| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Neues Problem: Bekomm Webseite www.mostshinstar.com nicht wegWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.04.2014, 23:59
| #1 |
 |  Neues Problem: Bekomm Webseite www.mostshinstar.com nicht weg Hallo liebe Helfer, ich hab ein neues Problem, ich bekomm die Seite www.mostshinstar.com nicht weg. Hier ein Bild: hxxp://img1.picload.org/image/llrrgga/java.jpg (xx mit tt ersetzen  )Vor kurzem hatte ich schon Probleme mit sonem Zeug, siehe hier: ( http://www.trojaner-board.de/151414-...-trojaner.html Alter Post ) Der wurde aber weitestgehend gelöst. Java habe ich erst mal komplett deinstalliert und mit JavaRA noch mal drüber gegegangen. Ich habe vorsorglich schon sämtliche Logs gepostet: combofix.txt Code:
ATTFilter ComboFix 14-04-20.01 - Robert 23.04.2014 23:49:36.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.7783.6266 [GMT 2:00]
ausgeführt von:: c:\users\Robert\Desktop\temp desktop workflow\24.03.2014\virus\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal Firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\---\AppData\Local\nsq3D63.tmp
c:\windows\Fonts\masonchronicles.ttf
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-03-23 bis 2014-04-23 ))))))))))))))))))))))))))))))
.
.
2014-04-23 21:53 . 2014-04-23 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-23 15:29 . 2013-12-28 13:44 1238592 ----a-w- c:\windows\SimAquarium3.scr
2014-04-23 15:29 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\D3DX9_43.dll
2014-04-23 15:29 . 2014-04-23 21:53 -------- d-----w- c:\users\---\AppData\Roaming\SimAquarium
2014-04-23 15:29 . 2014-04-23 15:29 -------- d-----w- c:\program files (x86)\Sim Aquarium 3
2014-04-23 13:55 . 2014-04-23 21:32 -------- d-----w- C:\Programme (x64)
2014-04-22 21:49 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{129929C6-B9D3-478C-9BB6-5B81F274A3FE}\mpengine.dll
2014-04-18 09:13 . 2014-04-14 18:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-15 20:50 . 2014-04-15 20:51 -------- d-----w- c:\users\---\AppData\Local\Fallout3
2014-04-14 12:46 . 2014-04-14 12:46 -------- d-----w- c:\users\---\AppData\Roaming\Thunderbird
2014-04-14 12:46 . 2014-04-14 12:46 -------- d-----w- c:\users\---\AppData\Local\Thunderbird
2014-04-14 12:46 . 2014-04-14 12:46 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2014-04-13 20:57 . 2014-04-13 20:57 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2014-04-13 20:57 . 2014-04-13 20:57 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-04-11 22:34 . 2014-04-11 22:34 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2014-04-11 14:26 . 2014-04-15 13:04 -------- d-----w- c:\users\---\AppData\Local\SKIDROW
2014-04-11 13:01 . 2014-04-11 13:01 -------- d-----w- c:\programdata\Äîêóìåíòû
2014-04-09 10:26 . 2014-04-09 10:26 -------- d-----w- c:\users\---\AppData\Local\CrashRpt
2014-04-09 00:05 . 2014-04-11 22:20 -------- d-----w- c:\users\---\AppData\Local\id Software
2014-04-08 22:14 . 2014-04-08 22:14 -------- d-----w- c:\windows\SysWow64\xlive
2014-04-08 22:14 . 2014-04-08 22:14 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2014-04-07 08:58 . 2014-04-07 08:58 -------- d-----w- c:\program files\KONICA MINOLTA
2014-04-07 08:57 . 2011-01-19 10:03 41984 ----a-w- c:\windows\system32\Spool\prtprocs\x64\KOBJUA_P.DLL
2014-04-05 14:13 . 2014-04-05 14:16 -------- d-----w- c:\users\---\AppData\Roaming\KeePass
2014-04-05 14:12 . 2014-04-05 14:13 -------- d-----w- c:\program files (x86)\KeePass Password Safe 2
2014-04-01 10:39 . 2014-04-01 10:41 -------- d-----w- c:\program files (x86)\Microsoft Works
2014-04-01 10:39 . 2014-04-01 10:39 -------- d-----w- c:\windows\PCHEALTH
2014-04-01 10:37 . 2014-04-01 10:37 -------- d-----w- c:\program files\Microsoft Office
2014-04-01 10:36 . 2014-04-01 10:36 -------- d-----r- C:\MSOCache
2014-03-25 01:21 . 2014-03-25 01:21 -------- d-----w- c:\users\---\AppData\Local\Blizzard Entertainment
2014-03-25 01:21 . 2014-04-23 16:58 -------- d-----w- c:\users\---\AppData\Local\Battle.net
2014-03-25 01:21 . 2014-03-25 01:26 -------- d-----w- c:\users\---\AppData\Roaming\Battle.net
2014-03-25 01:21 . 2014-03-25 01:21 -------- d-----w- c:\programdata\Blizzard Entertainment
2014-03-25 01:12 . 2014-03-25 01:12 -------- d-----w- c:\programdata\Battle.net
2014-03-24 22:39 . 2014-03-25 01:35 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-14 08:33 . 2014-01-06 15:02 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-14 08:33 . 2014-01-06 15:02 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-10 18:22 . 2014-01-04 19:02 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-16 23:09 . 2014-03-16 22:51 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-03-16 23:09 . 2014-03-16 22:57 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-03-16 23:09 . 2014-03-16 22:51 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-03-16 22:57 . 2014-03-16 22:51 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-03-04 09:17 . 2014-04-08 21:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-02 09:20 . 2014-03-02 09:20 31648 ----a-w- c:\windows\system32\drivers\HWiNFO64A.SYS
2014-02-27 01:52 . 2014-02-27 01:52 40280 ----a-w- c:\windows\system32\tpinspm.dll
2014-02-27 01:52 . 2014-02-27 01:52 68440 ----a-w- c:\windows\system32\ibmpmsvc.exe
2014-02-27 01:52 . 2014-02-27 01:52 60760 ----a-w- c:\windows\system32\ibmpmctl.exe
2014-02-27 01:52 . 2014-02-27 01:52 57144 ----a-w- c:\windows\system32\drivers\ibmpmdrv.sys
2014-02-16 15:48 . 2014-02-16 15:48 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2014-02-07 01:23 . 2014-03-13 12:43 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-13 12:39 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-13 12:39 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-13 12:39 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-13 12:39 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-13 12:43 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-13 12:43 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-13 12:43 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-01-25 01:23 . 2014-01-25 01:23 733184 ----a-w- c:\windows\system32\MetroIntelGenericUIFramework.dll
2014-01-25 01:22 . 2014-01-25 01:22 320512 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2014-01-25 01:22 . 2014-01-25 01:22 279000 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2014-01-25 01:22 . 2014-01-25 01:22 265216 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2014-01-25 01:22 . 2014-01-25 01:22 182784 ----a-w- c:\windows\system32\igfxCoIn_v3412.dll
