:38 - 00005878 _____ () C:\Users\Jenni\Downloads\Mitgliederliste Vespera.ods ==================== One Month Modified Files and Folders ======= 2014-03-21 17:49 - 2014-03-21 16:24 - 00000000 ____D () C:\FRST 2014-03-21 08:20 - 2012-07-13 12:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-21 08:20 - 2009-11-13 03:02 - 01921363 _____ () C:\Windows\WindowsUpdate.log 2014-03-21 07:50 - 2009-07-13 20:45 - 00017376 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-21 07:50 - 2009-07-13 20:45 - 00017376 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-21 07:45 - 2014-02-12 06:34 - 00000000 ____D () C:\Users\Jenni\AppData\Roaming\Skype 2014-03-21 07:45 - 2012-08-27 06:21 - 00000000 ____D () C:\Users\Jenni\AppData\Roaming\Dropbox 2014-03-21 07:44 - 2014-03-20 16:18 - 95027928 ____T () C:\ProgramData\0j6gdi7.bbr 2014-03-21 07:43 - 2013-01-22 08:53 - 00000388 ____H () C:\Windows\Tasks\{5AA22384-1FF1-4676-BA9B-EFBF7EFECE99}.job 2014-03-21 07:43 - 2013-01-13 15:14 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-21 07:42 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-21 07:41 - 2014-02-14 08:26 - 00026936 _____ () C:\Windows\setupact.log 2014-03-21 06:30 - 2012-08-27 06:22 - 00000000 ___RD () C:\Users\Jenni\Dropbox 2014-03-21 06:10 - 2014-02-22 06:26 - 00156100 _____ () C:\Windows\PFRO.log 2014-03-21 06:10 - 2012-07-02 10:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-21 06:08 - 2013-02-04 17:46 - 00000000 ____D () C:\Users\Jenni\AppData\Roaming\Spotify 2014-03-21 06:05 - 2013-01-13 15:14 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-21 06:03 - 2014-01-06 13:29 - 00000000 ____D () C:\ProgramData\MFAData 2014-03-20 16:18 - 2014-03-20 16:18 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\0j6gdi7.faa 2014-03-20 16:18 - 2014-03-20 16:18 - 00110592 _____ () C:\ProgramData\7idg6j0.gsa 2014-03-20 13:03 - 2012-06-24 05:27 - 00000000 ____D () C:\Users\Jenni\AppData\Roaming\TS3Client 2014-03-19 17:50 - 2014-03-19 17:50 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-03-19 17:50 - 2014-02-15 03:05 - 00000000 ____D () C:\Program Files (x86)\mozilla firefox 2014-03-19 17:49 - 2014-03-19 17:49 - 00283192 _____ (Mozilla) C:\Users\Jenni\Downloads\Firefox Setup Stub 28.0.exe 2014-03-19 17:39 - 2014-03-19 17:15 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP 2014-03-19 17:17 - 2014-03-19 17:17 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-19 17:17 - 2014-03-19 17:17 - 00000000 _____ () C:\autoexec.bat 2014-03-19 13:58 - 2013-02-04 17:47 - 00000000 ____D () C:\Users\Jenni\AppData\Local\Spotify 2014-03-19 13:50 - 2013-08-15 03:35 - 00000000 ____D () C:\Windows\System32\MRT 2014-03-19 13:46 - 2011-01-30 12:31 - 90015360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-03-17 05:30 - 2012-06-24 05:26 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client 2014-03-14 09:47 - 2009-07-13 20:45 - 00370184 _____ () C:\Windows\System32\FNTCACHE.DAT 2014-03-14 09:45 - 2013-03-13 18:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 09:45 - 2013-03-13 18:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-13 03:44 - 2014-03-13 03:44 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software 2014-03-13 03:44 - 2014-03-13 03:44 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software 2014-03-13 03:44 - 2014-01-06 13:36 - 00000993 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-03-12 09:00 - 2012-07-13 12:31 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-12 09:00 - 2012-06-23 10:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-12 09:00 - 2011-06-02 08:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-12 08:59 - 2014-03-12 08:59 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-03-12 06:32 - 2013-03-26 03:00 - 00000000 ____D () C:\Users\Jenni\Documents\ABew 2014-03-06 08:25 - 2014-02-28 05:22 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-03-06 08:24 - 2014-03-06 08:24 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect 2014-03-02 12:35 - 2014-03-02 12:35 - 00006144 ____H () C:\Users\Jenni\Desktop\photothumb.db 2014-02-28 22:05 - 2014-03-13 16:10 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-02-28 21:17 - 2014-03-13 16:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-02-28 21:16 - 2014-03-13 16:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2014-02-28 20:58 - 2014-03-13 16:10 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-02-28 20:52 - 2014-03-13 16:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-02-28 20:51 - 2014-03-13 16:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2014-02-28 20:42 - 2014-03-13 16:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2014-02-28 20:40 - 2014-03-13 16:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2014-02-28 20:37 - 2014-03-13 16:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2014-02-28 20:33 - 2014-03-13 16:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2014-02-28 20:33 - 2014-03-13 16:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2014-02-28 20:32 - 2014-03-13 16:10 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2014-02-28 20:30 - 2014-03-13 16:10 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-28 20:23 - 2014-03-13 16:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2014-02-28 20:17 - 2014-03-13 16:10 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-02-28 20:11 - 2014-03-13 16:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-28 20:02 - 2014-03-13 16:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2014-02-28 19:54 - 2014-03-13 16:10 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-02-28 19:52 - 2014-03-13 16:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-28 19:51 - 2014-03-13 16:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-28 19:47 - 2014-03-13 16:10 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-28 19:43 - 2014-03-13 16:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-28 19:43 - 2014-03-13 16:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-28 19:42 - 2014-03-13 16:10 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-02-28 19:40 - 2014-03-13 16:10 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-28 19:38 - 2014-03-13 16:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-28 19:37 - 2014-03-13 16:10 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-28 19:35 - 2014-03-13 16:10 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-02-28 19:18 - 2014-03-13 16:10 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-02-28 19:16 - 2014-03-13 16:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-28 19:14 - 2014-03-13 16:10 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-28 19:10 - 2014-03-13 16:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-02-28 19:03 - 2014-03-13 16:10 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-28 19:00 - 2014-03-13 16:10 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-28 18:57 - 2014-03-13 16:10 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-28 18:38 - 2014-03-13 16:10 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-02-28 18:32 - 2014-03-13 16:10 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-28 18:27 - 2014-03-13 16:10 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-28 18:25 - 2014-03-13 16:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2014-02-28 18:25 - 2014-03-13 16:10 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-28 07:57 - 2014-02-28 07:15 - 00000000 ____D () C:\Users\Jenni\AppData\Local\Windows Live 2014-02-28 07:56 - 2014-02-28 05:22 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer 2014-02-28 07:56 - 2013-12-22 21:46 - 00000000 ____D () C:\Program Files (x86)\Wondershare 2014-02-28 07:54 - 2013-01-01 10:20 - 00000000 ____D () C:\Program Files (x86)\Freeciv-2.1.6-gtk2 2014-02-28 07:34 - 2014-02-28 07:34 - 00000000 ____D () C:\Windows\de 2014-02-28 07:32 - 2009-11-13 03:18 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-02-28 07:28 - 2014-02-28 07:28 - 00000000 ____D () C:\Program Files\Windows Live 2014-02-28 07:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-02-28 07:21 - 2014-02-28 07:21 - 00000360 _____ () C:\Windows\DirectX.log 2014-02-28 07:04 - 2014-02-28 07:04 - 01245376 _____ (Microsoft Corporation) C:\Users\Jenni\Downloads\wlsetup-web.exe 2014-02-28 07:02 - 2014-02-28 06:58 - 142602520 _____ (Microsoft Corporation) C:\Users\Jenni\Downloads\wlsetup-all_16.4.3508.0205.exe 2014-02-28 06:43 - 2014-02-28 05:22 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 2014-02-28 05:35 - 2014-02-28 05:22 - 00000000 ____D () C:\Fraps 2014-02-28 05:28 - 2014-02-28 05:28 - 00000000 ____D () C:\Users\Jenni\Documents\PC Speed Maximizer 2014-02-28 05:24 - 2014-02-28 05:24 - 00000000 ____D () C:\Users\Jenni\Documents\Optimizer Pro 2014-02-28 05:23 - 2014-02-28 05:22 - 00000000 ____D () C:\Users\Jenni\AppData\Local\SearchProtect 2014-02-28 05:22 - 2014-02-28 05:22 - 00000574 _____ () C:\Users\Public\Desktop\Fraps.lnk 2014-02-28 05:21 - 2014-02-28 05:21 - 00000000 ____D () C:\Users\Jenni\Downloads\Fraps_TSV14W5RV 2014-02-28 05:19 - 2014-02-28 05:19 - 00657576 _____ (Conduit) C:\Users\Jenni\Downloads\Fraps_TSV14W5RV.exe 2014-02-22 18:00 - 2014-02-19 12:19 - 00016255 _____ () C:\Users\Jenni\Desktop\Gildenübersicht.xlsx 2014-02-20 16:43 - 2014-02-20 16:22 - 00000000 ____D () C:\ProgramData\TTuBeAdblocKeR 2014-02-20 16:22 - 2014-02-20 16:22 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-02-20 16:22 - 2014-02-20 16:22 - 00000000 ____D () C:\ProgramData\dkpdnlnenoabajepnpjajmmeegcmcjhh 2014-02-20 16:22 - 2013-12-31 17:40 - 00000000 ____D () C:\ProgramData\b2825e0011eb9fe 2014-02-20 16:22 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\System32\GroupPolicy 2014-02-19 12:19 - 2013-10-26 23:38 - 00000000 ____D () C:\Users\Jenni\Documents\Excel 2014-02-19 12:17 - 2014-02-19 10:47 - 00015914 _____ () C:\Users\Jenni\Downloads\Gildenübersicht.xlsx 2014-02-19 09:38 - 2014-02-19 09:38 - 00005878 _____ () C:\Users\Jenni\Downloads\Mitgliederliste Vespera.ods 2014-02-19 04:04 - 2014-02-18 05:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird Files to move or delete: ==================== C:\Windows\Tasks\{5AA22384-1FF1-4676-BA9B-EFBF7EFECE99}.job Some content of TEMP: ==================== C:\Users\Jenni\AppData\Local\Temp\nsl4B85.exe C:\Users\Jenni\AppData\Local\Temp\nsq54C9.exe C:\Users\Jenni\AppData\Local\Temp\nsr1425.exe C:\Users\Jenni\AppData\Local\Temp\nsr1B28.exe C:\Users\Jenni\AppData\Local\Temp\pcspeedmaxsetup.exe C:\Users\Jenni\AppData\Local\Temp\SHSetup.exe C:\Users\Jenni\AppData\Local\Temp\SPSetup.exe C:\Users\Jenni\AppData\Local\Temp\~+JF669828932335508636.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2014-02-28 07:18:29 Restore point made on: 2014-02-28 07:20:44 Restore point made on: 2014-02-28 07:22:53 Restore point made on: 2014-02-28 07:24:51 Restore point made on: 2014-02-28 07:28:32 Restore point made on: 2014-03-01 04:36:28 Restore point made on: 2014-03-11 12:03:18 Restore point made on: 2014-03-11 13:07:18 Restore point made on: 2014-03-14 05:21:30 Restore point made on: 2014-03-19 13:45:39 Restore point made on: 2014-03-19 17:16:34 Restore point made on: 2014-03-19 17:30:13 Restore point made on: 2014-03-19 17:32:52 ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 4090.93 MB Available physical RAM: 3360.9 MB Total Pagefile: 4089.08 MB Available Pagefile: 3351.59 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:286.27 GB) (Free:54.46 GB) NTFS Drive e: (PQSERVICE) (Fixed) (Total:11.72 GB) (Free:2.49 GB) NTFS Drive g: () (Removable) (Total:7.49 GB) (Free:7.48 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 97969796) Partition 1: (Not Active) - (Size=12 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 8 GB) (Disk ID: 0042D5AE) Partition 1: (Active) - (Size=7 GB) - (Type=0B) LastRegBack: 2014-02-14 09:59 ==================== End Of Log ============================ --- --- --- danke, hab jetzt hilfe gefunden Geändert von Leviathan091 (21.03.2014 um 17:52 Uhr) |
![]() | #4 |
/// the machine /// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() bundestrojaner, abges. modus nicht möglich Du kannst doch nit einfach irgend nen FIx ausprobieren der für einen andern Rechner gebaut wurde ![]() Drücke bitte die ![]() Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Jenni\...\Policies\Explorer: [DisallowRun] 1 Startup: C:\Users\Jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0j6gdi7.lnk ShortcutTarget: 0j6gdi7.lnk -> C:\ProgramData\7idg6j0.gsa () S2 Winmgmt; C:\ProgramData\0j6gdi7.faa [332532 2014-03-20] (Microsoft Corporation) 2014-03-20 16:18 - 2014-03-21 07:44 - 95027928 ____T () C:\ProgramData\0j6gdi7.bbr 2014-03-20 16:18 - 2014-03-20 16:18 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\0j6gdi7.faa 2014-03-20 16:18 - 2014-03-20 16:18 - 00110592 _____ () C:\ProgramData\7idg6j0.gsa
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Rechner normal starten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
![]() |
Themen zu bundestrojaner, abges. modus nicht möglich |
adobe, adobe flash player, akamai, association, autorun, avg, bluestacks, desktop, download, explorer, fixlog, flash player, helper, home, microsoft, mozilla, nvidia, packard bell, programme, registry, services.exe, software, spotify web helper, svchost.exe, system, teamspeak, temp, trojaner, vista, winlogon.exe |