| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Daten auf USB Stick werden nur noch als Verknüpfungen angezeigtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.05.2014, 13:22
| #1 |
| |  Windows 7: Daten auf USB Stick werden nur noch als Verknüpfungen angezeigt Hallo, hatte meinen USB Stick am Laptop einer Freundin und mir dabei wohl etwas eingefangen. Die Daten auf dem USB Stick sind noch vorhanden wenn man die Ordner über cmd oder Addressleiste öffnet. Wenn man den Stick normal öffnet werden aber nur noch Verknüpfungen angezeigt die eine 10b4084.vbs über die cmd.exe ausführen. Formatieren des Sticks bringt nichts. Es wird jedes mal automatisch ein unsichtbarer Autostart link geschrieben, der wenn man sich den code im notepad anschaut, ebenfalls die 10b4084.vbs startet. Ich habe leider nicht darauf geachtet und in der Eile eine der Verknüpfungen geöffnet. Nun hat es mein System und einen ebenfalls angeschlossenen Mp3-Player erwischt. Ich hoffe ihr könnt mir dabei weiter helfen. Da ich momentan im Ausland bin habe ich keinen Zugriff auf eine Win CD oder z.b. eine Live-DVD zu desinfektion. Defogger log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:36 on 28/05/2014 (grf)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by grf (administrator) on GRF-MOB on 28-05-2014 14:12:15
Running from C:\Users\grf\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [140872 2013-03-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295720 2013-10-25] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2013-11-29] (Lenovo.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2809072 2014-02-24] (Synaptics Incorporated)
HKLM\...\Run: [LenovoNal] => C:\Program Files\Lenovo\Lenovo Peer Connect\NalService.exe [18936 2013-10-18] (Lenovo)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-21] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3416198615-1241264046-3862756187-1000\...\Run: [10b4084] => wscript.exe //B "C:\Users\grf\AppData\Roaming\10b4084.vbs"
Startup: C:\Users\grf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\10b4084.vbs ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0E165649CB0ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\grf\AppData\Roaming\Mozilla\Firefox\Profiles\2qnzeoqx.default
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*'))%20%7B%20return%20'PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\grf\AppData\Roaming\Mozilla\Firefox\Profiles\2qnzeoqx.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\grf\AppData\Roaming\Mozilla\Firefox\Profiles\2qnzeoqx.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-01-13]
FF Extension: Popular Website Buddy - C:\Users\grf\AppData\Roaming\Mozilla\Firefox\Profiles\2qnzeoqx.default\Extensions\jid1-l6V8exwLVv1lBw@jetpack.xpi [2014-05-15]
FF Extension: Adblock Plus - C:\Users\grf\AppData\Roaming\Mozilla\Firefox\Profiles\2qnzeoqx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-13]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S4 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
S4 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197928 2013-10-25] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S4 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [20984 2013-10-18] (Lenovo)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
S4 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [67752 2012-10-25] (Robert McNeel & Associates)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
S4 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [59440 2013-12-16] (Lenovo Group Limited)
S4 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [319024 2013-12-16] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)
S4 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22872 2013-10-28] (Validity Sensors, Inc.)
S4 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [40848 2013-10-28] (Validity Sensors, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [88376 2013-03-18] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-08-08] (Motorola Solutions, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [113096 2013-08-20] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-04-15] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-04-15] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-04-15] ()
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3585504 2013-07-19] (Intel Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8243272 2013-03-21] (Realtek Semiconductor Corp.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-24] (Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-05-05] ()
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-28 14:12 - 2014-05-28 14:12 - 00017476 _____ () C:\Users\grf\Desktop\FRST.txt
2014-05-28 14:10 - 2014-05-28 14:10 - 00000468 _____ () C:\Users\grf\Desktop\defogger_disable.log
2014-05-28 14:10 - 2014-05-28 14:10 - 00000000 _____ () C:\Users\grf\defogger_reenable
2014-05-28 14:08 - 2014-05-28 14:08 - 00050477 _____ () C:\Users\grf\Desktop\Defogger.exe
2014-05-28 14:06 - 2014-05-28 14:06 - 00001135 _____ () C:\Users\grf\Desktop\ComboFix.exe - Verknüpfung.lnk
2014-05-28 14:00 - 2014-05-28 14:00 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-05-28 14:00 - 2014-05-28 14:00 - 00000000 ____D () C:\ProgramData\Panda Security
2014-05-28 14:00 - 2014-05-28 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-05-28 14:00 - 2014-05-28 14:00 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-05-27 19:52 - 2014-05-28 04:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-27 19:51 - 2014-05-28 04:07 - 00000000 ____D () C:\Users\grf\Desktop\mbar
2014-05-27 19:51 - 2014-05-27 19:51 - 00848856 _____ (Panda Security ) C:\Users\grf\Desktop\USBVaccineSetup.exe
2014-05-27 19:49 - 2014-05-27 19:51 - 12589848 _____ (Malwarebytes Corp.) C:\Users\grf\Desktop\mbar-1.07.0.1009.exe
2014-05-27 19:45 - 2014-05-27 19:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-27 19:44 - 2014-05-27 19:44 - 02347384 _____ (ESET) C:\Users\grf\Desktop\esetsmartinstaller_deu.exe
2014-05-27 19:40 - 2014-05-27 01:45 - 02066944 _____ (Farbar) C:\Users\grf\Desktop\FRST64.exe
2014-05-27 19:33 - 2014-05-27 19:33 - 00022312 _____ () C:\ComboFix.txt
2014-05-27 19:24 - 2014-05-27 19:33 - 00000000 ____D () C:\Qoobox
2014-05-27 19:24 - 2011-06-26 09:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-27 19:24 - 2010-11-07 20:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-27 19:24 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-27 19:24 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-27 19:24 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-27 19:24 - 2000-08-31 03:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-27 19:24 - 2000-08-31 03:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-27 19:24 - 2000-08-31 03:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-27 19:23 - 2014-05-27 19:32 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 19:20 - 2014-05-27 19:23 - 05203612 ____R (Swearware) C:\Users\grf\Desktop\ComboFix.exe
2014-05-27 01:46 - 2014-05-28 14:12 - 00000000 ____D () C:\FRST
2014-05-27 01:26 - 2014-05-27 19:18 - 00000000 ____D () C:\AdwCleaner
2014-05-27 01:14 - 2014-05-27 01:15 - 01327971 _____ () C:\Users\grf\Desktop\adwcleaner_3.211.exe
2014-05-27 00:53 - 2014-05-28 03:52 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-27 00:53 - 2014-05-27 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-27 00:52 - 2014-05-28 03:43 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-27 00:52 - 2014-05-27 00:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-27 00:52 - 2014-05-27 00:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 00:52 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-27 00:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-27 00:46 - 2014-05-27 00:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\grf\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-26 23:47 - 2014-01-28 18:02 - 00315461 _____ () C:\Users\grf\AppData\Roaming\10b4084.vbs
2014-05-23 15:43 - 2014-05-23 15:43 - 09101639 _____ () C:\Users\grf\Documents\Dietmar_der_Setzer.psd
2014-05-23 15:20 - 2014-05-23 15:44 - 08900620 _____ () C:\Users\grf\Documents\Codex_Manesse_149v_Wolfram_von_Eschenbach.psd
2014-05-15 08:58 - 2014-05-26 23:47 - 00000000 ___RD () C:\Users\grf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 08:58 - 2014-05-15 08:58 - 00000000 ___RD () C:\Users\grf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 08:42 - 2014-05-06 07:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 08:42 - 2014-05-06 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 08:42 - 2014-05-06 06:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 08:42 - 2014-05-06 06:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 08:42 - 2014-05-06 06:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 08:42 - 2014-05-06 05:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 00:32 - 2014-04-12 05:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 00:32 - 2014-04-12 05:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 00:32 - 2014-04-12 05:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 00:32 - 2014-04-12 05:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 00:32 - 2014-04-12 05:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 00:32 - 2014-04-12 05:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 00:32 - 2014-04-12 05:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 00:32 - 2014-04-12 05:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 00:32 - 2014-04-12 05:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 00:32 - 2014-03-04 12:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 00:32 - 2014-03-04 12:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 00:32 - 2014-03-04 12:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 00:32 - 2014-03-04 12:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 00:32 - 2014-03-04 12:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 00:32 - 2014-03-04 12:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 00:32 - 2014-03-04 12:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 00:32 - 2014-03-04 12:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 00:32 - 2014-03-04 12:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 00:32 - 2014-03-04 12:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 00:32 - 2014-03-04 12:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 00:32 - 2014-03-04 12:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 00:32 - 2014-03-04 12:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 00:30 - 2014-05-09 09:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 00:30 - 2014-05-09 09:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 00:30 - 2014-03-25 05:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 00:30 - 2014-03-25 05:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-10 02:14 - 2014-05-10 02:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 13:06 - 2014-05-09 13:06 - 00061833 _____ () C:\Users\grf\Downloads\20140505104619342.tif