2014-01-25 01:22 . 2014-01-25 01:22 906200 ----a-w- c:\windows\system32\igfxstarter.exe
2014-01-25 01:22 . 2014-01-25 01:22 845272 ----a-w- c:\windows\system32\igfxsrvc.exe
2014-01-25 01:22 . 2014-01-25 01:22 526848 ----a-w- c:\windows\system32\igfxrrus.lrc
2014-01-25 01:22 . 2014-01-25 01:22 526336 ----a-w- c:\windows\system32\igfxrrom.lrc
2014-01-25 01:22 . 2014-01-25 01:22 525824 ----a-w- c:\windows\system32\igfxrsky.lrc
2014-01-25 01:22 . 2014-01-25 01:22 525824 ----a-w- c:\windows\system32\igfxrptg.lrc
2014-01-25 01:22 . 2014-01-25 01:22 525312 ----a-w- c:\windows\system32\igfxrsve.lrc
2014-01-25 01:22 . 2014-01-25 01:22 525312 ----a-w- c:\windows\system32\igfxrslv.lrc
2014-01-25 01:22 . 2014-01-25 01:22 524800 ----a-w- c:\windows\system32\igfxrtrk.lrc
2014-01-25 01:22 . 2014-01-25 01:22 523776 ----a-w- c:\windows\system32\igfxrtha.lrc
2014-01-25 01:22 . 2014-01-25 01:22 391128 ----a-w- c:\windows\system32\igfxtray.exe
2014-01-25 01:22 . 2014-01-25 01:22 346624 ----a-w- c:\windows\system32\igfxTMM.dll
2014-01-25 01:22 . 2013-10-28 13:06 66560 ----a-w- c:\windows\system32\igfxsrvc.dll
2014-01-25 01:22 . 2014-01-25 01:22 527360 ----a-w- c:\windows\system32\igfxrplk.lrc
2014-01-25 01:22 . 2014-01-25 01:22 527360 ----a-w- c:\windows\system32\igfxrfra.lrc
2014-01-25 01:22 . 2014-01-25 01:22 526336 ----a-w- c:\windows\system32\igfxrnld.lrc
2014-01-25 01:22 . 2014-01-25 01:22 526336 ----a-w- c:\windows\system32\igfxrita.lrc
2014-01-25 01:22 . 2014-01-25 01:22 525824 ----a-w- c:\windows\system32\igfxrhun.lrc
2014-01-25 01:22 . 2014-01-25 01:22 525824 ----a-w- c:\windows\system32\igfxrhrv.lrc
2014-01-25 01:22 . 2014-01-25 01:22 525312 ----a-w- c:\windows\system32\igfxrfin.lrc
2014-01-25 01:22 . 2014-01-25 01:22 524800 ----a-w- c:\windows\system32\igfxrptb.lrc
2014-01-25 01:22 . 2014-01-25 01:22 524288 ----a-w- c:\windows\system32\igfxrnor.lrc
2014-01-25 01:22 . 2014-01-25 01:22 522240 ----a-w- c:\windows\system32\igfxrheb.lrc
2014-01-25 01:22 . 2014-01-25 01:22 517632 ----a-w- c:\windows\system32\igfxrjpn.lrc
2014-01-25 01:22 . 2014-01-25 01:22 516096 ----a-w- c:\windows\system32\igfxrkor.lrc
2014-01-25 01:22 . 2013-10-28 13:06 9081856 ----a-w- c:\windows\system32\igfxress.dll
2014-01-25 01:22 . 2014-01-25 01:22 770520 ----a-w- c:\windows\system32\igfxpers.exe
2014-01-25 01:22 . 2014-01-25 01:22 527872 ----a-w- c:\windows\system32\igfxrell.lrc
2014-01-25 01:22 . 2014-01-25 01:22 527360 ----a-w- c:\windows\system32\igfxresn.lrc
2014-01-25 01:22 . 2014-01-25 01:22 526848 ----a-w- c:\windows\system32\igfxrdeu.lrc
2014-01-25 01:22 . 2014-01-25 01:22 525824 ----a-w- c:\windows\system32\igfxrcsy.lrc
2014-01-25 01:22 . 2014-01-25 01:22 524288 ----a-w- c:\windows\system32\igfxrdan.lrc
2014-01-25 01:22 . 2014-01-25 01:22 521728 ----a-w- c:\windows\system32\igfxrara.lrc
2014-01-25 01:22 . 2014-01-25 01:22 514048 ----a-w- c:\windows\system32\igfxrcht.lrc
2014-01-25 01:22 . 2014-01-25 01:22 513536 ----a-w- c:\windows\system32\igfxrchs.lrc
2014-01-25 01:22 . 2014-01-25 01:22 493056 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2014-01-25 01:22 . 2014-01-25 01:22 397784 ----a-w- c:\windows\system32\igfxext.exe
2014-01-25 01:22 . 2014-01-25 01:22 371200 ----a-w- c:\windows\system32\igfxrenu.lrc
2014-01-25 01:22 . 2014-01-25 01:22 29696 ----a-w- c:\windows\system32\igfxexps.dll
2014-01-25 01:22 . 2014-01-25 01:22 25600 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2014-01-25 01:22 . 2013-10-28 13:06 548864 ----a-w- c:\windows\system32\igfxpph.dll
2014-01-25 01:22 . 2014-01-25 01:22 3558912 ----a-w- c:\windows\SysWow64\igdusc32.dll
2014-01-25 01:22 . 2014-01-25 01:22 279040 ----a-w- c:\windows\system32\igfxcpl.cpl
2014-01-25 01:22 . 2014-01-25 01:22 243712 ----a-w- c:\windows\system32\igfxdo.dll
2014-01-25 01:22 . 2014-01-25 01:22 2065920 ----a-w- c:\windows\system32\igfxcmjit64.dll
2014-01-25 01:22 . 2014-01-25 01:22 1815040 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2014-01-25 01:22 . 2014-01-25 01:22 163328 ----a-w- c:\windows\system32\igfxcmrt64.dll
2014-01-25 01:22 . 2014-01-25 01:22 155136 ----a-w- c:\windows\system32\igfx11cmrt64.dll
2014-01-25 01:22 . 2014-01-25 01:22 137728 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2014-01-25 01:22 . 2014-01-25 01:22 133120 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
2014-01-25 01:22 . 2014-01-25 01:22 12288 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2014-01-25 01:22 . 2013-10-28 13:06 624640 ----a-w- c:\windows\system32\igfxdev.dll
2014-01-25 01:22 . 2013-10-28 12:49 4474368 ----a-w- c:\windows\system32\igdusc64.dll
2014-01-25 01:22 . 2014-01-25 01:22 19380224 ----a-w- c:\windows\system32\igdumdim64.dll
2014-01-25 01:22 . 2014-01-25 01:22 18629632 ----a-w- c:\windows\SysWow64\igdumdim32.dll
2014-01-25 01:22 . 2014-01-25 01:22 4221440 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2014-01-25 01:22 . 2014-01-25 01:22 373760 ----a-w- c:\windows\system32\igdmd64.dll
2014-01-25 01:22 . 2014-01-25 01:22 3224064 ----a-w- c:\windows\system32\igdrcl64.dll
2014-01-25 01:22 . 2014-01-25 01:22 299520 ----a-w- c:\windows\SysWow64\igdmd32.dll
2014-01-25 01:22 . 2014-01-25 01:22 2896384 ----a-w- c:\windows\SysWow64\igdrcl32.dll
2014-01-25 01:22 . 2014-01-25 01:22 25971712 ----a-w- c:\windows\system32\igdfcl64.dll
2014-01-25 01:22 . 2014-01-25 01:22 20954112 ----a-w- c:\windows\SysWow64\igdfcl32.dll
2014-01-25 01:22 . 2014-01-25 01:22 329216 ----a-w- c:\windows\system32\igdbcl64.dll
2014-01-25 01:22 . 2014-01-25 01:22 290816 ----a-w- c:\windows\SysWow64\igdbcl32.dll
2014-01-25 01:22 . 2014-01-25 01:22 222208 ----a-w- c:\windows\system32\igdde64.dll
2014-01-25 01:22 . 2014-01-25 01:22 182272 ----a-w- c:\windows\SysWow64\igdde32.dll
2014-01-25 01:22 . 2014-01-25 01:22 160256 ----a-w- c:\windows\system32\igdail64.dll
2014-01-25 01:22 . 2014-01-25 01:22 142848 ----a-w- c:\windows\SysWow64\igdail32.dll
2014-01-25 01:22 . 2014-01-25 01:22 20433408 ----a-w- c:\windows\SysWow64\igd10iumd32.dll
2014-01-25 01:22 . 2013-10-28 13:06 21088256 ----a-w- c:\windows\system32\igd10iumd64.dll
2014-01-25 01:22 . 2014-01-25 01:22 7885824 ----a-w- c:\windows\system32\ig7icd64.dll
2014-01-25 01:22 . 2014-01-25 01:22 6216192 ----a-w- c:\windows\SysWow64\ig7icd32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-03-12 134616]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2012-08-31 508656]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2014-02-03 2092032]
.
