| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win7 32, trojan.buzus, -bin unsicher ob kompomittiert oder nicht-Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.05.2014, 09:48
| #1 |
| |  Win7 32, trojan.buzus, -bin unsicher ob kompomittiert oder nicht- Hallo Liebe Leute, Bei meinem Laptop wundert mich schon lange, das der Lüfter eigentlich fast immer derbe läuft, und viele einfache Prozesse (z.B.Ordner öffnen) zu lange brauchen, deßhalb suche ich schon lange erfolglos nach Problemen. Und der Taskmanager zeigt auch stets eine für mich normale Auslastung. Ich entdeckte eine neue Software von Winzip/trojaner, die ich installierte, und diese meldete mir den trojan.buzus in hkey_local_mashine/software...winlogon/taskman. Ab dieser Meldung stellte sich heraus, das ich für Winzip/Trojaner bei weiteren Aktionen zahlen muss.... Ich zahle seit 6 Jahren für gute Sicherheitssoftware, seit 1 Jahr ist es Bitdefender Antivirus Plus 2013. Nach der Winzip-Meldung ließ ich eine neue (Test-)Vollversion von Malewarebytes durchlaufen, ohne jede Beanstandung. Auch mein Bidefender findet mehrfach nichts. Ich bin verunsichert. Womit kann ich den Rechner (z.B. den RegistrySchlüssel) noch checken? Früher gab es mal Programme, die vor dem Booten scannten. Danke und Grüße Tampopo |
|
15.05.2014, 11:04
| #2 |
| /// the machine /// TB-Ausbilder    |  Win7 32, trojan.buzus, -bin unsicher ob kompomittiert oder nicht- hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
15.05.2014, 21:58
| #3 |
| | Win7 32, trojan.buzus, -bin unsicher ob kompomittiert oder nicht- Ich hab alles am Rechner so laufen lassen wie immer, auch den Bitdefender.
__________________Dies hier ist mein Konto (ausge-ixxt): "Fr*xxxxx*in" FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014 Ran by Fr*xxxxx*in (administrator) on Fr*xxxxx*in-PC on 15-05-2014 22:43:24 Running from C:\Users\Fr*xxxxx*in\Desktop Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe (Fujitsu Technology Solutions) C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe () C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1618488 2013-10-24] (Bitdefender) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation) HKU\S-1-5-21-2714564342-2494604164-2325831807-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub- 7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub- 7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub- 7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub- 7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.) Winsock: Catalog9 01 C:\Windows\system32\RSLSP.dll [380928] (Ratajik Software) Winsock: Catalog9 02 C:\Windows\system32\RSLSP.dll [380928] (Ratajik Software) Winsock: Catalog9 03 C:\Windows\system32\RSLSP.dll [380928] (Ratajik Software) Winsock: Catalog9 04 C:\Windows\system32\RSLSP.dll [380928] (Ratajik Software) Winsock: Catalog9 16 C:\Windows\system32\RSLSP.dll [380928] (Ratajik Software) FireFox: ======== FF ProfilePath: C:\Users\Fr*xxxxx*in\AppData\Roaming\Mozilla\Firefox\Profiles\45iq9lhy.default FF DefaultSearchEngine: Wikipedia (de) FF SelectedSearchEngine: Wikipedia (de) FF Homepage: hxxp://www.google.de FF Keyword.URL: hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Unblock YouTube - C:\Users\Fr*xxxxx*in\AppData\Roaming\Mozilla\Firefox\Profiles\45iq9lhy.default\Extensions\ich@maltegoetz.de [2013-12-12] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10] ========================== Services (Whitelisted) ================= S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2013-08-03] () R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [249344 2010-06-23] (FUJITSU LIMITED) S4 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [62824 2009-07-27] (FUJITSU LIMITED) R2 TestHandler; C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [54960 2013-10-24] (Bitdefender) S4 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [111536 2009-12-24] (CSR, plc) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1343472 2013-10-24] (Bitdefender) R2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62760 2008-10-09] () ==================== Drivers (Whitelisted) ==================== S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2013-04-18] (Google Inc) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2013-04-18] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2013-06-28] (LG Electronics Inc.) S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [74240 2013-04-23] (LG Electronics Inc.) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [640560 2013-10-24] (BitDefender) R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [490144 2013-10-24] (BitDefender) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC) S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-10-24] (BitDefender SRL) R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys [135600 2013-10-24] (BitDefender LLC) R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [28048 2009-12-24] (CSR, plc) R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [5888 2006-11-01] (FUJITSU LIMITED) R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-10-24] (BitDefender LLC) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [73432 2014-04-03] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-15] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation) S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation) S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation) S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation) S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation) S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation) S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation) S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [360376 2013-10-24] (BitDefender S.R.L.) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-15 22:43 - 2014-05-15 22:44 - 00010985 _____ () C:\Users\Fr*xxxxx*in\Desktop\FRST.txt 2014-05-15 22:43 - 2014-05-15 22:43 - 00000000 ____D () C:\FRST 2014-05-15 22:40 - 2014-05-15 22:40 - 01056768 _____ (Farbar) C:\Users\Fr*xxxxx*in\Desktop\FRST.exe 2014-05-15 09:06 - 2014-05-15 09:06 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-05-15 09:06 - 2014-05-15 09:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-05-15 09:04 - 2014-05-15 09:04 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-05-15 09:04 - 2014-05-15 09:04 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-05-14 22:42 - 2014-05-14 23:31 - 00000000 ____D () C:\Users\Fr*xxxxx*in\Desktop\PAN 2014-05-14 20:09 - 2014-05-14 20:09 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-05-14 20:05 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-14 20:05 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-14 20:05 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 20:02 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 20:02 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 20:02 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 20:02 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 20:02 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 20:02 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 20:02 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 20:02 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-05-14 20:02 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 20:02 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 20:02 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 20:02 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 20:02 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 20:02 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 20:02 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 20:02 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 20:02 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 20:02 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 20:02 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 20:02 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 20:02 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 20:02 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 20:02 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 20:02 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-14 20:01 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 20:01 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 19:59 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-10 23:08 - 2014-05-10 23:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-10 