| |
| |||||||
Log-Analyse und Auswertung: Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen RechnerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.06.2014, 12:25
| #1 |
| |  Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen Rechner Hallo, Ich bin neu hier im Forum und hoffe auf Eure Hilfe, Danke im vorraus. Ich habe mir wohl einen schon bekannten Trojaner eingefanngen. Interpol Sperrbildschirm mit der Aufforderung 100, EUR zu zahlen um meinen Rechner wieder nutzen zu können. Nach Eurer Anleitung habe ich schon die Logfile mit frst gescannt, siehe hier Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by SYSTEM on MININT-OVC803V on 02-06-2014 12:41:01
Running from H:\
Platform: Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2095400 2010-04-15] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-23] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\Bocken\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Bocken\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\Bocken\...\Policies\system: [DisableLockWorkstation] 0
HKU\Bocken\...\Policies\system: [DisableChangePassword] 0
HKU\Default\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Sabrina Boy\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\Sabrina Boy\...\Policies\system: [DisableLockWorkstation] 0
HKU\Sabrina Boy\...\Policies\system: [DisableChangePassword] 0
Startup: C:\Users\Bocken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\gywggg.cpp (Microsoft Corporation)
Startup: C:\Users\Bocken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Sabrina Boy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\gywggg.cpp (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Services (Whitelisted) =================
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-23] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-23] (Avira Operations GmbH & Co. KG)
S2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [123392 2014-05-25] ()
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-25] (globalUpdate)
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-25] (globalUpdate)
S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()
S2 TpmInitd; C:\Windows\system32\itsacapi_pe-2.3.exe [119296 2014-05-25] ()
S2 Winmgmt; C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\gggwyg.dot [333052 2014-06-02] (Microsoft Corporation)
S2 Update raving reyven; "C:\Program Files (x86)\raving reyven\updateravingreyven.exe" [X]
==================== Drivers (Whitelisted) ====================
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-12] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-17] ()
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [136192 2013-06-20] (MCCI Corporation)
S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [18944 2013-06-20] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [172032 2013-06-20] (MCCI Corporation)
S1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-05-22] (StdLib)
========================== Drivers MD5 =======================
C:\Windows\system32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\System32\DRIVERS\agrsm64.sys 98022774D9930ECBB292E70DB7601DF6
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 8155EA1864D1FA8B168C46C41ED97A76
C:\Windows\System32\DRIVERS\atikmpag.sys 4841C7AF2BAC05AE23955D65B4336446
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys E857EEE6B92AAA473EBB3465ADD8F7E7
C:\Windows\System32\drivers\AtiHdmi.sys 2D648572BA9A610952FCAFBA1E119C2D
C:\Windows\System32\DRIVERS\avgntflt.sys 7806BFCD1D7FA5EC23F7324D4EAFD25B
C:\Windows\System32\DRIVERS\avipbb.sys C3A58DBD18786C338126D30BF8C33D72
C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 810BE94A9E42309B3F74217AC28BC6AC
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys E10D1912634974EA273A1588C75CCB76
C:\Windows\System32\Drivers\BTHUSB.sys 19B784B6ECBB3ADBB2242700FEE90BEC
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys CA7720B73446FDDEC5C69519C1174C98
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 73BDD44A6088916964945886F9025409
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys EBCE0B0924835F635F620D19F0529DCE
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\SysWOW64\FsUsbExDisk.SYS DDEE99DC54EFA20BD5A442CD733C4462
C:\Windows\System32\Drivers\Fs_Rec.sys D3E3F93D67821A2DB2B3D9FAC2DC2064
C:\Windows\System32\DRIVERS\fvevol.sys 1F44F8559E61A8306ECC67BB1E168B7C
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 1384872112E8E7FD5786ECEB8BDDF4C9
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd64.sys FBACBED7A37B3223822470FF1D8EA00F
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys E76FDFFF07F8A2FA81FF250DDA0F6BBA
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdpmd64.sys FBACBED7A37B3223822470FF1D8EA00F
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4F4B5FDE429416877DE7143044582EB5
C:\Windows\System32\Drivers\ksecpkg.sys 6F40465A44ECDC1731BEFAFEC5BDD03C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys F0067552F8F9B33D7C59403AB808A3CB
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msahci.sys 5E939CF91EA4A841DBAFE4627E0292BB
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v64.sys 64428DFDAF6E88366CB51F45A79C5F69
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 9A6089B056EA1B83B36424FC9D0A300E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\optousb.sys 84DFFAD6904D29DAA208D28C0C00A8A6
C:\Windows\System32\DRIVERS\optovcm.sys 1B30BF9F42D6AC7CE27B8DC83F4B5913
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 90061B1ACFE8CCAA5345750FFE08D8B8
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 447DE7E3DEA39D422C1504F245B668B1
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 483DF0B58CA532E5240E59DC41F30AA2
C:\Windows\SysWOW64\Drivers\RtsUStor.sys 483DF0B58CA532E5240E59DC41F30AA2
C:\Windows\System32\DRIVERS\Rt64win7.sys 20A466B9EA2BD828C0EC723F99B8CFE7
C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 54E47AD086782D3AE9417C155CDCEB9B
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09
C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C
C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C
C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssadbus.sys 52D6F40B50ECFC051979FEC68E74F0F8
C:\Windows\System32\DRIVERS\ssadmdfl.sys D6CFD3B2EABCF9327DE39C62BABFA1E3
C:\Windows\System32\DRIVERS\ssadmdm.sys 5EB01E6148742C3EC2185AC92F6D16FD
C:\Windows\System32\DRIVERS\ssm_bus.sys 8E1B485AEBF4743F05B4FB162F6ED430
C:\Windows\System32\DRIVERS\ssm_mdfl.sys 1DFDEE4A0E168B6362A6A0778EAFDB55
C:\Windows\System32\DRIVERS\ssm_mdm.sys 1FFCC272F19BD84596378780F5C9843D
C:\Windows\System32\DRIVERS\ssudmdm.sys 5252D7BC56E5E0ED715AEA8FE173A455
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 4998AE89119C7106C92F0A64E4840FF6
C:\Windows\System32\drivers\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\DRIVERS\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 7518F7BCFD4B308ABC9192BACAF6C970
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys C06E6F4679CEB8F430B90A51D76D8D3C
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 537A4E03D7103C12D42DFD8FFDB5BDC9
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys FBB21EBE49F6D560DB37AC25FBC68E66
C:\Windows\System32\DRIVERS\usbhub.sys 6B7A8A99C4A459E73C286A6763EA24CC
C:\Windows\system32\drivers\usbohci.sys 8C88AA7617B4CBC2E4BED61D26B33A27
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys 0B5B3B2DF3FD1709618ACFA50B8392B0
C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys 9E425AC5C9A5A973273D169F43B4F5E1
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys B3EEACF62445E24FBB2CD4B0FB4DB026
C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys BA8BD1C0182BD860A379C0DF959976F3
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-02 12:40 - 2014-06-02 12:41 - 00000000 ____D () C:\FRST
2014-06-02 02:00 - 2014-06-02 02:00 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-2456-F.txt
2014-06-02 01:48 - 2014-06-02 01:48 - 00000366 _____ () C:\ProgramData\RUNDLL32.EXE-1160-F.txt
2014-06-02 01:27 - 2014-06-02 02:24 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-02 01:27 - 2014-06-02 01:27 - 00000609 _____ () C:\ProgramData\RUNDLL32.EXE-2604-F.txt
2014-06-02 01:23 - 2014-06-02 02:23 - 00000392 _____ () C:\Windows\setupact.log
2014-06-02 01:23 - 2014-06-02 01:23 - 00305472 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-06-02 01:23 - 2014-06-02 01:23 - 00000640 _____ () C:\Windows\PFRO.log
2014-06-02 01:23 - 2014-06-02 01:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-02 00:34 - 2014-06-02 00:34 - 00069240 _____ () C:\Users\Bocken\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-02 00:21 - 2014-06-02 00:24 - 00000455 _____ () C:\ProgramData\RUNDLL32.EXE-2672-F.txt
2014-06-02 00:15 - 2014-06-02 00:19 - 00002622 _____ () C:\ProgramData\RUNDLL32.EXE-3608-F.txt
2014-06-02 00:05 - 2014-06-02 00:14 - 00000000 ____D () C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172
2014-06-01 10:19 - 2014-05-22 08:20 - 00061120 _____ (StdLib) C:\Windows\System32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-05-25 04:57 - 2014-05-25 04:57 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\dlg
2014-05-25 04:56 - 2014-06-02 01:23 - 00000000 ____D () C:\Program Files (x86)\raving reyven
2014-05-25 04:56 - 2014-05-25 04:56 - 00123392 _____ () C:\Windows\System32\DlProtectSvc.exe
2014-05-25 04:56 - 2014-05-25 04:56 - 00119296 _____ () C:\Windows\System32\itsacapi_pe-2.3.exe
2014-05-25 04:56 - 2014-05-25 04:56 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-05-25 04:55 - 2014-06-02 00:44 - 00000000 ____D () C:\Program Files (x86)\PSHD-9.9
2014-05-25 04:55 - 2014-05-25 04:55 - 00003460 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-3.job
2014-05-25 04:55 - 2014-05-25 04:55 - 00002194 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-4.job
2014-05-25 04:55 - 2014-05-25 04:55 - 00001462 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-5.job
2014-05-25 04:55 - 2014-05-25 04:55 - 00001366 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-1.job
2014-05-25 04:55 - 2014-05-25 04:55 - 00000922 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-05-25 04:55 - 2014-05-25 04:55 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Local\globalUpdate
2014-05-25 04:55 - 2014-05-25 04:55 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-05-25 04:53 - 2014-05-25 04:53 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\Security System 2
2014-05-25 04:53 - 2014-05-25 04:53 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\BupSystem
2014-05-25 04:51 - 2014-05-25 04:51 - 00468096 _____ () C:\Users\Sabrina Boy\Downloads\ccleaner.exe
2014-05-25 04:50 - 2014-05-25 04:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-05-25 04:50 - 2014-05-25 04:50 - 00000000 ____D () C:\users\Administrator
2014-05-20 10:23 - 2014-05-20 10:55 - 00000000 ____D () C:\Users\Sabrina Boy\Desktop\Vatertag
2014-05-20 10:19 - 2014-06-02 02:07 - 00193649 _____ () C:\Windows\WindowsUpdate.log
2014-05-14 00:59 - 2014-05-14 11:35 - 00015363 _____ () C:\Users\Sabrina Boy\Documents\Widerspruch Bescheid Bock 2013.odt
2014-05-07 04:00 - 2014-05-07 04:00 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-05-06 23:26 - 2014-05-06 23:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf69c5bb9541dd.job
==================== One Month Modified Files and Folders =======
2014-06-02 12:41 - 2014-06-02 12:40 - 00000000 ____D () C:\FRST
2014-06-02 11:58 - 2011-07-05 20:49 - 00000000 ____D () C:\ProgramData\Recovery
2014-06-02 02:24 - 2014-06-02 01:27 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-02 02:23 - 2014-06-02 01:23 - 00000392 _____ () C:\Windows\setupact.log
2014-06-02 02:07 - 2014-05-20 10:19 - 00193649 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 02:07 - 2009-07-13 20:45 - 00023024 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 02:07 - 2009-07-13 20:45 - 00023024 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 02:00 - 2014-06-02 02:00 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-2456-F.txt
2014-06-02 02:00 - 2011-03-09 08:41 - 00000000 ____D () C:\Users\Bocken\AppData\Local\Temp
2014-06-02 01:48 - 2014-06-02 01:48 - 00000366 _____ () C:\ProgramData\RUNDLL32.EXE-1160-F.txt
2014-06-02 01:27 - 2014-06-02 01:27 - 00000609 _____ () C:\ProgramData\RUNDLL32.EXE-2604-F.txt
2014-06-02 01:26 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\System32\GroupPolicy
2014-06-02 01:24 - 2011-03-05 07:59 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Local\Temp
2014-06-02 01:23 - 2014-06-02 01:23 - 00305472 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-06-02 01:23 - 2014-06-02 01:23 - 00000640 _____ () C:\Windows\PFRO.log
2014-06-02 01:23 - 2014-06-02 01:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-02 01:23 - 2014-05-25 04:56 - 00000000 ____D () C:\Program Files (x86)\raving reyven
2014-06-02 01:18 - 2011-08-12 08:55 - 00000000 ____D () C:\Windows\pss
2014-06-02 00:44 - 2014-05-25 04:55 - 00000000 ____D () C:\Program Files (x86)\PSHD-9.9