c:\users\---\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
quietHDD.lnk - c:\portable programme\quiethdd_v1.5-build250\quietHDD.exe [2009-1-12 61440]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-10-29 36536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GPUZ;GPUZ;c:\windows\TEMP\GPUZ.sys;c:\windows\TEMP\GPUZ.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys;c:\windows\SYSNATIVE\DRIVERS\nm3.sys [x]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys;c:\windows\SYSNATIVE\Drivers\uim_vimx64.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-12 08:22]
.
2014-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf271adaaa5c5f.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-12 08:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-05-13 13538376]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-04-24 1307720]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-25 391128]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-25 771544]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-25 770520]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\---\AppData\Roaming\Mozilla\Firefox\Profiles\bda2rjt1.default\
FF - prefs.js: browser.startup.homepage - about:superstart
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-23 23:55:23
ComboFix-quarantined-files.txt 2014-04-23 21:55
.
Vor Suchlauf: 14 Verzeichnis(se), 61.291.053.056 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 61.220.978.688 Bytes frei
.
- - End Of File - - BC9A55B769BB39F9BD1F991AAC11E784
A36C5E4F47E84449FF07ED3517B43A31
FRST.txt FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2014
Ran by --- (administrator) on ----PC on 23-04-2014 23:57:22
Running from C:\Users\---\Desktop\temp desktop workflow\24.03.2014\virus
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Portable Programme\quiethdd_v1.5-build250\quietHDD.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2985712 2013-06-04] (Synaptics Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-520766433-2800240616-4077048008-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
Startup: C:\Users\---\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quietHDD.lnk
ShortcutTarget: quietHDD.lnk -> C:\Portable Programme\quiethdd_v1.5-build250\quietHDD.exe ()
Startup: C:\Users\---\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x93C303C87C09CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {30F6A740-DFA4-4171-BE96-77F7121CAAF3} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {4A42B8FA-6641-4E7C-8EF3-1ECA946196BC} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {60BD6C21-C55E-46A5-91E4-F1FC6CF7C937} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {C313B64E-9B2D-4820-AD58-17921C642E8B} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\bda2rjt1.default
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: about:superstart
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\bda2rjt1.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\bda2rjt1.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\bda2rjt1.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\bda2rjt1.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: BYTubeD - Bulk YouTube video Downloader - C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\bda2rjt1.default\Extensions\bytubed@cs213.cse.iitk.ac.in [2014-01-10]
FF Extension: Super Start - C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\bda2rjt1.default\Extensions\superstart@enjoyfreeware.org [2014-04-23]
FF Extension: YouTube Unblocker - C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\bda2rjt1.default\Extensions\youtubeunblocker@unblocker.yt [2014-02-27]
FF Extension: DownloadHelper - C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\bda2rjt1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: facepaste - C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\bda2rjt1.default\Extensions\facepaste.firefox.addon@azabani.com.xpi [2014-01-31]
FF Extension: WEB.DE MailCheck - C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\bda2rjt1.default\Extensions\toolbar@web.de.xpi [2014-01-11]
FF Extension: Session Manager - C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\bda2rjt1.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-02-15]
FF Extension: DownThemAll! - C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\bda2rjt1.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-01-14]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-01-09]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-01-09]
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-01-18] (Adobe Systems)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-17] ()
==================== Drivers (Whitelisted) ====================
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-10] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-03-02] (REALiX(tm))
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-04] (Synaptics Incorporated)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-23 23:55 - 2014-04-23 23:55 - 00022354 _____ () C:\ComboFix.txt
2014-04-23 23:48 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-23 23:48 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-23 23:48 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-23 23:48 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-23 23:48 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-23 23:48 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-23 23:48 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-23 23:48 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-23 23:43 - 2014-04-23 23:55 - 00000000 ____D () C:\Qoobox
2014-04-23 23:43 - 2014-04-23 23:54 - 00000000 ____D () C:\Windows\erdnt
2014-04-23 23:43 - 2014-04-23 23:43 - 00000000 ___RD () C:\Users\---\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-23 23:40 - 2014-04-23 23:40 - 05012740 _____ () C:\Users\---\Desktop\vty-0180-2.rar
2014-04-23 18:17 - 2014-04-23 18:17 - 00109680 _____ () C:\Users\---\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-23 17:29 - 2014-04-23 23:53 - 00000000 ____D () C:\Users\---\AppData\Roaming\SimAquarium
2014-04-23 17:29 - 2014-04-23 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sim Aquarium 3
2014-04-23 17:29 - 2014-04-23 17:29 - 00000000 ____D () C:\Program Files (x86)\Sim Aquarium 3
2014-04-23 17:29 - 2013-12-28 15:44 - 01238592 _____ (Vojnic Ladislav) C:\Windows\SimAquarium3.scr
2014-04-23 17:29 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\D3DX9_43.dll
2014-04-23 15:55 - 2014-04-23 23:32 - 00000000 ____D () C:\Programme (x64)
2014-04-23 11:12 - 2014-04-23 23:45 - 00000168 _____ () C:\Windows\setupact.log
2014-04-23 11:12 - 2014-04-23 11:12 - 00414416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-23 11:12 - 2014-04-23 11:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-18 22:18 - 2014-04-18 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
2014-04-18 11:13 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-18 11:13 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-18 11:13 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-18 11:13 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-18 11:12 - 2014-04-18 11:13 - 00004224 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-15 22:50 - 2014-04-15 22:51 - 00000000 ____D () C:\Users\---\AppData\Local\Fallout3
2014-04-14 14:46 - 2014-04-14 14:46 - 00002107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-04-14 14:46 - 2014-04-14 14:46 - 00002095 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-04-14 14:46 - 2014-04-14 14:46 - 00000000 ____D () C:\Users\---\AppData\Roaming\Thunderbird
2014-04-14 14:46 - 2014-04-14 14:46 - 00000000 ____D () C:\Users\---\AppData\Local\Thunderbird
2014-04-14 14:46 - 2014-04-14 14:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-13 23:05 - 2014-04-13 23:05 - 00000000 ____D () C:\Users\---\Documents\NeocoreGames
2014-04-13 22:57 - 2014-04-13 22:57 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-12 00:34 - 2014-04-12 00:34 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-04-11 16:26 - 2014-04-15 15:04 - 00000000 ____D () C:\Users\---\AppData\Local\SKIDROW
2014-04-11 15:01 - 2014-04-11 15:01 - 00000000 ____D () C:\ProgramData\Äîêóìåíòû