20:33 - 2014-05-10 20:35 - 00000000 ____D () C:\Users\Fr*xxxxx*in\Desktop\PHONE2G 2014-05-09 21:54 - 2014-05-09 21:54 - 00000000 ____D () C:\Program Files\InfraRecorder 2014-05-09 11:29 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-05-05 23:02 - 2014-05-15 09:21 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-05 23:02 - 2014-05-05 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-05 23:02 - 2014-05-05 23:02 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-05 23:02 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-05 23:02 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-05 23:02 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-05 22:05 - 2014-05-09 11:31 - 00000000 ____D () C:\Users\Fr*xxxxx*in\AppData\Roaming\Nico Mak Computing 2014-05-05 22:04 - 2014-05-05 22:04 - 00000000 ____D () C:\Windows\system32\XPSViewer 2014-05-05 22:04 - 2014-05-05 22:04 - 00000000 ____D () C:\Program Files\Reference Assemblies 2014-05-05 22:04 - 2014-05-05 22:04 - 00000000 ____D () C:\Program Files\MSBuild 2014-05-05 22:03 - 2014-05-05 22:05 - 00131072 _____ () C:\Windows\ocsetup_install_NetFx3.etl 2014-05-05 22:03 - 2014-05-05 22:05 - 00028648 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.txt 2014-04-24 10:09 - 2014-05-15 00:09 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-04-22 16:01 - 2014-04-22 16:01 - 00131072 _____ () C:\Windows\Minidump\042214-35459-01.dmp 2014-04-20 13:54 - 2013-06-28 11:44 - 00027776 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetmodem.sys 2014-04-20 13:54 - 2013-04-23 16:28 - 00074240 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetndis.sys 2014-04-20 13:54 - 2013-04-18 16:11 - 00025856 _____ (Google Inc) C:\Windows\system32\Drivers\lgandnetadb.sys 2014-04-20 13:54 - 2013-04-18 16:09 - 00023168 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetdiag.sys 2014-04-20 13:02 - 2014-04-20 13:02 - 00135216 _____ () C:\Windows\Minidump\042014-28142-01.dmp 2014-04-20 02:14 - 2014-04-20 02:14 - 00135216 _____ () C:\Windows\Minidump\042014-29421-01.dmp 2014-04-20 01:30 - 2014-04-20 01:30 - 00131072 _____ () C:\Windows\Minidump\042014-31605-01.dmp 2014-04-20 01:10 - 2014-04-20 01:10 - 00135216 _____ () C:\Windows\Minidump\042014-31012-01.dmp 2014-04-19 20:26 - 2014-04-19 20:26 - 00000000 ____D () C:\Users\Fr*xxxxx*in\.android 2014-04-19 20:25 - 2014-05-10 21:09 - 00000000 ____D () C:\Users\Fr*xxxxx*in\AppData\Roaming\MyPhoneExplorer 2014-04-19 20:25 - 2014-04-19 20:25 - 00001979 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk 2014-04-19 20:25 - 2014-04-19 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer 2014-04-19 20:25 - 2014-04-19 20:25 - 00000000 ____D () C:\Program Files\MyPhoneExplorer 2014-04-19 16:10 - 2014-05-09 11:26 - 00000000 ____D () C:\Users\Fr*xxxxx*in\Desktop\TRAFFIK 2014-04-18 03:50 - 2014-04-18 04:02 - 00000000 ____D () C:\ADB 2014-04-16 20:55 - 2014-05-15 09:04 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-04-16 20:55 - 2014-05-15 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-16 20:54 - 2014-04-16 20:55 - 00004281 _____ () C:\Windows\system32\jupdate-1.7.0_55-b13.log 2014-04-15 13:29 - 2014-04-15 13:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf 2014-04-15 13:05 - 2014-04-22 15:53 - 00000000 ____D () C:\LGMobileUpgrade 2014-04-15 12:56 - 2011-07-18 15:01 - 01419232 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01005.dll 2014-04-15 12:19 - 2014-04-20 13:54 - 00000000 ____D () C:\Program Files\LG Electronics 2014-04-15 12:07 - 2014-04-15 12:07 - 00261890 _____ () C:\Windows\msxml4-KB2758694-enu.LOG 2014-04-15 02:38 - 2014-04-15 13:40 - 00000000 ____D () C:\LGE610 2014-04-15 02:33 - 2014-04-22 15:56 - 00002411 _____ () C:\Windows\system32\lgAxconfig.ini 2014-04-15 02:33 - 2014-04-22 15:55 - 00000831 _____ () C:\Users\Fr*xxxxx*in\Desktop\LGMobile Support Tool.lnk 2014-04-15 02:33 - 2014-04-15 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool 2014-04-15 02:33 - 2011-05-06 10:37 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\msvcr90.dll 2014-04-15 02:33 - 2011-05-06 10:37 - 00568832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp90.dll 2014-04-15 02:33 - 2011-05-06 10:37 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\msvcm90.dll 2014-04-15 02:33 - 2006-04-30 05:33 - 00053248 _____ () C:\Windows\system32\CommonDL.dll 2014-04-15 02:33 - 2005-09-29 22:39 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\msxml4a.dll 2014-04-15 02:32 - 2014-04-22 16:31 - 00000000 ____D () C:\ProgramData\LGMOBILEAX ==================== One Month Modified Files and Folders ======= 2014-05-15 22:44 - 2014-05-15 22:43 - 00010985 _____ () C:\Users\Fr*xxxxx*in\Desktop\FRST.txt 2014-05-15 22:43 - 2014-05-15 22:43 - 00000000 ____D () C:\FRST 2014-05-15 22:40 - 2014-05-15 22:40 - 01056768 _____ (Farbar) C:\Users\Fr*xxxxx*in\Desktop\FRST.exe 2014-05-15 22:38 - 2011-07-24 06:52 - 01779072 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-15 22:34 - 2013-03-09 22:00 - 01453493 _____ () C:\Windows\WindowsUpdate.log 2014-05-15 22:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing 2014-05-15 09:23 - 2009-07-14 06:34 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-15 09:23 - 2009-07-14 06:34 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-15 09:21 - 2014-05-05 23:02 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-15 09:17 - 2011-10-20 02:33 - 00000441 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-05-15 09:16 - 2013-10-12 00:05 - 00059616 _____ () C:\Windows\setupact.log 2014-05-15 09:16 - 2012-02-22 22:44 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-05-15 09:16 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-15 09:12 - 2013-06-09 14:52 - 00253404 ____H () C:\bdr-ld01 2014-05-15 09:12 - 2013-06-09 14:52 - 00009216 ____H () C:\bdr-ld01.mbr 2014-05-15 09:12 - 2013-06-09 14:45 - 00000309 ____H () C:\bdr-cf01 2014-05-15 09:06 - 2014-05-15 09:06 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-05-15 09:06 - 2013-09-14 21:45 - 00000000 ____D () C:\ProgramData\Oracle 2014-05-15 09:04 - 2014-05-15 09:06 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-05-15 09:04 - 2014-05-15 09:04 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-05-15 09:04 - 2014-05-15 09:04 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-05-15 09:04 - 2014-04-16 20:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-05-15 09:04 - 2014-04-16 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-15 09:04 - 2012-06-27 11:52 - 00000000 ____D () C:\Program Files\Java 2014-05-15 08:59 - 2012-04-13 08:17 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-05-15 08:59 - 2011-07-24 07:26 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-05-15 07:54 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-05-15 07:48 - 2013-10-23 09:36 - 00068060 _____ () C:\Windows\PFRO.log 2014-05-15 07:48 - 2012-05-03 08:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-15 00:09 - 2014-04-24 10:09 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 00:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-05-14 23:31 - 2014-05-14 22:42 - 00000000 ____D () C:\Users\Fr*xxxxx*in\Desktop\PAN 2014-05-14 21:39 - 2011-08-04 10:38 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-05-14 21:39 - 2011-08-04 10:38 - 00000000 ____D () C:\Program Files\Adobe 2014-05-14 21:39 - 2011-07-24 07:51 - 00000000 ____D () C:\ProgramData\Adobe 2014-05-14 20:12 - 2013-07-11 10:54 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-14 20:09 - 2014-05-14 20:09 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-05-14 20:09 - 2011-07-24 08:03 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-14 20:09 - 2011-07-24 07:21 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-14 10:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-05-12 09:44 - 2011-07-25 14:31 - 00000000 ____D () C:\Users\Fr*xxxxx*in\AppData\Roaming\foobar2000 2014-05-10 23:08 - 2014-05-10 23:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-10 21:09 - 2014-04-19 20:25 - 00000000 ____D () C:\Users\Fr*xxxxx*in\AppData\Roaming\MyPhoneExplorer 2014-05-10 20:35 - 2014-05-10 20:33 - 00000000 ____D () C:\Users\Fr*xxxxx*in\Desktop\PHONE2G 2014-05-09 21:54 - 2014-05-09 21:54 - 00000000 ____D () C:\Program Files\InfraRecorder 2014-05-09 11:43 - 2013-11-25 23:26 - 00000000 ____D () C:\ProgramData\Skype 2014-05-09 11:31 - 2014-05-05 22:05 - 00000000 ____D () C:\Users\Fr*xxxxx*in\AppData\Roaming\Nico Mak Computing 2014-05-09 11:26 - 2014-04-19 16:10 - 00000000 ____D () C:\Users\Fr*xxxxx*in\Desktop\TRAFFIK 2014-05-09 09:06 - 2014-05-14 20:01 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 09:04 - 2014-05-14 20:01 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-06 01:32 - 2014-05-14 20:05 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 01:14 - 2014-05-14 20:05 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 01:14 - 2014-05-14 20:05 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-05 23:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Globalization 2014-05-05 23:02 - 2014-05-05 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-05 23:02 - 2014-05-05 23:02 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-05 23:02 - 2011-10-23 13:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-05 22:05 - 2014-05-05 22:03 - 00131072 _____ () C:\Windows\ocsetup_install_NetFx3.etl 2014-05-05 22:05 - 2014-05-05 22:03 - 00028648 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.txt 2014-05-05 22:04 - 2014-05-05 22:04 - 00000000 ____D () C:\Windows\system32\XPSViewer 2014-05-05 22:04 - 2014-05-05 22:04 - 00000000 ____D () C:\Program Files\Reference Assemblies 2014-05-05 22:04 - 2014-05-05 22:04 - 00000000 ____D () C:\Program Files\MSBuild 2014-05-03 01:21 - 2011-09-14 21:00 - 00000000 ____D () C:\Program Files\JDownloader 2014-05-02 10:14 - 2011-07-24 12:58 - 00000000 ____D () C:\Users\Fr*xxxxx*in\AppData\Local\Adobe 2014-04-30 12:23 - 2011-07-24 07:27 - 00000000 ____D () C:\Users\Fr*xxxxx*in\AppData\Roaming\Adobe 2014-04-27 21:42 - 2013-10-23 10:08 - 00000000 ____D () C:\Users\Fr*xxxxx*in\AppData\Roaming\vlc 2014-04-27 20:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-04-22 16:31 - 2014-04-15 02:32 - 00000000 ____D () C:\ProgramData\LGMOBILEAX 2014-04-22 16:22 - 2011-07-25 11:59 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-04-22 16:01 - 2014-04-22 16:01 - 00131072 _____ () C:\Windows\Minidump\042214-35459-01.dmp 2014-04-22 16:01 - 2012-10-19 11:57 - 00000000 ____D () C:\Windows\Minidump 2014-04-22 15:56 - 2014-04-15 02:33 - 00002411 _____ () C:\Windows\system32\lgAxconfig.ini 2014-04-22 15:55 - 2014-04-15 02:33 - 00000831 _____ () C:\Users\Fr*xxxxx*in\Desktop\LGMobile Support Tool.lnk 2014-04-22 15:53 - 2014-04-15 13:05 - 00000000 ____D () C:\LGMobileUpgrade 2014-04-20 13:54 - 2014-04-15 12:19 - 00000000 ____D () C:\Program Files\LG Electronics 2014-04-20 13:54 - 2011-07-24 07:46 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-04-20 13:02 - 2014-04-20 13:02 - 00135216 _____ () C:\Windows\Minidump\042014-28142-01.dmp 2014-04-20 11:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-04-20 02:14 - 2014-04-20 02:14 - 00135216 _____ () C:\Windows\Minidump\042014-29421-01.dmp 2014-04-20 01:30 - 2014-04-20 01:30 - 00131072 _____ () C:\Windows\Minidump\042014-31605-01.dmp 2014-04-20 01:10 - 2014-04-20 01:10 - 00135216 _____ () C:\Windows\Minidump\042014-31012-01.dmp 2014-04-19 20:28 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries 2014-04-19 20:26 - 2014-04-19 20:26 - 00000000 ____D () C:\Users\Fr*xxxxx*in\.android 2014-04-19 20:26 - 2011-07-24 06:51 - 00000000 ____D () C:\Users\Fr*xxxxx*in 2014-04-19 20:25 - 2014-04-19 20:25 - 00001979 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk 2014-04-19 20:25 - 2014-04-19 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer 2014-04-19 20:25 - 2014-04-19 20:25 - 00000000 ____D () C:\Program Files\MyPhoneExplorer 2014-04-18 04:02 - 2014-04-18 03:50 - 00000000 ____D () C:\ADB 2014-04-16 22:47 - 2014-04-12 02:01 - 00000000 ____D () C:\Users\Fr*xxxxx*in\Desktop\Vereinssteuer 2014-04-16 20:55 - 2014-04-16 20:54 - 00004281 _____ () C:\Windows\system32\jupdate-1.7.0_55-b13.log 2014-04-15 14:06 - 2014-04-15 02:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool 2014-04-15 13:40 - 2014-04-15 02:38 - 00000000 ____D () C:\LGE610 2014-04-15 13:29 - 2014-04-15 13:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf 2014-04-15 12:07 - 2014-04-15 12:07 - 00261890 _____ () C:\Windows\msxml4-KB2758694-enu.LOG 2014-04-15 04:58 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-15 02:42 - 2013-11-25 23:26 - 00000000 ____D () C:\Users\Fr*xxxxx*in\AppData\Roaming\Skype Some content of TEMP: ==================== C:\Users\Fr*xxxxx*in\AppData\Local\Temp\install_flashplayer13x32_mssd_aaa_aih.exe C:\Users\Fr*xxxxx*in\AppData\Local\Temp\install_flash_player_ax.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe [2014-05-14 20:02] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67 C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-30 00:30 ==================== End Of Log ============================ --- --- --- ADDITION.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-05-2014
Ran by Fr*xxxxx*in at 2014-05-15 22:44:49
Running from C:\Users\Fr*xxxxx*in\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Bitdefender Virenschutz (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall (Disabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
==================== Installed Programs ======================
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Bitdefender Antivirus Plus 2013 (HKLM\...\Bitdefender) (Version: 16.30.0.1843 - Bitdefender)
Bluetooth Feature Pack 5.0 (HKLM\...\{0439D13F-C7CD-458A-90DE-44135CBD40B8}) (Version: 5.0.14 - CSR Plc.)
Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CDRWIN 8 (HKLM\...\{23D4A873-14FF-474E-0001-6529DDC11226}) (Version: 8.0.10.216 - Engelmann Media GmbH)
ChargerMonitor V1.0 (HKLM\...\ChargerMonitor_is1) (Version: - )
DeskUpdate (HKLM\...\DeskUpdate_is1) (Version: 4.14.0123 - Fujitsu Technology Solutions)
foobar2000 v1.0 (HKLM\...\foobar2000) (Version: 1.0 - Peter Pawlowski)
Fujitsu Display Manager (HKLM\...\InstallShield_{2BDE2BF2-AD90-4191-B3C8-D0046CE54916}) (Version: 7.00.20.210 - Ihr Firmenname)
Fujitsu Display Manager (Version: 7.00.20.210 - Ihr Firmenname) Hidden
Fujitsu Hotkey Utility (HKLM\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM\...\InstallShield_{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}) (Version: 3.00.00.000 - Ihr Firmenname)
Fujitsu MobilityCenter Extension Utility (Version: 3.00.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.1.1.0 - FUJITSU LIMITED)
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
Google Update Helper (Version: 1.3.21.165 - Google Inc.) Hidden
InfraRecorder (HKLM\...\InfraRecorder) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2025 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 5 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (Version: 2.8.05.13 - Oracle, Inc.) Hidden
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
LifeBook Application Panel (HKLM\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.1.0.0 - FUJITSU LIMITED)
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
PDF24 Creator 5.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 5.3.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 5.3.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version: 31.00.11.013 - FUJITSU LIMITED)
Power Saving Utility (Version: 31.00.11.013 - FUJITSU LIMITED) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
StationRipper 2.98.4 (HKCU\...\StationRipper) (Version: 2.98.4 - Ratajik Software)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
SystemDiagnostics (HKLM\...\{EF59DB7F-7426-426E-B862-7031F83ED304}) (Version: 2.04.0006 - Fujitsu Technology Solutions)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: -
Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3})
(Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F})
(Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2})
(Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353})
(Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9492511E-2CE0-4904-
9400-203F44E1DC0D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: -
Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:
- Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96})
(Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: -
Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wireless Selector (HKLM\...\InstallShield_{51202133-E0F9-4314-ACA4-AACBA46A6C69}) (Version: 4.00.00.101 - FUJITSU LIMITED)
Wireless Selector (Version: 4.00.00.101 - FUJITSU LIMITED) Hidden
==================== Restore Points =========================
09-05-2014 09:29:26 Windows Update
09-05-2014 09:42:29 Removed Skype™ 6.11
14-05-2014 18:03:22 Windows Update
14-05-2014 19:36:00 Removed Adobe Reader XI (11.0.06) - Deutsch.
