| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ...und wieder den Rechner infiziert?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.06.2014, 06:52
| #16 |
| /// the machine /// TB-Ausbilder    |  ...und wieder den Rechner infiziert? poste mal ein frisches FRST log 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.06.2014, 10:53
| #17 |
 | ...und wieder den Rechner infiziert? Schönen guten Morgen Schrauber,
__________________als ich gerade den Rechner gestartet habe, hat er wieder sehr lange gebraucht, hab Kaffee dabei gekocht  das Windows Sicherheitscenter meldete sofort das Avira ausgeschaltet wäre, obwohl Avira sagt das alles aktiv und ok wäre, habe das grade mal so gelassen und FRST laufen lassen.Hier die Logs dazu FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-06-2014 01
Ran by user (administrator) on LUZIFER-PC on 22-06-2014 11:43:27
Running from C:\Users\user\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-05-15] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-12] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-1186053978-4098695625-272641498-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [543320 2013-07-08] (Sandboxie Holdings, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x025CAE961E78CE01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: www.google.de
FF Keyword.URL: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-06-15]
FF Extension: NoScript - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-15]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-07-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-03]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default\extensions\cliqz@cliqz.com
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-30] (AVAST Software)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [129112 2013-07-08] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1228336 2014-02-27] (Sony Corporation)
S2 GlobalUpdater; C:\Program Files\Common Files\IMGUpdater\IMGUpdater.exe [X]
S3 SLUINotify; %SystemRoot%\system32\SLUINotify.dll [X]
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-30] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-05-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-04-30] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-30] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [159208 2013-07-08] (Sandboxie Holdings, LLC)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2014-03-23] () [File not signed]
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [81232 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [452816 2013-03-15] (Paragon)
R1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283600 2013-03-15] (Paragon)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-21] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-22 11:43 - 2014-06-22 11:43 - 00012439 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-22 11:41 - 2014-06-22 11:42 - 01070592 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-06-21 15:56 - 2014-06-21 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-06-15 19:24 - 2014-06-15 19:24 - 00000000 ____D () C:\Users\Wir zusammen\AppData\Roaming\WinPatrol
2014-06-15 17:57 - 2014-06-15 17:57 - 00448512 _____ (OldTimer Tools) C:\Users\user\Downloads\TFC.exe
2014-06-15 17:47 - 2014-06-15 17:47 - 00000000 ____D () C:\Users\user\Downloads\web_of_trust_wot-20131118-fx
2014-06-15 17:45 - 2014-06-15 17:45 - 00526323 _____ () C:\Users\user\Downloads\web_of_trust_wot-20131118-fx.zip
2014-06-15 17:33 - 2014-06-15 17:37 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-06-15 17:33 - 2014-06-15 17:33 - 00000876 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-06-15 17:33 - 2014-06-15 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-06-15 17:33 - 2014-06-15 17:33 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-15 17:27 - 2014-06-15 17:27 - 01064488 _____ (BillP Studios) C:\Users\user\Downloads\wpsetup.exe
2014-06-15 17:20 - 2014-06-15 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2014-06-15 17:20 - 2014-06-15 17:20 - 00000000 ____D () C:\Program Files\MPC-HC
2014-06-15 17:16 - 2014-06-15 17:16 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-06-15 17:16 - 2014-06-15 17:16 - 00000000 ____D () C:\ProgramData\Sun
2014-06-15 17:16 - 2014-06-15 17:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-15 17:16 - 2014-06-15 17:16 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-15 17:16 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-15 17:15 - 2014-06-15 17:15 - 00004126 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-06-15 17:15 - 2014-06-15 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-15 17:15 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-15 17:15 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-15 17:15 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-15 17:13 - 2014-06-15 17:13 - 00918952 _____ (Oracle Corporation) C:\Users\user\Downloads\jxpiinstall.exe
2014-06-15 17:03 - 2014-06-15 17:03 - 05329480 _____ (Secunia) C:\Users\user\Downloads\PSISetup_3.0.0.9016.exe
2014-06-15 16:57 - 2014-06-15 17:00 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-15 16:35 - 2014-06-15 16:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-14 06:51 - 2014-06-21 14:43 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-14 06:51 - 2014-06-21 14:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-13 12:46 - 2014-06-13 12:46 - 00000000 ____D () C:\Users\user\AppData\Roaming\Der Planer 4
2014-06-12 12:46 - 2014-06-22 11:43 - 00000000 ____D () C:\FRST
2014-06-12 11:17 - 2014-06-12 11:17 - 00007626 _____ () C:\ComboFix.txt
2014-06-12 11:06 - 2014-06-15 17:00 - 00000000 ____D () C:\Windows\erdnt
2014-06-12 09:24 - 2014-06-12 10:48 - 00000000 ____D () C:\AdwCleaner
2014-06-12 09:23 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-06-12 09:23 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-06-12 09:22 - 2014-06-12 09:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\Wir zusammen\Downloads\AdwCleaner - CHIP-Installer.exe
2014-06-12 08:21 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 08:21 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 08:21 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 08:21 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 08:21 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 08:21 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 08:21 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-12 08:21 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 08:21 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 08:21 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 08:21 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 08:21 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 08:21 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 08:21 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 08:21 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-12 08:21 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 08:21 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 08:21 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 08:21 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-12 08:21 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-12 08:21 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 08:21 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 08:21 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 08:21 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 08:21 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-05-30 15:06 - 2014-05-30 15:07 - 00000000 ____D () C:\temp