2014-04-10 20:23 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 20:23 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 20:23 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-10 20:23 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-10 20:23 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-10 20:23 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-10 20:23 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-10 20:23 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-10 20:23 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-10 20:23 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-10 20:23 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 20:23 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-10 20:23 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-10 20:23 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-10 20:23 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-10 20:23 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-10 20:23 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-10 20:23 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-10 20:23 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-10 20:23 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-10 20:23 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-10 20:23 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-10 20:23 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-10 20:23 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-10 20:23 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-10 20:23 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-10 20:23 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-10 20:23 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-10 20:23 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-10 20:23 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-10 20:23 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-10 20:23 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-10 20:23 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-10 20:23 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-10 20:23 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-10 20:23 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-10 20:23 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-10 20:23 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-10 20:23 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-10 20:23 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-10 20:23 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-10 20:23 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-10 20:23 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-10 20:23 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 20:23 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-10 20:23 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-10 20:23 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-10 20:23 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 12:26 - 2014-04-09 12:26 - 00000000 ____D () C:\Users\---\AppData\Local\CrashRpt
2014-04-09 02:05 - 2014-04-12 00:20 - 00000000 ____D () C:\Users\---\AppData\Local\id Software
2014-04-09 00:14 - 2014-04-09 00:14 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-04-09 00:14 - 2014-04-09 00:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-04-08 23:40 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 23:40 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 23:40 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 23:40 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 23:40 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 23:40 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 23:40 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 23:40 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 23:40 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 23:40 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 23:40 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 23:40 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 23:40 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 23:40 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 23:40 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 23:40 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 23:40 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 23:04 - 2014-04-08 23:10 - 00001347 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2014-04-07 10:58 - 2014-04-07 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KONICA MINOLTA
2014-04-07 10:58 - 2014-04-07 10:58 - 00000000 ____D () C:\Program Files\KONICA MINOLTA
2014-04-06 23:15 - 2014-03-25 03:21 - 00000918 _____ () C:\Users\---\Desktop\Battle.net.lnk
2014-04-05 16:13 - 2014-04-05 16:16 - 00000000 ____D () C:\Users\---\AppData\Roaming\KeePass
2014-04-05 16:12 - 2014-04-05 16:13 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-04-05 16:12 - 2014-04-05 16:12 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-04-05 16:12 - 2014-04-05 16:12 - 00001114 _____ () C:\Users\---\Desktop\KeePass 2.lnk
2014-04-05 13:31 - 2014-04-05 13:31 - 00000000 _____ () C:\Neues Textdokument.txt
2014-04-04 12:04 - 2014-04-22 14:27 - 00000000 ____D () C:\Users\---\Desktop\Bewerbungen Neu!
2014-04-01 12:50 - 2014-04-01 12:40 - 00002697 _____ () C:\Users\---\Desktop\Microsoft Office Word 2007.lnk
2014-04-01 12:40 - 2014-04-01 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-04-01 12:39 - 2014-04-01 12:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-04-01 12:39 - 2014-04-01 12:39 - 00000000 ____D () C:\Windows\PCHEALTH
2014-04-01 12:39 - 2014-04-01 12:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-04-01 12:37 - 2014-04-01 12:37 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-04-01 12:36 - 2014-04-01 12:36 - 00000000 ___RD () C:\MSOCache
2014-03-29 22:43 - 2014-04-15 22:51 - 00000000 ____D () C:\Users\---\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-03-25 14:46 - 2014-03-26 01:48 - 00000000 ____D () C:\Users\---\Documents\Diablo III
2014-03-25 12:50 - 2014-03-25 12:50 - 00000000 ____D () C:\Users\---\AppData\Roaming\WinRAR
2014-03-25 12:33 - 2014-03-25 12:33 - 00001187 _____ () C:\Users\---\Desktop\JDownloader.lnk
2014-03-25 03:27 - 2014-03-25 03:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-03-25 03:21 - 2014-04-23 18:58 - 00000000 ____D () C:\Users\---\AppData\Local\Battle.net
2014-03-25 03:21 - 2014-03-25 03:26 - 00000000 ____D () C:\Users\---\AppData\Roaming\Battle.net
2014-03-25 03:21 - 2014-03-25 03:21 - 00000000 ____D () C:\Users\---\AppData\Local\Blizzard Entertainment
2014-03-25 03:21 - 2014-03-25 03:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-03-25 03:21 - 2014-03-25 03:21 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-03-25 03:12 - 2014-03-25 03:12 - 00000000 ____D () C:\ProgramData\Battle.net
2014-03-24 21:37 - 2014-03-24 21:37 - 00000000 ____D () C:\Windows\ERUNT
2014-03-24 21:18 - 2014-04-23 23:28 - 00000000 ____D () C:\AdwCleaner
2014-03-24 00:33 - 2014-03-24 00:33 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-24 00:33 - 2014-03-24 00:33 - 00000000 ____D () C:\Users\---\AppData\Roaming\Malwarebytes
2014-03-24 00:33 - 2014-03-24 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-24 00:33 - 2014-03-24 00:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-24 00:33 - 2014-03-24 00:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-24 00:33 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-24 00:10 - 2014-04-23 23:57 - 00000000 ____D () C:\FRST
==================== One Month Modified Files and Folders =======
2014-04-23 23:57 - 2014-03-24 00:10 - 00000000 ____D () C:\FRST
2014-04-23 23:55 - 2014-04-23 23:55 - 00022354 _____ () C:\ComboFix.txt
2014-04-23 23:55 - 2014-04-23 23:43 - 00000000 ____D () C:\Qoobox
2014-04-23 23:54 - 2014-04-23 23:43 - 00000000 ____D () C:\Windows\erdnt
2014-04-23 23:53 - 2014-04-23 17:29 - 00000000 ____D () C:\Users\---\AppData\Roaming\SimAquarium
2014-04-23 23:53 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-23 23:52 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-23 23:52 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-23 23:49 - 2011-04-12 09:43 - 00702436 _____ () C:\Windows\system32\perfh007.dat
2014-04-23 23:49 - 2011-04-12 09:43 - 00150044 _____ () C:\Windows\system32\perfc007.dat
2014-04-23 23:49 - 2009-07-14 07:13 - 01626920 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-23 23:48 - 2014-03-07 10:51 - 01063971 _____ () C:\Windows\WindowsUpdate.log
2014-04-23 23:45 - 2014-04-23 11:12 - 00000168 _____ () C:\Windows\setupact.log
2014-04-23 23:45 - 2014-01-12 10:22 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-23 23:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-23 23:43 - 2014-04-23 23:43 - 00000000 ___RD () C:\Users\---\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-23 23:43 - 2014-01-09 17:04 - 00000000 ____D () C:\Users\---\AppData\Roaming\uTorrent
2014-04-23 23:40 - 2014-04-23 23:40 - 05012740 _____ () C:\Users\---\Desktop\vty-0180-2.rar
2014-04-23 23:32 - 2014-04-23 15:55 - 00000000 ____D () C:\Programme (x64)
2014-04-23 23:31 - 2014-03-15 22:19 - 00000000 ___RD () C:\Users\---\Desktop\zeitvertreib
2014-04-23 23:28 - 2014-03-24 21:18 - 00000000 ____D () C:\AdwCleaner
2014-04-23 23:28 - 2014-02-11 13:17 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf271adaaa5c5f.job
2014-04-23 23:27 - 2014-03-14 20:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-23 19:52 - 2014-01-06 21:52 - 00000000 ____D () C:\Users\---\AppData\Roaming\vlc
2014-04-23 18:58 - 2014-03-25 03:21 - 00000000 ____D () C:\Users\---\AppData\Local\Battle.net
2014-04-23 18:17 - 2014-04-23 18:17 - 00109680 _____ () C:\Users\---\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-23 17:29 - 2014-04-23 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sim Aquarium 3
2014-04-23 17:29 - 2014-04-23 17:29 - 00000000 ____D () C:\Program Files (x86)\Sim Aquarium 3
2014-04-23 17:29 - 2014-01-06 00:58 - 00007618 _____ () C:\Users\---\AppData\Local\Resmon.ResmonCfg
2014-04-23 11:12 - 2014-04-23 11:12 - 00414416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-23 11:12 - 2014-04-23 11:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-22 14:27 - 2014-04-04 12:04 - 00000000 ____D () C:\Users\---\Desktop\Bewerbungen Neu!