15-05-2014 07:03:44 Installed Java 8 Update 5
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {84D12DA0-CD95-4AD6-9B0C-736DFBE6A5F5} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {96462A51-D229-4E0D-A01D-8CAE067EBD38} - System32\Tasks\Fujitsu\DeskUpdate => C:\Program Files\Fujitsu\DeskUpdate\ducmd.exe [2013-09-02] (Fujitsu Technology
Solutions)
Task: {CEEEA338-12B5-4B70-83FD-E45F9027E853} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-26] (Google Inc.)
Task: {D52B4662-97BF-46BD-9CB1-995F05AA2AAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {D9112D72-E4E5-4FBD-BF17-13E0B333E254} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-26] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-06-09 14:45 - 2013-10-24 20:54 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
2013-06-09 14:45 - 2013-10-24 20:54 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\accessl.ui
2013-06-09 14:45 - 2013-10-24 20:54 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\IMSecurityAL.ui
2014-03-25 19:11 - 2014-03-25 19:11 - 00668840 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00030_016\ashttpbr.mdl
2014-03-25 19:11 - 2014-03-25 19:11 - 00489120 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00030_016\ashttpdsp.mdl
2014-03-25 19:11 - 2014-03-25 19:11 - 02137584 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00030_016\ashttpph.mdl
2014-03-25 19:11 - 2014-03-25 19:11 - 01124088 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00030_016\ashttprbl.mdl
2008-10-09 10:25 - 2008-10-09 10:25 - 00062760 _____ () C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
2011-07-24 07:27 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2014-05-10 23:08 - 2014-05-10 23:08 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-05-02 10:14 - 2014-05-02 10:14 - 16351920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:3EFB0FE0
AlternateDataStreams: C:\Users\Fr*xxxxx*in\Desktop\FRST.exe:BDU
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: PowerSavingUtilityService => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: VFPRadioSupportService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ConMgr => "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe"
MSCONFIG\startupreg: CSRBIP => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe
MSCONFIG\startupreg: CSRSkype => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
MSCONFIG\startupreg: DeskUpdateNotifier => "C:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"
MSCONFIG\startupreg: FDM7 => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IndicatorUtility => C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
MSCONFIG\startupreg: LoadBtnHnd => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
MSCONFIG\startupreg: LoadFUJ02E3 => C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
MSCONFIG\startupreg: LoadFujitsuQuickTouch => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
MSCONFIG\startupreg: PDFPrint => C:\Program Files\pdf24\pdf24.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PfNet => "C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe" /r
MSCONFIG\startupreg: PSUTility => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/15/2014 09:24:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.500, Zeitstempel: 0x533d8de2
Name des fehlerhaften Moduls: QtGui4.dll, Version: 4.8.4.0, Zeitstempel: 0x51353087
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00187238
ID des fehlerhaften Prozesses: 0x170
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (05/15/2014 08:02:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.500, Zeitstempel: 0x533d8de2
Name des fehlerhaften Moduls: QtGui4.dll, Version: 4.8.4.0, Zeitstempel: 0x51353087
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00187238
ID des fehlerhaften Prozesses: 0xf68
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (05/14/2014 08:05:08 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene
Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Kontext:
Anwendung, SystemIndex Katalog
Error: (05/13/2014 01:37:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm EXCEL.EXE, Version 12.0.6683.5002 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der
Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 83c
Startzeit: 01cf6e36825fe15f
Endzeit: 0
Anwendungspfad: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
Berichts-ID: 559f2424-da2e-11e3-8074-b482fe64f77d
Error: (05/10/2014 00:09:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der
Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 578
Startzeit: 01cf6bd20609e26a
Endzeit: 0
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: 919d4ff4-d7c6-11e3-8074-b482fe64f77d
Error: (05/10/2014 00:08:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.500, Zeitstempel: 0x533d8de2
Name des fehlerhaften Moduls: QtGui4.dll, Version: 4.8.4.0, Zeitstempel: 0x51353087
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00187238
ID des fehlerhaften Prozesses: 0xe5c
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (05/05/2014 11:18:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.500, Zeitstempel: 0x533d8de2
Name des fehlerhaften Moduls: QtGui4.dll, Version: 4.8.4.0, Zeitstempel: 0x51353087
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00187238
ID des fehlerhaften Prozesses: 0xd90
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (05/03/2014 00:45:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000533b1
ID des fehlerhaften Prozesses: 0x1b34
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Error: (04/26/2014 11:17:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000533af
ID des fehlerhaften Prozesses: 0x12b0
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Error: (04/24/2014 10:14:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 28.0.0.5186, Zeitstempel: 0x53240e5d
Name des fehlerhaften Moduls: NPSWF32_13_0_0_182.dll, Version: 13.0.0.182, Zeitstempel: 0x53339357
Ausnahmecode: 0x80000003
Fehleroffset: 0x0034b07d
ID des fehlerhaften Prozesses: 0xb04
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
System errors:
=============
Error: (05/15/2014 10:45:02 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (05/15/2014 10:33:27 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (05/15/2014 10:32:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.
Error: (05/15/2014 10:58:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst iphlpsvc erreicht.