==================== One Month Modified Files and Folders =======
2014-06-22 11:43 - 2014-06-22 11:43 - 00012439 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-22 11:43 - 2014-06-12 12:46 - 00000000 ____D () C:\FRST
2014-06-22 11:42 - 2014-06-22 11:41 - 01070592 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-06-22 11:39 - 2008-01-21 03:35 - 01060828 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 11:31 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-22 11:31 - 2006-11-02 14:47 - 00004160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-22 11:31 - 2006-11-02 14:47 - 00004160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-21 16:55 - 2013-07-02 15:15 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-06-21 16:55 - 2006-11-02 15:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-21 15:57 - 2013-07-04 17:32 - 00002836 _____ () C:\Windows\Sandboxie.ini
2014-06-21 15:56 - 2014-06-21 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-06-21 14:43 - 2014-06-14 06:51 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-21 14:43 - 2014-06-14 06:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-15 19:24 - 2014-06-15 19:24 - 00000000 ____D () C:\Users\Wir zusammen\AppData\Roaming\WinPatrol
2014-06-15 18:17 - 2013-07-03 21:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-15 18:17 - 2008-01-21 04:47 - 00159022 _____ () C:\Windows\PFRO.log
2014-06-15 17:57 - 2014-06-15 17:57 - 00448512 _____ (OldTimer Tools) C:\Users\user\Downloads\TFC.exe
2014-06-15 17:47 - 2014-06-15 17:47 - 00000000 ____D () C:\Users\user\Downloads\web_of_trust_wot-20131118-fx
2014-06-15 17:46 - 2013-07-28 17:14 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-15 17:45 - 2014-06-15 17:45 - 00526323 _____ () C:\Users\user\Downloads\web_of_trust_wot-20131118-fx.zip
2014-06-15 17:37 - 2014-06-15 17:33 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-06-15 17:33 - 2014-06-15 17:33 - 00000876 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-06-15 17:33 - 2014-06-15 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-06-15 17:33 - 2014-06-15 17:33 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-15 17:27 - 2014-06-15 17:27 - 01064488 _____ (BillP Studios) C:\Users\user\Downloads\wpsetup.exe
2014-06-15 17:20 - 2014-06-15 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2014-06-15 17:20 - 2014-06-15 17:20 - 00000000 ____D () C:\Program Files\MPC-HC
2014-06-15 17:16 - 2014-06-15 17:16 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-06-15 17:16 - 2014-06-15 17:16 - 00000000 ____D () C:\ProgramData\Sun
2014-06-15 17:16 - 2014-06-15 17:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-15 17:16 - 2014-06-15 17:16 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-15 17:15 - 2014-06-15 17:15 - 00004126 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-06-15 17:15 - 2014-06-15 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-15 17:15 - 2014-01-15 20:04 - 00000000 ____D () C:\Program Files\Java
2014-06-15 17:13 - 2014-06-15 17:13 - 00918952 _____ (Oracle Corporation) C:\Users\user\Downloads\jxpiinstall.exe
2014-06-15 17:03 - 2014-06-15 17:03 - 05329480 _____ (Secunia) C:\Users\user\Downloads\PSISetup_3.0.0.9016.exe
2014-06-15 17:00 - 2014-06-15 16:57 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-15 17:00 - 2014-06-12 11:06 - 00000000 ____D () C:\Windows\erdnt
2014-06-15 16:53 - 2014-03-23 00:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\DAEMON Tools Lite
2014-06-15 16:49 - 2014-01-06 15:54 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-15 16:43 - 2013-07-13 15:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\Adobe
2014-06-15 16:35 - 2014-06-15 16:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-15 15:55 - 2008-01-21 09:16 - 01566076 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-13 12:46 - 2014-06-13 12:46 - 00000000 ____D () C:\Users\user\AppData\Roaming\Der Planer 4
2014-06-12 13:00 - 2013-07-13 02:10 - 00000000 ____D () C:\Update
2014-06-12 11:17 - 2014-06-12 11:17 - 00007626 _____ () C:\ComboFix.txt
2014-06-12 11:17 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-06-12 11:17 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-06-12 11:15 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-06-12 10:48 - 2014-06-12 09:24 - 00000000 ____D () C:\AdwCleaner
2014-06-12 10:35 - 2014-02-03 09:11 - 00000000 ____D () C:\Program Files\Google
2014-06-12 09:47 - 2014-05-16 15:01 - 00000000 ____D () C:\Users\user\AppData\Roaming\DVDVideoSoft
2014-06-12 09:46 - 2013-07-12 13:29 - 00000000 ____D () C:\Program Files\Adobe
2014-06-12 09:22 - 2014-06-12 09:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\Wir zusammen\Downloads\AdwCleaner - CHIP-Installer.exe
2014-06-12 08:26 - 2013-07-11 00:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 08:25 - 2013-07-10 13:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 08:23 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-31 12:22 - 2013-08-09 21:51 - 00000834 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-31 12:22 - 2013-08-09 21:51 - 00000834 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-30 15:07 - 2014-05-30 15:06 - 00000000 ____D () C:\temp
2014-05-28 18:48 - 2014-06-12 08:21 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 18:39 - 2014-06-12 08:21 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 18:38 - 2014-06-12 08:21 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 18:33 - 2014-06-12 08:21 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 18:32 - 2014-06-12 08:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 18:32 - 2014-06-12 08:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 18:31 - 2014-06-12 08:21 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 18:31 - 2014-06-12 08:21 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 18:30 - 2014-06-12 08:21 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 18:30 - 2014-06-12 08:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 18:30 - 2014-06-12 08:21 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 18:30 - 2014-06-12 08:21 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 18:30 - 2014-06-12 08:21 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 18:30 - 2014-06-12 08:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 18:30 - 2014-06-12 08:21 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 18:29 - 2014-06-12 08:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 18:29 - 2014-06-12 08:21 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 18:29 - 2014-06-12 08:21 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 18:29 - 2014-06-12 08:21 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 18:29 - 2014-06-12 08:21 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 18:28 - 2014-06-12 08:21 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-24 11:53 - 2014-01-05 14:20 - 00000000 ____D () C:\Users\Wir zusammen\AppData\Roaming\vlc
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-22 11:41
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-06-2014 01
Ran by user at 2014-06-22 11:44:06
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Assassin's Creed (HKLM\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