2014-06-02 00:34 - 2014-06-02 00:34 - 00069240 _____ () C:\Users\Bocken\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-02 00:24 - 2014-06-02 00:21 - 00000455 _____ () C:\ProgramData\RUNDLL32.EXE-2672-F.txt
2014-06-02 00:19 - 2014-06-02 00:15 - 00002622 _____ () C:\ProgramData\RUNDLL32.EXE-3608-F.txt
2014-06-02 00:14 - 2014-06-02 00:05 - 00000000 ____D () C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172
2014-06-01 23:10 - 2010-07-17 10:47 - 00654852 _____ () C:\Windows\System32\perfh007.dat
2014-06-01 23:10 - 2010-07-17 10:47 - 00130434 _____ () C:\Windows\System32\perfc007.dat
2014-06-01 23:10 - 2009-07-13 21:13 - 01500294 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-05-25 04:57 - 2014-05-25 04:57 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\dlg
2014-05-25 04:57 - 2011-03-05 13:29 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-25 04:57 - 2011-03-05 13:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-25 04:56 - 2014-05-25 04:56 - 00123392 _____ () C:\Windows\System32\DlProtectSvc.exe
2014-05-25 04:56 - 2014-05-25 04:56 - 00119296 _____ () C:\Windows\System32\itsacapi_pe-2.3.exe
2014-05-25 04:56 - 2014-05-25 04:56 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-05-25 04:55 - 2014-05-25 04:55 - 00003460 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-3.job
2014-05-25 04:55 - 2014-05-25 04:55 - 00002194 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-4.job
2014-05-25 04:55 - 2014-05-25 04:55 - 00001462 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-5.job
2014-05-25 04:55 - 2014-05-25 04:55 - 00001366 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-1.job
2014-05-25 04:55 - 2014-05-25 04:55 - 00000922 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-05-25 04:55 - 2014-05-25 04:55 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Local\globalUpdate
2014-05-25 04:55 - 2014-05-25 04:55 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-05-25 04:53 - 2014-05-25 04:53 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\Security System 2
2014-05-25 04:53 - 2014-05-25 04:53 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\BupSystem
2014-05-25 04:51 - 2014-05-25 04:51 - 00468096 _____ () C:\Users\Sabrina Boy\Downloads\ccleaner.exe
2014-05-25 04:50 - 2014-05-25 04:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-05-25 04:50 - 2014-05-25 04:50 - 00000000 ____D () C:\users\Administrator
2014-05-22 08:20 - 2014-06-01 10:19 - 00061120 _____ (StdLib) C:\Windows\System32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-05-20 10:55 - 2014-05-20 10:23 - 00000000 ____D () C:\Users\Sabrina Boy\Desktop\Vatertag
2014-05-15 22:40 - 2013-08-17 11:06 - 00000000 ____D () C:\Windows\System32\MRT
2014-05-15 22:37 - 2011-03-10 23:30 - 93223848 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-05-14 11:35 - 2014-05-14 00:59 - 00015363 _____ () C:\Users\Sabrina Boy\Documents\Widerspruch Bescheid Bock 2013.odt
2014-05-07 04:00 - 2014-05-07 04:00 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-05-06 23:26 - 2014-05-06 23:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf69c5bb9541dd.job
Files to move or delete:
====================
C:\ProgramData\dlprotect.exe
Some content of TEMP:
====================
C:\Users\Bocken\AppData\Local\Temp\avgnt.exe
C:\Users\Sabrina Boy\AppData\Local\Temp\avgnt.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2013-06-23 05:26:13
Restore point made on: 2013-06-23 05:26:21
Restore point made on: 2013-06-23 05:26:22
Restore point made on: 2013-06-23 05:26:22
Restore point made on: 2013-06-23 05:26:27
Restore point made on: 2013-06-23 05:26:30
Restore point made on: 2013-06-23 05:26:38
Restore point made on: 2014-03-06 03:18:46
Restore point made on: 2014-03-06 03:31:16
Restore point made on: 2014-03-06 03:31:43
Restore point made on: 2014-03-06 03:32:05
Restore point made on: 2014-03-06 03:32:38
Restore point made on: 2014-03-06 03:39:12
Restore point made on: 2014-03-06 04:15:33
Restore point made on: 2014-03-15 09:34:14
Restore point made on: 2014-03-17 23:59:04
Restore point made on: 2014-03-25 23:58:47
Restore point made on: 2014-03-26 00:02:05
Restore point made on: 2014-03-28 06:58:27
Restore point made on: 2014-03-31 23:45:12
Restore point made on: 2014-04-10 02:00:29
Restore point made on: 2014-04-14 22:42:10
Restore point made on: 2014-04-19 12:12:41
Restore point made on: 2014-04-19 12:16:22
Restore point made on: 2014-04-22 23:31:43
Restore point made on: 2014-04-26 00:58:44
Restore point made on: 2014-05-04 04:10:08
Restore point made on: 2014-05-04 04:32:49
Restore point made on: 2014-05-04 04:32:56
Restore point made on: 2014-05-04 13:06:31
Restore point made on: 2014-05-13 04:15:27
Restore point made on: 2014-05-14 11:45:31
Restore point made on: 2014-05-15 22:37:11
Restore point made on: 2014-05-20 10:21:42
Restore point made on: 2014-05-22 19:46:50
Restore point made on: 2014-06-01 10:21:53
Restore point made on: 2014-06-01 10:23:31
Restore point made on: 2014-06-01 23:42:13
Restore point made on: 2014-06-01 23:45:36
Restore point made on: 2014-06-02 01:16:43
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=Y:
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
extendedinput Yes
default {default}
resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {current}
Windows-Startladeprogramm
-------------------------
Bezeichner {current}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{008ec3c1-c4bb-11df-9d1f-fe7ff272e1c4}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{008ec3c1-c4bb-11df-9d1f-fe7ff272e1c4}
systemroot \windows
nx OptIn
winpe Yes
Windows-Startladeprogramm
-------------------------
Bezeichner {572bcd60-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
path \windows\system32\boot\winload.exe
description Microsoft Windows PE 2.0
osdevice ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
systemroot \windows
detecthal Yes
winpe Yes
ems Yes
Windows-Startladeprogramm
-------------------------
Bezeichner {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale de-DE
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}
nx OptIn
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {c279be75-9b51-11de-9b93-a29d207e6d0e}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems Yes
Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM-Defekte
-----------
Bezeichner {badmemory}
Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisoreinstellungen
-------------------
Bezeichner {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}
Ger„teoptionen
--------------
Bezeichner {008ec3c1-c4bb-11df-9d1f-fe7ff272e1c4}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi
Optionen zum RAM-Datentr„gersetup
---------------------------------
Bezeichner {ramdiskoptions}
description Ramdisk Options
ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 3893.86 MB
Available physical RAM: 3183.88 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3173.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:281.96 GB) (Free:201.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:15.84 GB) (Free:2.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive h: (Intenso) (Removable) (Total:7.81 GB) (Free:7.76 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 91CA769B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=282 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 76CDA3CF)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)
LastRegBack: 2013-06-23 04:12
==================== End Of Log ============================
Leider bin ich kein Profi am Rechner und bitte vorab um Verständnis, Danke! |
|
02.06.2014, 12:26
| #2 |
| /// the machine /// TB-Ausbilder    | Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen Rechner hi,
__________________Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\Bocken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\gywggg.cpp (Microsoft Corporation)
Startup: C:\Users\Sabrina Boy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\gywggg.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\gggwyg.dot [333052 2014-06-02] (Microsoft Corporation)
C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Rechner normal starten.
__________________ |
|
02.06.2014, 14:05
| #3 |
| | Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen Rechner Hallo,
__________________Danke für die schnelle Antwort. Zwischenzeitlich habe ich im abgesicherten Modus ein Systemwiederherstellungspunkt gewählt und mit dem Virenprogramm Avira ein Scan vollzogen. Avira hat eine Datei in Quarantäne verschoben. Jetzt habe ich nach Deiner Antwort die Schritte befolgt und hier die aktuelle Logfile Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-06-2014 01
Ran by SYSTEM at 2014-06-02 14:36:23 Run:1
Running from H:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
Startup: C:\Users\Bocken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\gywggg.cpp (Microsoft Corporation)
Startup: C:\Users\Sabrina Boy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\gywggg.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\gggwyg.dot [333052 2014-06-02] (Microsoft Corporation)
C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172
*****************
C:\Users\Bocken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk not found.
C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\gywggg.cpp => Moved successfully.
C:\Users\Sabrina Boy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk not found.
C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\gywggg.cpp not found.
Winmgmt => Service restored successfully.
C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172 => Moved successfully.
==== End of Fixlog ====
 Hallo, Danke für die schnelle Antwort. Zwischenzeitlich habe ich im abgespeicherten Modus ein Systemwiederherstellungspunkt gewählt und der Rechner lief wieder. Habe Deine Nachricht erhalten und die Schritte befolgt. Hier die logfix Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-06-2014 01
Ran by SYSTEM at 2014-06-02 14:36:23 Run:1
Running from H:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
Startup: C:\Users\Bocken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\gywggg.cpp (Microsoft Corporation)
Startup: C:\Users\Sabrina Boy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\gywggg.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\gggwyg.dot [333052 2014-06-02] (Microsoft Corporation)
C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172
*****************
C:\Users\Bocken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk not found.
C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\gywggg.cpp => Moved successfully.
C:\Users\Sabrina Boy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk not found.
C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\gywggg.cpp not found.
Winmgmt => Service restored successfully.
C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172 => Moved successfully.
==== End of Fixlog ====
|
|
03.06.2014, 10:08
| #4 |
| /// the machine /// TB-Ausbilder | Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen Rechner Kannste also jetz tim normalen Modus booten? Wenn ja dann das hier vom Desktop: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.06.2014, 15:36
| #5 |
| | Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen Rechner Hallo, habe alles so wie Beschrieben durchgeführt. hier die frst.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Sabrina Boy (administrator) on SABRINASLAPTOP on 04-06-2014 16:30:32
Running from C:\Users\Sabrina Boy\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(globalUpdate) C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_4_402_265_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2095400 2010-04-16] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-23] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2899099275-4155470742-1896681866-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2899099275-4155470742-1896681866-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2899099275-4155470742-1896681866-1000\...\MountPoints2: F - F:\ting.exe
HKU\S-1-5-21-2899099275-4155470742-1896681866-1000\...\MountPoints2: {245b7740-b66e-11e2-9d25-a6699b6f42c6} - F:\ting.exe
Startup: C:\Users\Bocken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=CC89C0CB3829A1DE&affID=120695&tt=250613_gr2&tsp=4927
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.myplaycity.com/
URLSearchHook: HKLM-x32 - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - Bigpoint Games DE Toolbar - {0e3dbc69-a682-48da-84e1-82c63a5d678e} - C:\Program Files (x86)\Bigpoint_Games_DE\prxtbBigp.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - WiseConvert 1.3 Toolbar - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files (x86)\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.)
URLSearchHook: HKCU - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
URLSearchHook: HKCU - Bigpoint Games DE Toolbar - {0e3dbc69-a682-48da-84e1-82c63a5d678e} - C:\Program Files (x86)\Bigpoint_Games_DE\prxtbBigp.dll (Conduit Ltd.)