Error: (05/15/2014 09:38:31 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (05/15/2014 09:38:12 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (05/15/2014 09:33:00 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (05/15/2014 09:32:45 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (05/15/2014 09:32:23 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (05/15/2014 09:32:16 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2011-07-25 22:23:18.210
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\63\f427163376_avipbb.sys" konnte nicht überprüft werden, da der Satz seitenbezogener
Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-07-25 22:23:18.210
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\63\f427163376_avipbb.sys" konnte nicht überprüft werden, da der Satz seitenbezogener
Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-07-25 22:23:18.194
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\63\f427163376_avipbb.sys" konnte nicht überprüft werden, da der Satz seitenbezogener
Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-07-25 22:23:18.194
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\63\f427163376_avipbb.sys" konnte nicht überprüft werden, da der Satz seitenbezogener
Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-07-25 22:23:18.178
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\63\f427163376_avipbb.sys" konnte nicht überprüft werden, da der Satz seitenbezogener
Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-07-25 22:23:18.163
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\63\f427163376_avipbb.sys" konnte nicht überprüft werden, da der Satz seitenbezogener
Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-07-25 22:23:18.163
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\63\f427163376_avipbb.sys" konnte nicht überprüft werden, da der Satz seitenbezogener
Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-07-25 22:23:18.163
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\63\f427163376_avipbb.sys" konnte nicht überprüft werden, da der Satz seitenbezogener
Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-07-25 22:23:18.147
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\63\f427163376_avipbb.sys" konnte nicht überprüft werden, da der Satz seitenbezogener
Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-07-25 22:23:18.147
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\63\f427163376_avipbb.sys" konnte nicht überprüft werden, da der Satz seitenbezogener
Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 63%
Total physical RAM: 1908.55 MB
Available physical RAM: 687.37 MB
Total Pagefile: 3817.11 MB
Available Pagefile: 1916.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1867.69 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:29.2 GB) (Free:2.1 GB) NTFS
Drive d: () (Fixed) (Total:203.59 GB) (Free:76.18 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 1C25CD43)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=29 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=204 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
16.05.2014, 12:52
| #4 |
| /// the machine /// TB-Ausbilder | Win7 32, trojan.buzus, -bin unsicher ob kompomittiert oder nicht- hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.05.2014, 22:43
| #5 |
| | Win7 32, trojan.buzus, -bin unsicher ob kompomittiert oder nicht- Hallo Schrauber, Combifix lief sauber durch ohne zu meckern. Bitdefender hat keinen richtigen "AUS" Button, ich habe im Menü alles einzeln "aus" geklickt, und den Rechner vom Netz getrennt. Meine Maus tut manchmal so (auch wenn die Hand nicht dran ist), als würde sie zappeln. Vielleicht ist das irgendwo zu sehen. Die gelöschte Datei kommt mir völlig unbekannt vor. Und die gesperrten Registryeintragungen find ich komisch. Bitdefenderscann´s mussten die auch immer umgehen. Kann da was sein? An "Enigma Software Group\SpyHunter" kann ich mich überhaupt garnicht erinnern, ist auch nicht in Programmen aufgeführt. Und Nokia hab ich schon über 7 Jahre nicht mehr, ebenso nix in Programmen. Hier das Log: Grüße Tampopo Code:
ATTFilter ComboFix 14-05-16.01 - XXXXXXXXXXX 16.05.2014 22:39:21.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1909.778 [GMT 2:00]
ausgeführt von:: c:\users\XXXXXXXXXXX\Desktop\ComboFix.exe
AV: Bitdefender Virenschutz *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Bitdefender Spyware-Schutz *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1370781603.bdinstall.bin
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-16 bis 2014-05-16 ))))))))))))))))))))))))))))))
.
.
2014-05-16 20:47 . 2014-05-16 20:48 -------- d-----w- c:\users\XXXXXXXXXXX\AppData\Local\temp
2014-05-16 20:47 . 2014-05-16 20:47 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2014-05-16 20:47 . 2014-05-16 20:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-15 20:43 . 2014-05-15 20:45 -------- d-----w- C:\FRST
2014-05-15 07:06 . 2014-05-15 07:06 -------- d-----w- c:\program files\Common Files\Java
2014-05-14 18:05 . 2014-05-05 23:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-14 18:01 . 2014-05-09 07:06 369664 ----a-w- c:\windows\system32\aepdu.dll
2014-05-14 18:01 . 2014-05-09 07:04 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-05-13 09:54 . 2014-05-13 09:54 -------- d-----w- c:\users\XXXXXXXXXXX\AppData\Local\ElevatedDiagnostics
2014-05-09 19:54 . 2014-05-09 19:54 -------- d-----w- c:\program files\InfraRecorder
2014-05-09 09:29 . 2013-07-20 10:33 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-05-05 21:02 . 2014-05-15 07:21 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-05 21:02 . 2014-05-05 21:02 -------- d-----w- c:\program files\ Malwarebytes Anti-Malware
2014-05-05 21:02 . 2014-04-03 07:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-05 21:02 . 2014-04-03 07:51 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-05 21:02 . 2014-04-03 07:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-05 20:05 . 2014-05-09 09:31 -------- d-----w- c:\users\XXXXXXXXXXX\AppData\Roaming\Nico Mak Computing
2014-05-05 20:04 . 2014-05-05 20:04 -------- d-----w- c:\windows\system32\XPSViewer
2014-05-05 20:04 . 2014-05-05 20:04 -------- d-----w- c:\program files\Reference Assemblies
2014-05-05 20:04 . 2014-05-05 20:04 -------- d-----w- c:\program files\MSBuild
2014-04-24 08:09 . 2014-05-14 22:09 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-20 11:54 . 2013-04-23 14:28 74240 ----a-w- c:\windows\system32\drivers\lgandnetndis.sys
2014-04-20 11:54 . 2013-06-28 09:44 27776 ----a-w- c:\windows\system32\drivers\lgandnetmodem.sys
2014-04-20 11:54 . 2013-04-18 14:11 25856 ----a-w- c:\windows\system32\drivers\lgandnetadb.sys
2014-04-20 11:54 . 2013-04-18 14:09 23168 ----a-w- c:\windows\system32\drivers\lgandnetdiag.sys
2014-04-19 18:26 . 2014-04-19 18:26 -------- d-----w- c:\users\XXXXXXXXXXX\.android
2014-04-19 18:25 . 2014-05-10 19:09 -------- d-----w- c:\users\XXXXXXXXXXX\AppData\Roaming\MyPhoneExplorer
2014-04-19 18:25 . 2014-04-19 18:25 -------- d-----w- c:\program files\MyPhoneExplorer
2014-04-18 01:50 . 2014-04-18 02:02 -------- d-----w- C:\ADB
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 07:04 . 2014-04-16 18:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-05-15 06:59 . 2012-04-13 06:17 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-15 06:59 . 2011-07-24 05:26 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-07 23:12 . 2014-04-11 23:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-03-07 23:02 . 2014-04-11 23:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-07 23:02 . 2014-04-11 23:50 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-03-07 22:57 . 2014-04-11 23:50 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-07 22:56 . 2014-04-11 23:50 421376 ----a-w- c:\windows\system32\vbscript.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-10-24 1618488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-03-17 224128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConMgr]
2009-12-24 10:21 504208 ----a-w- c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CSRBIP]
2009-12-24 10:21 306088 ----a-w- c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CSRSkype]
2009-12-24 10:21 346512 ----a-w- c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskUpdateNotifier]
2013-09-02 09:38 101728 ----a-w- c:\program files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FDM7]
2009-11-26 07:35 128360 ----a-w- c:\program files\Fujitsu\FDM7\FdmDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2012-01-10 21:44 177432 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2012-01-10 21:44 142616 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndicatorUtility]
2009-10-09 19:06 47976 ----a-w- c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadBtnHnd]
2009-10-15 16:59 33640 ----a-w- c:\program files\Fujitsu\Application Panel\BtnHnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadFUJ02E3]
2009-10-14 07:47 36712 ----a-w- c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadFujitsuQuickTouch]
2009-10-15 16:59 138088 ----a-w- c:\program files\Fujitsu\Application Panel\QuickTouch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2013-07-22 09:09 162856 ----a-w- c:\program files\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2012-01-10 21:44 177944 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PfNet]
2010-06-23 15:14 6311424 ----a-w- c:\program files\Fujitsu\Plugfree NETWORK\PfNet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSUTility]
2009-07-27 16:50 144744 ----a-w- c:\program files\Fujitsu\PSUtility\TrayManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-10-28 16:55 7862816 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 MBAMService;MBAMService;c:\program files\ Malwarebytes Anti-Malware \mbamservice.exe [2014-04-03 857912]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys [2013-04-18 25856]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys [2013-04-18 23168]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys [2013-06-28 27776]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis.sys [2013-04-23 74240]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2013-10-24 490144]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-10-24 66832]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-08-17 8576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 165888]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R4 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2009-07-27 62824]
R4 VFPRadioSupportService;Unterstützung für Bluetooth-Funktionen;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-12-24 111536]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2013-10-24 640560]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2013-10-24 165744]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 90704]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-04-03 73432]
S2 MBAMScheduler;MBAMScheduler;c:\program files\ Malwarebytes Anti-Malware \mbamscheduler.exe [2014-04-03 1809720]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-06-23 249344]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-01 2314240]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2013-10-24 54960]
S2 WirelessSelectorService;WirelessSelectorService;c:\program files\Fujitsu\WirelessSelector\WSUService.exe [2008-10-09 62760]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2012-11-02 242504]
S3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-12-24 28048]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-27 209920]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-04-03 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-05-15 107736]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-04-03 51416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-26 20:43]
.