2014-05-09 13:06 - 2014-05-09 13:06 - 00040926 _____ () C:\Users\grf\Downloads\20140505104458525.tif
2014-05-07 03:00 - 2014-05-15 08:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-05 15:41 - 2014-05-27 19:19 - 00000616 _____ () C:\Windows\setupact.log
2014-05-05 15:41 - 2014-05-05 15:41 - 04966072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-05 15:41 - 2014-05-05 15:41 - 00064824 _____ () C:\Users\grf\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-05 15:41 - 2014-05-05 15:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-05 15:40 - 2014-05-27 19:18 - 00014022 _____ () C:\Windows\PFRO.log
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Users\grf\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Users\grf\AppData\Roaming\Adobe Mini Bridge CS5
2014-05-03 15:56 - 2014-05-04 13:53 - 00003718 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-05-03 15:56 - 2014-05-03 15:56 - 00003476 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2014-05-03 15:55 - 2014-05-03 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-03 15:51 - 2014-05-03 15:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
==================== One Month Modified Files and Folders =======
2014-05-28 14:12 - 2014-05-28 14:12 - 00017476 _____ () C:\Users\grf\Desktop\FRST.txt
2014-05-28 14:12 - 2014-05-27 01:46 - 00000000 ____D () C:\FRST
2014-05-28 14:10 - 2014-05-28 14:10 - 00000468 _____ () C:\Users\grf\Desktop\defogger_disable.log
2014-05-28 14:10 - 2014-05-28 14:10 - 00000000 _____ () C:\Users\grf\defogger_reenable
2014-05-28 14:10 - 2014-01-11 14:28 - 00000000 ____D () C:\Users\grf
2014-05-28 14:08 - 2014-05-28 14:08 - 00050477 _____ () C:\Users\grf\Desktop\Defogger.exe
2014-05-28 14:06 - 2014-05-28 14:06 - 00001135 _____ () C:\Users\grf\Desktop\ComboFix.exe - Verknüpfung.lnk
2014-05-28 14:00 - 2014-05-28 14:00 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-05-28 14:00 - 2014-05-28 14:00 - 00000000 ____D () C:\ProgramData\Panda Security
2014-05-28 14:00 - 2014-05-28 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-05-28 14:00 - 2014-05-28 14:00 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-05-28 13:25 - 2014-01-11 18:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-28 12:41 - 2014-01-11 18:56 - 00000000 ____D () C:\Users\grf\AppData\Roaming\vlc
2014-05-28 04:34 - 2014-01-11 14:28 - 01353857 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 04:07 - 2014-05-27 19:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-28 04:07 - 2014-05-27 19:51 - 00000000 ____D () C:\Users\grf\Desktop\mbar
2014-05-28 03:52 - 2014-05-27 00:53 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 03:43 - 2014-05-27 00:52 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-27 19:51 - 2014-05-27 19:51 - 00848856 _____ (Panda Security ) C:\Users\grf\Desktop\USBVaccineSetup.exe
2014-05-27 19:51 - 2014-05-27 19:49 - 12589848 _____ (Malwarebytes Corp.) C:\Users\grf\Desktop\mbar-1.07.0.1009.exe
2014-05-27 19:45 - 2014-05-27 19:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-27 19:44 - 2014-05-27 19:44 - 02347384 _____ (ESET) C:\Users\grf\Desktop\esetsmartinstaller_deu.exe
2014-05-27 19:41 - 2011-04-12 10:43 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-05-27 19:41 - 2011-04-12 10:43 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-05-27 19:41 - 2009-07-14 08:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-27 19:33 - 2014-05-27 19:33 - 00022312 _____ () C:\ComboFix.txt
2014-05-27 19:33 - 2014-05-27 19:24 - 00000000 ____D () C:\Qoobox
2014-05-27 19:33 - 2009-07-14 06:20 - 00000000 __RHD () C:\Users\Default
2014-05-27 19:32 - 2014-05-27 19:23 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 19:31 - 2009-07-14 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-27 19:26 - 2009-07-14 07:45 - 00023056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-27 19:26 - 2009-07-14 07:45 - 00023056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-27 19:23 - 2014-05-27 19:20 - 05203612 ____R (Swearware) C:\Users\grf\Desktop\ComboFix.exe
2014-05-27 19:19 - 2014-05-05 15:41 - 00000616 _____ () C:\Windows\setupact.log
2014-05-27 19:19 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-27 19:18 - 2014-05-27 01:26 - 00000000 ____D () C:\AdwCleaner
2014-05-27 19:18 - 2014-05-05 15:40 - 00014022 _____ () C:\Windows\PFRO.log
2014-05-27 19:18 - 2014-01-12 19:40 - 05579006 _____ () C:\Users\Public\CAFADEBUG.log
2014-05-27 01:45 - 2014-05-27 19:40 - 02066944 _____ (Farbar) C:\Users\grf\Desktop\FRST64.exe
2014-05-27 01:15 - 2014-05-27 01:14 - 01327971 _____ () C:\Users\grf\Desktop\adwcleaner_3.211.exe
2014-05-27 00:55 - 2014-02-13 19:29 - 00000000 ____D () C:\Users\grf\AppData\Local\CrashDumps
2014-05-27 00:53 - 2014-05-27 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-27 00:53 - 2014-05-27 00:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-27 00:52 - 2014-05-27 00:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 00:49 - 2014-05-27 00:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\grf\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-27 00:24 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-26 23:47 - 2014-05-15 08:58 - 00000000 ___RD () C:\Users\grf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 15:44 - 2014-05-23 15:20 - 08900620 _____ () C:\Users\grf\Documents\Codex_Manesse_149v_Wolfram_von_Eschenbach.psd
2014-05-23 15:43 - 2014-05-23 15:43 - 09101639 _____ () C:\Users\grf\Documents\Dietmar_der_Setzer.psd
2014-05-20 23:09 - 2014-01-11 18:51 - 00000000 ____D () C:\Users\grf\AppData\Roaming\Azureus
2014-05-20 01:40 - 2014-01-11 19:02 - 00000000 ____D () C:\Users\grf\AppData\Roaming\Skype
2014-05-17 02:26 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 22:09 - 2014-01-19 21:20 - 00003498 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-grf-mob-grf
2014-05-15 22:09 - 2014-01-19 13:56 - 00003696 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-05-15 08:58 - 2014-05-15 08:58 - 00000000 ___RD () C:\Users\grf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 08:56 - 2014-01-11 15:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-15 08:55 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 08:55 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-15 08:42 - 2014-01-11 16:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 08:40 - 2014-01-11 16:28 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 09:25 - 2014-01-11 18:43 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 09:25 - 2014-01-11 18:43 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 09:25 - 2014-01-11 18:43 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 07:26 - 2014-05-27 00:52 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-27 00:52 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 02:14 - 2014-05-10 02:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 13:06 - 2014-05-09 13:06 - 00061833 _____ () C:\Users\grf\Downloads\20140505104619342.tif
2014-05-09 13:06 - 2014-05-09 13:06 - 00040926 _____ () C:\Users\grf\Downloads\20140505104458525.tif
2014-05-09 09:14 - 2014-05-15 00:30 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:11 - 2014-05-15 00:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 07:40 - 2014-05-15 08:42 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 07:17 - 2014-05-15 08:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 06:25 - 2014-05-15 08:42 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 06:07 - 2014-05-15 08:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 06:00 - 2014-05-15 08:42 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 05:10 - 2014-05-15 08:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 15:47 - 2009-07-14 06:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-05 15:41 - 2014-05-05 15:41 - 04966072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-05 15:41 - 2014-05-05 15:41 - 00064824 _____ () C:\Users\grf\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-05 15:41 - 2014-05-05 15:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-05 15:41 - 2014-01-29 13:45 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Users\grf\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Users\grf\AppData\Roaming\Adobe Mini Bridge CS5
2014-05-04 13:53 - 2014-05-03 15:56 - 00003718 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-05-03 15:56 - 2014-05-03 15:56 - 00003476 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2014-05-03 15:55 - 2014-05-03 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-03 15:51 - 2014-05-03 15:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
Some content of TEMP:
====================
C:\Users\grf\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-19 02:20
==================== End Of Log ============================
GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-28 14:27:40
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006e HGST rev.GH2Z 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\grf\AppData\Local\Temp\axtdqpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003003000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000300302f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- Threads - GMER 2.1 ----
Thread [2008:2052] 0000000077887587
Thread [2008:2060] 0000000073b7c59c
Thread [2008:2272] 0000000073398c90
Thread [2008:2276] 0000000077e62e65
Thread [2008:3976] 0000000073b7c59c
Thread [2008:3860] 0000000073b7c59c
Thread [2008:1736] 0000000073b7c59c
Thread [2008:3984] 0000000073b7c59c
Thread [2008:2772] 0000000073b7c59c
Thread [2008:2760] 0000000073b7c59c
Thread [2008:2892] 0000000073b7c59c
Thread [2008:2988] 0000000073b7c59c
Thread [2008:4100] 0000000073b7c59c
Thread [2008:4104] 0000000073b7c59c
Thread [2008:4108] 0000000073b7c59c
Thread [2008:4112] 0000000073b7c59c
Thread [2008:4116] 0000000073b7c59c
Thread [2008:4120] 0000000073b7c59c
Thread [2008:4124] 0000000073b7c59c
Thread [2008:4128] 0000000073b7c59c
Thread [2008:4132] 0000000073b7c59c
Thread [2008:4136] 0000000073b7c59c
Thread [2008:4140] 0000000073b7c59c
Thread [2008:4144] 0000000073b7c59c
Thread [2008:4148] 0000000073b7c59c
Thread [2008:4276] 0000000073b7c59c
Thread [2008:4280] 000000006c228960
Thread [2008:4284] 000000006c228960
Thread [2008:4288] 000000006c228960
Thread [2008:4292] 000000006c224090
Thread [2008:4364] 0000000073b7c59c
Thread [2008:5964] 00000000738fe2cb
Thread [2008:2992] 0000000073b7c59c
Thread [2008:3968] 0000000077e63e85
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c8bfd5d0d6c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c8bfd5d0d6c@3017c80a86f2 0xB9 0xFE 0xA9 0x59 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\WinUsb\Parameters\Wdf@TimeOfLastSqmLog 0xC4 0x3D 0x51 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c8bfd5d0d6c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c8bfd5d0d6c@3017c80a86f2 0xB9 0xFE 0xA9 0x59 ...