URLSearchHook: HKCU - WiseConvert 1.3 Toolbar - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files (x86)\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {3CA16FF5-57F5-4DE0-9165-E463438C1B2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {9AA0EE78-F120-4F67-8760-0DE1FE14D329} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
SearchScopes: HKLM-x32 - {3CA16FF5-57F5-4DE0-9165-E463438C1B2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm043^YY^de&si=swissconverter&ptb=01C76C6B-A0C8-4165-865C-F995B375C5EF&ind=2013062803&n=77fce693&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {9AA0EE78-F120-4F67-8760-0DE1FE14D329} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320324&octid=EB_ORIGINAL_CTID&ISID=M5049F39C-EC9F-45FB-934D-9B2A60005DA3&SearchSource=58&CUI=&UM=5&UP=SP70409782-B690-4A8E-B311-9116D80111ED&q={searchTerms}&SSPV=
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320324&octid=EB_ORIGINAL_CTID&ISID=M5049F39C-EC9F-45FB-934D-9B2A60005DA3&SearchSource=58&CUI=&UM=5&UP=SP70409782-B690-4A8E-B311-9116D80111ED&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=CC89C0CB3829A1DE&affID=120695&tt=250613_gr2&tsp=4927
SearchScopes: HKCU - {3CA16FF5-57F5-4DE0-9165-E463438C1B2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://home.myplaycity.com/results.php?category=web&s={searchTerms}
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm043^YY^de&si=swissconverter&ptb=01C76C6B-A0C8-4165-865C-F995B375C5EF&ind=2013062803&n=77fce693&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {9AA0EE78-F120-4F67-8760-0DE1FE14D329} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {A4D04BDE-D60A-4627-B228-25721E6494EF} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
SearchScopes: HKCU - {C18995F8-9267-42C8-AE61-57077F75E2AC} URL = hxxp://search.softonic.com/MON1207T11/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=514
SearchScopes: HKCU - {FA7403CF-0EB6-4620-947F-4ADC58E485E4} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=41868C55-63C5-4313-A21D-7040FE2BAEBA&apn_sauid=103B60E9-33D4-4BC4-928C-9EF32E42AA50
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKCU - No Name - {0E3DBC69-A682-48DA-84E1-82C63A5D678E} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - No File
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab
DPF: HKLM-x32 {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-07-17] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{13893AF3-7C14-43C9-943C-F7375E3FAA88}] - C:\Windows\Installer\{ECE8D100-69C8-4BF1-914D-D997C792E5E5}\{13893AF3-7C14-43C9-943C-F7375E3FAA88}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{ECE8D100-69C8-4BF1-914D-D997C792E5E5}\{13893AF3-7C14-43C9-943C-F7375E3FAA88}.xpi [2014-06-02]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-23] (Avira Operations GmbH & Co. KG)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-25] (globalUpdate)
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-25] (globalUpdate)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-12] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] ()
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.)
S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [136192 2013-06-21] (MCCI Corporation)
S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [18944 2013-06-21] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [172032 2013-06-21] (MCCI Corporation)
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-05-22] (StdLib)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-04 16:30 - 2014-06-04 16:31 - 00015833 _____ () C:\Users\Sabrina Boy\Desktop\FRST.txt
2014-06-04 16:29 - 2014-06-04 16:29 - 02068992 _____ (Farbar) C:\Users\Sabrina Boy\Desktop\FRST64.exe
2014-06-04 16:28 - 2014-06-04 16:28 - 01059840 _____ (Farbar) C:\Users\Sabrina Boy\Desktop\FRST.exe
2014-06-04 16:14 - 2014-06-04 16:14 - 00069240 _____ () C:\Users\Sabrina Boy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-04 16:12 - 2014-06-04 16:13 - 00313776 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-04 16:12 - 2014-06-04 16:12 - 00009072 _____ () C:\Windows\PFRO.log
2014-06-04 16:12 - 2014-06-04 16:12 - 00000056 _____ () C:\Windows\setupact.log
2014-06-04 16:12 - 2014-06-04 16:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-02 22:40 - 2014-06-04 16:30 - 00000000 ____D () C:\FRST
2014-06-02 14:22 - 2014-06-02 14:22 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-02 14:11 - 2014-06-02 14:12 - 00000114 _____ () C:\ProgramData\RUNDLL32.EXE-2540-F.txt
2014-06-02 13:47 - 2014-06-02 13:48 - 00000715 _____ () C:\ProgramData\RUNDLL32.EXE-2200-F.txt
2014-06-02 13:44 - 2014-06-02 13:45 - 00000227 _____ () C:\ProgramData\RUNDLL32.EXE-2364-F.txt
2014-06-02 12:00 - 2014-06-02 12:00 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-2456-F.txt
2014-06-02 11:48 - 2014-06-02 11:48 - 00000366 _____ () C:\ProgramData\RUNDLL32.EXE-1160-F.txt
2014-06-02 11:27 - 2014-06-02 11:27 - 00000609 _____ () C:\ProgramData\RUNDLL32.EXE-2604-F.txt
2014-06-02 10:34 - 2014-06-02 10:34 - 00069240 _____ () C:\Users\Bocken\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-02 10:21 - 2014-06-02 10:24 - 00000455 _____ () C:\ProgramData\RUNDLL32.EXE-2672-F.txt
2014-06-02 10:15 - 2014-06-02 10:19 - 00002622 _____ () C:\ProgramData\RUNDLL32.EXE-3608-F.txt
2014-06-01 20:19 - 2014-05-22 18:20 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-05-25 14:57 - 2014-05-25 14:57 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\dlg
2014-05-25 14:56 - 2014-06-02 20:09 - 00000000 ____D () C:\Program Files (x86)\raving reyven
2014-05-25 14:56 - 2014-05-25 14:56 - 00119296 _____ () C:\Windows\system32\itsacapi_pe-2.3.exe
2014-05-25 14:55 - 2014-05-25 14:55 - 00003460 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-3.job
2014-05-25 14:55 - 2014-05-25 14:55 - 00002194 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-4.job
2014-05-25 14:55 - 2014-05-25 14:55 - 00001462 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-5.job
2014-05-25 14:55 - 2014-05-25 14:55 - 00001366 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-1.job
2014-05-25 14:55 - 2014-05-25 14:55 - 00000922 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-05-25 14:55 - 2014-05-25 14:55 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Local\globalUpdate
2014-05-25 14:55 - 2014-05-25 14:55 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-05-25 14:53 - 2014-06-02 15:15 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\Security System 2
2014-05-25 14:51 - 2014-05-25 14:51 - 00468096 _____ () C:\Users\Sabrina Boy\Downloads\ccleaner.exe
2014-05-25 14:50 - 2014-05-25 14:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-05-25 14:50 - 2014-05-25 14:50 - 00000000 ____D () C:\Users\Administrator
2014-05-20 20:23 - 2014-05-20 20:55 - 00000000 ____D () C:\Users\Sabrina Boy\Desktop\Vatertag
2014-05-20 20:19 - 2014-06-04 16:31 - 00212527 _____ () C:\Windows\WindowsUpdate.log
2014-05-14 10:59 - 2014-05-14 21:35 - 00015363 _____ () C:\Users\Sabrina Boy\Documents\Widerspruch Bescheid Bock 2013.odt
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-05-07 09:26 - 2014-05-07 09:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf69c5bb9541dd.job
==================== One Month Modified Files and Folders =======
2014-06-04 16:31 - 2014-06-04 16:30 - 00015833 _____ () C:\Users\Sabrina Boy\Desktop\FRST.txt
2014-06-04 16:31 - 2014-05-20 20:19 - 00212527 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 16:31 - 2011-03-05 17:59 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Local\Temp
2014-06-04 16:30 - 2014-06-02 22:40 - 00000000 ____D () C:\FRST
2014-06-04 16:29 - 2014-06-04 16:29 - 02068992 _____ (Farbar) C:\Users\Sabrina Boy\Desktop\FRST64.exe
2014-06-04 16:28 - 2014-06-04 16:28 - 01059840 _____ (Farbar) C:\Users\Sabrina Boy\Desktop\FRST.exe
2014-06-04 16:20 - 2009-07-14 06:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-04 16:20 - 2009-07-14 06:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-04 16:18 - 2010-07-17 20:47 - 00654852 _____ () C:\Windows\system32\perfh007.dat
2014-06-04 16:18 - 2010-07-17 20:47 - 00130434 _____ () C:\Windows\system32\perfc007.dat
2014-06-04 16:18 - 2009-07-14 07:13 - 01500294 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-04 16:14 - 2014-06-04 16:14 - 00069240 _____ () C:\Users\Sabrina Boy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-04 16:13 - 2014-06-04 16:12 - 00313776 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-04 16:12 - 2014-06-04 16:12 - 00009072 _____ () C:\Windows\PFRO.log
2014-06-04 16:12 - 2014-06-04 16:12 - 00000056 _____ () C:\Windows\setupact.log
2014-06-04 16:12 - 2014-06-04 16:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-03 00:19 - 2011-08-12 18:55 - 00000000 ____D () C:\Windows\pss
2014-06-03 00:19 - 2011-03-09 18:41 - 00000000 ____D () C:\Users\Bocken\AppData\Local\Temp
2014-06-03 00:19 - 2011-03-09 18:41 - 00000000 ____D () C:\Users\Bocken
2014-06-03 00:19 - 2010-09-20 15:29 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-03 00:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-02 21:58 - 2011-07-06 06:49 - 00000000 ____D () C:\ProgramData\Recovery
2014-06-02 21:07 - 2010-07-17 11:19 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-06-02 21:06 - 2010-09-20 05:57 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-02 21:06 - 2010-09-20 05:57 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-06-02 21:06 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-02 20:09 - 2014-05-25 14:56 - 00000000 ____D () C:\Program Files (x86)\raving reyven
2014-06-02 15:15 - 2014-05-25 14:53 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\Security System 2
2014-06-02 14:22 - 2014-06-02 14:22 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-02 14:22 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-02 14:21 - 2011-03-05 17:59 - 00000000 ____D () C:\Users\Sabrina Boy
2014-06-02 14:12 - 2014-06-02 14:11 - 00000114 _____ () C:\ProgramData\RUNDLL32.EXE-2540-F.txt
2014-06-02 13:48 - 2014-06-02 13:47 - 00000715 _____ () C:\ProgramData\RUNDLL32.EXE-2200-F.txt
2014-06-02 13:45 - 2014-06-02 13:44 - 00000227 _____ () C:\ProgramData\RUNDLL32.EXE-2364-F.txt
2014-06-02 12:00 - 2014-06-02 12:00 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-2456-F.txt
2014-06-02 11:48 - 2014-06-02 11:48 - 00000366 _____ () C:\ProgramData\RUNDLL32.EXE-1160-F.txt
2014-06-02 11:27 - 2014-06-02 11:27 - 00000609 _____ () C:\ProgramData\RUNDLL32.EXE-2604-F.txt
2014-06-02 10:34 - 2014-06-02 10:34 - 00069240 _____ () C:\Users\Bocken\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-02 10:24 - 2014-06-02 10:21 - 00000455 _____ () C:\ProgramData\RUNDLL32.EXE-2672-F.txt
2014-06-02 10:19 - 2014-06-02 10:15 - 00002622 _____ () C:\ProgramData\RUNDLL32.EXE-3608-F.txt
2014-05-25 14:57 - 2014-05-25 14:57 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\dlg
2014-05-25 14:57 - 2011-03-05 23:29 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-25 14:57 - 2011-03-05 23:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-25 14:56 - 2014-05-25 14:56 - 00119296 _____ () C:\Windows\system32\itsacapi_pe-2.3.exe
2014-05-25 14:55 - 2014-05-25 14:55 - 00003460 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-3.job
2014-05-25 14:55 - 2014-05-25 14:55 - 00002194 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-4.job
2014-05-25 14:55 - 2014-05-25 14:55 - 00001462 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-5.job
2014-05-25 14:55 - 2014-05-25 14:55 - 00001366 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-1.job
2014-05-25 14:55 - 2014-05-25 14:55 - 00000922 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-05-25 14:55 - 2014-05-25 14:55 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Local\globalUpdate
2014-05-25 14:55 - 2014-05-25 14:55 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-05-25 14:51 - 2014-05-25 14:51 - 00468096 _____ () C:\Users\Sabrina Boy\Downloads\ccleaner.exe
2014-05-25 14:50 - 2014-05-25 14:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-05-25 14:50 - 2014-05-25 14:50 - 00000000 ____D () C:\Users\Administrator
2014-05-22 18:20 - 2014-06-01 20:19 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-05-20 20:55 - 2014-05-20 20:23 - 00000000 ____D () C:\Users\Sabrina Boy\Desktop\Vatertag
2014-05-16 08:40 - 2013-08-17 21:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 08:37 - 2011-03-11 09:30 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 21:35 - 2014-05-14 10:59 - 00015363 _____ () C:\Users\Sabrina Boy\Documents\Widerspruch Bescheid Bock 2013.odt
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-05-07 09:26 - 2014-05-07 09:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf69c5bb9541dd.job
Some content of TEMP:
====================
C:\Users\Bocken\AppData\Local\Temp\avgnt.exe
C:\Users\Sabrina Boy\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-23 14:12
==================== End Of Log ============================
--- --- --- ....und hier die addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Sabrina Boy at 2014-06-04 16:31:34
Running from C:\Users\Sabrina Boy\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.265 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.01) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bigpoint Games DE Toolbar (HKLM-x32\...\Bigpoint_Games_DE Toolbar) (Version: 6.3.3.3 - Bigpoint Games DE)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0621.2137.36973 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0621.2137.36973 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0621.2137.36973 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0621.2137.36973 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help English (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help French (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help German (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0621.2137.36973 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0621.2137.36973 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2511 - CyberLink Corp.) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
ElsterFormular für Privatanwender (HKLM-x32\...\ElsterFormular für Privatanwender 12.2.2.6665p) (Version: 12.2.2.6665p - Landesfinanzdirektion Thüringen)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{69ABD67D-5C2E-4724-B519-695DEF3EC23B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{AF6EB833-D48A-49AC-9394-4C57489FDFF2}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}) (Version: 5.0.14.2 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{E342EC6B-5F25-47FE-B92C-DE616149B430}) (Version: 4.0.9.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
MAGIX FunPix Maker 1.0.0.0 (D) (HKLM-x32\...\MAGIX FunPix Maker D) (Version: 1.0.0.0 - MAGIX AG)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: - )
Meine CEWE FOTOWELT (HKLM-x32\...\Meine CEWE FOTOWELT) (Version: - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0000 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Opticon USB Drivers Installer (HKLM-x32\...\Opticon USB Installer) (Version: - )
Panel Client 3.2 (HKLM-x32\...\Panel Client_is1) (Version: - GfK Panel Services Deutschland GmbH)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6066 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
Rossmann Fotowelt Software 4.12.1 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.12.1 - ORWO Net)
RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.2.0.12014_18 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.2.0.12014_18 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.0 - Synaptics Incorporated)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WiseConvert 1.3 Toolbar (HKLM-x32\...\WiseConvert_1.3 Toolbar) (Version: 6.9.0.16 - WiseConvert 1.3)
ZoneAlarm Firewall (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version: - Check Point Software Technologies)
ZoneAlarm Security (x32 Version: 11.0.000.504 - Check Point Software Technologies Ltd.) Hidden
==================== Restore Points =========================
06-03-2014 11:18:15 Windows Update
15-03-2014 17:34:01 Windows Update
18-03-2014 07:58:39 Windows Update
26-03-2014 08:01:51 Windows Update
28-03-2014 14:58:01 Windows Update
01-04-2014 07:44:57 Windows Update
10-04-2014 10:00:14 Windows Update
15-04-2014 06:41:37 Windows Update
19-04-2014 20:15:54 Windows Update
23-04-2014 07:31:28 Windows Update
26-04-2014 08:58:24 Windows Update
04-05-2014 12:09:52 Windows Update
13-05-2014 12:15:13 Windows Update
14-05-2014 19:45:18 Windows Update
16-05-2014 06:36:48 Windows Update
23-05-2014 03:46:34 Windows Update
01-06-2014 18:23:02 Windows Update
02-06-2014 12:26:08 Windows Update
02-06-2014 19:07:14 Removed HP Quick Launch
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {202921F1-E7D7-4176-8E25-93F243D267CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-01] (Google Inc.)