2014-04-20 15:33 - 2014-01-10 00:33 - 00000000 ____D () C:\Users\---\AppData\Roaming\DAEMON Tools Lite
2014-04-19 10:28 - 2014-01-10 22:53 - 00000000 ____D () C:\Users\---\AppData\Roaming\Nitro PDF
2014-04-18 22:18 - 2014-04-18 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
2014-04-18 11:13 - 2014-04-18 11:12 - 00004224 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-18 11:13 - 2014-03-16 10:30 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-16 11:10 - 2014-02-15 02:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-16 08:51 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-04-16 08:49 - 2014-03-16 14:01 - 00000000 ____D () C:\Users\---\Documents\My Games
2014-04-16 08:49 - 2014-01-06 17:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-15 22:51 - 2014-04-15 22:50 - 00000000 ____D () C:\Users\---\AppData\Local\Fallout3
2014-04-15 22:51 - 2014-03-29 22:43 - 00000000 ____D () C:\Users\---\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-15 15:52 - 2014-03-01 20:49 - 00000000 ____D () C:\Users\---\Desktop\fahrt
2014-04-15 15:04 - 2014-04-11 16:26 - 00000000 ____D () C:\Users\---\AppData\Local\SKIDROW
2014-04-14 20:13 - 2014-04-18 11:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-18 11:13 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-18 11:13 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-18 11:13 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-14 14:46 - 2014-04-14 14:46 - 00002107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-04-14 14:46 - 2014-04-14 14:46 - 00002095 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-04-14 14:46 - 2014-04-14 14:46 - 00000000 ____D () C:\Users\---\AppData\Roaming\Thunderbird
2014-04-14 14:46 - 2014-04-14 14:46 - 00000000 ____D () C:\Users\---\AppData\Local\Thunderbird
2014-04-14 14:46 - 2014-04-14 14:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-14 10:46 - 2014-01-06 17:01 - 00000000 ____D () C:\Users\---\AppData\Local\Adobe
2014-04-14 10:33 - 2014-01-06 17:02 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-14 10:33 - 2014-01-06 17:02 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-14 08:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-13 23:05 - 2014-04-13 23:05 - 00000000 ____D () C:\Users\---\Documents\NeocoreGames
2014-04-13 22:57 - 2014-04-13 22:57 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-12 00:34 - 2014-04-12 00:34 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-04-12 00:20 - 2014-04-09 02:05 - 00000000 ____D () C:\Users\---\AppData\Local\id Software
2014-04-11 15:01 - 2014-04-11 15:01 - 00000000 ____D () C:\ProgramData\Äîêóìåíòû
2014-04-10 20:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-10 20:24 - 2014-02-14 15:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 20:23 - 2014-01-04 21:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 20:22 - 2014-01-04 21:02 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 12:26 - 2014-04-09 12:26 - 00000000 ____D () C:\Users\---\AppData\Local\CrashRpt
2014-04-09 00:14 - 2014-04-09 00:14 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-04-09 00:14 - 2014-04-09 00:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-04-08 23:10 - 2014-04-08 23:04 - 00001347 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2014-04-08 23:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-04-07 10:58 - 2014-04-07 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KONICA MINOLTA
2014-04-07 10:58 - 2014-04-07 10:58 - 00000000 ____D () C:\Program Files\KONICA MINOLTA
2014-04-05 16:16 - 2014-04-05 16:13 - 00000000 ____D () C:\Users\---\AppData\Roaming\KeePass
2014-04-05 16:13 - 2014-04-05 16:12 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-04-05 16:12 - 2014-04-05 16:12 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-04-05 16:12 - 2014-04-05 16:12 - 00001114 _____ () C:\Users\---\Desktop\KeePass 2.lnk
2014-04-05 13:31 - 2014-04-05 13:31 - 00000000 _____ () C:\Neues Textdokument.txt
2014-04-01 12:41 - 2014-04-01 12:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-04-01 12:40 - 2014-04-01 12:50 - 00002697 _____ () C:\Users\---\Desktop\Microsoft Office Word 2007.lnk
2014-04-01 12:40 - 2014-04-01 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-04-01 12:39 - 2014-04-01 12:39 - 00000000 ____D () C:\Windows\PCHEALTH
2014-04-01 12:39 - 2014-04-01 12:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-04-01 12:39 - 2014-02-14 15:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-04-01 12:37 - 2014-04-01 12:37 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-04-01 12:37 - 2011-04-12 09:54 - 00000000 ____D () C:\Windows\ShellNew
2014-04-01 12:36 - 2014-04-01 12:36 - 00000000 ___RD () C:\MSOCache
2014-04-01 11:58 - 2009-07-14 04:34 - 00000387 _____ () C:\Windows\win.ini
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-30 10:23 - 2014-02-11 13:17 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf271adaaa5c5f
2014-03-30 10:23 - 2014-01-12 10:22 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 21:22 - 2014-01-04 01:47 - 00000000 ____D () C:\Users\---
2014-03-29 15:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-26 01:48 - 2014-03-25 14:46 - 00000000 ____D () C:\Users\---\Documents\Diablo III
2014-03-25 21:29 - 2014-03-16 10:39 - 00000000 ____D () C:\Users\---\MediathekView
2014-03-25 12:50 - 2014-03-25 12:50 - 00000000 ____D () C:\Users\---\AppData\Roaming\WinRAR
2014-03-25 12:33 - 2014-03-25 12:33 - 00001187 _____ () C:\Users\---\Desktop\JDownloader.lnk
2014-03-25 12:33 - 2014-01-14 15:31 - 00000000 ____D () C:\Portable Programme
2014-03-25 03:35 - 2014-03-25 03:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-03-25 03:26 - 2014-03-25 03:21 - 00000000 ____D () C:\Users\---\AppData\Roaming\Battle.net
2014-03-25 03:21 - 2014-04-06 23:15 - 00000918 _____ () C:\Users\---\Desktop\Battle.net.lnk
2014-03-25 03:21 - 2014-03-25 03:21 - 00000000 ____D () C:\Users\---\AppData\Local\Blizzard Entertainment
2014-03-25 03:21 - 2014-03-25 03:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-03-25 03:21 - 2014-03-25 03:21 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-03-25 03:12 - 2014-03-25 03:12 - 00000000 ____D () C:\ProgramData\Battle.net
2014-03-25 02:26 - 2014-01-14 17:07 - 00000000 ____D () C:\Users\---\Downloads\BYTube
2014-03-24 21:37 - 2014-03-24 21:37 - 00000000 ____D () C:\Windows\ERUNT
2014-03-24 00:33 - 2014-03-24 00:33 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-24 00:33 - 2014-03-24 00:33 - 00000000 ____D () C:\Users\---\AppData\Roaming\Malwarebytes
2014-03-24 00:33 - 2014-03-24 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-24 00:33 - 2014-03-24 00:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-24 00:33 - 2014-03-24 00:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-19 02:09
==================== End Of Log ============================