---- EOF - GMER 2.1 ----
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 28. Mai 2014 14:51
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : grf
Computername : GRF-MOB
Versionsinformationen:
BUILD.DAT : 14.0.3.350 56624 Bytes 25.02.2014 11:41:00
AVSCAN.EXE : 14.0.3.332 1058384 Bytes 20.02.2014 14:49:18
AVSCANRC.DLL : 14.0.2.292 62008 Bytes 18.02.2014 13:04:08
LUKE.DLL : 14.0.3.336 65616 Bytes 20.02.2014 14:49:59
AVSCPLR.DLL : 14.0.3.336 124496 Bytes 20.02.2014 14:49:18
AVREG.DLL : 14.0.3.336 250448 Bytes 20.02.2014 14:49:11
avlode.dll : 14.0.3.336 544848 Bytes 20.02.2014 14:49:09
avlode.rdf : 14.0.4.22 64276 Bytes 15.05.2014 15:00:29
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 10:37:22
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 10:37:22
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 10:37:22
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 10:37:22
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 10:37:22
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 10:37:22
VBASE006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 14:29:34
VBASE007.VDF : 7.11.145.136 2117120 Bytes 28.04.2014 16:11:26
VBASE008.VDF : 7.11.145.137 2048 Bytes 28.04.2014 16:11:26
VBASE009.VDF : 7.11.145.138 2048 Bytes 28.04.2014 16:11:26
VBASE010.VDF : 7.11.145.139 2048 Bytes 28.04.2014 16:11:26
VBASE011.VDF : 7.11.145.140 2048 Bytes 28.04.2014 16:11:26
VBASE012.VDF : 7.11.145.141 2048 Bytes 28.04.2014 16:11:26
VBASE013.VDF : 7.11.146.20 166912 Bytes 29.04.2014 15:36:29
VBASE014.VDF : 7.11.146.131 194048 Bytes 01.05.2014 20:29:45
VBASE015.VDF : 7.11.146.243 167936 Bytes 03.05.2014 18:31:05
VBASE016.VDF : 7.11.147.97 122368 Bytes 05.05.2014 14:03:09
VBASE017.VDF : 7.11.147.207 169472 Bytes 06.05.2014 22:29:38
VBASE018.VDF : 7.11.148.61 174080 Bytes 08.05.2014 21:19:14
VBASE019.VDF : 7.11.148.149 257024 Bytes 09.05.2014 22:02:31
VBASE020.VDF : 7.11.148.241 135168 Bytes 12.05.2014 05:51:16
VBASE021.VDF : 7.11.149.61 139264 Bytes 13.05.2014 15:31:08
VBASE022.VDF : 7.11.149.169 160256 Bytes 15.05.2014 05:39:11
VBASE023.VDF : 7.11.150.31 189440 Bytes 17.05.2014 09:26:48
VBASE024.VDF : 7.11.150.119 157696 Bytes 20.05.2014 21:17:05
VBASE025.VDF : 7.11.151.25 219648 Bytes 23.05.2014 06:57:32
VBASE026.VDF : 7.11.151.117 175104 Bytes 26.05.2014 16:27:18
VBASE027.VDF : 7.11.151.118 2048 Bytes 26.05.2014 16:27:18
VBASE028.VDF : 7.11.151.119 2048 Bytes 26.05.2014 16:27:18
VBASE029.VDF : 7.11.151.120 2048 Bytes 26.05.2014 16:27:18
VBASE030.VDF : 7.11.151.121 2048 Bytes 26.05.2014 16:27:18
VBASE031.VDF : 7.11.151.210 309760 Bytes 28.05.2014 08:49:54
Engineversion : 8.3.18.32
AEVDF.DLL : 8.3.0.4 118976 Bytes 20.03.2014 17:13:30
AESCRIPT.DLL : 8.1.4.204 528584 Bytes 15.05.2014 15:00:28
AESCN.DLL : 8.3.0.4 135360 Bytes 23.05.2014 12:57:38
AESBX.DLL : 8.2.20.24 1409224 Bytes 08.05.2014 21:19:14
AERDL.DLL : 8.2.0.138 704888 Bytes 09.12.2013 10:37:18
AEPACK.DLL : 8.4.0.24 778440 Bytes 13.05.2014 15:31:08
AEOFFICE.DLL : 8.3.0.4 205000 Bytes 17.04.2014 14:53:40
AEHEUR.DLL : 8.1.4.1084 6705352 Bytes 23.05.2014 12:57:38
AEHELP.DLL : 8.3.0.0 274808 Bytes 11.03.2014 19:33:42
AEGEN.DLL : 8.1.7.26 450752 Bytes 17.04.2014 14:53:40
AEEXP.DLL : 8.4.1.342 594120 Bytes 23.05.2014 12:57:38
AEEMU.DLL : 8.1.3.2 393587 Bytes 09.12.2013 10:37:18
AECORE.DLL : 8.3.0.6 241864 Bytes 19.03.2014 17:13:05
AEBB.DLL : 8.1.1.4 53619 Bytes 09.12.2013 10:37:18
AVWINLL.DLL : 14.0.3.252 23608 Bytes 20.02.2014 14:48:59
AVPREF.DLL : 14.0.3.252 48696 Bytes 20.02.2014 14:49:11
AVREP.DLL : 14.0.3.252 175672 Bytes 20.02.2014 14:49:12
AVARKT.DLL : 14.0.3.336 256080 Bytes 20.02.2014 14:49:00
AVEVTLOG.DLL : 14.0.3.336 165968 Bytes 20.02.2014 14:49:06
SQLITE3.DLL : 3.7.0.1 394808 Bytes 09.12.2013 10:37:21
AVSMTP.DLL : 14.0.3.252 60472 Bytes 20.02.2014 14:49:18
NETNT.DLL : 14.0.3.252 13368 Bytes 20.02.2014 14:49:59
RCIMAGE.DLL : 14.0.3.260 4979256 Bytes 20.02.2014 14:48:59
RCTEXT.DLL : 14.0.3.282 72760 Bytes 20.02.2014 14:48:59
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Manuelle Auswahl
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, F:, G:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Mittwoch, 28. Mai 2014 14:51
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:)'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'HDD2(F:)'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'HDD1(G:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibmpmsvc.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '169' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '240' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'CxAudMsg64.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'USBVaccine.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'lvvsst.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'virtscrl.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'SAsrv.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKSVC.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'tpnumlkd.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'tpnumlk.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesService64.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'ZeroConfigService.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'MICMUTE.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKLOAD.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesApp64.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPONSCR.EXE' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'SHTCTKY.EXE' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtsCM64.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'BleServicesCtrl.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'CAudioFilterAgent64.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'fmapp.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpShocks.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'wscript.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'iusb3mon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPLpr.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'SCHTASK.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '127' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'devmonsrv.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'obexsrv.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'mediasrv.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTPlayerCtrl.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_13_0_0_214.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_13_0_0_214.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '148' Modul(e) wurden durchsucht
Durchsuche Prozess 'WMIADAP.EXE' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1866' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'D:\'
Beginne mit der Suche in 'F:\' <ARCHOS>
Beginne mit der Suche in 'G:\' <BÄM!>
Ende des Suchlaufs: Mittwoch, 28. Mai 2014 16:05
Benötigte Zeit: 1:13:33 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
33731 Verzeichnisse wurden überprüft
1282400 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1282400 Dateien ohne Befall
8566 Archive wurden durchsucht
0 Warnungen
0 Hinweise
 Geändert von grf (28.05.2014 um 14:08 Uhr) |
|
28.05.2014, 18:54
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Daten auf USB Stick werden nur noch als Verknüpfungen angezeigt hi,
__________________Addition.txt fehlt noch.
__________________ |
|
28.05.2014, 19:56
| #3 |
| | Windows 7: Daten auf USB Stick werden nur noch als Verknüpfungen angezeigt Die alte hatte ich leider gelöscht, habe mir aber eine neue schreiben lassen
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by grf at 2014-05-28 21:53:47
Running from C:\Users\grf\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Design Premium (HKLM-x32\...\{02698606-3A21-489D-9D2A-75C9E8D3E5BD}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 7.12.27 - )
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Autodesk Alias Automotive 2014 64-bit (HKLM\...\Autodesk Alias Automotive 2014 64-bit) (Version: 20.0.0.77 - Autodesk)
Autodesk Alias Automotive 2014 64-bit (Version: 20.0.0.77 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk Maya 2014 (HKLM\...\Autodesk Maya 2014) (Version: 16.0.0.0 - Autodesk)
Autodesk Maya 2014 (Version: 16.0.0.0 - Autodesk) Hidden
Autodesk SketchBook Designer 2014 (HKLM\...\Autodesk SketchBook Designer 2014) (Version: 4.00.0000 - Autodesk)
Autodesk SketchBook Designer 2014 (Version: 4.00.0000 - Autodesk) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.61.0 - Conexant)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Easimap 6 (HKLM-x32\...\{1EBD9423-DD4C-4332-AE9F-95454885F588}) (Version: 133.6 - MBE Systems)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.2 - Lenovo Group Limited)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Integrated Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10224 - Realtek Semiconductor Corp.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 16.01.1000.0494 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3272 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1332.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0366 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Smart Connect Technology 4.1 x64 (HKLM\...\{6555226B-7295-4CFD-9D5B-9C8F394BE03A}) (Version: 4.1.41.2234 - Intel)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.2.32 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1e9b4847-4e73-4d00-91f5-96e0f6ce3e5a}) (Version: 16.1.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.1000.0235 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
KeyShot4 4.0 64 bit (HKLM-x32\...\KeyShot4_64) (Version: 4.0 64 bit - Luxion ApS)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.10 - )
Lenovo Fingerprint Manager (HKLM\...\{26821A01-AE55-4B1A-807A-6EF888C4ACC2}) (Version: 4.5.240.0 - Validity Sensors, Inc.)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.1 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Lenovo QuickControl (HKLM-x32\...\{4855C42F-5197-4AAD-A50D-5066D2CC4647}) (Version: 2.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{C51863E5-EB09-43A5-9D43-26A32587EEAC}) (Version: 2.4.002.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
mental ray renderer for Autodesk Maya 2014 (HKLM\...\{4F5AD3FF-38C6-43FB-BB6F-8EF830DEDF16}) (Version: 13.0.0.0 - mental ray)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Rhinoceros 5.0 (64-bit) (HKLM\...\{BB435434-EDC8-4E54-B32D-28452CACAEC6}) (Version: 5.1.20927.2230 - Robert McNeel & Associates)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.34 - Synaptics Incorporated)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.7.0 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.78.0.11 - Lenovo)
TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.145 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.145 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.145 - TuneUp Software) Hidden
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version: - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
==================== Restore Points =========================
13-05-2014 05:02:17 Windows Update
15-05-2014 05:39:14 Windows Update
21-05-2014 06:16:09 Windows Update
27-05-2014 16:24:24 ComboFix created restore point
==================== Hosts content: ==========================
2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {35A42459-3087-4919-B3F2-5C46D9454E3F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {4055B92C-4ED9-42E9-9A02-7885D73B1BED} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {5879AE09-6510-4453-9C16-7C09D0111A1B} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {5BFDC105-15C8-4476-9B2B-734C58753B6C} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-02-19] (Lenovo)
Task: {66504440-8CD9-480C-AE92-9C2D1A44BE44} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-10-12] (TuneUp Software)
Task: {76BE5846-C5CF-496E-8845-5D27A17EB441} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {7E407133-7076-418A-80CC-9B2827415EE9} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {89900647-C70B-4E22-9A38-58591EBC40DE} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {8FC2F732-582E-471E-853B-E1BB2197C38A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {9A2BDFF4-F93F-44FE-94A8-7AB27C273AE3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {9CD8A94E-0C19-4B19-9A10-F679571F244D} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-02-19] ()
Task: {B060DFE4-5A46-4B06-BB76-25CE585AA409} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-19] (Lenovo)
Task: {B53FBB58-2E92-41CF-86EC-1C54C15ACDF2} - System32\Tasks\Lenovo\LSC\LSCTaskService => c:\program files\Lenovo\lenovo solution center\App\LSCTaskService.exe [2014-02-19] ()
Task: {DEF1E265-AC58-413F-82DB-DD2FA71B3C22} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {DF43B790-EAD5-449B-A303-B6C4CC1106E2} - System32\Tasks\AdobeAAMUpdater-1.0-grf-mob-grf => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-01-29 13:42 - 2013-12-09 08:04 - 00117248 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2013-10-12 04:48 - 2013-10-12 04:48 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-01-12 19:26 - 2010-10-26 14:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-01-11 16:06 - 2013-12-09 13:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-05-10 02:14 - 2014-05-10 02:14 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-14 09:25 - 2014-05-14 09:25 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
2013-09-18 13:14 - 2013-09-18 13:14 - 13416256 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/28/2014 03:37:28 PM) (Source: VSS) (EventID: 12298) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].
Vorgang:
Asynchroner Vorgang wird ausgeführt
Kontext:
Aktueller Status: DoSnapshotSet
Error: (05/28/2014 02:33:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (05/28/2014 02:33:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/28/2014 02:06:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (05/28/2014 01:27:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (05/27/2014 07:45:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (05/27/2014 07:44:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (05/27/2014 07:19:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 01:33:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 01:30:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/28/2014 02:50:17 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (05/28/2014 02:50:17 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (05/28/2014 02:50:16 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (05/28/2014 02:50:16 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (05/28/2014 02:43:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/28/2014 02:33:05 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000109 (0xa3a039d8a82d152c, 0xb3b7465efaab5126, 0xfffff8800317d5c0, 0x0000000000000002)C:\Windows\MEMORY.DMP052814-17893-01
Error: (05/28/2014 02:32:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 28.05.2014 um 14:31:42 unerwartet heruntergefahren.
Error: (05/27/2014 08:11:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (05/27/2014 07:40:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (05/27/2014 07:40:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Microsoft Office Sessions:
=========================
Error: (05/28/2014 03:37:28 PM) (Source: VSS) (EventID: 12298) (User: )
Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet.