2013-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-26 20:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\RSLSP.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\XXXXXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\45iq9lhy.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-16 22:49:42
ComboFix-quarantined-files.txt 2014-05-16 20:49
.
Vor Suchlauf: 2.619.629.568 Bytes frei
Nach Suchlauf: 2.583.670.784 Bytes frei
.
- - End Of File - - 780DB632BECF9F8B1C7D9BA692D83EA6
A36C5E4F47E84449FF07ED3517B43A31
|
|
17.05.2014, 20:00
| #6 |
| /// the machine /// TB-Ausbilder | Win7 32, trojan.buzus, -bin unsicher ob kompomittiert oder nicht- Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Win7 32, trojan.buzus, -bin unsicher ob kompomittiert oder nicht- |
|
18.05.2014, 01:29
| #7 |
| | Win7 32, trojan.buzus, -bin unsicher ob kompomittiert oder nicht- Mit Vergnügen: Zuerst verursachte MBAM als es komplett fertig war einen RuntimeError (Screenshot im Anhang). Ich hatte es aber ehe die Tage mit allen Suchläufen laufen lassen, und da wurde nirgends was gefunden, wie auch heute. Zuerst MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 18.05.2014 Suchlauf-Zeit: 00:54:22 Logdatei: MBAM.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.05.17.13 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Aktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: XXXXXXXX Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 33065 Verstrichene Zeit: 7 Min, 11 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Warnen PUM: Warnen Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.208 - Bericht erstellt am 18/05/2014 um 01:06:00
# Aktualisiert 11/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : XXXXXXXXX - XXXXXXXXX-PC
# Gestartet von : C:\Users\XXXXXXXXX\Desktop\adwcleaner_3.208.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\Program Files\Common Files\Tobit
Ordner Gelöscht : C:\Users\XXXXXXXXX\AppData\Roaming\Tobit
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
***** [ Browser ] *****
-\\ Internet Explorer v0.0.0.0
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\XXXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\45iq9lhy.default\prefs.js ]
Zeile gelöscht : user_pref("keyword.URL", "hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q=");
*************************
AdwCleaner[R0].txt - [2678 octets] - [18/05/2014 01:03:41]
AdwCleaner[S0].txt - [2397 octets] - [18/05/2014 01:06:00]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2457 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by XXXXXXXXX on 18.05.2014 at 1:20:37,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\XXXXXXXXX\AppData\Roaming\mozilla\firefox\profiles\45iq9lhy.default\minidumps [99 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.05.2014 at 1:24:59,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
Ran by XXXXXXXXX (administrator) on XXXXXXXX-PC on 18-05-2014 01:26:31
Running from C:\Users\XXXXXXXXX\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(Fujitsu Technology Solutions) C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
() C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1618488 2013-10-24] (Bitdefender)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\XXXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\45iq9lhy.default
FF DefaultSearchEngine: Wikipedia (de)
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\XXXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\45iq9lhy.default\Extensions\ich@maltegoetz.de [2013-12-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10]
========================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2013-08-03] ()
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [249344 2010-06-23] (FUJITSU LIMITED)
S4 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [62824 2009-07-27] (FUJITSU LIMITED)
R2 TestHandler; C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [54960 2013-10-24] (Bitdefender)
S4 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [111536 2009-12-24] (CSR, plc)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1343472 2013-10-24] (Bitdefender)
R2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62760 2008-10-09] ()
==================== Drivers (Whitelisted) ====================
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [74240 2013-04-23] (LG Electronics Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [640560 2013-10-24] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [490144 2013-10-24] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-10-24] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys [135600 2013-10-24] (BitDefender LLC)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [28048 2009-12-24] (CSR, plc)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [5888 2006-11-01] (FUJITSU LIMITED)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-10-24] (BitDefender LLC)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [73432 2014-04-03] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [360376 2013-10-24] (BitDefender S.R.L.)
S3 catchme; \??\C:\Users\XXXXXX~1\AppData\Local\Temp\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-18 01:26 - 2014-05-18 01:26 - 00008820 _____ () C:\Users\XXXXXXXXX\Desktop\FRST.txt
2014-05-18 01:24 - 2014-05-18 01:24 - 00000769 _____ () C:\Users\XXXXXXXXX\Desktop\JRT.txt
2014-05-18 01:20 - 2014-05-18 01:20 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 01:17 - 2014-05-18 01:17 - 00002537 _____ () C:\Users\XXXXXXXXX\Desktop\AdwCleaner[S0].txt
2014-05-18 01:03 - 2014-05-18 01:06 - 00000000 ____D () C:\AdwCleaner
2014-05-18 01:00 - 2014-05-18 01:00 - 00001143 _____ () C:\Users\XXXXXXXXX\Desktop\MBAM.txt
2014-05-18 00:51 - 2014-05-18 00:51 - 00002121 _____ () C:\Users\XXXXXXXXX\Desktop\Reihenfolge.txt
2014-05-18 00:36 - 2014-05-18 00:36 - 01016261 _____ (Thisisu) C:\Users\XXXXXXXXX\Desktop\JRT.exe
2014-05-18 00:34 - 2014-05-18 00:34 - 01325827 _____ () C:\Users\XXXXXXXXX\Desktop\adwcleaner_3.208.exe
2014-05-16 22:49 - 2014-05-16 22:49 - 00016541 _____ () C:\ComboFix.txt
2014-05-16 22:37 - 2014-05-16 22:49 - 00000000 ____D () C:\Qoobox
2014-05-16 22:37 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-16 22:37 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-16 22:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-16 22:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-16 22:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-16 22:37 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-16 22:37 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-16 22:37 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-16 22:36 - 2014-05-16 22:48 - 00000000 ____D () C:\Windows\erdnt
2014-05-16 22:27 - 2014-05-16 22:27 - 05200990 ____R (Swearware) C:\Users\XXXXXXXXX\Desktop\ComboFix.exe
2014-05-15 22:43 - 2014-05-18 01:26 - 00000000 ____D () C:\FRST
2014-05-15 22:40 - 2014-05-15 22:40 - 01056768 _____ (Farbar) C:\Users\XXXXXXXXX\Desktop\FRST.exe
2014-05-15 09:06 - 2014-05-15 09:06 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-15 09:06 - 2014-05-15 09:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-15 09:04 - 2014-05-15 09:04 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-15 09:04 - 2014-05-15 09:04 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-14 22:42 - 2014-05-14 23:31 - 00000000 ____D () C:\Users\XXXXXXXXX\Desktop\PAN