ATI Catalyst Install Manager (HKLM\...\{0B9B76C9-4967-59FC-C994-191AEA152F04}) (Version: 3.0.710.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2018 - Avast Software)
Borderlands (HKLM\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0515.32.42252 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0515.32.42252 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0515.32.42252 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0515.32.42252 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2009.0515.32.42252 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0515.32.42252 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0515.32.42252 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0515.32.42252 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Czech (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Danish (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Dutch (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help English (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Finnish (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help French (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help German (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Greek (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Italian (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Japanese (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Korean (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Polish (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Russian (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Spanish (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Swedish (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Thai (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Turkish (Version: 2009.0515.0031.42252 - ATI) Hidden
ccc-core-static (Version: 2009.0515.32.42252 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0515.32.42252 - ATI) Hidden
Der Planer 4 Version 1.3 (HKLM\...\{BA9E9ED5-FFF3-4E0D-95B9-62527672268B}_is1) (Version: - rondomedia Marketing & Vertriebs GmbH)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{72EEB695-388B-4835-8EA6-0C04545B06B9}) (Version: 12.04.3000 - Intel(R) Corporation)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
K-Lite Mega Codec Pack 9.9.0 (HKLM\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
Panda USB Vaccine 1.0.1.4 (HKLM\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
Paragon Backup & Recovery™ 2013 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF-XChange Editor (HKLM\...\{e6c66f24-ae75-4cce-8afc-8ed58d732f6a}) (Version: 3.0.307.0 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 3.0.307.0 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Lite 2012 (HKLM\...\{AD09CC9A-6901-4921-B66D-9402FF32EF27}_is1) (Version: 5.0.273.0 - Tracker Software Products Ltd)
Sandboxie 4.04 (32-bit) (HKLM\...\Sandboxie) (Version: 4.04 - Sandboxie Holdings, LLC)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skins (Version: 2009.0515.32.42252 - ATI) Hidden
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VAIO Update (HKLM\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VU5x86 (Version: 1.1.0 - Sony Corporation ) Hidden
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {105436F0-8111-45FB-B3F7-05E3EF93F6D0} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4F6E6931-9911-4070-85BF-7BD2E0C612BD} - System32\Tasks\PandaUSBVaccine => C:\Program Files\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {88252F50-6484-4DBD-96A8-20723D944594} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation)
Task: {89C883DC-A7CF-4109-B438-4BAF892F6C15} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {90259E5E-10DB-4FC2-B203-8C9E2548C055} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-30] (AVAST Software)
Task: {911778AD-D4DC-48C0-895B-118D7CE0B587} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FBEE929F-68F5-46FD-B578-BFB64AB084E7} - System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => C:\Users\user\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe
==================== Loaded Modules (whitelisted) =============
2014-06-22 11:31 - 2014-06-22 11:31 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062200\algo.dll
2009-05-21 13:18 - 2009-05-21 13:18 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2009-05-14 22:22 - 2009-05-14 22:22 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2013-11-23 22:43 - 2013-11-23 22:43 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-07-02 15:58 - 2013-07-02 15:58 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-08-26 11:41 - 2008-08-26 11:41 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/22/2014 11:31:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/21/2014 04:55:05 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (06/21/2014 03:58:03 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (06/21/2014 02:52:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/21/2014 02:49:23 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (06/21/2014 02:23:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/20/2014 01:22:51 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (06/20/2014 09:58:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 06:55:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/17/2014 10:35:03 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
System errors:
=============
Error: (06/22/2014 11:31:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: GlobalUpdater%%2
Error: (06/22/2014 11:31:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/21/2014 02:52:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: GlobalUpdater%%2
Error: (06/21/2014 02:52:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/21/2014 02:30:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: VUAgent%%1053
Error: (06/21/2014 02:30:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000VUAgent
Error: (06/21/2014 02:29:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: VUAgent%%1053
Error: (06/21/2014 02:29:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000VUAgent
Error: (06/21/2014 02:29:42 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053VUAgent{4EE3B587-5512-4A71-BB81-ADFC0559687B}
Error: (06/21/2014 02:27:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Modules Installer%%1053
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-07-03 18:17:04.121
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-03 18:17:03.934
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-03 18:17:03.871
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-03 18:17:03.809
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-03 18:17:03.700
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 32%
Total physical RAM: 3038.12 MB
Available physical RAM: 2050.76 MB
Total Pagefile: 6277.24 MB
Available Pagefile: 5242.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.32 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.48 GB) (Free:67.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:106.62 GB) (Free:99.74 GB) NTFS
Drive f: (Volume) (Fixed) (Total:106.51 GB) (Free:106.29 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 373 GB) (Disk ID: 21568989)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=107 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
23.06.2014, 09:38
| #18 | |
| /// the machine /// TB-Ausbilder | ...und wieder den Rechner infiziert?Zitat:
Deinstalliere mal Avast und installiere es neu.