Task: {2FA09A2F-D336-4A3D-BDAF-33A9FBFBBA93} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {56D42C05-48B0-4F8C-8A45-FB99458AD224} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert <==== ATTENTION
Task: {792FB150-1014-419B-A4C8-A91F410779DA} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {820AA1E8-175F-4B49-8B3C-9DE99DAA2219} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-08-06] (Microsoft)
Task: {9A0B503B-C3D4-472B-BFAC-FD730664E5E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-06-30] (Hewlett-Packard Company)
Task: {9D2E49C1-0609-45B1-A699-030B02A78611} - System32\Tasks\4803 => Wscript.exe C:\Users\SABRIN~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {A0DF4138-EF01-4104-A7D5-73BB850C169A} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {A4758714-3684-4F53-A5C5-0F7AA2135880} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-01] (Google Inc.)
Task: {B2EAD807-9403-471B-8C4F-867D1566D742} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-06-30] (Hewlett-Packard Company)
Task: {BFF7D14B-6637-44AE-AA9C-C0F090260FA8} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
Task: {D206E34B-4B1D-495B-AF13-F688B7CA7CD4} - System32\Tasks\HPCeeScheduleForSabrina Boy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {E8F6FFFC-EB0A-49AE-88B5-F3E810994DE8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: C:\Windows\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => C:\Users\SABRIN~1\AppData\Local\Temp\cis281C.exe
Task: C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-1.job => C:\Program Files (x86)\PSHD-9.9\PSHD-9.9-codedownloader.exe
Task: C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-3.job => C:\Program Files (x86)\PSHD-9.9\f0d91f53-b4b4-4abd-95db-8335c8813830-3.exe
Task: C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-4.job => C:\Program Files (x86)\PSHD-9.9\f0d91f53-b4b4-4abd-95db-8335c8813830-4.exe
Task: C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-5.job => C:\Program Files (x86)\PSHD-9.9\f0d91f53-b4b4-4abd-95db-8335c8813830-5.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf69c5bb9541dd.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSabrina Boy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2010-06-10 17:12 - 2010-06-10 17:12 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-21 21:36 - 2010-06-21 21:36 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2012-11-04 12:34 - 2012-09-19 20:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-01-10 16:44 - 2013-01-10 16:44 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9e5dc5d1c75de12100f8c1d8c65de002\IsdiInterop.ni.dll
2010-09-20 05:39 - 2010-04-13 09:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/04/2014 04:23:44 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (06/04/2014 04:23:44 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
CodeIntegrity Errors:
===================================
Date: 2013-10-07 18:49:18.674
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-07 18:49:18.557
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-07 18:49:16.006
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-07 18:49:15.895
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-07 18:49:13.691
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-07 18:49:13.570
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-07 18:49:11.394
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-07 18:49:11.281
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-07 18:49:09.105
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-07 18:49:08.987
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 3893.86 MB
Available physical RAM: 2423.26 MB
Total Pagefile: 7785.86 MB
Available Pagefile: 5940.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:281.96 GB) (Free:203.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.84 GB) (Free:2.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 91CA769B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=282 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
==================== End Of Log ============================
iss der Rechner jetzt wieder okay und der Trojaner restlos weg? |
|
05.06.2014, 12:35
| #6 |
| /// the machine /// TB-Ausbilder | Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen Rechner Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen Rechner |
|
05.06.2014, 15:44
| #7 |
| | Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen Rechner Hallo, Hier die neuen Dateien. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 05.06.2014 Suchlauf-Zeit: 15:40:14 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.05.08 Rootkit Datenbank: v2014.06.02.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 CPU: x64 Dateisystem: NTFS Benutzer: Sabrina Boy Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 319662 Verstrichene Zeit: 14 Min, 28 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.211 - Bericht erstellt am 05/06/2014 um 16:08:23
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzername : Sabrina Boy - SABRINASLAPTOP
# Gestartet von : C:\Users\Sabrina Boy\Desktop\adwcleaner_3.211.exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : globalUpdate
Dienst Gefunden : globalUpdatem
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gefunden : C:\Users\Public\Desktop\eBay.lnk
Datei Gefunden : C:\Windows\System32\Tasks\BrowserDefendert
Datei Gefunden : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Ordner Gefunden : C:\Program Files (x86)\Bigpoint_Games_DE
Ordner Gefunden : C:\Program Files (x86)\globalUpdate
Ordner Gefunden : C:\Program Files (x86)\raving reyven
Ordner Gefunden : C:\Program Files (x86)\WiseConvert_1.3
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\BitGuard
Ordner Gefunden : C:\ProgramData\BrowserDefender
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\Bocken\AppData\LocalLow\Bigpoint_Games_DE
Ordner Gefunden : C:\Users\Bocken\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Bocken\AppData\LocalLow\ConduitEngine
Ordner Gefunden : C:\Users\Bocken\AppData\LocalLow\Softonic
Ordner Gefunden : C:\Users\Bocken\AppData\LocalLow\WiseConvert_1.3
Ordner Gefunden : C:\Users\Bocken\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gefunden : C:\Users\Sabrina Boy\AppData\Local\globalUpdate
Ordner Gefunden : C:\Users\Sabrina Boy\AppData\LocalLow\Bigpoint_Games_DE
Ordner Gefunden : C:\Users\Sabrina Boy\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Sabrina Boy\AppData\LocalLow\ConduitEngine
Ordner Gefunden : C:\Users\Sabrina Boy\AppData\LocalLow\Delta
Ordner Gefunden : C:\Users\Sabrina Boy\AppData\LocalLow\iac
Ordner Gefunden : C:\Users\Sabrina Boy\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Sabrina Boy\AppData\LocalLow\Softonic
Ordner Gefunden : C:\Users\Sabrina Boy\AppData\LocalLow\WiseConvert_1.3
Ordner Gefunden : C:\Users\Sabrina Boy\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Sabrina Boy\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\855d6d0b368eb49
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Bigpoint_Games_DE
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\WiseConvert_1.3
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\BabSolution
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\installedbrowserextensions
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{213C8ED6-1D78-4D8F-8729-25006AA86A76}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{213C8ED6-1D78-4D8F-8729-25006AA86A76}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D51392A5-3A08-41E6-AC05-C3B0FB94C41B}
Schlüssel Gefunden : HKCU\Software\Myfree Codec
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\BabSolution
Schlüssel Gefunden : [x64] HKCU\Software\IM
Schlüssel Gefunden : [x64] HKCU\Software\ImInstaller
Schlüssel Gefunden : [x64] HKCU\Software\installedbrowserextensions
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : [x64] HKCU\Software\Myfree Codec
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\855d6d0b368eb49
Schlüssel Gefunden : HKLM\Software\Bigpoint_Games_DE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{213C8ED6-1D78-4D8F-8729-25006AA86A76}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7D051421-BC1A-4A59-94B7-25C6BA60FE34}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D51392A5-3A08-41E6-AC05-C3B0FB94C41B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2843456
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3242337
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gefunden : HKLM\Software\installedbrowserextensions
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EDD851B-8756-4CB5-A73B-031C9BE3C518}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1568AA1-4A72-459F-B637-D1C758DEB35F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3B27182-2299-4B34-BE0F-8F354B90D9AF}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F22CF1DA-4C87-471E-A792-1876F8BCDA62}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp[1]_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp[1]_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_magix-funpix-maker[1]_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_magix-funpix-maker[1]_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape[1]_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape[1]_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WiseConvert_1_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WiseConvert_1_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7D051421-BC1A-4A59-94B7-25C6BA60FE34}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D51392A5-3A08-41E6-AC05-C3B0FB94C41B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bigpoint_Games_DE Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert 1.3 Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert_1.3 Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gefunden : HKLM\Software\Myfree Codec
Schlüssel Gefunden : HKLM\Software\WiseConvert_1.3
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Tarma Installer
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{213C8ED6-1D78-4D8F-8729-25006AA86A76}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{213C8ED6-1D78-4D8F-8729-25006AA86A76}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{213C8ED6-1D78-4D8F-8729-25006AA86A76}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7600.17267
*************************
AdwCleaner[R0].txt - [15588 octets] - [05/06/2014 16:08:23]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15649 octets] ##########
Code:
ATTFilter # AdwCleaner v3.211 - Bericht erstellt am 05/06/2014 um 16:09:28
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzername : Sabrina Boy - SABRINASLAPTOP
# Gestartet von : C:\Users\Sabrina Boy\Desktop\adwcleaner_3.211.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\ProgramData\Tarma Installer
[!] Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\raving reyven
Ordner Gelöscht : C:\Program Files (x86)\Bigpoint_Games_DE
Ordner Gelöscht : C:\Program Files (x86)\WiseConvert_1.3
Ordner Gelöscht : C:\Users\Bocken\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Bocken\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Bocken\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Bocken\AppData\LocalLow\Bigpoint_Games_DE
Ordner Gelöscht : C:\Users\Bocken\AppData\LocalLow\WiseConvert_1.3
Ordner Gelöscht : C:\Users\Bocken\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\Sabrina Boy\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Sabrina Boy\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Sabrina Boy\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Sabrina Boy\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Sabrina Boy\AppData\LocalLow\iac
Ordner Gelöscht : C:\Users\Sabrina Boy\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Sabrina Boy\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Sabrina Boy\AppData\LocalLow\Bigpoint_Games_DE
Ordner Gelöscht : C:\Users\Sabrina Boy\AppData\LocalLow\WiseConvert_1.3
Ordner Gelöscht : C:\Users\Sabrina Boy\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Sabrina Boy\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Windows\System32\Tasks\BrowserDefendert
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WiseConvert_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WiseConvert_1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKCU\Software\855d6d0b368eb49
Schlüssel Gelöscht : HKLM\SOFTWARE\855d6d0b368eb49
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2843456
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3242337
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp[1]_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp[1]_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_magix-funpix-maker[1]_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_magix-funpix-maker[1]_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape[1]_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape[1]_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7D051421-BC1A-4A59-94B7-25C6BA60FE34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{213C8ED6-1D78-4D8F-8729-25006AA86A76}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D51392A5-3A08-41E6-AC05-C3B0FB94C41B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{213C8ED6-1D78-4D8F-8729-25006AA86A76}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D51392A5-3A08-41E6-AC05-C3B0FB94C41B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{213C8ED6-1D78-4D8F-8729-25006AA86A76}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7D051421-BC1A-4A59-94B7-25C6BA60FE34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D51392A5-3A08-41E6-AC05-C3B0FB94C41B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1568AA1-4A72-459F-B637-D1C758DEB35F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3B27182-2299-4B34-BE0F-8F354B90D9AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F22CF1DA-4C87-471E-A792-1876F8BCDA62}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EDD851B-8756-4CB5-A73B-031C9BE3C518}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{213C8ED6-1D78-4D8F-8729-25006AA86A76}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{213C8ED6-1D78-4D8F-8729-25006AA86A76}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{213C8ED6-1D78-4D8F-8729-25006AA86A76}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\Bigpoint_Games_DE
Schlüssel Gelöscht : HKLM\Software\WiseConvert_1.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert 1.3 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bigpoint_Games_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert_1.3 Toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7600.17267
*************************
AdwCleaner[R0].txt - [15846 octets] - [05/06/2014 16:08:23]
AdwCleaner[S0].txt - [14288 octets] - [05/06/2014 16:09:28]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14349 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Sabrina Boy on 05.06.2014 at 16:21:21,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2899099275-4155470742-1896681866-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511291116}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511291116}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9AA0EE78-F120-4F67-8760-0DE1FE14D329}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9AA0EE78-F120-4F67-8760-0DE1FE14D329}
~~~ Files
Successfully deleted: [File] C:\Windows\syswow64\sho4E57.tmp
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.06.2014 at 16:28:32,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Sabrina Boy (administrator) on SABRINASLAPTOP on 05-06-2014 16:35:15
Running from C:\Users\Sabrina Boy\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2095400 2010-04-16] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-05] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2899099275-4155470742-1896681866-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2899099275-4155470742-1896681866-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2899099275-4155470742-1896681866-1000\...\MountPoints2: F - F:\ting.exe
HKU\S-1-5-21-2899099275-4155470742-1896681866-1000\...\MountPoints2: {245b7740-b66e-11e2-9d25-a6699b6f42c6} - F:\ting.exe
HKU\S-1-5-21-2899099275-4155470742-1896681866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-2899099275-4155470742-1896681866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-2899099275-4155470742-1896681866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2899099275-4155470742-1896681866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DisableChangePassword] 0
Startup: C:\Users\Bocken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
URLSearchHook: HKLM-x32 - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
URLSearchHook: HKCU - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {3CA16FF5-57F5-4DE0-9165-E463438C1B2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {9AA0EE78-F120-4F67-8760-0DE1FE14D329} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {3CA16FF5-57F5-4DE0-9165-E463438C1B2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {13C2FF9F-313B-48DC-A2D2-DA4A07002C34} URL =
SearchScopes: HKCU - {3CA16FF5-57F5-4DE0-9165-E463438C1B2F} URL =
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab
DPF: HKLM-x32 {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-07-17] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{13893AF3-7C14-43C9-943C-F7375E3FAA88}] - C:\Windows\Installer\{ECE8D100-69C8-4BF1-914D-D997C792E5E5}\{13893AF3-7C14-43C9-943C-F7375E3FAA88}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{ECE8D100-69C8-4BF1-914D-D997C792E5E5}\{13893AF3-7C14-43C9-943C-F7375E3FAA88}.xpi [2014-06-02]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-05] (Avira Operations GmbH & Co. KG)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-12] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] ()
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.)