0x00000000, Der Vorgang wurde erfolgreich beendet.
0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
0x00000000, Der Vorgang wurde erfolgreich beendet.
Vorgang:
Asynchroner Vorgang wird ausgeführt
Kontext:
Aktueller Status: DoSnapshotSet
Error: (05/28/2014 02:33:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\grf\Desktop\esetsmartinstaller_deu.exe
Error: (05/28/2014 02:33:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/28/2014 02:06:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\grf\Desktop\esetsmartinstaller_deu.exe
Error: (05/28/2014 01:27:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (05/27/2014 07:45:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\grf\Downloads\esetsmartinstaller_deu.exe
Error: (05/27/2014 07:44:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\grf\Downloads\esetsmartinstaller_deu.exe
Error: (05/27/2014 07:19:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 01:33:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 01:30:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-05-27 19:30:52.838
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-27 19:30:52.807
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 54%
Total physical RAM: 3810.46 MB
Available physical RAM: 1736.32 MB
Total Pagefile: 7619.09 MB
Available Pagefile: 4578.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:195.21 GB) (Free:114.49 GB) NTFS
Drive d: () (Fixed) (Total:270.45 GB) (Free:86.44 GB) NTFS
Drive g: (BÄM!) (Removable) (Total:14.54 GB) (Free:14.54 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5B506DB3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
==================== End Of Log ============================
|
|
29.05.2014, 16:45
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Daten auf USB Stick werden nur noch als Verknüpfungen angezeigt Panda USB Vaccine Bitte lade Dir von hier Panda USB Vaccine herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.05.2014, 19:23
| #5 |
| | Windows 7: Daten auf USB Stick werden nur noch als Verknüpfungen angezeigt Beides gemacht. Hier ist das log: Code:
ATTFilter ComboFix 14-05-29.01 - grf 29.05.2014 21:10:49.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3810.2411 [GMT 3:00]
ausgeführt von:: c:\users\grf\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-28 bis 2014-05-29 ))))))))))))))))))))))))))))))
.
.
2014-05-29 18:18 . 2014-05-29 18:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-28 11:00 . 2014-05-28 11:00 -------- d-----w- c:\programdata\Panda Security
2014-05-28 11:00 . 2014-05-28 11:00 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2014-05-27 16:52 . 2014-05-28 01:07 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-05-27 16:45 . 2014-05-27 16:45 -------- d-----w- c:\program files (x86)\ESET
2014-05-27 16:32 . 2014-05-28 18:47 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20D7CC0A-C798-4DB1-8A90-6B79A63A1C05}\offreg.dll
2014-05-26 22:46 . 2014-05-28 18:54 -------- d-----w- C:\FRST
2014-05-26 22:26 . 2014-05-27 16:18 -------- d-----w- C:\AdwCleaner
2014-05-26 21:53 . 2014-05-28 00:52 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-26 21:52 . 2014-05-28 00:43 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-26 21:52 . 2014-05-26 21:53 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-05-26 21:52 . 2014-05-26 21:52 -------- d-----w- c:\programdata\Malwarebytes
2014-05-26 21:52 . 2014-05-12 04:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-26 21:52 . 2014-05-12 04:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-26 20:47 . 2014-01-28 15:02 315461 --sha-w- c:\users\grf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\10b4084.vbs
2014-05-26 20:47 . 2014-01-28 15:02 315461 ----a-w- c:\users\grf\AppData\Roaming\10b4084.vbs
2014-05-23 09:10 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20D7CC0A-C798-4DB1-8A90-6B79A63A1C05}\mpengine.dll
2014-05-15 05:42 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 05:42 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 05:42 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 05:42 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-14 21:30 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-14 21:30 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-14 21:30 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-07 00:00 . 2014-05-15 05:55 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-04 17:08 . 2014-05-04 17:08 -------- d-----w- c:\users\grf\AppData\Roaming\Adobe Mini Bridge CS5
2014-05-04 17:08 . 2014-05-04 17:08 -------- d-----w- c:\users\grf\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 05:40 . 2014-01-11 13:28 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 06:25 . 2014-01-11 15:43 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 06:25 . 2014-01-11 15:43 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-05 12:41 . 2014-01-29 10:45 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2014-04-06 18:38 . 2014-04-06 18:38 0 ----a-w- c:\windows\qfeC5C1.tmp
2014-04-03 11:50 . 2014-04-03 11:50 59816 ----a-r- c:\users\grf\AppData\Roaming\Microsoft\Installer\{053ACA98-6B07-4DD0-9DB3-F51E3EB1780C}\ARPPRODUCTICON.exe
2014-04-03 11:50 . 2014-04-03 11:50 59816 ----a-r- c:\users\grf\AppData\Roaming\Microsoft\Installer\{C6FB6B4A-1378-4CD3-9CD3-42BA69FCBD43}\ARPPRODUCTICON.exe
2014-03-31 06:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-06 09:31 . 2014-04-16 00:00 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-16 00:00 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-16 00:00 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-16 00:00 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-16 00:00 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-16 00:00 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-16 00:00 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-16 00:00 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-16 00:00 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-16 00:00 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-16 00:00 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-16 00:00 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-16 00:00 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-16 00:00 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-16 00:00 586240 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-16 00:00 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-16 00:00 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-16 00:00 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-16 00:00 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-16 00:00 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-16 00:00 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-16 00:00 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-16 00:00 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-16 00:00 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-16 00:00 628736 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-16 00:00 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-16 00:00 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-16 00:00 13551104 ----a-w- c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-16 00:00 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-16 00:00 2260480 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-16 00:00 1400832 ----a-w- c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-16 00:00 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-16 00:00 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-04 09:44 . 2014-04-08 21:24 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-08 21:24 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-08 21:24 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-08 21:24 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-08 21:24 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-08 21:24 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-08 21:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-08 21:24 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-08 21:24 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-08 21:24 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-08 21:24 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"10b4084"="wscript.exe" [2013-10-12 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-10-21 292848]
"PWMTRV"="c:\program files (x86)\ThinkPad\Utilities\PWMTR64V.DLL" [2013-12-09 6623576]
.
c:\users\grf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
10b4084.vbs [2014-1-28 315461]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R4 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
R4 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
R4 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
R4 lnvDiscoveryWinSvc;lnvDiscoveryWinSvc;c:\program files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe;c:\program files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [x]
R4 McNeelUpdate;McNeel Update Service 5.0;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [x]
R4 Power Manager DBC Service;Power Manager Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R4 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R4 QuickControlMasterSvc;Lenovo QuickControl Master Service;c:\program files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe;c:\program files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [x]
R4 QuickControlService;Lenovo QuickControl Service;c:\program files (x86)\Lenovo\QuickControl\QuickControlService.exe;c:\program files (x86)\Lenovo\QuickControl\QuickControlService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 ValBioService;ValBioService;c:\program files\Lenovo Fingerprint Reader\ValBioService.exe;c:\program files\Lenovo Fingerprint Reader\ValBioService.exe [x]
R4 valWBFPolicyService;Validity WBF Policy Service;c:\windows\system32\valWBFPolicyService.exe;c:\windows\SYSNATIVE\valWBFPolicyService.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 ibtusb;Intel(R) Wireless Bluetooth(R) 4.0 + HS-Adapter;c:\windows\system32\DRIVERS\ibtusb.sys;c:\windows\SYSNATIVE\DRIVERS\ibtusb.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTSPER;Realtek PCIE Card Reader - PER;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x]
S3 rtsuvc;Integrated Camera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
S3 tvtvcamd;Camera Plus (VGA Resolution Maximum);c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]
S3 usb3Hub;UoIP Hub;c:\windows\system32\DRIVERS\usb3Hub.sys;c:\windows\SYSNATIVE\DRIVERS\usb3Hub.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-11 06:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-08-21 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-08-21 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-08-21 444400]
"RtsCM"="RTSCM64.EXE" [2013-03-21 140872]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-09-17 184112]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2013-05-21 7830328]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2013-03-15 900704]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-06-13 1647616]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2013-10-25 295720]
"TpShocks"="TpShocks.exe" [2013-11-29 384344]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"LenovoNal"="c:\program files\Lenovo\Lenovo Peer Connect\NalService.exe" [2013-10-18 18936]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2014-03-14 63832]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\grf\AppData\Roaming\Mozilla\Firefox\Profiles\2qnzeoqx.default\
FF - prefs.js: network.proxy.type - 2
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-29 21:20:15
ComboFix-quarantined-files.txt 2014-05-29 18:20
ComboFix2.txt 2014-05-27 16:33
.
Vor Suchlauf: 13 Verzeichnis(se), 121.391.734.784 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 121.325.129.728 Bytes frei
.
- - End Of File - - B0FBB4B6DFE48C54C024C2B3A513D27C
A36C5E4F47E84449FF07ED3517B43A31
|
|
30.05.2014, 15:53
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: Daten auf USB Stick werden nur noch als Verknüpfungen angezeigt Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7: Daten auf USB Stick werden nur noch als Verknüpfungen angezeigt |
|
31.05.2014, 09:09
| #7 |
| | Windows 7: Daten auf USB Stick werden nur noch als Verknüpfungen angezeigt ok, vielen Dank für deine Mühe! MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 30.05.2014 Scan Time: 21:09:33 Logfile: mbam.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.05.30.08 Rootkit Database: v2014.05.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: grf Scan Type: Threat Scan Result: Completed Objects Scanned: 311696 Time Elapsed: 9 min, 25 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.211 - Bericht erstellt am 30/05/2014 um 21:35:24
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : grf - GRF-MOB
# Gestartet von : C:\Users\grf\Desktop\adwcleaner_3.211.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\grf\AppData\Roaming\Mozilla\Firefox\Profiles\2qnzeoqx.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1078 octets] - [27/05/2014 01:27:01]
AdwCleaner[R1].txt - [926 octets] - [27/05/2014 01:31:25]
AdwCleaner[R2].txt - [1044 octets] - [27/05/2014 01:33:50]
AdwCleaner[R3].txt - [1105 octets] - [27/05/2014 19:17:38]
AdwCleaner[R4].txt - [1223 octets] - [30/05/2014 21:33:55]
AdwCleaner[S0].txt - [1090 octets] - [27/05/2014 01:28:28]
AdwCleaner[S1].txt - [986 octets] - [27/05/2014 01:31:59]
AdwCleaner[S2].txt - [1167 octets] - [27/05/2014 19:18:04]
AdwCleaner[S3].txt - [1145 octets] - [30/05/2014 21:35:24]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1205 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by grf on 30.05.2014 at 21:50:23,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\grf\AppData\Roaming\mozilla\firefox\profiles\2qnzeoqx.default\minidumps [12 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.05.2014 at 21:55:45,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by grf (administrator) on GRF-MOB on 30-05-2014 22:14:38
Running from C:\Users\grf\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [140872 2013-03-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295720 2013-10-25] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2013-11-29] (Lenovo.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2809072 2014-02-24] (Synaptics Incorporated)
HKLM\...\Run: [LenovoNal] => C:\Program Files\Lenovo\Lenovo Peer Connect\NalService.exe [18936 2013-10-18] (Lenovo)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-21] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3416198615-1241264046-3862756187-1000\...\Run: [10b4084] => wscript.exe //B "C:\Users\grf\AppData\Roaming\10b4084.vbs"
Startup: C:\Users\grf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\10b4084.vbs ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0E165649CB0ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\grf\AppData\Roaming\Mozilla\Firefox\Profiles\2qnzeoqx.default
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*'))%20%7B%20return%20'PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\grf\AppData\Roaming\Mozilla\Firefox\Profiles\2qnzeoqx.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\grf\AppData\Roaming\Mozilla\Firefox\Profiles\2qnzeoqx.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-01-13]
FF Extension: Popular Website Buddy - C:\Users\grf\AppData\Roaming\Mozilla\Firefox\Profiles\2qnzeoqx.default\Extensions\jid1-l6V8exwLVv1lBw@jetpack.xpi [2014-05-15]
FF Extension: Adblock Plus - C:\Users\grf\AppData\Roaming\Mozilla\Firefox\Profiles\2qnzeoqx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-13]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S4 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
S4 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197928 2013-10-25] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S4 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [20984 2013-10-18] (Lenovo)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
S4 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [67752 2012-10-25] (Robert McNeel & Associates)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
S4 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [59440 2013-12-16] (Lenovo Group Limited)
S4 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [319024 2013-12-16] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)
S4 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22872 2013-10-28] (Validity Sensors, Inc.)