--- --- --- JRT.txt Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by --- on 24.04.2014 at 0:07:39,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.04.2014 at 0:12:49,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GMER.txt Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-24 00:51:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HGST_HTS725050A7E630 rev.GH2ZB550 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\---\AppData\Local\Temp\pwliqpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031b7000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff800031b7011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}
---- User code sections - GMER 2.1 ----
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1688] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000755f8791 4 bytes [C2, 04, 00, 00]
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1688] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076881465 2 bytes [88, 76]
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1688] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000768814bb 2 bytes [88, 76]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[1824] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000071bc1a22 2 bytes [BC, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1824] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000071bc1ad0 2 bytes [BC, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1824] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000071bc1b08 2 bytes [BC, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1824] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000071bc1bba 2 bytes [BC, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1824] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000071bc1bda 2 bytes [BC, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076881465 2 bytes [88, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768814bb 2 bytes [88, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076881465 2 bytes [88, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768814bb 2 bytes [88, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076881465 2 bytes [88, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768814bb 2 bytes [88, 76]
.text ... * 2
.text C:\Programme (x64)\firefox.exe[736] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076d07ac0 13 bytes {MOV R11, 0x7feec5a253c; JMP R11}
.text C:\Programme (x64)\firefox.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 0000000076d31310 13 bytes {MOV R11, 0x7fee032a448; JMP R11}
.text C:\Programme (x64)\firefox.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 13 bytes {MOV R11, 0x7fee032a5f8; JMP R11}
.text C:\Programme (x64)\firefox.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFileGather 0000000076d31460 13 bytes {MOV R11, 0x7fee032a6d0; JMP R11}
.text C:\Programme (x64)\firefox.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReadFileScatter 0000000076d31590 13 bytes {MOV R11, 0x7fee032a520; JMP R11}
.text C:\Programme (x64)\firefox.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtFlushBuffersFile 0000000076d31760 13 bytes {MOV R11, 0x7fee032a7a8; JMP R11}
.text C:\Programme (x64)\firefox.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 13 bytes {MOV R11, 0x7fee032aff0; JMP R11}
.text C:\Programme (x64)\firefox.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000076d32410 13 bytes {MOV R11, 0x7fee032b104; JMP R11}
.text C:\Programme (x64)\firefox.exe[736] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000076bd9040 13 bytes {MOV R11, 0x7fee1688080; JMP R11}
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6817292adbc6
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6817292adbc6 (not active ControlSet)
---- EOF - GMER 2.1 ----
Combofix Code:
ATTFilter ComboFix 14-04-20.01 - Robert 23.04.2014 23:49:36.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.7783.6266 [GMT 2:00]
ausgeführt von:: c:\users\Robert\Desktop\temp desktop workflow\24.03.2014\virus\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal Firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\---\AppData\Local\nsq3D63.tmp
c:\windows\Fonts\masonchronicles.ttf
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-03-23 bis 2014-04-23 ))))))))))))))))))))))))))))))
.
.
2014-04-23 21:53 . 2014-04-23 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-23 15:29 . 2013-12-28 13:44 1238592 ----a-w- c:\windows\SimAquarium3.scr
2014-04-23 15:29 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\D3DX9_43.dll
2014-04-23 15:29 . 2014-04-23 21:53 -------- d-----w- c:\users\---\AppData\Roaming\SimAquarium
2014-04-23 15:29 . 2014-04-23 15:29 -------- d-----w- c:\program files (x86)\Sim Aquarium 3
2014-04-23 13:55 . 2014-04-23 21:32 -------- d-----w- C:\Programme (x64)
2014-04-22 21:49 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{129929C6-B9D3-478C-9BB6-5B81F274A3FE}\mpengine.dll
2014-04-18 09:13 . 2014-04-14 18:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-15 20:50 . 2014-04-15 20:51 -------- d-----w- c:\users\---\AppData\Local\Fallout3
2014-04-14 12:46 . 2014-04-14 12:46 -------- d-----w- c:\users\---\AppData\Roaming\Thunderbird
2014-04-14 12:46 . 2014-04-14 12:46 -------- d-----w- c:\users\---\AppData\Local\Thunderbird
2014-04-14 12:46 . 2014-04-14 12:46 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2014-04-13 20:57 . 2014-04-13 20:57 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2014-04-13 20:57 . 2014-04-13 20:57 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-04-11 22:34 . 2014-04-11 22:34 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2014-04-11 14:26 . 2014-04-15 13:04 -------- d-----w- c:\users\---\AppData\Local\SKIDROW
2014-04-11 13:01 . 2014-04-11 13:01 -------- d-----w- c:\programdata\Äîêóìåíòû
2014-04-09 10:26 . 2014-04-09 10:26 -------- d-----w- c:\users\---\AppData\Local\CrashRpt
2014-04-09 00:05 . 2014-04-11 22:20 -------- d-----w- c:\users\---\AppData\Local\id Software
2014-04-08 22:14 . 2014-04-08 22:14 -------- d-----w- c:\windows\SysWow64\xlive
2014-04-08 22:14 . 2014-04-08 22:14 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2014-04-07 08:58 . 2014-04-07 08:58 -------- d-----w- c:\program files\KONICA MINOLTA
2014-04-07 08:57 . 2011-01-19 10:03 41984 ----a-w- c:\windows\system32\Spool\prtprocs\x64\KOBJUA_P.DLL
2014-04-05 14:13 . 2014-04-05 14:16 -------- d-----w- c:\users\---\AppData\Roaming\KeePass
2014-04-05 14:12 . 2014-04-05 14:13 -------- d-----w- c:\program files (x86)\KeePass Password Safe 2
2014-04-01 10:39 . 2014-04-01 10:41 -------- d-----w- c:\program files (x86)\Microsoft Works
2014-04-01 10:39 . 2014-04-01 10:39 -------- d-----w- c:\windows\PCHEALTH
2014-04-01 10:37 . 2014-04-01 10:37 -------- d-----w- c:\program files\Microsoft Office
2014-04-01 10:36 . 2014-04-01 10:36 -------- d-----r- C:\MSOCache
2014-03-25 01:21 . 2014-03-25 01:21 -------- d-----w- c:\users\---\AppData\Local\Blizzard Entertainment
2014-03-25 01:21 . 2014-04-23 16:58 -------- d-----w- c:\users\---\AppData\Local\Battle.net
2014-03-25 01:21 . 2014-03-25 01:26 -------- d-----w- c:\users\---\AppData\Roaming\Battle.net