S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [136192 2013-06-21] (MCCI Corporation)
S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [18944 2013-06-21] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [172032 2013-06-21] (MCCI Corporation)
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-05-22] (StdLib)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-05 16:28 - 2014-06-05 16:28 - 00001661 _____ () C:\Users\Sabrina Boy\Desktop\JRT.txt
2014-06-05 16:21 - 2014-06-05 16:21 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 16:20 - 2014-06-05 16:21 - 01016261 _____ (Thisisu) C:\Users\Sabrina Boy\Desktop\JRT.exe
2014-06-05 16:11 - 2014-06-05 16:11 - 00007412 _____ () C:\Windows\PFRO.log
2014-06-05 16:08 - 2014-06-05 16:09 - 00000000 ____D () C:\AdwCleaner
2014-06-05 16:02 - 2014-06-05 16:07 - 01327971 _____ () C:\Users\Sabrina Boy\Desktop\adwcleaner_3.211.exe
2014-06-05 16:01 - 2014-06-05 16:01 - 00001150 _____ () C:\Users\Sabrina Boy\Desktop\mbam.txt
2014-06-05 15:38 - 2014-06-05 15:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 15:37 - 2014-06-05 15:37 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 15:37 - 2014-06-05 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-05 15:37 - 2014-06-05 15:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 15:37 - 2014-06-05 15:37 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-05 15:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-05 15:37 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-05 15:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-05 15:32 - 2014-06-05 15:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Boy\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-05 15:20 - 2014-06-05 16:33 - 00000224 _____ () C:\Windows\setupact.log
2014-06-05 15:20 - 2014-06-05 15:20 - 00069240 _____ () C:\Users\Sabrina Boy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-05 15:20 - 2014-06-05 15:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-05 15:19 - 2014-06-05 15:20 - 00305472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-04 16:31 - 2014-06-04 16:32 - 00028062 _____ () C:\Users\Sabrina Boy\Desktop\Addition.txt
2014-06-04 16:30 - 2014-06-05 16:35 - 00011335 _____ () C:\Users\Sabrina Boy\Desktop\FRST.txt
2014-06-04 16:29 - 2014-06-04 16:29 - 02068992 _____ (Farbar) C:\Users\Sabrina Boy\Desktop\FRST64.exe
2014-06-04 16:28 - 2014-06-04 16:28 - 01059840 _____ (Farbar) C:\Users\Sabrina Boy\Desktop\FRST.exe
2014-06-02 22:40 - 2014-06-05 16:35 - 00000000 ____D () C:\FRST
2014-06-02 14:22 - 2014-06-02 14:22 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-02 14:11 - 2014-06-02 14:12 - 00000114 _____ () C:\ProgramData\RUNDLL32.EXE-2540-F.txt
2014-06-02 13:47 - 2014-06-02 13:48 - 00000715 _____ () C:\ProgramData\RUNDLL32.EXE-2200-F.txt
2014-06-02 13:44 - 2014-06-02 13:45 - 00000227 _____ () C:\ProgramData\RUNDLL32.EXE-2364-F.txt
2014-06-02 12:00 - 2014-06-02 12:00 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-2456-F.txt
2014-06-02 11:48 - 2014-06-02 11:48 - 00000366 _____ () C:\ProgramData\RUNDLL32.EXE-1160-F.txt
2014-06-02 11:27 - 2014-06-02 11:27 - 00000609 _____ () C:\ProgramData\RUNDLL32.EXE-2604-F.txt
2014-06-02 10:34 - 2014-06-02 10:34 - 00069240 _____ () C:\Users\Bocken\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-02 10:21 - 2014-06-02 10:24 - 00000455 _____ () C:\ProgramData\RUNDLL32.EXE-2672-F.txt
2014-06-02 10:15 - 2014-06-02 10:19 - 00002622 _____ () C:\ProgramData\RUNDLL32.EXE-3608-F.txt
2014-06-01 20:19 - 2014-05-22 18:20 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-05-25 14:57 - 2014-05-25 14:57 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\dlg
2014-05-25 14:56 - 2014-05-25 14:56 - 00119296 _____ () C:\Windows\system32\itsacapi_pe-2.3.exe
2014-05-25 14:53 - 2014-06-02 15:15 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\Security System 2
2014-05-25 14:50 - 2014-05-25 14:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-05-25 14:50 - 2014-05-25 14:50 - 00000000 ____D () C:\Users\Administrator
2014-05-20 20:23 - 2014-05-20 20:55 - 00000000 ____D () C:\Users\Sabrina Boy\Desktop\Vatertag
2014-05-20 20:19 - 2014-06-05 16:11 - 00255535 _____ () C:\Windows\WindowsUpdate.log
2014-05-14 10:59 - 2014-05-14 21:35 - 00015363 _____ () C:\Users\Sabrina Boy\Documents\Widerspruch Bescheid Bock 2013.odt
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-05-07 09:26 - 2014-05-07 09:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf69c5bb9541dd.job
==================== One Month Modified Files and Folders =======
2014-06-05 16:35 - 2014-06-04 16:30 - 00011335 _____ () C:\Users\Sabrina Boy\Desktop\FRST.txt
2014-06-05 16:35 - 2014-06-02 22:40 - 00000000 ____D () C:\FRST
2014-06-05 16:35 - 2014-05-20 20:19 - 00255535 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 16:35 - 2011-03-05 17:59 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Local\Temp
2014-06-05 16:33 - 2014-06-05 15:20 - 00000224 _____ () C:\Windows\setupact.log
2014-06-05 16:28 - 2014-06-05 16:28 - 00001661 _____ () C:\Users\Sabrina Boy\Desktop\JRT.txt
2014-06-05 16:21 - 2014-06-05 16:21 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 16:21 - 2014-06-05 16:20 - 01016261 _____ (Thisisu) C:\Users\Sabrina Boy\Desktop\JRT.exe
2014-06-05 16:19 - 2009-07-14 06:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 16:19 - 2009-07-14 06:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 16:16 - 2010-07-17 20:47 - 00654852 _____ () C:\Windows\system32\perfh007.dat
2014-06-05 16:16 - 2010-07-17 20:47 - 00130434 _____ () C:\Windows\system32\perfc007.dat
2014-06-05 16:16 - 2009-07-14 07:13 - 01500294 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-05 16:11 - 2014-06-05 16:11 - 00007412 _____ () C:\Windows\PFRO.log
2014-06-05 16:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-06-05 16:09 - 2014-06-05 16:08 - 00000000 ____D () C:\AdwCleaner
2014-06-05 16:07 - 2014-06-05 16:02 - 01327971 _____ () C:\Users\Sabrina Boy\Desktop\adwcleaner_3.211.exe
2014-06-05 16:01 - 2014-06-05 16:01 - 00001150 _____ () C:\Users\Sabrina Boy\Desktop\mbam.txt
2014-06-05 15:38 - 2014-06-05 15:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 15:37 - 2014-06-05 15:37 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 15:37 - 2014-06-05 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-05 15:37 - 2014-06-05 15:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 15:37 - 2014-06-05 15:37 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-05 15:36 - 2014-06-05 15:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Boy\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-05 15:25 - 2013-03-29 11:57 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-05 15:25 - 2013-03-29 11:57 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-05 15:20 - 2014-06-05 15:20 - 00069240 _____ () C:\Users\Sabrina Boy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-05 15:20 - 2014-06-05 15:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-05 15:20 - 2014-06-05 15:19 - 00305472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-04 16:32 - 2014-06-04 16:31 - 00028062 _____ () C:\Users\Sabrina Boy\Desktop\Addition.txt
2014-06-04 16:29 - 2014-06-04 16:29 - 02068992 _____ (Farbar) C:\Users\Sabrina Boy\Desktop\FRST64.exe
2014-06-04 16:28 - 2014-06-04 16:28 - 01059840 _____ (Farbar) C:\Users\Sabrina Boy\Desktop\FRST.exe
2014-06-03 00:19 - 2011-08-12 18:55 - 00000000 ____D () C:\Windows\pss
2014-06-03 00:19 - 2011-03-09 18:41 - 00000000 ____D () C:\Users\Bocken\AppData\Local\Temp
2014-06-03 00:19 - 2011-03-09 18:41 - 00000000 ____D () C:\Users\Bocken
2014-06-03 00:19 - 2010-09-20 15:29 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-03 00:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-02 21:58 - 2011-07-06 06:49 - 00000000 ____D () C:\ProgramData\Recovery
2014-06-02 21:07 - 2010-07-17 11:19 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-06-02 21:06 - 2010-09-20 05:57 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-02 21:06 - 2010-09-20 05:57 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-06-02 21:06 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-02 15:15 - 2014-05-25 14:53 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\Security System 2
2014-06-02 14:22 - 2014-06-02 14:22 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-02 14:22 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-02 14:21 - 2011-03-05 17:59 - 00000000 ____D () C:\Users\Sabrina Boy
2014-06-02 14:12 - 2014-06-02 14:11 - 00000114 _____ () C:\ProgramData\RUNDLL32.EXE-2540-F.txt
2014-06-02 13:48 - 2014-06-02 13:47 - 00000715 _____ () C:\ProgramData\RUNDLL32.EXE-2200-F.txt
2014-06-02 13:45 - 2014-06-02 13:44 - 00000227 _____ () C:\ProgramData\RUNDLL32.EXE-2364-F.txt
2014-06-02 12:00 - 2014-06-02 12:00 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-2456-F.txt
2014-06-02 11:48 - 2014-06-02 11:48 - 00000366 _____ () C:\ProgramData\RUNDLL32.EXE-1160-F.txt
2014-06-02 11:27 - 2014-06-02 11:27 - 00000609 _____ () C:\ProgramData\RUNDLL32.EXE-2604-F.txt
2014-06-02 10:34 - 2014-06-02 10:34 - 00069240 _____ () C:\Users\Bocken\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-02 10:24 - 2014-06-02 10:21 - 00000455 _____ () C:\ProgramData\RUNDLL32.EXE-2672-F.txt
2014-06-02 10:19 - 2014-06-02 10:15 - 00002622 _____ () C:\ProgramData\RUNDLL32.EXE-3608-F.txt
2014-05-25 14:57 - 2014-05-25 14:57 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\dlg
2014-05-25 14:57 - 2011-03-05 23:29 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-25 14:57 - 2011-03-05 23:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-25 14:56 - 2014-05-25 14:56 - 00119296 _____ () C:\Windows\system32\itsacapi_pe-2.3.exe
2014-05-25 14:50 - 2014-05-25 14:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-05-25 14:50 - 2014-05-25 14:50 - 00000000 ____D () C:\Users\Administrator
2014-05-22 18:20 - 2014-06-01 20:19 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-05-20 20:55 - 2014-05-20 20:23 - 00000000 ____D () C:\Users\Sabrina Boy\Desktop\Vatertag