S4 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [40848 2013-10-28] (Validity Sensors, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [88376 2013-03-18] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-08-08] (Motorola Solutions, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [113096 2013-08-20] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-04-15] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-04-15] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-04-15] ()
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3585504 2013-07-19] (Intel Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8243272 2013-03-21] (Realtek Semiconductor Corp.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-24] (Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-05-05] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-30 21:56 - 2014-05-30 21:56 - 00000753 _____ () C:\Users\grf\Desktop\JRT2.txt
2014-05-30 21:55 - 2014-05-30 21:55 - 00000753 _____ () C:\Users\grf\Desktop\JRT.txt
2014-05-30 21:50 - 2014-05-30 21:50 - 00000000 ____D () C:\Windows\ERUNT
2014-05-30 21:48 - 2014-05-30 21:49 - 01016261 _____ (Thisisu) C:\Users\grf\Desktop\JRT.exe
2014-05-30 21:39 - 2014-05-30 21:39 - 00001285 _____ () C:\Users\grf\Desktop\AdwCleaner[S3].txt
2014-05-30 21:32 - 2014-05-30 21:32 - 00001053 _____ () C:\Users\grf\Desktop\mbam.txt
2014-05-29 21:20 - 2014-05-29 21:20 - 00022870 _____ () C:\ComboFix.txt
2014-05-29 17:07 - 2014-05-29 17:30 - 878578501 _____ () C:\Users\grf\Downloads\Notfall_DVD_5.0_Free.zip
2014-05-28 21:53 - 2014-05-28 21:54 - 00031810 _____ () C:\Users\grf\Desktop\Addition.txt
2014-05-28 16:05 - 2014-05-28 16:05 - 00026602 _____ () C:\Users\grf\Desktop\AVSCAN-20140528-145133-A4C93034.LOG
2014-05-28 14:43 - 2014-05-28 14:50 - 00005599 _____ () C:\Users\grf\Desktop\Neues Textdokument.txt
2014-05-28 14:32 - 2014-05-28 14:33 - 00282512 _____ () C:\Windows\Minidump\052814-17893-01.dmp
2014-05-28 14:32 - 2014-05-28 14:32 - 723535072 _____ () C:\Windows\MEMORY.DMP
2014-05-28 14:32 - 2014-05-28 14:32 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 14:27 - 2014-05-28 14:27 - 00005599 _____ () C:\Users\grf\Desktop\gmer.log
2014-05-28 14:15 - 2014-05-28 14:16 - 00380416 _____ () C:\Users\grf\Desktop\Gmer-19357.exe
2014-05-28 14:12 - 2014-05-30 22:14 - 00017235 _____ () C:\Users\grf\Desktop\FRST.txt
2014-05-28 14:10 - 2014-05-28 14:36 - 00000468 _____ () C:\Users\grf\Desktop\defogger_disable.log
2014-05-28 14:10 - 2014-05-28 14:10 - 00000000 _____ () C:\Users\grf\defogger_reenable
2014-05-28 14:08 - 2014-05-28 14:08 - 00050477 _____ () C:\Users\grf\Desktop\Defogger.exe
2014-05-28 14:00 - 2014-05-28 14:00 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-05-28 14:00 - 2014-05-28 14:00 - 00000000 ____D () C:\ProgramData\Panda Security
2014-05-28 14:00 - 2014-05-28 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-05-28 14:00 - 2014-05-28 14:00 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-05-27 19:52 - 2014-05-28 04:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-27 19:51 - 2014-05-28 04:07 - 00000000 ____D () C:\Users\grf\Desktop\mbar
2014-05-27 19:51 - 2014-05-27 19:51 - 00848856 _____ (Panda Security ) C:\Users\grf\Desktop\USBVaccineSetup.exe
2014-05-27 19:49 - 2014-05-27 19:51 - 12589848 _____ (Malwarebytes Corp.) C:\Users\grf\Desktop\mbar-1.07.0.1009.exe
2014-05-27 19:45 - 2014-05-27 19:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-27 19:44 - 2014-05-27 19:44 - 02347384 _____ (ESET) C:\Users\grf\Desktop\esetsmartinstaller_deu.exe
2014-05-27 19:40 - 2014-05-27 01:45 - 02066944 _____ (Farbar) C:\Users\grf\Desktop\FRST64.exe
2014-05-27 19:24 - 2014-05-29 21:20 - 00000000 ____D () C:\Qoobox
2014-05-27 19:24 - 2011-06-26 09:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-27 19:24 - 2010-11-07 20:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-27 19:24 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-27 19:24 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-27 19:24 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-27 19:24 - 2000-08-31 03:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-27 19:24 - 2000-08-31 03:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-27 19:24 - 2000-08-31 03:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-27 19:23 - 2014-05-27 19:32 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 19:20 - 2014-05-29 21:09 - 05203398 ____R (Swearware) C:\Users\grf\Desktop\ComboFix.exe
2014-05-27 01:46 - 2014-05-30 22:14 - 00000000 ____D () C:\FRST
2014-05-27 01:26 - 2014-05-30 22:12 - 00000000 ____D () C:\AdwCleaner
2014-05-27 01:14 - 2014-05-27 01:15 - 01327971 _____ () C:\Users\grf\Desktop\adwcleaner_3.211.exe
2014-05-27 00:53 - 2014-05-30 21:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-27 00:53 - 2014-05-27 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-27 00:52 - 2014-05-28 03:43 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-27 00:52 - 2014-05-27 00:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-27 00:52 - 2014-05-27 00:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 00:52 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-27 00:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-27 00:46 - 2014-05-27 00:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\grf\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-26 23:47 - 2014-01-28 18:02 - 00315461 _____ () C:\Users\grf\AppData\Roaming\10b4084.vbs
2014-05-23 18:11 - 2014-05-08 22:14 - 00000000 ____D () C:\Users\grf\Downloads\kllg-kng-320
2014-05-23 15:43 - 2014-05-23 15:43 - 09101639 _____ () C:\Users\grf\Documents\Dietmar_der_Setzer.psd
2014-05-23 15:20 - 2014-05-23 15:44 - 08900620 _____ () C:\Users\grf\Documents\Codex_Manesse_149v_Wolfram_von_Eschenbach.psd
2014-05-22 18:44 - 2014-05-22 19:45 - 186092892 _____ () C:\Users\grf\Downloads\bzkng-320.rar
2014-05-15 23:25 - 2014-05-23 18:13 - 00000000 ____D () C:\Users\grf\Downloads\GusGus - Arabian Horse
2014-05-15 23:16 - 2014-05-15 23:24 - 133933959 _____ () C:\Users\grf\Downloads\GusGus---Arabian-Horse.rar
2014-05-15 08:58 - 2014-05-26 23:47 - 00000000 ___RD () C:\Users\grf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 08:58 - 2014-05-15 08:58 - 00000000 ___RD () C:\Users\grf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 08:42 - 2014-05-06 07:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 08:42 - 2014-05-06 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 08:42 - 2014-05-06 06:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 08:42 - 2014-05-06 06:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 08:42 - 2014-05-06 06:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 08:42 - 2014-05-06 05:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 00:32 - 2014-04-12 05:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 00:32 - 2014-04-12 05:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 00:32 - 2014-04-12 05:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 00:32 - 2014-04-12 05:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 00:32 - 2014-04-12 05:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 00:32 - 2014-04-12 05:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 00:32 - 2014-04-12 05:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 00:32 - 2014-04-12 05:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 00:32 - 2014-04-12 05:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 00:32 - 2014-03-04 12:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 00:32 - 2014-03-04 12:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 00:32 - 2014-03-04 12:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 00:32 - 2014-03-04 12:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 00:32 - 2014-03-04 12:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 00:32 - 2014-03-04 12:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 00:32 - 2014-03-04 12:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 00:32 - 2014-03-04 12:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 00:32 - 2014-03-04 12:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 00:32 - 2014-03-04 12:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 00:32 - 2014-03-04 12:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 00:32 - 2014-03-04 12:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 00:32 - 2014-03-04 12:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 00:30 - 2014-05-09 09:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 00:30 - 2014-05-09 09:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 00:30 - 2014-03-25 05:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 00:30 - 2014-03-25 05:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-10 02:14 - 2014-05-10 02:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 13:06 - 2014-05-09 13:06 - 00061833 _____ () C:\Users\grf\Downloads\20140505104619342.tif
2014-05-09 13:06 - 2014-05-09 13:06 - 00040926 _____ () C:\Users\grf\Downloads\20140505104458525.tif
2014-05-07 03:00 - 2014-05-15 08:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-05 15:41 - 2014-05-30 22:13 - 00000952 _____ () C:\Windows\setupact.log
2014-05-05 15:41 - 2014-05-05 15:41 - 04966072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-05 15:41 - 2014-05-05 15:41 - 00064824 _____ () C:\Users\grf\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-05 15:41 - 2014-05-05 15:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-05 15:40 - 2014-05-30 22:12 - 00015754 _____ () C:\Windows\PFRO.log
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Users\grf\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Users\grf\AppData\Roaming\Adobe Mini Bridge CS5
2014-05-03 15:56 - 2014-05-04 13:53 - 00003718 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-05-03 15:56 - 2014-05-03 15:56 - 00003476 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2014-05-03 15:55 - 2014-05-03 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-03 15:51 - 2014-05-03 15:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
==================== One Month Modified Files and Folders =======
2014-05-30 22:15 - 2014-05-28 14:12 - 00017235 _____ () C:\Users\grf\Desktop\FRST.txt
2014-05-30 22:14 - 2014-05-27 01:46 - 00000000 ____D () C:\FRST
2014-05-30 22:13 - 2014-05-05 15:41 - 00000952 _____ () C:\Windows\setupact.log
2014-05-30 22:13 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-30 22:12 - 2014-05-27 01:26 - 00000000 ____D () C:\AdwCleaner
2014-05-30 22:12 - 2014-05-05 15:40 - 00015754 _____ () C:\Windows\PFRO.log
2014-05-30 22:12 - 2014-01-11 14:28 - 01438641 _____ () C:\Windows\WindowsUpdate.log
2014-05-30 22:11 - 2014-01-12 19:40 - 05714734 _____ () C:\Users\Public\CAFADEBUG.log
2014-05-30 21:57 - 2014-05-27 00:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 21:56 - 2014-05-30 21:56 - 00000753 _____ () C:\Users\grf\Desktop\JRT2.txt
2014-05-30 21:55 - 2014-05-30 21:55 - 00000753 _____ () C:\Users\grf\Desktop\JRT.txt
2014-05-30 21:52 - 2011-04-12 10:43 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-05-30 21:52 - 2011-04-12 10:43 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-05-30 21:52 - 2009-07-14 08:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 21:50 - 2014-05-30 21:50 - 00000000 ____D () C:\Windows\ERUNT
2014-05-30 21:49 - 2014-05-30 21:48 - 01016261 _____ (Thisisu) C:\Users\grf\Desktop\JRT.exe
2014-05-30 21:44 - 2009-07-14 07:45 - 00023056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 21:44 - 2009-07-14 07:45 - 00023056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-30 21:39 - 2014-05-30 21:39 - 00001285 _____ () C:\Users\grf\Desktop\AdwCleaner[S3].txt
2014-05-30 21:32 - 2014-05-30 21:32 - 00001053 _____ () C:\Users\grf\Desktop\mbam.txt
2014-05-30 21:25 - 2014-01-11 18:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-30 20:57 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-30 11:16 - 2014-01-11 18:56 - 00000000 ____D () C:\Users\grf\AppData\Roaming\vlc