__________________ |
|
25.06.2014, 11:04
| #19 |
| | ...und wieder den Rechner infiziert? Mahlzeit Schrauber, Ups, sorry, natürlich meinte ich Avast und nicht Avira  Habe ich deinstalliert und neu installiert, soweit ist das auch wieder okay.... Irgendwie hab ich aber immernoch das Problem das der Rechner sehr langsam ist beim hochfahren, manchmal friert der Willkommensbildschirm ein, auch habe ich immernoch dieses Suprasaving in meiner Programmliste und kann es nicht deinstallieren. habe gelesen was es sein soll, aber ich will das doch gar nicht haben..... Auch gibts ein Problem mit der Sandboxie, wollte die auch neuinstallieren, aber es steht nicht in der Liste. Bei einem Updateversuch ist der Rechner abgestürzt :O bin ich einfach zu blöd oder was? Sorry übrigens, dass ich mich jetzt erst melde, aber ich hatte die letzten Tage viel zutun und hatte leider keine Zeit mich weiter um den Rechner zu kümmern LG Sweeby |
|
25.06.2014, 18:25
| #20 |
| /// the machine /// TB-Ausbilder | ...und wieder den Rechner infiziert? Öffne bitte FRST, setz nen Haken bei Addition und scanne, poste beide Logfiles.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.06.2014, 23:36
| #21 |
| | ...und wieder den Rechner infiziert? FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-06-2014
Ran by user (administrator) on LUZIFER-PC on 26-06-2014 00:14:19
Running from C:\Users\user\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-05-15] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-24] (AVAST Software)
HKU\S-1-5-21-1186053978-4098695625-272641498-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [631816 2014-05-29] (Sandboxie Holdings, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x025CAE961E78CE01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: www.google.de
FF Keyword.URL: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-06-15]
FF Extension: NoScript - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-15]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-07-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-24]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default\extensions\cliqz@cliqz.com
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-24] (AVAST Software)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134664 2014-05-29] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1228336 2014-02-27] (Sony Corporation)
S2 GlobalUpdater; C:\Program Files\Common Files\IMGUpdater\IMGUpdater.exe [X]
S3 SLUINotify; %SystemRoot%\system32\SLUINotify.dll [X]
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-06-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-06-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-06-24] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-06-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-06-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-06-24] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-06-24] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-06-24] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [160264 2014-05-29] (Sandboxie Holdings, LLC)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2014-03-23] () [File not signed]
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [81232 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [452816 2013-03-15] (Paragon)
R1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283600 2013-03-15] (Paragon)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-21] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-26 00:13 - 2014-06-26 00:13 - 00000000 ____D () C:\Users\user\Desktop\FRST-OlderVersion
2014-06-24 13:26 - 2014-06-24 13:26 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-24 13:26 - 2014-06-24 13:26 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-24 13:26 - 2014-06-24 13:26 - 00001873 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-24 13:26 - 2014-06-24 13:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2014-06-24 13:26 - 2014-06-24 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-24 13:26 - 2014-06-24 13:25 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1403609173354
2014-06-24 13:26 - 2014-06-24 13:25 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-24 13:26 - 2014-06-24 13:25 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-06-24 13:26 - 2014-06-24 13:25 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-24 13:25 - 2014-06-24 13:26 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2014-06-24 13:25 - 2014-06-24 13:25 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-24 13:25 - 2014-06-24 13:25 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-24 13:25 - 2014-06-24 13:25 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys.1403609173354
2014-06-24 13:25 - 2014-06-24 13:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-24 13:25 - 2014-06-24 13:25 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-24 13:25 - 2014-06-24 13:25 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-24 13:24 - 2014-06-24 13:24 - 94714880 _____ (AVAST Software) C:\Users\user\Downloads\avast_free_antivirus_setup_21514.exe
2014-06-24 12:57 - 2014-06-24 12:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-24 12:57 - 2014-06-24 12:57 - 00000000 _____ () C:\Windows\setupact.log
2014-06-24 12:56 - 2014-06-24 12:56 - 94714880 _____ (AVAST Software) C:\Users\Wir zusammen\Downloads\avast_free_antivirus_setup_21514.exe
2014-06-22 11:44 - 2014-06-22 11:44 - 00021838 _____ () C:\Users\user\Desktop\Addition.txt
2014-06-22 11:43 - 2014-06-26 00:15 - 00012493 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-22 11:41 - 2014-06-26 00:13 - 01073152 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-06-15 19:24 - 2014-06-15 19:24 - 00000000 ____D () C:\Users\Wir zusammen\AppData\Roaming\WinPatrol
2014-06-15 17:57 - 2014-06-15 17:57 - 00448512 _____ (OldTimer Tools) C:\Users\user\Downloads\TFC.exe
2014-06-15 17:47 - 2014-06-15 17:47 - 00000000 ____D () C:\Users\user\Downloads\web_of_trust_wot-20131118-fx
2014-06-15 17:45 - 2014-06-15 17:45 - 00526323 _____ () C:\Users\user\Downloads\web_of_trust_wot-20131118-fx.zip
2014-06-15 17:33 - 2014-06-15 17:37 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-06-15 17:33 - 2014-06-15 17:33 - 00000876 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-06-15 17:33 - 2014-06-15 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-06-15 17:33 - 2014-06-15 17:33 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-15 17:27 - 2014-06-15 17:27 - 01064488 _____ (BillP Studios) C:\Users\user\Downloads\wpsetup.exe
2014-06-15 17:20 - 2014-06-15 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2014-06-15 17:20 - 2014-06-15 17:20 - 00000000 ____D () C:\Program Files\MPC-HC
2014-06-15 17:16 - 2014-06-15 17:16 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-06-15 17:16 - 2014-06-15 17:16 - 00000000 ____D () C:\ProgramData\Sun
2014-06-15 17:16 - 2014-06-15 17:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-15 17:16 - 2014-06-15 17:16 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-15 17:16 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-15 17:15 - 2014-06-15 17:15 - 00004126 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-06-15 17:15 - 2014-06-15 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-15 17:15 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-15 17:15 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-15 17:15 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-15 17:13 - 2014-06-15 17:13 - 00918952 _____ (Oracle Corporation) C:\Users\user\Downloads\jxpiinstall.exe