2014-05-16 08:40 - 2013-08-17 21:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 08:37 - 2011-03-11 09:30 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 21:35 - 2014-05-14 10:59 - 00015363 _____ () C:\Users\Sabrina Boy\Documents\Widerspruch Bescheid Bock 2013.odt
2014-05-12 07:26 - 2014-06-05 15:37 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-05 15:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-05 15:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-07 14:00 - 2014-05-07 14:00 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-05-07 09:26 - 2014-05-07 09:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf69c5bb9541dd.job
Some content of TEMP:
====================
C:\Users\Bocken\AppData\Local\Temp\avgnt.exe
C:\Users\Sabrina Boy\AppData\Local\Temp\avgnt.exe
C:\Users\Sabrina Boy\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-23 14:12
==================== End Of Log ============================
--- --- --- ...ich hoffe es hilft... |
|
06.06.2014, 11:46
| #8 |
| /// the machine /// TB-Ausbilder | Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen RechnerESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.06.2014, 15:22
| #9 |
| | Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen Rechner hallo.... Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=7143f38ac6642a479ef5570892c9ff8d
# engine=18648
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-10 11:40:05
# local_time=2014-06-10 01:40:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 1312 267820095 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 1211 154030255 0 0
# scanned=13220
# found=15
# cleaned=0
# scan_time=276
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bigpoint_Games_DE\tbBigp.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseConvert_1.3\ldrtbWise.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseConvert_1.3\prxtbWise.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseConvert_1.3\tbWise.dll.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseConvert_1.3\WiseConvert_1.3ToolbarHelper.exe.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bocken\AppData\LocalLow\Bigpoint_Games_DE\tbBigp.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bocken\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bocken\AppData\LocalLow\WiseConvert_1.3\ldrtbWise.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bocken\AppData\LocalLow\WiseConvert_1.3\tbWise.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sabrina Boy\AppData\LocalLow\Bigpoint_Games_DE\tbBigp.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sabrina Boy\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sabrina Boy\AppData\LocalLow\WiseConvert_1.3\ldrtbWise.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sabrina Boy\AppData\LocalLow\WiseConvert_1.3\tbWise.dll.vir"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sabrina Boy\AppData\LocalLow\WiseConvert_1.3\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir"
sh=37F73DA65248F8F4BE634106CD017C160637AC3C ft=1 fh=3fb3cb70b18ab9a7 vn="Variante von Win64/Kryptik.FZ Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\11764AFC2A3364905E8D1EAE8BD77172\gggwyg.dot"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=7143f38ac6642a479ef5570892c9ff8d
# engine=18648
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-10 01:53:17
# local_time=2014-06-10 03:53:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 9304 267828087 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 9203 154038247 0 0
# scanned=253416
# found=35
# cleaned=0
# scan_time=7507
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bigpoint_Games_DE\tbBigp.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseConvert_1.3\ldrtbWise.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseConvert_1.3\prxtbWise.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseConvert_1.3\tbWise.dll.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseConvert_1.3\WiseConvert_1.3ToolbarHelper.exe.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bocken\AppData\LocalLow\Bigpoint_Games_DE\tbBigp.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bocken\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bocken\AppData\LocalLow\WiseConvert_1.3\ldrtbWise.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bocken\AppData\LocalLow\WiseConvert_1.3\tbWise.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sabrina Boy\AppData\LocalLow\Bigpoint_Games_DE\tbBigp.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sabrina Boy\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sabrina Boy\AppData\LocalLow\WiseConvert_1.3\ldrtbWise.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sabrina Boy\AppData\LocalLow\WiseConvert_1.3\tbWise.dll.vir"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sabrina Boy\AppData\LocalLow\WiseConvert_1.3\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir"
sh=37F73DA65248F8F4BE634106CD017C160637AC3C ft=1 fh=3fb3cb70b18ab9a7 vn="Variante von Win64/Kryptik.FZ Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\11764AFC2A3364905E8D1EAE8BD77172\gggwyg.dot"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=F5EE1489F5BD5427F1EA65441E5DCCA924E31336 ft=1 fh=eae9470eeeee5c10 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll"
sh=298A0B2E376066F775AAF9B794D2EFD3C6786B07 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sabrina Boy\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.49_0\extensionData\plugins\91.js"
sh=EE9717AD935A15AB07DD2E226398C2D9082D8E82 ft=1 fh=b775fe24c08839c1 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\Sabrina Boy\Downloads\avira_free_antivirus_de.exe"
sh=B289C53DBB01232884364F964E8A5BCCDFBCE00A ft=1 fh=20604ce9407285e3 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Users\Sabrina Boy\Downloads\ccsetup310.exe"
sh=3FC75D7EC85B4B4766AE1195896F0C2C5FB3E6FE ft=1 fh=f3111313b4ad1f30 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Users\Sabrina Boy\Downloads\ccsetup314.exe"
sh=DC1FE696A24E0072BA7221FCB0DAFEDB9B3560B4 ft=1 fh=5aa7e24d05d642d5 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Users\Sabrina Boy\Downloads\ccsetup315.exe"
sh=2E9FC5EE22DDB3588857BAEB1EC51885EB3D3C27 ft=1 fh=78aa2c558c3526a3 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Users\Sabrina Boy\Downloads\ccsetup318.exe"
sh=7EF1CA17E9835CBBA989D1F2CFEF4B794D928D13 ft=1 fh=c7fc25b20d8e6134 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Users\Sabrina Boy\Downloads\ccsetup320.exe"
sh=432E95C9B13671B563FDDECA6C408A763B4020F8 ft=1 fh=5a87b2eed39a59c6 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Users\Sabrina Boy\Downloads\ccsetup321.exe"
sh=B876F5F15137EF8A1680C2AC04DC786D2A191DC9 ft=1 fh=850ac12ce80cbbb1 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Users\Sabrina Boy\Downloads\ccsetup322.exe"
sh=9EBEEAD23C136B3C8E6CC0220B4F47C3D67B9B4D ft=1 fh=f7cfbc4528e170a2 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Users\Sabrina Boy\Downloads\ccsetup324.exe"
sh=868CA1776E5A96E6221DF0314BDCB6E827C50966 ft=1 fh=1951e73c8fe5e4b6 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sabrina Boy\Downloads\Comodo_Firewall_-_CHIP-Downloader.exe"
sh=3531F9AD7200E584FE9CED4461E924FB8A94FECE ft=1 fh=adfdf198dd8ec87e vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sabrina Boy\Downloads\FreeOCR_-_CHIP-Downloader.exe"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0"
sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[2].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0"
sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[2].0"
|
|
11.06.2014, 08:50
| #10 |
| /// the machine /// TB-Ausbilder | Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen Rechner und der Rest?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.06.2014, 11:45
| #11 |
| | Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen Rechner hallo,... FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 01
Ran by Sabrina Boy (administrator) on SABRINASLAPTOP on 12-06-2014 12:37:16
Running from C:\Users\Sabrina Boy\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_4_402_265_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Users\Sabrina Boy\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2095400 2010-04-16] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-05] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2899099275-4155470742-1896681866-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2899099275-4155470742-1896681866-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2899099275-4155470742-1896681866-1000\...\MountPoints2: F - F:\ting.exe
HKU\S-1-5-21-2899099275-4155470742-1896681866-1000\...\MountPoints2: {245b7740-b66e-11e2-9d25-a6699b6f42c6} - F:\ting.exe
Startup: C:\Users\Bocken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
URLSearchHook: HKLM-x32 - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
URLSearchHook: HKCU - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {3CA16FF5-57F5-4DE0-9165-E463438C1B2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {9AA0EE78-F120-4F67-8760-0DE1FE14D329} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {3CA16FF5-57F5-4DE0-9165-E463438C1B2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {13C2FF9F-313B-48DC-A2D2-DA4A07002C34} URL =
SearchScopes: HKCU - {3CA16FF5-57F5-4DE0-9165-E463438C1B2F} URL =
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab
DPF: HKLM-x32 {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-07-17] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{13893AF3-7C14-43C9-943C-F7375E3FAA88}] - C:\Windows\Installer\{ECE8D100-69C8-4BF1-914D-D997C792E5E5}\{13893AF3-7C14-43C9-943C-F7375E3FAA88}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{ECE8D100-69C8-4BF1-914D-D997C792E5E5}\{13893AF3-7C14-43C9-943C-F7375E3FAA88}.xpi [2014-06-02]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-05] (Avira Operations GmbH & Co. KG)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-06-30] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-17] (Realtek Semiconductor Corp.) [File not signed]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-12] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.)