2014-05-14 20:09 - 2014-05-14 20:09 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 20:05 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 20:05 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 20:05 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 20:02 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 20:02 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 20:02 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 20:02 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 20:02 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 20:02 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 20:02 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 20:02 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 20:02 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 20:02 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 20:02 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 20:02 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 20:02 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 20:02 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 20:02 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 20:02 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 20:02 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 20:02 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 20:02 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 20:02 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 20:02 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 20:02 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 20:02 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 20:02 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 20:01 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 20:01 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 19:59 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-10 23:08 - 2014-05-10 23:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-10 20:33 - 2014-05-10 20:35 - 00000000 ____D () C:\Users\XXXXXXXXX\Desktop\PHONE2G
2014-05-09 21:54 - 2014-05-09 21:54 - 00000000 ____D () C:\Program Files\InfraRecorder
2014-05-09 11:29 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-05-05 23:02 - 2014-05-18 01:16 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-05 23:02 - 2014-05-05 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-05 23:02 - 2014-05-05 23:02 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-05 23:02 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-05 23:02 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-05 23:02 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-05 22:05 - 2014-05-09 11:31 - 00000000 ____D () C:\Users\XXXXXXXXX\AppData\Roaming\Nico Mak Computing
2014-05-05 22:04 - 2014-05-05 22:04 - 00000000 ____D () C:\Windows\system32\XPSViewer
2014-05-05 22:04 - 2014-05-05 22:04 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-05-05 22:04 - 2014-05-05 22:04 - 00000000 ____D () C:\Program Files\MSBuild
2014-05-05 22:03 - 2014-05-05 22:05 - 00131072 _____ () C:\Windows\ocsetup_install_NetFx3.etl
2014-05-05 22:03 - 2014-05-05 22:05 - 00028648 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.txt
2014-04-24 10:09 - 2014-05-15 00:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-22 16:01 - 2014-04-22 16:01 - 00131072 _____ () C:\Windows\Minidump\042214-35459-01.dmp
2014-04-20 13:54 - 2013-06-28 11:44 - 00027776 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetmodem.sys
2014-04-20 13:54 - 2013-04-23 16:28 - 00074240 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetndis.sys
2014-04-20 13:54 - 2013-04-18 16:11 - 00025856 _____ (Google Inc) C:\Windows\system32\Drivers\lgandnetadb.sys
2014-04-20 13:54 - 2013-04-18 16:09 - 00023168 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetdiag.sys
2014-04-20 13:02 - 2014-04-20 13:02 - 00135216 _____ () C:\Windows\Minidump\042014-28142-01.dmp
2014-04-20 02:14 - 2014-04-20 02:14 - 00135216 _____ () C:\Windows\Minidump\042014-29421-01.dmp
2014-04-20 01:30 - 2014-04-20 01:30 - 00131072 _____ () C:\Windows\Minidump\042014-31605-01.dmp
2014-04-20 01:10 - 2014-04-20 01:10 - 00135216 _____ () C:\Windows\Minidump\042014-31012-01.dmp
2014-04-19 20:26 - 2014-04-19 20:26 - 00000000 ____D () C:\Users\XXXXXXXXX\.android
2014-04-19 20:25 - 2014-05-10 21:09 - 00000000 ____D () C:\Users\XXXXXXXXX\AppData\Roaming\MyPhoneExplorer
2014-04-19 20:25 - 2014-04-19 20:25 - 00001979 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-04-19 20:25 - 2014-04-19 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-04-19 20:25 - 2014-04-19 20:25 - 00000000 ____D () C:\Program Files\MyPhoneExplorer
2014-04-19 16:10 - 2014-05-09 11:26 - 00000000 ____D () C:\Users\XXXXXXXXX\Desktop\TRAFFIK
2014-04-18 03:50 - 2014-04-18 04:02 - 00000000 ____D () C:\ADB
==================== One Month Modified Files and Folders =======
2014-05-18 01:26 - 2014-05-18 01:26 - 00008820 _____ () C:\Users\XXXXXXXXX\Desktop\FRST.txt
2014-05-18 01:26 - 2014-05-15 22:43 - 00000000 ____D () C:\FRST
2014-05-18 01:24 - 2014-05-18 01:24 - 00000769 _____ () C:\Users\XXXXXXXXX\Desktop\JRT.txt
2014-05-18 01:20 - 2014-05-18 01:20 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 01:17 - 2014-05-18 01:17 - 00002537 _____ () C:\Users\XXXXXXXXX\Desktop\AdwCleaner[S0].txt
2014-05-18 01:17 - 2009-07-14 06:34 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-18 01:17 - 2009-07-14 06:34 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 01:16 - 2014-05-05 23:02 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 01:16 - 2011-07-24 06:52 - 01779072 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-18 01:10 - 2013-10-12 00:05 - 00059672 _____ () C:\Windows\setupact.log
2014-05-18 01:10 - 2012-02-22 22:44 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-05-18 01:10 - 2011-10-20 02:33 - 00000442 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-05-18 01:10 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 01:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-05-18 01:09 - 2013-10-23 09:36 - 00069038 _____ () C:\Windows\PFRO.log
2014-05-18 01:07 - 2013-03-09 22:00 - 01495310 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 01:06 - 2014-05-18 01:03 - 00000000 ____D () C:\AdwCleaner
2014-05-18 01:00 - 2014-05-18 01:00 - 00001143 _____ () C:\Users\XXXXXXXXX\Desktop\MBAM.txt
2014-05-18 00:57 - 2011-07-24 07:51 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-18 00:57 - 2011-07-24 07:27 - 00000000 ____D () C:\Users\XXXXXXXXX\AppData\Roaming\Adobe
2014-05-18 00:51 - 2014-05-18 00:51 - 00002121 _____ () C:\Users\XXXXXXXXX\Desktop\Reihenfolge.txt
2014-05-18 00:36 - 2014-05-18 00:36 - 01016261 _____ (Thisisu) C:\Users\XXXXXXXXX\Desktop\JRT.exe
2014-05-18 00:34 - 2014-05-18 00:34 - 01325827 _____ () C:\Users\XXXXXXXXX\Desktop\adwcleaner_3.208.exe
2014-05-16 22:49 - 2014-05-16 22:49 - 00016541 _____ () C:\ComboFix.txt
2014-05-16 22:49 - 2014-05-16 22:37 - 00000000 ____D () C:\Qoobox
2014-05-16 22:49 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-05-16 22:49 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-05-16 22:48 - 2014-05-16 22:36 - 00000000 ____D () C:\Windows\erdnt
2014-05-16 22:48 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-05-16 22:27 - 2014-05-16 22:27 - 05200990 ____R (Swearware) C:\Users\XXXXXXXXX\Desktop\ComboFix.exe
2014-05-15 22:40 - 2014-05-15 22:40 - 01056768 _____ (Farbar) C:\Users\XXXXXXXXX\Desktop\FRST.exe
2014-05-15 09:12 - 2013-06-09 14:52 - 00253404 ____H () C:\bdr-ld01
2014-05-15 09:12 - 2013-06-09 14:52 - 00009216 ____H () C:\bdr-ld01.mbr
2014-05-15 09:12 - 2013-06-09 14:45 - 00000309 ____H () C:\bdr-cf01