2014-03-25 01:21 . 2014-03-25 01:21 -------- d-----w- c:\programdata\Blizzard Entertainment
2014-03-25 01:12 . 2014-03-25 01:12 -------- d-----w- c:\programdata\Battle.net
2014-03-24 22:39 . 2014-03-25 01:35 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-14 08:33 . 2014-01-06 15:02 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-14 08:33 . 2014-01-06 15:02 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-10 18:22 . 2014-01-04 19:02 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-16 23:09 . 2014-03-16 22:51 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-03-16 23:09 . 2014-03-16 22:57 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-03-16 23:09 . 2014-03-16 22:51 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-03-16 22:57 . 2014-03-16 22:51 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-03-04 09:17 . 2014-04-08 21:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-02 09:20 . 2014-03-02 09:20 31648 ----a-w- c:\windows\system32\drivers\HWiNFO64A.SYS
2014-02-27 01:52 . 2014-02-27 01:52 40280 ----a-w- c:\windows\system32\tpinspm.dll
2014-02-27 01:52 . 2014-02-27 01:52 68440 ----a-w- c:\windows\system32\ibmpmsvc.exe
2014-02-27 01:52 . 2014-02-27 01:52 60760 ----a-w- c:\windows\system32\ibmpmctl.exe
2014-02-27 01:52 . 2014-02-27 01:52 57144 ----a-w- c:\windows\system32\drivers\ibmpmdrv.sys
2014-02-16 15:48 . 2014-02-16 15:48 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2014-02-07 01:23 . 2014-03-13 12:43 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-13 12:39 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-13 12:39 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-13 12:39 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-13 12:39 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-13 12:43 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-13 12:43 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-13 12:43 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-01-25 01:23 . 2014-01-25 01:23 733184 ----a-w- c:\windows\system32\MetroIntelGenericUIFramework.dll
2014-01-25 01:22 . 2014-01-25 01:22 320512 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2014-01-25 01:22 . 2014-01-25 01:22 279000 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2014-01-25 01:22 . 2014-01-25 01:22 265216 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2014-01-25 01:22 . 2014-01-25 01:22 182784 ----a-w- c:\windows\system32\igfxCoIn_v3412.dll
2014-01-25 01:22 . 2014-01-25 01:22 906200 ----a-w- c:\windows\system32\igfxstarter.exe
2014-01-25 01:22 . 2014-01-25 01:22 845272 ----a-w- c:\windows\system32\igfxsrvc.exe
2014-01-25 01:22 . 2014-01-25 01:22 526848 ----a-w- c:\windows\system32\igfxrrus.lrc
2014-01-25 01:22 . 2014-01-25 01:22 526336 ----a-w- c:\windows\system32\igfxrrom.lrc
2014-01-25 01:22 . 2014-01-25 01:22 525824 ----a-w- c:\windows\system32\igfxrsky.lrc
2014-01-25 01:22 . 2014-01-25 01:22 525824 ----a-w- c:\windows\system32\igfxrptg.lrc
2014-01-25 01:22 . 2014-01-25 01:22 525312 ----a-w- c:\windows\system32\igfxrsve.lrc
2014-01-25 01:22 . 2014-01-25 01:22 525312 ----a-w- c:\windows\system32\igfxrslv.lrc
2014-01-25 01:22 . 2014-01-25 01:22 524800 ----a-w- c:\windows\system32\igfxrtrk.lrc
2014-01-25 01:22 . 2014-01-25 01:22 523776 ----a-w- c:\windows\system32\igfxrtha.lrc
2014-01-25 01:22 . 2014-01-25 01:22 391128 ----a-w- c:\windows\system32\igfxtray.exe
2014-01-25 01:22 . 2014-01-25 01:22 346624 ----a-w- c:\windows\system32\igfxTMM.dll
2014-01-25 01:22 . 2013-10-28 13:06 66560 ----a-w- c:\windows\system32\igfxsrvc.dll
2014-01-25 01:22 . 2014-01-25 01:22 527360 ----a-w- c:\windows\system32\igfxrplk.lrc
2014-01-25 01:22 . 2014-01-25 01:22 527360 ----a-w- c:\windows\system32\igfxrfra.lrc
2014-01-25 01:22 . 2014-01-25 01:22 526336 ----a-w- c:\windows\system32\igfxrnld.lrc
2014-01-25 01:22 . 2014-01-25 01:22 526336 ----a-w- c:\windows\system32\igfxrita.lrc
2014-01-25 01:22 . 2014-01-25 01:22 525824 ----a-w- c:\windows\system32\igfxrhun.lrc
2014-01-25 01:22 . 2014-01-25 01:22 525824 ----a-w- c:\windows\system32\igfxrhrv.lrc
2014-01-25 01:22 . 2014-01-25 01:22 525312 ----a-w- c:\windows\system32\igfxrfin.lrc
2014-01-25 01:22 . 2014-01-25 01:22 524800 ----a-w- c:\windows\system32\igfxrptb.lrc
2014-01-25 01:22 . 2014-01-25 01:22 524288 ----a-w- c:\windows\system32\igfxrnor.lrc
2014-01-25 01:22 . 2014-01-25 01:22 522240 ----a-w- c:\windows\system32\igfxrheb.lrc
2014-01-25 01:22 . 2014-01-25 01:22 517632 ----a-w- c:\windows\system32\igfxrjpn.lrc
2014-01-25 01:22 . 2014-01-25 01:22 516096 ----a-w- c:\windows\system32\igfxrkor.lrc
2014-01-25 01:22 . 2013-10-28 13:06 9081856 ----a-w- c:\windows\system32\igfxress.dll
2014-01-25 01:22 . 2014-01-25 01:22 770520 ----a-w- c:\windows\system32\igfxpers.exe
2014-01-25 01:22 . 2014-01-25 01:22 527872 ----a-w- c:\windows\system32\igfxrell.lrc
2014-01-25 01:22 . 2014-01-25 01:22 527360 ----a-w- c:\windows\system32\igfxresn.lrc
2014-01-25 01:22 . 2014-01-25 01:22 526848 ----a-w- c:\windows\system32\igfxrdeu.lrc
2014-01-25 01:22 . 2014-01-25 01:22 525824 ----a-w- c:\windows\system32\igfxrcsy.lrc
2014-01-25 01:22 . 2014-01-25 01:22 524288 ----a-w- c:\windows\system32\igfxrdan.lrc
2014-01-25 01:22 . 2014-01-25 01:22 521728 ----a-w- c:\windows\system32\igfxrara.lrc
2014-01-25 01:22 . 2014-01-25 01:22 514048 ----a-w- c:\windows\system32\igfxrcht.lrc
2014-01-25 01:22 . 2014-01-25 01:22 513536 ----a-w- c:\windows\system32\igfxrchs.lrc
2014-01-25 01:22 . 2014-01-25 01:22 493056 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2014-01-25 01:22 . 2014-01-25 01:22 397784 ----a-w- c:\windows\system32\igfxext.exe
2014-01-25 01:22 . 2014-01-25 01:22 371200 ----a-w- c:\windows\system32\igfxrenu.lrc
2014-01-25 01:22 . 2014-01-25 01:22 29696 ----a-w- c:\windows\system32\igfxexps.dll
2014-01-25 01:22 . 2014-01-25 01:22 25600 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2014-01-25 01:22 . 2013-10-28 13:06 548864 ----a-w- c:\windows\system32\igfxpph.dll
2014-01-25 01:22 . 2014-01-25 01:22 3558912 ----a-w- c:\windows\SysWow64\igdusc32.dll
2014-01-25 01:22 . 2014-01-25 01:22 279040 ----a-w- c:\windows\system32\igfxcpl.cpl
2014-01-25 01:22 . 2014-01-25 01:22 243712 ----a-w- c:\windows\system32\igfxdo.dll
2014-01-25 01:22 . 2014-01-25 01:22 2065920 ----a-w- c:\windows\system32\igfxcmjit64.dll
2014-01-25 01:22 . 2014-01-25 01:22 1815040 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2014-01-25 01:22 . 2014-01-25 01:22 163328 ----a-w- c:\windows\system32\igfxcmrt64.dll
2014-01-25 01:22 . 2014-01-25 01:22 155136 ----a-w- c:\windows\system32\igfx11cmrt64.dll
2014-01-25 01:22 . 2014-01-25 01:22 137728 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2014-01-25 01:22 . 2014-01-25 01:22 133120 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
2014-01-25 01:22 . 2014-01-25 01:22 12288 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2014-01-25 01:22 . 2013-10-28 13:06 624640 ----a-w- c:\windows\system32\igfxdev.dll