S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [136192 2013-06-21] (MCCI Corporation)
S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [18944 2013-06-21] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [172032 2013-06-21] (MCCI Corporation)
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-05-22] (StdLib)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-12 12:37 - 2014-06-12 12:37 - 00011865 _____ () C:\Users\Sabrina Boy\Desktop\FRST.txt
2014-06-12 12:36 - 2014-06-12 12:36 - 00000000 ____D () C:\Users\Sabrina Boy\Desktop\FRST-OlderVersion
2014-06-12 12:13 - 2014-06-12 12:14 - 00854367 _____ () C:\Users\Sabrina Boy\Desktop\SecurityCheck.exe
2014-06-12 11:56 - 2014-06-12 11:56 - 00069240 _____ () C:\Users\Sabrina Boy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-12 11:55 - 2014-06-12 11:55 - 00305472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-12 11:55 - 2014-06-12 11:55 - 00000056 _____ () C:\Windows\setupact.log
2014-06-12 11:55 - 2014-06-12 11:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-10 13:32 - 2014-06-10 13:32 - 02347384 _____ (ESET) C:\Users\Sabrina Boy\esetsmartinstaller_deu.exe
2014-06-10 13:32 - 2014-06-10 13:32 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-05 16:28 - 2014-06-05 16:28 - 00001661 _____ () C:\Users\Sabrina Boy\Desktop\JRT.txt
2014-06-05 16:21 - 2014-06-05 16:21 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 16:20 - 2014-06-05 16:21 - 01016261 _____ (Thisisu) C:\Users\Sabrina Boy\Desktop\JRT.exe
2014-06-05 16:08 - 2014-06-05 16:09 - 00000000 ____D () C:\AdwCleaner
2014-06-05 16:02 - 2014-06-05 16:07 - 01327971 _____ () C:\Users\Sabrina Boy\Desktop\adwcleaner_3.211.exe
2014-06-05 16:01 - 2014-06-05 16:01 - 00001150 _____ () C:\Users\Sabrina Boy\Desktop\mbam.txt
2014-06-05 15:38 - 2014-06-05 15:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 15:37 - 2014-06-05 15:37 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 15:37 - 2014-06-05 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-05 15:37 - 2014-06-05 15:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 15:37 - 2014-06-05 15:37 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-05 15:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-05 15:37 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-05 15:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-05 15:32 - 2014-06-05 15:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Boy\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-04 16:31 - 2014-06-04 16:32 - 00028062 _____ () C:\Users\Sabrina Boy\Desktop\Addition.txt
2014-06-04 16:29 - 2014-06-12 12:36 - 02081792 _____ (Farbar) C:\Users\Sabrina Boy\Desktop\FRST64.exe
2014-06-02 22:40 - 2014-06-12 12:37 - 00000000 ____D () C:\FRST
2014-06-02 14:22 - 2014-06-02 14:22 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-02 14:11 - 2014-06-02 14:12 - 00000114 _____ () C:\ProgramData\RUNDLL32.EXE-2540-F.txt
2014-06-02 13:47 - 2014-06-02 13:48 - 00000715 _____ () C:\ProgramData\RUNDLL32.EXE-2200-F.txt
2014-06-02 13:44 - 2014-06-02 13:45 - 00000227 _____ () C:\ProgramData\RUNDLL32.EXE-2364-F.txt
2014-06-02 12:00 - 2014-06-02 12:00 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-2456-F.txt
2014-06-02 11:48 - 2014-06-02 11:48 - 00000366 _____ () C:\ProgramData\RUNDLL32.EXE-1160-F.txt
2014-06-02 11:27 - 2014-06-02 11:27 - 00000609 _____ () C:\ProgramData\RUNDLL32.EXE-2604-F.txt
2014-06-02 10:34 - 2014-06-02 10:34 - 00069240 _____ () C:\Users\Bocken\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-02 10:21 - 2014-06-02 10:24 - 00000455 _____ () C:\ProgramData\RUNDLL32.EXE-2672-F.txt
2014-06-02 10:15 - 2014-06-02 10:19 - 00002622 _____ () C:\ProgramData\RUNDLL32.EXE-3608-F.txt
2014-06-01 20:19 - 2014-05-22 18:20 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-05-25 14:57 - 2014-05-25 14:57 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\dlg
2014-05-25 14:56 - 2014-05-25 14:56 - 00119296 _____ () C:\Windows\system32\itsacapi_pe-2.3.exe
2014-05-25 14:53 - 2014-06-02 15:15 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\Security System 2
2014-05-25 14:50 - 2014-05-25 14:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-05-25 14:50 - 2014-05-25 14:50 - 00000000 ____D () C:\Users\Administrator
2014-05-20 20:23 - 2014-05-20 20:55 - 00000000 ____D () C:\Users\Sabrina Boy\Desktop\Vatertag
2014-05-20 20:19 - 2014-06-12 12:14 - 00363900 _____ () C:\Windows\WindowsUpdate.log
2014-05-14 10:59 - 2014-05-14 21:35 - 00015363 _____ () C:\Users\Sabrina Boy\Documents\Widerspruch Bescheid Bock 2013.odt
==================== One Month Modified Files and Folders =======
2014-06-12 12:38 - 2014-06-12 12:37 - 00011865 _____ () C:\Users\Sabrina Boy\Desktop\FRST.txt
2014-06-12 12:38 - 2011-03-05 17:59 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Local\Temp
2014-06-12 12:37 - 2014-06-02 22:40 - 00000000 ____D () C:\FRST
2014-06-12 12:37 - 2014-05-20 20:19 - 00363900 _____ () C:\Windows\WindowsUpdate.log
2014-06-12 12:36 - 2014-06-12 12:36 - 00000000 ____D () C:\Users\Sabrina Boy\Desktop\FRST-OlderVersion
2014-06-12 12:36 - 2014-06-04 16:29 - 02081792 _____ (Farbar) C:\Users\Sabrina Boy\Desktop\FRST64.exe
2014-06-12 12:14 - 2014-06-12 12:13 - 00854367 _____ () C:\Users\Sabrina Boy\Desktop\SecurityCheck.exe
2014-06-12 12:03 - 2009-07-14 06:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-12 12:03 - 2009-07-14 06:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-12 12:00 - 2010-07-17 20:47 - 00654852 _____ () C:\Windows\system32\perfh007.dat
2014-06-12 12:00 - 2010-07-17 20:47 - 00130434 _____ () C:\Windows\system32\perfc007.dat
2014-06-12 12:00 - 2009-07-14 07:13 - 01500294 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-12 11:56 - 2014-06-12 11:56 - 00069240 _____ () C:\Users\Sabrina Boy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-12 11:55 - 2014-06-12 11:55 - 00305472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-12 11:55 - 2014-06-12 11:55 - 00000056 _____ () C:\Windows\setupact.log
2014-06-12 11:55 - 2014-06-12 11:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-10 13:32 - 2014-06-10 13:32 - 02347384 _____ (ESET) C:\Users\Sabrina Boy\esetsmartinstaller_deu.exe
2014-06-10 13:32 - 2014-06-10 13:32 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-10 13:32 - 2011-03-05 17:59 - 00000000 ____D () C:\Users\Sabrina Boy
2014-06-10 13:25 - 2011-03-09 18:41 - 00000000 ____D () C:\Users\Bocken\AppData\Local\Temp
2014-06-05 16:28 - 2014-06-05 16:28 - 00001661 _____ () C:\Users\Sabrina Boy\Desktop\JRT.txt
2014-06-05 16:21 - 2014-06-05 16:21 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 16:21 - 2014-06-05 16:20 - 01016261 _____ (Thisisu) C:\Users\Sabrina Boy\Desktop\JRT.exe
2014-06-05 16:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-06-05 16:09 - 2014-06-05 16:08 - 00000000 ____D () C:\AdwCleaner
2014-06-05 16:07 - 2014-06-05 16:02 - 01327971 _____ () C:\Users\Sabrina Boy\Desktop\adwcleaner_3.211.exe
2014-06-05 16:01 - 2014-06-05 16:01 - 00001150 _____ () C:\Users\Sabrina Boy\Desktop\mbam.txt
2014-06-05 15:38 - 2014-06-05 15:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 15:37 - 2014-06-05 15:37 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 15:37 - 2014-06-05 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-05 15:37 - 2014-06-05 15:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 15:37 - 2014-06-05 15:37 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-05 15:36 - 2014-06-05 15:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Boy\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-05 15:25 - 2013-03-29 11:57 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-05 15:25 - 2013-03-29 11:57 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-04 16:32 - 2014-06-04 16:31 - 00028062 _____ () C:\Users\Sabrina Boy\Desktop\Addition.txt
2014-06-03 00:19 - 2011-08-12 18:55 - 00000000 ____D () C:\Windows\pss
2014-06-03 00:19 - 2011-03-09 18:41 - 00000000 ____D () C:\Users\Bocken
2014-06-03 00:19 - 2010-09-20 15:29 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-03 00:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-02 21:58 - 2011-07-06 06:49 - 00000000 ____D () C:\ProgramData\Recovery
2014-06-02 21:07 - 2010-07-17 11:19 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-06-02 21:06 - 2010-09-20 05:57 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-02 21:06 - 2010-09-20 05:57 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-06-02 21:06 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-02 15:15 - 2014-05-25 14:53 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\Security System 2
2014-06-02 14:22 - 2014-06-02 14:22 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-02 14:22 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-02 14:12 - 2014-06-02 14:11 - 00000114 _____ () C:\ProgramData\RUNDLL32.EXE-2540-F.txt
2014-06-02 13:48 - 2014-06-02 13:47 - 00000715 _____ () C:\ProgramData\RUNDLL32.EXE-2200-F.txt
2014-06-02 13:45 - 2014-06-02 13:44 - 00000227 _____ () C:\ProgramData\RUNDLL32.EXE-2364-F.txt
2014-06-02 12:00 - 2014-06-02 12:00 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-2456-F.txt
2014-06-02 11:48 - 2014-06-02 11:48 - 00000366 _____ () C:\ProgramData\RUNDLL32.EXE-1160-F.txt
2014-06-02 11:27 - 2014-06-02 11:27 - 00000609 _____ () C:\ProgramData\RUNDLL32.EXE-2604-F.txt
2014-06-02 10:34 - 2014-06-02 10:34 - 00069240 _____ () C:\Users\Bocken\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-02 10:24 - 2014-06-02 10:21 - 00000455 _____ () C:\ProgramData\RUNDLL32.EXE-2672-F.txt
2014-06-02 10:19 - 2014-06-02 10:15 - 00002622 _____ () C:\ProgramData\RUNDLL32.EXE-3608-F.txt
2014-05-25 14:57 - 2014-05-25 14:57 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\dlg
2014-05-25 14:57 - 2011-03-05 23:29 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-25 14:57 - 2011-03-05 23:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-25 14:56 - 2014-05-25 14:56 - 00119296 _____ () C:\Windows\system32\itsacapi_pe-2.3.exe
2014-05-25 14:50 - 2014-05-25 14:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-05-25 14:50 - 2014-05-25 14:50 - 00000000 ____D () C:\Users\Administrator
2014-05-22 18:20 - 2014-06-01 20:19 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-05-20 20:55 - 2014-05-20 20:23 - 00000000 ____D () C:\Users\Sabrina Boy\Desktop\Vatertag
2014-05-16 08:40 - 2013-08-17 21:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 08:37 - 2011-03-11 09:30 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 21:35 - 2014-05-14 10:59 - 00015363 _____ () C:\Users\Sabrina Boy\Documents\Widerspruch Bescheid Bock 2013.odt
Files to move or delete:
====================
C:\Users\Sabrina Boy\esetsmartinstaller_deu.exe
Some content of TEMP:
====================
C:\Users\Bocken\AppData\Local\Temp\avgnt.exe
C:\Users\Sabrina Boy\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-06-23 14:12
==================== End Of Log ============================
Code:
ATTFilter Results of screen317's Security Check version 0.99.83
Windows 7 x64
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
bitte schön.... und nu? |
|
12.06.2014, 11:53
| #12 |
| /// the machine /// TB-Ausbilder | Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen Rechner Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-05-22] (StdLib)
C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Windows updaten, da fehlt ein Servicvepack!! Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.06.2014, 11:56
| #13 |
| | Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen Rechner hallo.. Code:
ATTFilter Results of screen317's Security Check version 0.99.83
Windows 7 x64
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 01
Ran by Sabrina Boy (administrator) on SABRINASLAPTOP on 12-06-2014 12:37:16
Running from C:\Users\Sabrina Boy\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_4_402_265_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Users\Sabrina Boy\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2095400 2010-04-16] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-05] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2899099275-4155470742-1896681866-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2899099275-4155470742-1896681866-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2899099275-4155470742-1896681866-1000\...\MountPoints2: F - F:\ting.exe
HKU\S-1-5-21-2899099275-4155470742-1896681866-1000\...\MountPoints2: {245b7740-b66e-11e2-9d25-a6699b6f42c6} - F:\ting.exe
Startup: C:\Users\Bocken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
URLSearchHook: HKLM-x32 - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
URLSearchHook: HKCU - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {3CA16FF5-57F5-4DE0-9165-E463438C1B2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {9AA0EE78-F120-4F67-8760-0DE1FE14D329} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {3CA16FF5-57F5-4DE0-9165-E463438C1B2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {13C2FF9F-313B-48DC-A2D2-DA4A07002C34} URL =
SearchScopes: HKCU - {3CA16FF5-57F5-4DE0-9165-E463438C1B2F} URL =
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab
DPF: HKLM-x32 {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-07-17] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{13893AF3-7C14-43C9-943C-F7375E3FAA88}] - C:\Windows\Installer\{ECE8D100-69C8-4BF1-914D-D997C792E5E5}\{13893AF3-7C14-43C9-943C-F7375E3FAA88}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{ECE8D100-69C8-4BF1-914D-D997C792E5E5}\{13893AF3-7C14-43C9-943C-F7375E3FAA88}.xpi [2014-06-02]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-05] (Avira Operations GmbH & Co. KG)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-06-30] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-17] (Realtek Semiconductor Corp.) [File not signed]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-12] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.)