2014-05-29 21:20 - 2014-05-29 21:20 - 00022870 _____ () C:\ComboFix.txt
2014-05-29 21:20 - 2014-05-27 19:24 - 00000000 ____D () C:\Qoobox
2014-05-29 21:18 - 2009-07-14 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-29 21:09 - 2014-05-27 19:20 - 05203398 ____R (Swearware) C:\Users\grf\Desktop\ComboFix.exe
2014-05-29 17:30 - 2014-05-29 17:07 - 878578501 _____ () C:\Users\grf\Downloads\Notfall_DVD_5.0_Free.zip
2014-05-28 21:54 - 2014-05-28 21:53 - 00031810 _____ () C:\Users\grf\Desktop\Addition.txt
2014-05-28 16:05 - 2014-05-28 16:05 - 00026602 _____ () C:\Users\grf\Desktop\AVSCAN-20140528-145133-A4C93034.LOG
2014-05-28 14:50 - 2014-05-28 14:43 - 00005599 _____ () C:\Users\grf\Desktop\Neues Textdokument.txt
2014-05-28 14:36 - 2014-05-28 14:10 - 00000468 _____ () C:\Users\grf\Desktop\defogger_disable.log
2014-05-28 14:33 - 2014-05-28 14:32 - 00282512 _____ () C:\Windows\Minidump\052814-17893-01.dmp
2014-05-28 14:32 - 2014-05-28 14:32 - 723535072 _____ () C:\Windows\MEMORY.DMP
2014-05-28 14:32 - 2014-05-28 14:32 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 14:27 - 2014-05-28 14:27 - 00005599 _____ () C:\Users\grf\Desktop\gmer.log
2014-05-28 14:16 - 2014-05-28 14:15 - 00380416 _____ () C:\Users\grf\Desktop\Gmer-19357.exe
2014-05-28 14:10 - 2014-05-28 14:10 - 00000000 _____ () C:\Users\grf\defogger_reenable
2014-05-28 14:10 - 2014-01-11 14:28 - 00000000 ____D () C:\Users\grf
2014-05-28 14:08 - 2014-05-28 14:08 - 00050477 _____ () C:\Users\grf\Desktop\Defogger.exe
2014-05-28 14:00 - 2014-05-28 14:00 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-05-28 14:00 - 2014-05-28 14:00 - 00000000 ____D () C:\ProgramData\Panda Security
2014-05-28 14:00 - 2014-05-28 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-05-28 14:00 - 2014-05-28 14:00 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-05-28 04:07 - 2014-05-27 19:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-28 04:07 - 2014-05-27 19:51 - 00000000 ____D () C:\Users\grf\Desktop\mbar
2014-05-28 03:43 - 2014-05-27 00:52 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-27 19:51 - 2014-05-27 19:51 - 00848856 _____ (Panda Security ) C:\Users\grf\Desktop\USBVaccineSetup.exe
2014-05-27 19:51 - 2014-05-27 19:49 - 12589848 _____ (Malwarebytes Corp.) C:\Users\grf\Desktop\mbar-1.07.0.1009.exe
2014-05-27 19:45 - 2014-05-27 19:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-27 19:44 - 2014-05-27 19:44 - 02347384 _____ (ESET) C:\Users\grf\Desktop\esetsmartinstaller_deu.exe
2014-05-27 19:33 - 2009-07-14 06:20 - 00000000 __RHD () C:\Users\Default
2014-05-27 19:32 - 2014-05-27 19:23 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 01:45 - 2014-05-27 19:40 - 02066944 _____ (Farbar) C:\Users\grf\Desktop\FRST64.exe
2014-05-27 01:15 - 2014-05-27 01:14 - 01327971 _____ () C:\Users\grf\Desktop\adwcleaner_3.211.exe
2014-05-27 00:55 - 2014-02-13 19:29 - 00000000 ____D () C:\Users\grf\AppData\Local\CrashDumps
2014-05-27 00:53 - 2014-05-27 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-27 00:53 - 2014-05-27 00:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-27 00:52 - 2014-05-27 00:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 00:49 - 2014-05-27 00:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\grf\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-26 23:47 - 2014-05-15 08:58 - 00000000 ___RD () C:\Users\grf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 18:13 - 2014-05-15 23:25 - 00000000 ____D () C:\Users\grf\Downloads\GusGus - Arabian Horse
2014-05-23 15:44 - 2014-05-23 15:20 - 08900620 _____ () C:\Users\grf\Documents\Codex_Manesse_149v_Wolfram_von_Eschenbach.psd
2014-05-23 15:43 - 2014-05-23 15:43 - 09101639 _____ () C:\Users\grf\Documents\Dietmar_der_Setzer.psd
2014-05-22 19:45 - 2014-05-22 18:44 - 186092892 _____ () C:\Users\grf\Downloads\bzkng-320.rar
2014-05-20 23:09 - 2014-01-11 18:51 - 00000000 ____D () C:\Users\grf\AppData\Roaming\Azureus
2014-05-20 01:40 - 2014-01-11 19:02 - 00000000 ____D () C:\Users\grf\AppData\Roaming\Skype
2014-05-17 02:26 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 23:24 - 2014-05-15 23:16 - 133933959 _____ () C:\Users\grf\Downloads\GusGus---Arabian-Horse.rar
2014-05-15 22:09 - 2014-01-19 21:20 - 00003498 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-grf-mob-grf
2014-05-15 22:09 - 2014-01-19 13:56 - 00003696 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-05-15 08:58 - 2014-05-15 08:58 - 00000000 ___RD () C:\Users\grf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 08:56 - 2014-01-11 15:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-15 08:55 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 08:55 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-15 08:42 - 2014-01-11 16:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 08:40 - 2014-01-11 16:28 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 09:25 - 2014-01-11 18:43 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 09:25 - 2014-01-11 18:43 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 09:25 - 2014-01-11 18:43 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 07:26 - 2014-05-27 00:52 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-27 00:52 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 02:14 - 2014-05-10 02:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 13:06 - 2014-05-09 13:06 - 00061833 _____ () C:\Users\grf\Downloads\20140505104619342.tif
2014-05-09 13:06 - 2014-05-09 13:06 - 00040926 _____ () C:\Users\grf\Downloads\20140505104458525.tif
2014-05-09 09:14 - 2014-05-15 00:30 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:11 - 2014-05-15 00:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 22:14 - 2014-05-23 18:11 - 00000000 ____D () C:\Users\grf\Downloads\kllg-kng-320
2014-05-06 07:40 - 2014-05-15 08:42 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 07:17 - 2014-05-15 08:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 06:25 - 2014-05-15 08:42 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 06:07 - 2014-05-15 08:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 06:00 - 2014-05-15 08:42 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 05:10 - 2014-05-15 08:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 15:47 - 2009-07-14 06:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-05 15:41 - 2014-05-05 15:41 - 04966072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-05 15:41 - 2014-05-05 15:41 - 00064824 _____ () C:\Users\grf\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-05 15:41 - 2014-05-05 15:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-05 15:41 - 2014-01-29 13:45 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Users\grf\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Users\grf\AppData\Roaming\Adobe Mini Bridge CS5
2014-05-04 13:53 - 2014-05-03 15:56 - 00003718 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-05-03 15:56 - 2014-05-03 15:56 - 00003476 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2014-05-03 15:55 - 2014-05-03 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-03 15:51 - 2014-05-03 15:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
Some content of TEMP:
====================
C:\Users\grf\AppData\Local\Temp\avgnt.exe
C:\Users\grf\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-29 02:34
==================== End Of Log ============================
Ich habe eben noch mal nach der Scriptdatei 10b4084.vbs gesucht und sie war noch immer auf dem System (C und unsichtbar auf den Sticks), wurde aber scheinbar nicht von den Programmen gefunden. Erstellungsdatum 26.05., Tag des Befalls, war aber im Scripting host geöffnet, also nicht ohne weiteres löschbar. Habe dann den Script host deaktiviert, die Scriptdatei nach Neustart gelöscht und die Sticks formatiert. Ergebnis: Keine Verknüpfungen mehr auf den Sticks. Es tut mir leid dass ich das auf eigene Faust getan habe, das war aber offensichtlich naheliegend Soll ich noch mal neue logs posten? Geändert von grf (31.05.2014 um 09:48 Uhr) |
|
31.05.2014, 15:51
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: Daten auf USB Stick werden nur noch als Verknüpfungen angezeigtESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2014, 00:11
| #9 |
| | Windows 7: Daten auf USB Stick werden nur noch als Verknüpfungen angezeigt ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5e405519f53b5c4bb1fc49dd0714db6e
# engine=18432
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-27 06:29:47
# local_time=2014-05-27 09:29:47 (+0200, ***** Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 50554 14633549 39724 0
# compatibility_mode=5893 16776573 100 94 7049 152845237 0 0
# scanned=221006
# found=2
# cleaned=0
# scan_time=5910
sh=50BD1DFCA56057AA9A165F3CE46E62F04FCF9948 ft=1 fh=2889fbae6bb05476 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="D:\-=Incoming=-\Appz\DTLite4471-0335.exe"
sh=6CBA271CAA2FF19539102767E4090BF54052BA00 ft=1 fh=246834519c00f140 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="D:\-=Incoming=-\Appz\Brennsoftware\Nero-8.3.6.0_eng_trial.exe"
ESETSmartInstaller@High as downloader log:
all ok
Code:
ATTFilter Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities 2014
TuneUp Utilities 2014 (en-US)
TuneUp Utilities 2014
Adobe Flash Player 13.0.0.214
Adobe Reader XI
Mozilla Firefox (29.0.1)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by grf (administrator) on GRF-MOB on 01-06-2014 02:07:09
Running from C:\Users\grf\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [140872 2013-03-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295720 2013-10-25] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2013-11-29] (Lenovo.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2809072 2014-02-24] (Synaptics Incorporated)
HKLM\...\Run: [LenovoNal] => C:\Program Files\Lenovo\Lenovo Peer Connect\NalService.exe [18936 2013-10-18] (Lenovo)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-21] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3416198615-1241264046-3862756187-1000\...\Run: [10b4084] => wscript.exe //B "C:\Users\grf\AppData\Roaming\10b4084.vbs"
Startup: C:\Users\grf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\10b4084.vbs ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0E165649CB0ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\grf\AppData\Roaming\Mozilla\Firefox\Profiles\2qnzeoqx.default
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*'))%20%7B%20return%20'PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\grf\AppData\Roaming\Mozilla\Firefox\Profiles\2qnzeoqx.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\grf\AppData\Roaming\Mozilla\Firefox\Profiles\2qnzeoqx.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-01-13]
FF Extension: Popular Website Buddy - C:\Users\grf\AppData\Roaming\Mozilla\Firefox\Profiles\2qnzeoqx.default\Extensions\jid1-l6V8exwLVv1lBw@jetpack.xpi [2014-05-15]
FF Extension: Adblock Plus - C:\Users\grf\AppData\Roaming\Mozilla\Firefox\Profiles\2qnzeoqx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-13]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S4 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
S4 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197928 2013-10-25] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S4 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [20984 2013-10-18] (Lenovo)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
S4 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [67752 2012-10-25] (Robert McNeel & Associates)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
S4 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [59440 2013-12-16] (Lenovo Group Limited)
S4 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [319024 2013-12-16] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)
S4 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22872 2013-10-28] (Validity Sensors, Inc.)