2014-06-15 17:03 - 2014-06-15 17:03 - 05329480 _____ (Secunia) C:\Users\user\Downloads\PSISetup_3.0.0.9016.exe
2014-06-15 16:57 - 2014-06-15 17:00 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-15 16:35 - 2014-06-15 16:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-14 06:51 - 2014-06-21 14:43 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-14 06:51 - 2014-06-21 14:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-13 12:46 - 2014-06-13 12:46 - 00000000 ____D () C:\Users\user\AppData\Roaming\Der Planer 4
2014-06-12 12:46 - 2014-06-26 00:15 - 00000000 ____D () C:\FRST
2014-06-12 11:17 - 2014-06-12 11:17 - 00007626 _____ () C:\ComboFix.txt
2014-06-12 11:06 - 2014-06-15 17:00 - 00000000 ____D () C:\Windows\erdnt
2014-06-12 09:24 - 2014-06-12 10:48 - 00000000 ____D () C:\AdwCleaner
2014-06-12 09:23 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-06-12 09:23 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-06-12 09:22 - 2014-06-12 09:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\Wir zusammen\Downloads\AdwCleaner - CHIP-Installer.exe
2014-06-12 08:21 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 08:21 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 08:21 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 08:21 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 08:21 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 08:21 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 08:21 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-12 08:21 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 08:21 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 08:21 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 08:21 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 08:21 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 08:21 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 08:21 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 08:21 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-12 08:21 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 08:21 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 08:21 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 08:21 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-12 08:21 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-12 08:21 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 08:21 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 08:21 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 08:21 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 08:21 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-05-30 15:06 - 2014-05-30 15:07 - 00000000 ____D () C:\temp
==================== One Month Modified Files and Folders =======
2014-06-26 00:15 - 2014-06-22 11:43 - 00012493 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-26 00:15 - 2014-06-12 12:46 - 00000000 ____D () C:\FRST
2014-06-26 00:13 - 2014-06-26 00:13 - 00000000 ____D () C:\Users\user\Desktop\FRST-OlderVersion
2014-06-26 00:13 - 2014-06-22 11:41 - 01073152 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-06-26 00:12 - 2008-01-21 03:35 - 01187188 _____ () C:\Windows\WindowsUpdate.log
2014-06-26 00:07 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-26 00:07 - 2006-11-02 14:47 - 00004160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-26 00:07 - 2006-11-02 14:47 - 00004160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-25 16:17 - 2013-07-02 15:15 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-06-25 16:17 - 2006-11-02 15:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-24 13:39 - 2013-07-04 17:32 - 00002880 _____ () C:\Windows\Sandboxie.ini
2014-06-24 13:26 - 2014-06-24 13:26 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-24 13:26 - 2014-06-24 13:26 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-24 13:26 - 2014-06-24 13:26 - 00001873 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-24 13:26 - 2014-06-24 13:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2014-06-24 13:26 - 2014-06-24 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-24 13:26 - 2014-06-24 13:25 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2014-06-24 13:25 - 2014-06-24 13:26 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1403609173354
2014-06-24 13:25 - 2014-06-24 13:26 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-24 13:25 - 2014-06-24 13:26 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-06-24 13:25 - 2014-06-24 13:26 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-24 13:25 - 2014-06-24 13:25 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-24 13:25 - 2014-06-24 13:25 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-24 13:25 - 2014-06-24 13:25 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys.1403609173354
2014-06-24 13:25 - 2014-06-24 13:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-24 13:25 - 2014-06-24 13:25 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-24 13:25 - 2014-06-24 13:25 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-24 13:25 - 2013-07-03 21:00 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-24 13:24 - 2014-06-24 13:24 - 94714880 _____ (AVAST Software) C:\Users\user\Downloads\avast_free_antivirus_setup_21514.exe
2014-06-24 13:03 - 2008-01-21 04:47 - 00490156 _____ () C:\Windows\PFRO.log
2014-06-24 12:57 - 2014-06-24 12:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-24 12:57 - 2014-06-24 12:57 - 00000000 _____ () C:\Windows\setupact.log
2014-06-24 12:56 - 2014-06-24 12:56 - 94714880 _____ (AVAST Software) C:\Users\Wir zusammen\Downloads\avast_free_antivirus_setup_21514.exe
2014-06-22 11:44 - 2014-06-22 11:44 - 00021838 _____ () C:\Users\user\Desktop\Addition.txt
2014-06-21 14:43 - 2014-06-14 06:51 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-21 14:43 - 2014-06-14 06:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-15 19:24 - 2014-06-15 19:24 - 00000000 ____D () C:\Users\Wir zusammen\AppData\Roaming\WinPatrol
2014-06-15 18:17 - 2013-07-03 21:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-15 17:57 - 2014-06-15 17:57 - 00448512 _____ (OldTimer Tools) C:\Users\user\Downloads\TFC.exe
2014-06-15 17:47 - 2014-06-15 17:47 - 00000000 ____D () C:\Users\user\Downloads\web_of_trust_wot-20131118-fx
2014-06-15 17:46 - 2013-07-28 17:14 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-15 17:45 - 2014-06-15 17:45 - 00526323 _____ () C:\Users\user\Downloads\web_of_trust_wot-20131118-fx.zip
2014-06-15 17:37 - 2014-06-15 17:33 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-06-15 17:33 - 2014-06-15 17:33 - 00000876 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-06-15 17:33 - 2014-06-15 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-06-15 17:33 - 2014-06-15 17:33 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-15 17:27 - 2014-06-15 17:27 - 01064488 _____ (BillP Studios) C:\Users\user\Downloads\wpsetup.exe
2014-06-15 17:20 - 2014-06-15 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2014-06-15 17:20 - 2014-06-15 17:20 - 00000000 ____D () C:\Program Files\MPC-HC
2014-06-15 17:16 - 2014-06-15 17:16 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-06-15 17:16 - 2014-06-15 17:16 - 00000000 ____D () C:\ProgramData\Sun
2014-06-15 17:16 - 2014-06-15 17:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-15 17:16 - 2014-06-15 17:16 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-15 17:15 - 2014-06-15 17:15 - 00004126 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-06-15 17:15 - 2014-06-15 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-15 17:15 - 2014-01-15 20:04 - 00000000 ____D () C:\Program Files\Java