S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [136192 2013-06-21] (MCCI Corporation)
S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [18944 2013-06-21] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [172032 2013-06-21] (MCCI Corporation)
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-05-22] (StdLib)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-12 12:37 - 2014-06-12 12:37 - 00011865 _____ () C:\Users\Sabrina Boy\Desktop\FRST.txt
2014-06-12 12:36 - 2014-06-12 12:36 - 00000000 ____D () C:\Users\Sabrina Boy\Desktop\FRST-OlderVersion
2014-06-12 12:13 - 2014-06-12 12:14 - 00854367 _____ () C:\Users\Sabrina Boy\Desktop\SecurityCheck.exe
2014-06-12 11:56 - 2014-06-12 11:56 - 00069240 _____ () C:\Users\Sabrina Boy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-12 11:55 - 2014-06-12 11:55 - 00305472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-12 11:55 - 2014-06-12 11:55 - 00000056 _____ () C:\Windows\setupact.log
2014-06-12 11:55 - 2014-06-12 11:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-10 13:32 - 2014-06-10 13:32 - 02347384 _____ (ESET) C:\Users\Sabrina Boy\esetsmartinstaller_deu.exe
2014-06-10 13:32 - 2014-06-10 13:32 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-05 16:28 - 2014-06-05 16:28 - 00001661 _____ () C:\Users\Sabrina Boy\Desktop\JRT.txt
2014-06-05 16:21 - 2014-06-05 16:21 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 16:20 - 2014-06-05 16:21 - 01016261 _____ (Thisisu) C:\Users\Sabrina Boy\Desktop\JRT.exe
2014-06-05 16:08 - 2014-06-05 16:09 - 00000000 ____D () C:\AdwCleaner
2014-06-05 16:02 - 2014-06-05 16:07 - 01327971 _____ () C:\Users\Sabrina Boy\Desktop\adwcleaner_3.211.exe
2014-06-05 16:01 - 2014-06-05 16:01 - 00001150 _____ () C:\Users\Sabrina Boy\Desktop\mbam.txt
2014-06-05 15:38 - 2014-06-05 15:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 15:37 - 2014-06-05 15:37 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 15:37 - 2014-06-05 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-05 15:37 - 2014-06-05 15:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 15:37 - 2014-06-05 15:37 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-05 15:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-05 15:37 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-05 15:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-05 15:32 - 2014-06-05 15:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Boy\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-04 16:31 - 2014-06-04 16:32 - 00028062 _____ () C:\Users\Sabrina Boy\Desktop\Addition.txt
2014-06-04 16:29 - 2014-06-12 12:36 - 02081792 _____ (Farbar) C:\Users\Sabrina Boy\Desktop\FRST64.exe
2014-06-02 22:40 - 2014-06-12 12:37 - 00000000 ____D () C:\FRST
2014-06-02 14:22 - 2014-06-02 14:22 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-02 14:11 - 2014-06-02 14:12 - 00000114 _____ () C:\ProgramData\RUNDLL32.EXE-2540-F.txt
2014-06-02 13:47 - 2014-06-02 13:48 - 00000715 _____ () C:\ProgramData\RUNDLL32.EXE-2200-F.txt
2014-06-02 13:44 - 2014-06-02 13:45 - 00000227 _____ () C:\ProgramData\RUNDLL32.EXE-2364-F.txt
2014-06-02 12:00 - 2014-06-02 12:00 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-2456-F.txt
2014-06-02 11:48 - 2014-06-02 11:48 - 00000366 _____ () C:\ProgramData\RUNDLL32.EXE-1160-F.txt
2014-06-02 11:27 - 2014-06-02 11:27 - 00000609 _____ () C:\ProgramData\RUNDLL32.EXE-2604-F.txt
2014-06-02 10:34 - 2014-06-02 10:34 - 00069240 _____ () C:\Users\Bocken\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-02 10:21 - 2014-06-02 10:24 - 00000455 _____ () C:\ProgramData\RUNDLL32.EXE-2672-F.txt
2014-06-02 10:15 - 2014-06-02 10:19 - 00002622 _____ () C:\ProgramData\RUNDLL32.EXE-3608-F.txt
2014-06-01 20:19 - 2014-05-22 18:20 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-05-25 14:57 - 2014-05-25 14:57 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\dlg
2014-05-25 14:56 - 2014-05-25 14:56 - 00119296 _____ () C:\Windows\system32\itsacapi_pe-2.3.exe
2014-05-25 14:53 - 2014-06-02 15:15 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\Security System 2
2014-05-25 14:50 - 2014-05-25 14:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-05-25 14:50 - 2014-05-25 14:50 - 00000000 ____D () C:\Users\Administrator
2014-05-20 20:23 - 2014-05-20 20:55 - 00000000 ____D () C:\Users\Sabrina Boy\Desktop\Vatertag
2014-05-20 20:19 - 2014-06-12 12:14 - 00363900 _____ () C:\Windows\WindowsUpdate.log
2014-05-14 10:59 - 2014-05-14 21:35 - 00015363 _____ () C:\Users\Sabrina Boy\Documents\Widerspruch Bescheid Bock 2013.odt
==================== One Month Modified Files and Folders =======
2014-06-12 12:38 - 2014-06-12 12:37 - 00011865 _____ () C:\Users\Sabrina Boy\Desktop\FRST.txt
2014-06-12 12:38 - 2011-03-05 17:59 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Local\Temp
2014-06-12 12:37 - 2014-06-02 22:40 - 00000000 ____D () C:\FRST
2014-06-12 12:37 - 2014-05-20 20:19 - 00363900 _____ () C:\Windows\WindowsUpdate.log
2014-06-12 12:36 - 2014-06-12 12:36 - 00000000 ____D () C:\Users\Sabrina Boy\Desktop\FRST-OlderVersion
2014-06-12 12:36 - 2014-06-04 16:29 - 02081792 _____ (Farbar) C:\Users\Sabrina Boy\Desktop\FRST64.exe
2014-06-12 12:14 - 2014-06-12 12:13 - 00854367 _____ () C:\Users\Sabrina Boy\Desktop\SecurityCheck.exe
2014-06-12 12:03 - 2009-07-14 06:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-12 12:03 - 2009-07-14 06:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-12 12:00 - 2010-07-17 20:47 - 00654852 _____ () C:\Windows\system32\perfh007.dat
2014-06-12 12:00 - 2010-07-17 20:47 - 00130434 _____ () C:\Windows\system32\perfc007.dat
2014-06-12 12:00 - 2009-07-14 07:13 - 01500294 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-12 11:56 - 2014-06-12 11:56 - 00069240 _____ () C:\Users\Sabrina Boy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-12 11:55 - 2014-06-12 11:55 - 00305472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-12 11:55 - 2014-06-12 11:55 - 00000056 _____ () C:\Windows\setupact.log
2014-06-12 11:55 - 2014-06-12 11:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-10 13:32 - 2014-06-10 13:32 - 02347384 _____ (ESET) C:\Users\Sabrina Boy\esetsmartinstaller_deu.exe
2014-06-10 13:32 - 2014-06-10 13:32 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-10 13:32 - 2011-03-05 17:59 - 00000000 ____D () C:\Users\Sabrina Boy
2014-06-10 13:25 - 2011-03-09 18:41 - 00000000 ____D () C:\Users\Bocken\AppData\Local\Temp
2014-06-05 16:28 - 2014-06-05 16:28 - 00001661 _____ () C:\Users\Sabrina Boy\Desktop\JRT.txt
2014-06-05 16:21 - 2014-06-05 16:21 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 16:21 - 2014-06-05 16:20 - 01016261 _____ (Thisisu) C:\Users\Sabrina Boy\Desktop\JRT.exe
2014-06-05 16:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-06-05 16:09 - 2014-06-05 16:08 - 00000000 ____D () C:\AdwCleaner
2014-06-05 16:07 - 2014-06-05 16:02 - 01327971 _____ () C:\Users\Sabrina Boy\Desktop\adwcleaner_3.211.exe
2014-06-05 16:01 - 2014-06-05 16:01 - 00001150 _____ () C:\Users\Sabrina Boy\Desktop\mbam.txt
2014-06-05 15:38 - 2014-06-05 15:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 15:37 - 2014-06-05 15:37 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 15:37 - 2014-06-05 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-05 15:37 - 2014-06-05 15:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 15:37 - 2014-06-05 15:37 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-05 15:36 - 2014-06-05 15:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Boy\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-05 15:25 - 2013-03-29 11:57 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-05 15:25 - 2013-03-29 11:57 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-04 16:32 - 2014-06-04 16:31 - 00028062 _____ () C:\Users\Sabrina Boy\Desktop\Addition.txt
2014-06-03 00:19 - 2011-08-12 18:55 - 00000000 ____D () C:\Windows\pss
2014-06-03 00:19 - 2011-03-09 18:41 - 00000000 ____D () C:\Users\Bocken
2014-06-03 00:19 - 2010-09-20 15:29 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-03 00:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-02 21:58 - 2011-07-06 06:49 - 00000000 ____D () C:\ProgramData\Recovery
2014-06-02 21:07 - 2010-07-17 11:19 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-06-02 21:06 - 2010-09-20 05:57 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-02 21:06 - 2010-09-20 05:57 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-06-02 21:06 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-02 15:15 - 2014-05-25 14:53 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\Security System 2
2014-06-02 14:22 - 2014-06-02 14:22 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-02 14:22 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-02 14:12 - 2014-06-02 14:11 - 00000114 _____ () C:\ProgramData\RUNDLL32.EXE-2540-F.txt
2014-06-02 13:48 - 2014-06-02 13:47 - 00000715 _____ () C:\ProgramData\RUNDLL32.EXE-2200-F.txt
2014-06-02 13:45 - 2014-06-02 13:44 - 00000227 _____ () C:\ProgramData\RUNDLL32.EXE-2364-F.txt
2014-06-02 12:00 - 2014-06-02 12:00 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-2456-F.txt
2014-06-02 11:48 - 2014-06-02 11:48 - 00000366 _____ () C:\ProgramData\RUNDLL32.EXE-1160-F.txt
2014-06-02 11:27 - 2014-06-02 11:27 - 00000609 _____ () C:\ProgramData\RUNDLL32.EXE-2604-F.txt
2014-06-02 10:34 - 2014-06-02 10:34 - 00069240 _____ () C:\Users\Bocken\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-02 10:24 - 2014-06-02 10:21 - 00000455 _____ () C:\ProgramData\RUNDLL32.EXE-2672-F.txt
2014-06-02 10:19 - 2014-06-02 10:15 - 00002622 _____ () C:\ProgramData\RUNDLL32.EXE-3608-F.txt
2014-05-25 14:57 - 2014-05-25 14:57 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\dlg
2014-05-25 14:57 - 2011-03-05 23:29 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-25 14:57 - 2011-03-05 23:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-25 14:56 - 2014-05-25 14:56 - 00119296 _____ () C:\Windows\system32\itsacapi_pe-2.3.exe
2014-05-25 14:50 - 2014-05-25 14:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-05-25 14:50 - 2014-05-25 14:50 - 00000000 ____D () C:\Users\Administrator
2014-05-22 18:20 - 2014-06-01 20:19 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-05-20 20:55 - 2014-05-20 20:23 - 00000000 ____D () C:\Users\Sabrina Boy\Desktop\Vatertag
2014-05-16 08:40 - 2013-08-17 21:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 08:37 - 2011-03-11 09:30 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 21:35 - 2014-05-14 10:59 - 00015363 _____ () C:\Users\Sabrina Boy\Documents\Widerspruch Bescheid Bock 2013.odt
Files to move or delete:
====================
C:\Users\Sabrina Boy\esetsmartinstaller_deu.exe
Some content of TEMP:
====================
C:\Users\Bocken\AppData\Local\Temp\avgnt.exe
C:\Users\Sabrina Boy\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-06-23 14:12
==================== End Of Log ============================
bitte schön... und nu?  |
|
12.06.2014, 11:59
| #14 |
| /// the machine /// TB-Ausbilder | Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen Rechner Öhm, du hast meinen obigen Post schon gesehen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.06.2014, 21:46
| #15 |
| | Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen Rechner hallo.. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-06-2014
Ran by Sabrina Boy at 2014-06-16 22:37:02 Run:2
Running from C:\Users\Sabrina Boy\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-05-22] (StdLib)
C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
*****************
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64 => Service stopped successfully.
{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64 => Service deleted successfully.
C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter Farbar Service Scanner Version: 10-06-2014
Ran by Sabrina Boy (administrator) on 16-06-2014 at 22:43:38
Running from "C:\Users\Sabrina Boy\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Demand. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
windows update wurde durchgeführt, er bietet mir kein weiteres serviceupdate an.... |
|
| Themen zu Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen Rechner |
| administrator, bootmgr, conduitsearch, conduitsearch entfernen, explorer.exe, i8042prt.sys, igdpmd64.sys, js/toolbar.crossrider.b, launch, registry, services.exe, svchost.exe, usbvideo.sys, win32/bundled.toolbar.ask, win32/bundled.toolbar.ask.d, win32/bundled.toolbar.google.e, win32/downloadsponsor.a, win32/pricegong.a, win32/toolbar.conduit.b, win32/toolbar.conduit.o, win32/toolbar.conduit.p, win32/toolbar.conduit.q, win64/kryptik.fz, winlogon.exe |
Linear-Darstellung