S4 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [40848 2013-10-28] (Validity Sensors, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [88376 2013-03-18] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-08-08] (Motorola Solutions, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [113096 2013-08-20] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-04-15] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-04-15] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-04-15] ()
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3585504 2013-07-19] (Intel Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8243272 2013-03-21] (Realtek Semiconductor Corp.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-24] (Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-05-05] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-31 18:49 - 2014-05-31 18:50 - 00854367 _____ () C:\Users\grf\Desktop\SecurityCheck.exe
2014-05-31 11:51 - 2014-05-31 11:51 - 00000240 _____ () C:\Users\grf\Desktop\defogger_enable.log
2014-05-30 21:56 - 2014-05-30 21:56 - 00000753 _____ () C:\Users\grf\Desktop\JRT2.txt
2014-05-30 21:55 - 2014-05-30 21:55 - 00000753 _____ () C:\Users\grf\Desktop\JRT.txt
2014-05-30 21:50 - 2014-05-30 21:50 - 00000000 ____D () C:\Windows\ERUNT
2014-05-30 21:48 - 2014-05-30 21:49 - 01016261 _____ (Thisisu) C:\Users\grf\Desktop\JRT.exe
2014-05-30 21:39 - 2014-05-30 21:39 - 00001285 _____ () C:\Users\grf\Desktop\AdwCleaner[S3].txt
2014-05-30 21:32 - 2014-05-30 21:32 - 00001053 _____ () C:\Users\grf\Desktop\mbam.txt
2014-05-29 21:20 - 2014-05-29 21:20 - 00022870 _____ () C:\ComboFix.txt
2014-05-29 17:07 - 2014-05-29 17:30 - 878578501 _____ () C:\Users\grf\Downloads\Notfall_DVD_5.0_Free.zip
2014-05-28 21:53 - 2014-05-28 21:54 - 00031810 _____ () C:\Users\grf\Desktop\Addition.txt
2014-05-28 16:05 - 2014-05-28 16:05 - 00026602 _____ () C:\Users\grf\Desktop\AVSCAN-20140528-145133-A4C93034.LOG
2014-05-28 14:43 - 2014-05-28 14:50 - 00005599 _____ () C:\Users\grf\Desktop\Neues Textdokument.txt
2014-05-28 14:32 - 2014-05-28 14:33 - 00282512 _____ () C:\Windows\Minidump\052814-17893-01.dmp
2014-05-28 14:32 - 2014-05-28 14:32 - 723535072 _____ () C:\Windows\MEMORY.DMP
2014-05-28 14:32 - 2014-05-28 14:32 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 14:27 - 2014-05-28 14:27 - 00005599 _____ () C:\Users\grf\Desktop\gmer.log
2014-05-28 14:15 - 2014-05-28 14:16 - 00380416 _____ () C:\Users\grf\Desktop\Gmer-19357.exe
2014-05-28 14:12 - 2014-06-01 02:07 - 00017343 _____ () C:\Users\grf\Desktop\FRST.txt
2014-05-28 14:10 - 2014-05-28 14:36 - 00000468 _____ () C:\Users\grf\Desktop\defogger_disable.log
2014-05-28 14:08 - 2014-05-28 14:08 - 00050477 _____ () C:\Users\grf\Desktop\Defogger.exe
2014-05-28 14:00 - 2014-05-28 14:00 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-05-28 14:00 - 2014-05-28 14:00 - 00000000 ____D () C:\ProgramData\Panda Security
2014-05-28 14:00 - 2014-05-28 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-05-28 14:00 - 2014-05-28 14:00 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-05-27 19:52 - 2014-05-28 04:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-27 19:51 - 2014-05-28 04:07 - 00000000 ____D () C:\Users\grf\Desktop\mbar
2014-05-27 19:51 - 2014-05-27 19:51 - 00848856 _____ (Panda Security ) C:\Users\grf\Desktop\USBVaccineSetup.exe
2014-05-27 19:49 - 2014-05-27 19:51 - 12589848 _____ (Malwarebytes Corp.) C:\Users\grf\Desktop\mbar-1.07.0.1009.exe
2014-05-27 19:45 - 2014-05-27 19:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-27 19:44 - 2014-05-27 19:44 - 02347384 _____ (ESET) C:\Users\grf\Desktop\esetsmartinstaller_deu.exe
2014-05-27 19:40 - 2014-05-27 01:45 - 02066944 _____ (Farbar) C:\Users\grf\Desktop\FRST64.exe
2014-05-27 19:24 - 2014-05-29 21:20 - 00000000 ____D () C:\Qoobox
2014-05-27 19:24 - 2011-06-26 09:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-27 19:24 - 2010-11-07 20:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-27 19:24 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-27 19:24 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-27 19:24 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-27 19:24 - 2000-08-31 03:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-27 19:24 - 2000-08-31 03:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-27 19:24 - 2000-08-31 03:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-27 19:23 - 2014-05-27 19:32 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 19:20 - 2014-05-29 21:09 - 05203398 ____R (Swearware) C:\Users\grf\Desktop\ComboFix.exe
2014-05-27 01:46 - 2014-06-01 02:07 - 00000000 ____D () C:\FRST
2014-05-27 01:26 - 2014-05-30 22:12 - 00000000 ____D () C:\AdwCleaner
2014-05-27 01:14 - 2014-05-27 01:15 - 01327971 _____ () C:\Users\grf\Desktop\adwcleaner_3.211.exe
2014-05-27 00:53 - 2014-05-30 21:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-27 00:53 - 2014-05-27 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-27 00:52 - 2014-05-28 03:43 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-27 00:52 - 2014-05-27 00:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-27 00:52 - 2014-05-27 00:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 00:52 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-27 00:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-27 00:46 - 2014-05-27 00:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\grf\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-23 18:11 - 2014-05-08 22:14 - 00000000 ____D () C:\Users\grf\Downloads\kllg-kng-320
2014-05-23 15:43 - 2014-05-23 15:43 - 09101639 _____ () C:\Users\grf\Documents\Dietmar_der_Setzer.psd
2014-05-23 15:20 - 2014-05-23 15:44 - 08900620 _____ () C:\Users\grf\Documents\Codex_Manesse_149v_Wolfram_von_Eschenbach.psd
2014-05-22 18:44 - 2014-05-22 19:45 - 186092892 _____ () C:\Users\grf\Downloads\bzkng-320.rar
2014-05-15 23:25 - 2014-05-23 18:13 - 00000000 ____D () C:\Users\grf\Downloads\GusGus - Arabian Horse
2014-05-15 23:16 - 2014-05-15 23:24 - 133933959 _____ () C:\Users\grf\Downloads\GusGus---Arabian-Horse.rar
2014-05-15 08:58 - 2014-05-26 23:47 - 00000000 ___RD () C:\Users\grf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 08:58 - 2014-05-15 08:58 - 00000000 ___RD () C:\Users\grf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 08:42 - 2014-05-06 07:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 08:42 - 2014-05-06 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 08:42 - 2014-05-06 06:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 08:42 - 2014-05-06 06:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 08:42 - 2014-05-06 06:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 08:42 - 2014-05-06 05:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 00:32 - 2014-04-12 05:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 00:32 - 2014-04-12 05:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 00:32 - 2014-04-12 05:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 00:32 - 2014-04-12 05:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 00:32 - 2014-04-12 05:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 00:32 - 2014-04-12 05:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 00:32 - 2014-04-12 05:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 00:32 - 2014-04-12 05:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 00:32 - 2014-04-12 05:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 00:32 - 2014-03-04 12:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 00:32 - 2014-03-04 12:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 00:32 - 2014-03-04 12:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 00:32 - 2014-03-04 12:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 00:32 - 2014-03-04 12:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 00:32 - 2014-03-04 12:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 00:32 - 2014-03-04 12:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 00:32 - 2014-03-04 12:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 00:32 - 2014-03-04 12:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 00:32 - 2014-03-04 12:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 00:32 - 2014-03-04 12:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 00:32 - 2014-03-04 12:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 00:32 - 2014-03-04 12:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 00:32 - 2014-03-04 12:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 00:32 - 2014-03-04 12:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 00:30 - 2014-05-09 09:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 00:30 - 2014-05-09 09:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 00:30 - 2014-03-25 05:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 00:30 - 2014-03-25 05:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-10 02:14 - 2014-05-10 02:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 13:06 - 2014-05-09 13:06 - 00061833 _____ () C:\Users\grf\Downloads\20140505104619342.tif
2014-05-09 13:06 - 2014-05-09 13:06 - 00040926 _____ () C:\Users\grf\Downloads\20140505104458525.tif
2014-05-07 03:00 - 2014-05-15 08:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-05 15:41 - 2014-05-31 13:40 - 00001176 _____ () C:\Windows\setupact.log
2014-05-05 15:41 - 2014-05-05 15:41 - 04966072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-05 15:41 - 2014-05-05 15:41 - 00064824 _____ () C:\Users\grf\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-05 15:41 - 2014-05-05 15:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-05 15:40 - 2014-05-30 22:12 - 00015754 _____ () C:\Windows\PFRO.log
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Users\grf\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Users\grf\AppData\Roaming\Adobe Mini Bridge CS5
2014-05-03 15:56 - 2014-05-04 13:53 - 00003718 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-05-03 15:56 - 2014-05-03 15:56 - 00003476 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2014-05-03 15:55 - 2014-05-03 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-03 15:51 - 2014-05-03 15:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
==================== One Month Modified Files and Folders =======