2014-06-15 17:13 - 2014-06-15 17:13 - 00918952 _____ (Oracle Corporation) C:\Users\user\Downloads\jxpiinstall.exe
2014-06-15 17:03 - 2014-06-15 17:03 - 05329480 _____ (Secunia) C:\Users\user\Downloads\PSISetup_3.0.0.9016.exe
2014-06-15 17:00 - 2014-06-15 16:57 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-15 17:00 - 2014-06-12 11:06 - 00000000 ____D () C:\Windows\erdnt
2014-06-15 16:53 - 2014-03-23 00:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\DAEMON Tools Lite
2014-06-15 16:49 - 2014-01-06 15:54 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-15 16:43 - 2013-07-13 15:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\Adobe
2014-06-15 16:35 - 2014-06-15 16:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-15 15:55 - 2008-01-21 09:16 - 01566076 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-13 12:46 - 2014-06-13 12:46 - 00000000 ____D () C:\Users\user\AppData\Roaming\Der Planer 4
2014-06-12 13:00 - 2013-07-13 02:10 - 00000000 ____D () C:\Update
2014-06-12 11:17 - 2014-06-12 11:17 - 00007626 _____ () C:\ComboFix.txt
2014-06-12 11:17 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-06-12 11:17 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-06-12 11:15 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-06-12 10:48 - 2014-06-12 09:24 - 00000000 ____D () C:\AdwCleaner
2014-06-12 10:35 - 2014-02-03 09:11 - 00000000 ____D () C:\Program Files\Google
2014-06-12 09:47 - 2014-05-16 15:01 - 00000000 ____D () C:\Users\user\AppData\Roaming\DVDVideoSoft
2014-06-12 09:46 - 2013-07-12 13:29 - 00000000 ____D () C:\Program Files\Adobe
2014-06-12 09:22 - 2014-06-12 09:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\Wir zusammen\Downloads\AdwCleaner - CHIP-Installer.exe
2014-06-12 08:26 - 2013-07-11 00:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 08:25 - 2013-07-10 13:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 08:23 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-31 12:22 - 2013-08-09 21:51 - 00000834 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-31 12:22 - 2013-08-09 21:51 - 00000834 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-30 15:07 - 2014-05-30 15:06 - 00000000 ____D () C:\temp
2014-05-28 18:48 - 2014-06-12 08:21 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 18:39 - 2014-06-12 08:21 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 18:38 - 2014-06-12 08:21 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 18:33 - 2014-06-12 08:21 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 18:32 - 2014-06-12 08:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 18:32 - 2014-06-12 08:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 18:31 - 2014-06-12 08:21 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 18:31 - 2014-06-12 08:21 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 18:30 - 2014-06-12 08:21 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 18:30 - 2014-06-12 08:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 18:30 - 2014-06-12 08:21 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 18:30 - 2014-06-12 08:21 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 18:30 - 2014-06-12 08:21 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 18:30 - 2014-06-12 08:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 18:30 - 2014-06-12 08:21 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 18:29 - 2014-06-12 08:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 18:29 - 2014-06-12 08:21 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 18:29 - 2014-06-12 08:21 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 18:29 - 2014-06-12 08:21 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 18:29 - 2014-06-12 08:21 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 18:28 - 2014-06-12 08:21 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
Some content of TEMP:
====================
C:\Users\user\AppData\Local\temp\SandboxieInstall.exe
C:\Users\user\AppData\Local\temp\vcredist_x86.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-26 00:14
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-06-2014
Ran by user at 2014-06-26 00:16:12
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Assassin's Creed (HKLM\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
ATI Catalyst Install Manager (HKLM\...\{0B9B76C9-4967-59FC-C994-191AEA152F04}) (Version: 3.0.710.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
Borderlands (HKLM\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0515.32.42252 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0515.32.42252 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0515.32.42252 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0515.32.42252 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2009.0515.32.42252 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0515.32.42252 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0515.32.42252 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0515.32.42252 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Czech (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Danish (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Dutch (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help English (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Finnish (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help French (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help German (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Greek (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Italian (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Japanese (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Korean (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Polish (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Russian (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Spanish (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Swedish (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Thai (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Turkish (Version: 2009.0515.0031.42252 - ATI) Hidden
ccc-core-static (Version: 2009.0515.32.42252 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0515.32.42252 - ATI) Hidden
Der Planer 4 Version 1.3 (HKLM\...\{BA9E9ED5-FFF3-4E0D-95B9-62527672268B}_is1) (Version: - rondomedia Marketing & Vertriebs GmbH)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{72EEB695-388B-4835-8EA6-0C04545B06B9}) (Version: 12.04.3000 - Intel(R) Corporation)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
K-Lite Mega Codec Pack 9.9.0 (HKLM\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
Panda USB Vaccine 1.0.1.4 (HKLM\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
Paragon Backup & Recovery™ 2013 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF-XChange Editor (HKLM\...\{e6c66f24-ae75-4cce-8afc-8ed58d732f6a}) (Version: 3.0.307.0 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 3.0.307.0 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Lite 2012 (HKLM\...\{AD09CC9A-6901-4921-B66D-9402FF32EF27}_is1) (Version: 5.0.273.0 - Tracker Software Products Ltd)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skins (Version: 2009.0515.32.42252 - ATI) Hidden
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VAIO Update (HKLM\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VU5x86 (Version: 1.1.0 - Sony Corporation ) Hidden