2014-05-15 09:06 - 2014-05-15 09:06 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-15 09:06 - 2013-09-14 21:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-15 09:04 - 2014-05-15 09:06 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-15 09:04 - 2014-05-15 09:04 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-15 09:04 - 2014-05-15 09:04 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-15 09:04 - 2014-04-16 20:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-15 09:04 - 2014-04-16 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-15 09:04 - 2012-06-27 11:52 - 00000000 ____D () C:\Program Files\Java
2014-05-15 08:59 - 2012-04-13 08:17 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-15 08:59 - 2011-07-24 07:26 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-15 07:54 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 07:48 - 2012-05-03 08:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-15 00:09 - 2014-04-24 10:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 00:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 23:31 - 2014-05-14 22:42 - 00000000 ____D () C:\Users\XXXXXXXXX\Desktop\PAN
2014-05-14 21:39 - 2011-08-04 10:38 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-14 21:39 - 2011-08-04 10:38 - 00000000 ____D () C:\Program Files\Adobe
2014-05-14 20:12 - 2013-07-11 10:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 20:09 - 2014-05-14 20:09 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 20:09 - 2011-07-24 08:03 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 20:09 - 2011-07-24 07:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 10:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-12 09:44 - 2011-07-25 14:31 - 00000000 ____D () C:\Users\XXXXXXXXX\AppData\Roaming\foobar2000
2014-05-10 23:08 - 2014-05-10 23:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-10 21:09 - 2014-04-19 20:25 - 00000000 ____D () C:\Users\XXXXXXXXX\AppData\Roaming\MyPhoneExplorer
2014-05-10 20:35 - 2014-05-10 20:33 - 00000000 ____D () C:\Users\XXXXXXXXX\Desktop\PHONE2G
2014-05-09 21:54 - 2014-05-09 21:54 - 00000000 ____D () C:\Program Files\InfraRecorder
2014-05-09 11:43 - 2013-11-25 23:26 - 00000000 ____D () C:\ProgramData\Skype
2014-05-09 11:31 - 2014-05-05 22:05 - 00000000 ____D () C:\Users\XXXXXXXXX\AppData\Roaming\Nico Mak Computing
2014-05-09 11:26 - 2014-04-19 16:10 - 00000000 ____D () C:\Users\XXXXXXXXX\Desktop\TRAFFIK
2014-05-09 09:06 - 2014-05-14 20:01 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 20:01 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 01:32 - 2014-05-14 20:05 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 01:14 - 2014-05-14 20:05 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 01:14 - 2014-05-14 20:05 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 23:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Globalization
2014-05-05 23:02 - 2014-05-05 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-05 23:02 - 2014-05-05 23:02 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-05 23:02 - 2011-10-23 13:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-05 22:05 - 2014-05-05 22:03 - 00131072 _____ () C:\Windows\ocsetup_install_NetFx3.etl
2014-05-05 22:05 - 2014-05-05 22:03 - 00028648 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.txt
2014-05-05 22:04 - 2014-05-05 22:04 - 00000000 ____D () C:\Windows\system32\XPSViewer
2014-05-05 22:04 - 2014-05-05 22:04 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-05-05 22:04 - 2014-05-05 22:04 - 00000000 ____D () C:\Program Files\MSBuild
2014-05-03 01:21 - 2011-09-14 21:00 - 00000000 ____D () C:\Program Files\JDownloader
2014-05-02 10:14 - 2011-07-24 12:58 - 00000000 ____D () C:\Users\XXXXXXXXX\AppData\Local\Adobe
2014-04-27 21:42 - 2013-10-23 10:08 - 00000000 ____D () C:\Users\XXXXXXXXX\AppData\Roaming\vlc
2014-04-27 20:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-22 16:31 - 2014-04-15 02:32 - 00000000 ____D () C:\ProgramData\LGMOBILEAX
2014-04-22 16:22 - 2011-07-25 11:59 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-04-22 16:01 - 2014-04-22 16:01 - 00131072 _____ () C:\Windows\Minidump\042214-35459-01.dmp
2014-04-22 16:01 - 2012-10-19 11:57 - 00000000 ____D () C:\Windows\Minidump
2014-04-22 15:56 - 2014-04-15 02:33 - 00002411 _____ () C:\Windows\system32\lgAxconfig.ini
2014-04-22 15:55 - 2014-04-15 02:33 - 00000831 _____ () C:\Users\XXXXXXXXX\Desktop\LGMobile Support Tool.lnk
2014-04-22 15:53 - 2014-04-15 13:05 - 00000000 ____D () C:\LGMobileUpgrade
2014-04-20 13:54 - 2014-04-15 12:19 - 00000000 ____D () C:\Program Files\LG Electronics
2014-04-20 13:54 - 2011-07-24 07:46 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-04-20 13:02 - 2014-04-20 13:02 - 00135216 _____ () C:\Windows\Minidump\042014-28142-01.dmp
2014-04-20 11:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-04-20 02:14 - 2014-04-20 02:14 - 00135216 _____ () C:\Windows\Minidump\042014-29421-01.dmp
2014-04-20 01:30 - 2014-04-20 01:30 - 00131072 _____ () C:\Windows\Minidump\042014-31605-01.dmp
2014-04-20 01:10 - 2014-04-20 01:10 - 00135216 _____ () C:\Windows\Minidump\042014-31012-01.dmp
2014-04-19 20:28 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-19 20:26 - 2014-04-19 20:26 - 00000000 ____D () C:\Users\XXXXXXXXX\.android
2014-04-19 20:26 - 2011-07-24 06:51 - 00000000 ____D () C:\Users\XXXXXXXXX
2014-04-19 20:25 - 2014-04-19 20:25 - 00001979 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-04-19 20:25 - 2014-04-19 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-04-19 20:25 - 2014-04-19 20:25 - 00000000 ____D () C:\Program Files\MyPhoneExplorer
2014-04-18 04:02 - 2014-04-18 03:50 - 00000000 ____D () C:\ADB
Some content of TEMP:
====================
C:\Users\XXXXXXXXX\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 20:02] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-30 00:30
==================== End Of Log ============================
Eben fiehl mir ein, das ich vor ein paar Wochen permanente Bluescreens hatte, wenn ich die Handy´s per USB angeschlossen hatte. Ich hab denen Alternativbetriebssystem aufgespielt, allerdings schon von Namhaften Seiten. Dennoch ist da enormes Schadpotential.... Sorry, das ich hier meinen Namen so konsequent wegge"ixxt" habe. Aber anhand meiner Computerdaten die hier sichtbar sind, kann man schon fast die Farbe meiner Zahnbürste errechnen, und da das jetzt hier für ne kleine Ewigkeit veröffentlicht ist..... Euer Wissen und Engagement hier ist eine ganz ganz große Sache, Herzlichen Dank dafür!!! Viele Grüße Tampopo |
|
18.05.2014, 19:25
| #8 |
| /// the machine /// TB-Ausbilder | Win7 32, trojan.buzus, -bin unsicher ob kompomittiert oder nicht- Mit den Logs kann keiner was anfangen  ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.05.2014, 22:40
| #9 |
| | Win7 32, trojan.buzus, -bin unsicher ob kompomittiert oder nicht- Hallo Schrauber, ich hab den ESET Scanner schon mal durchlaufen lassen. Dann war ich aber so blöd das Ding zu deinstallieren, bevor ich die Log Datei rausgeholt habe. Dannach kam ich immer zu spät nach Hause, ich wollte nur mal Bescheid geben, die Sache läuft weiter, später  Da brauch ich Zeit, der läuft ja soo lange.Grüße Tampopo |
|
22.05.2014, 13:40
| #10 |
| /// the machine /// TB-Ausbilder | Win7 32, trojan.buzus, -bin unsicher ob kompomittiert oder nicht- ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Win7 32, trojan.buzus, -bin unsicher ob kompomittiert oder nicht- |
| antivirus, bitdefender, booten, brauche, checken, defender, entdeck, jahre, laptop, leute, lüfter, meldung, neue, probleme, programme, prozesse, rechner, scan, sicherheitssoftware, software, suche, taskmanager, win, win7, öffnen |
WARNUNG an die MITLESER: 
Linear-Darstellung