2014-01-25 01:22 . 2013-10-28 12:49 4474368 ----a-w- c:\windows\system32\igdusc64.dll
2014-01-25 01:22 . 2014-01-25 01:22 19380224 ----a-w- c:\windows\system32\igdumdim64.dll
2014-01-25 01:22 . 2014-01-25 01:22 18629632 ----a-w- c:\windows\SysWow64\igdumdim32.dll
2014-01-25 01:22 . 2014-01-25 01:22 4221440 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2014-01-25 01:22 . 2014-01-25 01:22 373760 ----a-w- c:\windows\system32\igdmd64.dll
2014-01-25 01:22 . 2014-01-25 01:22 3224064 ----a-w- c:\windows\system32\igdrcl64.dll
2014-01-25 01:22 . 2014-01-25 01:22 299520 ----a-w- c:\windows\SysWow64\igdmd32.dll
2014-01-25 01:22 . 2014-01-25 01:22 2896384 ----a-w- c:\windows\SysWow64\igdrcl32.dll
2014-01-25 01:22 . 2014-01-25 01:22 25971712 ----a-w- c:\windows\system32\igdfcl64.dll
2014-01-25 01:22 . 2014-01-25 01:22 20954112 ----a-w- c:\windows\SysWow64\igdfcl32.dll
2014-01-25 01:22 . 2014-01-25 01:22 329216 ----a-w- c:\windows\system32\igdbcl64.dll
2014-01-25 01:22 . 2014-01-25 01:22 290816 ----a-w- c:\windows\SysWow64\igdbcl32.dll
2014-01-25 01:22 . 2014-01-25 01:22 222208 ----a-w- c:\windows\system32\igdde64.dll
2014-01-25 01:22 . 2014-01-25 01:22 182272 ----a-w- c:\windows\SysWow64\igdde32.dll
2014-01-25 01:22 . 2014-01-25 01:22 160256 ----a-w- c:\windows\system32\igdail64.dll
2014-01-25 01:22 . 2014-01-25 01:22 142848 ----a-w- c:\windows\SysWow64\igdail32.dll
2014-01-25 01:22 . 2014-01-25 01:22 20433408 ----a-w- c:\windows\SysWow64\igd10iumd32.dll
2014-01-25 01:22 . 2013-10-28 13:06 21088256 ----a-w- c:\windows\system32\igd10iumd64.dll
2014-01-25 01:22 . 2014-01-25 01:22 7885824 ----a-w- c:\windows\system32\ig7icd64.dll
2014-01-25 01:22 . 2014-01-25 01:22 6216192 ----a-w- c:\windows\SysWow64\ig7icd32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-03-12 134616]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2012-08-31 508656]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2014-02-03 2092032]
.
c:\users\---\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
quietHDD.lnk - c:\portable programme\quiethdd_v1.5-build250\quietHDD.exe [2009-1-12 61440]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-10-29 36536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GPUZ;GPUZ;c:\windows\TEMP\GPUZ.sys;c:\windows\TEMP\GPUZ.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys;c:\windows\SYSNATIVE\DRIVERS\nm3.sys [x]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys;c:\windows\SYSNATIVE\Drivers\uim_vimx64.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-12 08:22]
.
2014-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf271adaaa5c5f.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-12 08:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-05-13 13538376]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-04-24 1307720]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-25 391128]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-25 771544]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-25 770520]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\---\AppData\Roaming\Mozilla\Firefox\Profiles\bda2rjt1.default\
FF - prefs.js: browser.startup.homepage - about:superstart
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-23 23:55:23
ComboFix-quarantined-files.txt 2014-04-23 21:55
.
Vor Suchlauf: 14 Verzeichnis(se), 61.291.053.056 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 61.220.978.688 Bytes frei
.
- - End Of File - - BC9A55B769BB39F9BD1F991AAC11E784
A36C5E4F47E84449FF07ED3517B43A31
Habe ich - Viren - Trojaner - Spyware - Adware - Maleware auf dem Rechner? Über Antworten würd ich mich sehr freuen. Viele Grüße Walther Geändert von Walther (24.04.2014 um 00:43 Uhr) |
|
24.04.2014, 06:27
| #2 |
| /// the machine /// TB-Ausbilder    | Neues Problem: Bekomm Webseite www.mostshinstar.com nicht weg hi,
__________________Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
und ein frisches FRST log bitte.
__________________ |
|
25.04.2014, 10:46
| #3 |
| | Neues Problem: Bekomm Webseite www.mostshinstar.com nicht weg AdwCleaner[S2]
__________________Code:
ATTFilter # AdwCleaner v3.202 - Bericht erstellt am 24/04/2014 um 22:22:22
# Aktualisiert 23/04/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Robert - ROBERT-PC
# Gestartet von : C:\Users\---\Desktop\temp desktop workflow\antivirus - neu 24.04\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\bda2rjt1.default\prefs.js ]
*************************
AdwCleaner[R3].txt - [849 octets] - [24/04/2014 22:21:37]
AdwCleaner[S2].txt - [771 octets] - [24/04/2014 22:22:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [830 octets] ##########
mbam-log-2014-04-25 (03-41-33) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.04.23.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17041 --- :: --- -PC [Administrator] 25.04.2014 03:41:33 mbam-log-2014-04-25 (03-41-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 364490 Laufzeit: 28 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) p.s. wie erkennst Du anhand der TXT-Logfiles ob ich Trojaner oder Rootkits oder maleware drauf habe? Was, wenn die besagten Suchprogramme diese Dinger garnicht finden, erkennen können? Viele Grüße p.s. ESET hatt das gefunden: 24.04.2014 21:49:57 Echtzeit-Dateischutz Datei C:\Users\---\AppData\Local\Temp\*.exe -- Variante von Generik.HHFNAZV Trojaner Gesäubert durch Löschen - in Quarantäne kopiert --- -PC\--- Ereignis beim Erstellen einer neuen Datei durch die Anwendung: D:\programm\app.exe p.p.s. Meine Quarantäne sieht mom so aus:  Hab sie heute aber geleert. Geändert von Walther (25.04.2014 um 10:55 Uhr) |
|
25.04.2014, 21:41
| #4 |
| | Neues Problem: Bekomm Webseite www.mostshinstar.com nicht weg p.s. Es giebt keine Funktion/keinen Reiter "Erkennung und Schutz". Hab das gesamte Anti-Maleware-Programm durchgesucht, es gibt leider keine Funktion, um ein "Haken bei "Suche nach Rootkits"" zu setzen..  Viele Grüße |
|
26.04.2014, 15:52
| #5 |
| /// the machine /// TB-Ausbilder | Neues Problem: Bekomm Webseite www.mostshinstar.com nicht weg Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Scanne nochmal mit ESET.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.04.2014, 21:54
| #6 |
| | Neues Problem: Bekomm Webseite www.mostshinstar.com nicht weg Hallo schrauber, ich hab doch *alle* Logs, die Du von mir gefordert hast, gepostet, IM Code-Tag! Das mit dem TFC mach ich gleich. Viele Grüße |
|
28.04.2014, 09:11
| #7 |
| /// the machine /// TB-Ausbilder | Neues Problem: Bekomm Webseite www.mostshinstar.com nicht weg Ok, ich warte dann auf das Ergebnis.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Neues Problem: Bekomm Webseite www.mostshinstar.com nicht weg |
| defender, desktop, downloader, firefox, iexplore.exe, installation, internet, internet explorer, maleware, monitor, mozilla, newtab, problem, realtek, registry, security, services.exe, svchost.exe, system, tcp, temp, trojaner, updates, usb, virus, windows |
Linear-Darstellung