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {105436F0-8111-45FB-B3F7-05E3EF93F6D0} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4F6E6931-9911-4070-85BF-7BD2E0C612BD} - System32\Tasks\PandaUSBVaccine => C:\Program Files\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {51FA1F93-29DA-44CA-9263-1AE7C91D0EBF} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation)
Task: {89C883DC-A7CF-4109-B438-4BAF892F6C15} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {911778AD-D4DC-48C0-895B-118D7CE0B587} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation)
Task: {B18A1E9B-E397-4DFA-BFD5-4E0EE8DFC8D5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-24] (AVAST Software)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FBEE929F-68F5-46FD-B578-BFB64AB084E7} - System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => C:\Users\user\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe
==================== Loaded Modules (whitelisted) =============
2014-06-25 15:47 - 2014-06-25 15:47 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062500\algo.dll
2009-05-21 13:18 - 2009-05-21 13:18 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2009-05-14 22:22 - 2009-05-14 22:22 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2014-06-24 13:25 - 2014-06-24 13:25 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-07-02 15:58 - 2013-07-02 15:58 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-08-26 11:41 - 2008-08-26 11:41 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/26/2014 00:08:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/25/2014 11:47:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/24/2014 01:36:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/24/2014 01:03:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/24/2014 00:45:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/23/2014 04:05:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/22/2014 08:05:08 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (06/22/2014 11:31:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/21/2014 04:55:05 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (06/21/2014 03:58:03 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
System errors:
=============
Error: (06/26/2014 00:08:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: GlobalUpdater%%2
Error: (06/26/2014 00:08:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/25/2014 11:47:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: GlobalUpdater%%2
Error: (06/25/2014 11:47:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/24/2014 01:36:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: GlobalUpdater%%2
Error: (06/24/2014 01:36:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/24/2014 01:03:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: GlobalUpdater%%2
Error: (06/24/2014 01:03:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/24/2014 00:48:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86
Error: (06/24/2014 00:45:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: GlobalUpdater%%2
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-07-03 18:17:04.121
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-03 18:17:03.934
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-03 18:17:03.871
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-03 18:17:03.809
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-03 18:17:03.700
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 3038.12 MB
Available physical RAM: 1783.02 MB
Total Pagefile: 6277.24 MB
Available Pagefile: 4988.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.31 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.48 GB) (Free:67.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:106.62 GB) (Free:99.74 GB) NTFS
Drive f: (Volume) (Fixed) (Total:106.51 GB) (Free:106.29 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 373 GB) (Disk ID: 21568989)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=107 GB) - (Type=OF Extended)
==================== End Of Log ============================
 |
|
27.06.2014, 07:10
| #22 |
| /// the machine /// TB-Ausbilder | ...und wieder den Rechner infiziert?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.06.2014, 23:16
| #23 |
| | ...und wieder den Rechner infiziert? Guten Abend schrauber, bin gerade unsicher was ich machen muss, und zwar hab ich die Datei runtergeladen, entpackt, das Programm geöffnet und dann kommt ne Meldung das eine neuere Version verfügbar ist und schickt mich auf die Seite tweaking.com, da kann ich aber irgendwie nur den Installer runterladen. Ist das so richtig? Sorry, aber verstehe grad den Zusammenhang nicht. Soll ich das installieren? |
|
28.06.2014, 18:31
| #24 |
| /// the machine /// TB-Ausbilder | ...und wieder den Rechner infiziert? ja genau, von dort dann die neue Version installieren
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.06.2014, 12:05
| #25 |
| | ...und wieder den Rechner infiziert? Mahlzeit, sorry aber ich hab schon wieder Probleme. Habe das jetzt installiert und die angezeigten Schritte haben sich verschoben, heisst Step2 ist jetzt Step3. Step2 möchte das ich Malewarebytes download und damit checke. Habe diesen Punkt übersprungen und Step3 (Check Disk) ausgeführt. Danach wurde der Rechner vom Programm neu gestartet. Nachdem die Systemdatein überprüft wurden, blieb der Bildschirm dunkel. Es kann sein das, dass mit meinem ewigen Neustart-Problem zusammenhängt. Ich vermeide immer einen Neustart, da das bei mir öfter passiert, dass der Bildschirm nach Neustart dunkel bleibt. Naja, nachdem ich ca. 1 Std gewartet habe, ob doch noch etwas passiert, habe ich den Rechner hart runtergefahren. Nachdem ich den Rechner neu gestartet habe, habe ich mit Step4 (laut Anleitung Step3 System Files Check) weitergemacht. Das Programm meldete mir, dass einige Dateien beschädigt wären und nicht repariert werden konnten. Habe jetzt einfach mal weitergemacht, und nachdem Repariervorgang ist natürlich wieder ein Neustart vom Programm ausgeführt worden, und auch da blieb mal wieder der Bildschirm dunkel. Ich kenn das ja bereits Hier mal das Log Code:
ATTFilter System Variables
--------------------------------------------------------------------------------
OS: Windows Vista (TM) Home Premium
OS Architecture: 32-bit
OS Version: 6.0.6002
OS Service Pack: Service Pack 2
Computer Name: LUZIFER-PC
Windows Drive: C:\
Windows Path: C:\Windows
Current Profile: C:\Users\user
Current Profile SID: S-1-5-21-1186053978-4098695625-272641498-1000
Current Profile Classes: S-1-5-21-1186053978-4098695625-272641498-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\user\AppData\Local
--------------------------------------------------------------------------------
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:28:36
Process Count: 60
Commit Total: 1,45 GB
Commit Limit: 6,13 GB
Commit Peak: 1,93 GB
Handle Count: 17718
Kernel Total: 232,85 MB
Kernel Paged: 159,75 MB
Kernel Non Paged: 73,10 MB
System Cache: 1,62 GB
Thread Count: 774
--------------------------------------------------------------------------------
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2,97 GB
Memory Used: 1,46 GB(49,0794%)
Memory Avail.: 1,51 GB
--------------------------------------------------------------------------------
Cleaning Memory Before Starting Repairs...
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2,97 GB
Memory Used: 1,15 GB(38,7974%)
Memory Avail.: 1,82 GB
--------------------------------------------------------------------------------
Starting Repairs...