2014-06-01 02:07 - 2014-05-28 14:12 - 00017343 _____ () C:\Users\grf\Desktop\FRST.txt
2014-06-01 02:07 - 2014-05-27 01:46 - 00000000 ____D () C:\FRST
2014-06-01 02:02 - 2014-01-11 14:28 - 01480172 _____ () C:\Windows\WindowsUpdate.log
2014-06-01 01:25 - 2014-01-11 18:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-31 19:11 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-31 18:50 - 2014-05-31 18:49 - 00854367 _____ () C:\Users\grf\Desktop\SecurityCheck.exe
2014-05-31 18:37 - 2011-04-12 10:43 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-05-31 18:37 - 2011-04-12 10:43 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-05-31 18:37 - 2009-07-14 08:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-31 13:47 - 2009-07-14 07:45 - 00023056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-31 13:47 - 2009-07-14 07:45 - 00023056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-31 13:40 - 2014-05-05 15:41 - 00001176 _____ () C:\Windows\setupact.log
2014-05-31 13:40 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 13:39 - 2014-01-12 19:40 - 05770194 _____ () C:\Users\Public\CAFADEBUG.log
2014-05-31 11:51 - 2014-05-31 11:51 - 00000240 _____ () C:\Users\grf\Desktop\defogger_enable.log
2014-05-31 11:51 - 2014-01-11 14:28 - 00000000 ____D () C:\Users\grf
2014-05-30 23:56 - 2014-01-11 18:56 - 00000000 ____D () C:\Users\grf\AppData\Roaming\vlc
2014-05-30 22:12 - 2014-05-27 01:26 - 00000000 ____D () C:\AdwCleaner
2014-05-30 22:12 - 2014-05-05 15:40 - 00015754 _____ () C:\Windows\PFRO.log
2014-05-30 21:57 - 2014-05-27 00:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 21:56 - 2014-05-30 21:56 - 00000753 _____ () C:\Users\grf\Desktop\JRT2.txt
2014-05-30 21:55 - 2014-05-30 21:55 - 00000753 _____ () C:\Users\grf\Desktop\JRT.txt
2014-05-30 21:50 - 2014-05-30 21:50 - 00000000 ____D () C:\Windows\ERUNT
2014-05-30 21:49 - 2014-05-30 21:48 - 01016261 _____ (Thisisu) C:\Users\grf\Desktop\JRT.exe
2014-05-30 21:39 - 2014-05-30 21:39 - 00001285 _____ () C:\Users\grf\Desktop\AdwCleaner[S3].txt
2014-05-30 21:32 - 2014-05-30 21:32 - 00001053 _____ () C:\Users\grf\Desktop\mbam.txt
2014-05-29 21:20 - 2014-05-29 21:20 - 00022870 _____ () C:\ComboFix.txt
2014-05-29 21:20 - 2014-05-27 19:24 - 00000000 ____D () C:\Qoobox
2014-05-29 21:18 - 2009-07-14 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-29 21:09 - 2014-05-27 19:20 - 05203398 ____R (Swearware) C:\Users\grf\Desktop\ComboFix.exe
2014-05-29 17:30 - 2014-05-29 17:07 - 878578501 _____ () C:\Users\grf\Downloads\Notfall_DVD_5.0_Free.zip
2014-05-28 21:54 - 2014-05-28 21:53 - 00031810 _____ () C:\Users\grf\Desktop\Addition.txt
2014-05-28 16:05 - 2014-05-28 16:05 - 00026602 _____ () C:\Users\grf\Desktop\AVSCAN-20140528-145133-A4C93034.LOG
2014-05-28 14:50 - 2014-05-28 14:43 - 00005599 _____ () C:\Users\grf\Desktop\Neues Textdokument.txt
2014-05-28 14:36 - 2014-05-28 14:10 - 00000468 _____ () C:\Users\grf\Desktop\defogger_disable.log
2014-05-28 14:33 - 2014-05-28 14:32 - 00282512 _____ () C:\Windows\Minidump\052814-17893-01.dmp
2014-05-28 14:32 - 2014-05-28 14:32 - 723535072 _____ () C:\Windows\MEMORY.DMP
2014-05-28 14:32 - 2014-05-28 14:32 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 14:27 - 2014-05-28 14:27 - 00005599 _____ () C:\Users\grf\Desktop\gmer.log
2014-05-28 14:16 - 2014-05-28 14:15 - 00380416 _____ () C:\Users\grf\Desktop\Gmer-19357.exe
2014-05-28 14:08 - 2014-05-28 14:08 - 00050477 _____ () C:\Users\grf\Desktop\Defogger.exe
2014-05-28 14:00 - 2014-05-28 14:00 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-05-28 14:00 - 2014-05-28 14:00 - 00000000 ____D () C:\ProgramData\Panda Security
2014-05-28 14:00 - 2014-05-28 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-05-28 14:00 - 2014-05-28 14:00 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-05-28 04:07 - 2014-05-27 19:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-28 04:07 - 2014-05-27 19:51 - 00000000 ____D () C:\Users\grf\Desktop\mbar
2014-05-28 03:43 - 2014-05-27 00:52 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-27 19:51 - 2014-05-27 19:51 - 00848856 _____ (Panda Security ) C:\Users\grf\Desktop\USBVaccineSetup.exe
2014-05-27 19:51 - 2014-05-27 19:49 - 12589848 _____ (Malwarebytes Corp.) C:\Users\grf\Desktop\mbar-1.07.0.1009.exe
2014-05-27 19:45 - 2014-05-27 19:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-27 19:44 - 2014-05-27 19:44 - 02347384 _____ (ESET) C:\Users\grf\Desktop\esetsmartinstaller_deu.exe
2014-05-27 19:33 - 2009-07-14 06:20 - 00000000 __RHD () C:\Users\Default
2014-05-27 19:32 - 2014-05-27 19:23 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 01:45 - 2014-05-27 19:40 - 02066944 _____ (Farbar) C:\Users\grf\Desktop\FRST64.exe
2014-05-27 01:15 - 2014-05-27 01:14 - 01327971 _____ () C:\Users\grf\Desktop\adwcleaner_3.211.exe
2014-05-27 00:55 - 2014-02-13 19:29 - 00000000 ____D () C:\Users\grf\AppData\Local\CrashDumps
2014-05-27 00:53 - 2014-05-27 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-27 00:53 - 2014-05-27 00:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-27 00:52 - 2014-05-27 00:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 00:49 - 2014-05-27 00:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\grf\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-26 23:47 - 2014-05-15 08:58 - 00000000 ___RD () C:\Users\grf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 18:13 - 2014-05-15 23:25 - 00000000 ____D () C:\Users\grf\Downloads\GusGus - Arabian Horse
2014-05-23 15:44 - 2014-05-23 15:20 - 08900620 _____ () C:\Users\grf\Documents\Codex_Manesse_149v_Wolfram_von_Eschenbach.psd
2014-05-23 15:43 - 2014-05-23 15:43 - 09101639 _____ () C:\Users\grf\Documents\Dietmar_der_Setzer.psd
2014-05-22 19:45 - 2014-05-22 18:44 - 186092892 _____ () C:\Users\grf\Downloads\bzkng-320.rar
2014-05-20 23:09 - 2014-01-11 18:51 - 00000000 ____D () C:\Users\grf\AppData\Roaming\Azureus
2014-05-20 01:40 - 2014-01-11 19:02 - 00000000 ____D () C:\Users\grf\AppData\Roaming\Skype
2014-05-17 02:26 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 23:24 - 2014-05-15 23:16 - 133933959 _____ () C:\Users\grf\Downloads\GusGus---Arabian-Horse.rar
2014-05-15 22:09 - 2014-01-19 21:20 - 00003498 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-grf-mob-grf
2014-05-15 22:09 - 2014-01-19 13:56 - 00003696 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-05-15 08:58 - 2014-05-15 08:58 - 00000000 ___RD () C:\Users\grf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 08:56 - 2014-01-11 15:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-15 08:55 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 08:55 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-15 08:42 - 2014-01-11 16:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 08:40 - 2014-01-11 16:28 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 09:25 - 2014-01-11 18:43 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 09:25 - 2014-01-11 18:43 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 09:25 - 2014-01-11 18:43 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 07:26 - 2014-05-27 00:52 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-27 00:52 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 02:14 - 2014-05-10 02:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 13:06 - 2014-05-09 13:06 - 00061833 _____ () C:\Users\grf\Downloads\20140505104619342.tif
2014-05-09 13:06 - 2014-05-09 13:06 - 00040926 _____ () C:\Users\grf\Downloads\20140505104458525.tif
2014-05-09 09:14 - 2014-05-15 00:30 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:11 - 2014-05-15 00:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 22:14 - 2014-05-23 18:11 - 00000000 ____D () C:\Users\grf\Downloads\kllg-kng-320
2014-05-06 07:40 - 2014-05-15 08:42 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 07:17 - 2014-05-15 08:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 06:25 - 2014-05-15 08:42 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 06:07 - 2014-05-15 08:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 06:00 - 2014-05-15 08:42 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 05:10 - 2014-05-15 08:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 15:47 - 2009-07-14 06:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-05 15:41 - 2014-05-05 15:41 - 04966072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-05 15:41 - 2014-05-05 15:41 - 00064824 _____ () C:\Users\grf\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-05 15:41 - 2014-05-05 15:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-05 15:41 - 2014-01-29 13:45 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Users\grf\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Users\grf\AppData\Roaming\Adobe Mini Bridge CS5
2014-05-04 13:53 - 2014-05-03 15:56 - 00003718 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-05-03 15:56 - 2014-05-03 15:56 - 00003476 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2014-05-03 15:55 - 2014-05-03 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-03 15:51 - 2014-05-03 15:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
Some content of TEMP:
====================
C:\Users\grf\AppData\Local\Temp\avgnt.exe
C:\Users\grf\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-29 02:34
==================== End Of Log ============================
--- --- --- --- --- --- Nö, scheint alles so weit in Ordnung zu sein, oder? Vielen Dank für die Hilfe! |
|
01.06.2014, 21:59
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: Daten auf USB Stick werden nur noch als Verknüpfungen angezeigt Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-3416198615-1241264046-3862756187-1000\...\Run: [10b4084] => wscript.exe //B "C:\Users\grf\AppData\Roaming\10b4084.vbs"
Startup: C:\Users\grf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\10b4084.vbs ()
C:\Users\grf\AppData\Roaming\10b4084.vbs
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: Daten auf USB Stick werden nur noch als Verknüpfungen angezeigt |
| administrator, adobe, antivir, avira, browser, combofix, explorer, firefox, flash player, hdd0(c:, hängen, iexplore.exe, mozilla, panda usb vaccine, pwmtr64v.dll, realtek, registry, rundll, scan, security, services.exe, software, stick, svchost.exe, system, temp, usb, valwbfpolicyservice.exe, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