Start (29.06.2014 12:15:13)
01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (29.06.2014 12:15:22)
Running Repair Under Current User Account
Done (29.06.2014 12:15:41)
01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (29.06.2014 12:15:41)
Running Repair Under System Account
Done (29.06.2014 12:25:29)
01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (29.06.2014 12:25:29)
Running Repair Under System Account
Done (29.06.2014 12:27:24)
02 - Reset File Permissions: C:
C: & Sub Folders
Start (29.06.2014 12:27:24)
Running Repair Under System Account
Done (29.06.2014 12:30:44)
02 - Reset File Permissions: D:
D: & Sub Folders
Start (29.06.2014 12:30:44)
Running Repair Under System Account
Done (29.06.2014 12:30:53)
02 - Reset File Permissions: F:
F: & Sub Folders
Start (29.06.2014 12:30:53)
Running Repair Under System Account
Done (29.06.2014 12:30:56)
02 - Reset File Permissions: All Profiles
C:\Users & Sub Folders
Start (29.06.2014 12:30:56)
Running Repair Under System Account
Done (29.06.2014 12:32:32)
02 - Reset File Permissions: Current Profile
C:\Users\user & Sub Folders
Start (29.06.2014 12:32:33)
Running Repair Under System Account
Done (29.06.2014 12:33:14)
02 - Reset File Permissions: Cleanup
Repairing Restricted Folders Permissions To Avoid Infinite Loops
Start (29.06.2014 12:33:14)
Running Repair Under System Account
Processing ACL of: <\\?\C:\Documents and Settings>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Application Data>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Desktop>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Documents>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Favorites>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Start Menu>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Templates>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Application Data>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Desktop>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Documents>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Favorites>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Start Menu>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Templates>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default User>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Application Data>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Cookies>
Reading the SD from <\\?\C:\Users\Default\Cookies> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Default\Local Settings>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\My Documents>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\NetHood>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\PrintHood>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Recent>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\SendTo>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Start Menu>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Templates>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Application Data>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\History>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Temporary Internet Files>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Music>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Pictures>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Videos>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Music>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Pictures>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Videos>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\user\Application Data>
Reading the SD from <\\?\C:\Users\user\Application Data> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\user\Cookies>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\user\Local Settings>
Reading the SD from <\\?\C:\Users\user\Local Settings> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\user\My Documents>
Reading the SD from <\\?\C:\Users\user\My Documents> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\user\NetHood>
Reading the SD from <\\?\C:\Users\user\NetHood> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\user\PrintHood>
Reading the SD from <\\?\C:\Users\user\PrintHood> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\user\Recent>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\user\SendTo>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\user\Start Menu>
Reading the SD from <\\?\C:\Users\user\Start Menu> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\user\Templates>
Reading the SD from <\\?\C:\Users\user\Templates> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\user\AppData\Local\Application Data>
Reading the SD from <\\?\C:\Users\user\AppData\Local\Application Data> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\user\AppData\Local\History>
Reading the SD from <\\?\C:\Users\user\AppData\Local\History> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\user\AppData\Local\Temporary Internet Files>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\user\Documents\My Music>
Reading the SD from <\\?\C:\Users\user\Documents\My Music> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\user\Documents\My Pictures>
Reading the SD from <\\?\C:\Users\user\Documents\My Pictures> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\user\Documents\My Videos>
Reading the SD from <\\?\C:\Users\user\Documents\My Videos> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Wir zusammen\Application Data>
Reading the SD from <\\?\C:\Users\Wir zusammen\Application Data> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Wir zusammen\Cookies>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Wir zusammen\Local Settings>
Reading the SD from <\\?\C:\Users\Wir zusammen\Local Settings> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Wir zusammen\My Documents>
Reading the SD from <\\?\C:\Users\Wir zusammen\My Documents> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Wir zusammen\NetHood>
Reading the SD from <\\?\C:\Users\Wir zusammen\NetHood> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Wir zusammen\PrintHood>
Reading the SD from <\\?\C:\Users\Wir zusammen\PrintHood> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Wir zusammen\Recent>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Wir zusammen\SendTo>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Wir zusammen\Start Menu>
Reading the SD from <\\?\C:\Users\Wir zusammen\Start Menu> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Wir zusammen\Templates>
Reading the SD from <\\?\C:\Users\Wir zusammen\Templates> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Wir zusammen\AppData\Local\Application Data>
Reading the SD from <\\?\C:\Users\Wir zusammen\AppData\Local\Application Data> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Wir zusammen\AppData\Local\History>
Reading the SD from <\\?\C:\Users\Wir zusammen\AppData\Local\History> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Wir zusammen\AppData\Local\Temporary Internet Files>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Wir zusammen\Documents\My Music>
Reading the SD from <\\?\C:\Users\Wir zusammen\Documents\My Music> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Wir zusammen\Documents\My Pictures>
Reading the SD from <\\?\C:\Users\Wir zusammen\Documents\My Pictures> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Wir zusammen\Documents\My Videos>
Reading the SD from <\\?\C:\Users\Wir zusammen\Documents\My Videos> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Done (29.06.2014 12:33:25)
03 - Reset Service Permissions
Start (29.06.2014 12:33:25)
Running Repair Under System Account
Done (29.06.2014 12:34:20)
04 - Register System Files
Start (29.06.2014 12:34:20)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:34:56)
05 - Repair WMI
Start (29.06.2014 12:34:56)
Starting Security Center So We Can Export The Security Info.
Exporting Antivirus Info...
avast! Antivirus Exported.
Exporting AntiSpyware Info...
Windows Defender Exported.
avast! Antivirus Exported.
Exporting 3rd Party Firewall Info...
No Firewall Products Reported.
Running Repair Under Current User Account
Done (29.06.2014 12:39:38)
06 - Repair Windows Firewall
Start (29.06.2014 12:39:38)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:40:20)
07 - Repair Internet Explorer
Start (29.06.2014 12:40:20)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:40:43)
08 - Repair MDAC/MS Jet
Start (29.06.2014 12:40:43)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:41:05)
09 - Repair Hosts File
Start (29.06.2014 12:41:05)
Running Repair Under System Account
Done (29.06.2014 12:41:07)
10 - Remove Policies Set By Infections
Start (29.06.2014 12:41:07)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:41:12)
11 - Repair Start Menu Icons Removed By Infections
Start (29.06.2014 12:41:12)
Running Repair Under System Account
Done (29.06.2014 12:41:14)
12 - Repair Icons
Start (29.06.2014 12:41:14)
Running Repair Under Current User Account
Done (29.06.2014 12:41:17)
13 - Repair Winsock & DNS Cache
Start (29.06.2014 12:41:17)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:41:28)
14 - Remove Temp Files
Start (29.06.2014 12:41:28)
Running Repair Under System Account
Done (29.06.2014 12:41:37)
15 - Repair Proxy Settings
Start (29.06.2014 12:41:37)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:41:42)
16 - Unhide Non System Files
Start (29.06.2014 12:41:42)
C:\ - Total Files Unhidden: 157 - Check Unhidden_Files.txt for list of files unhidden
D:\ - Total Files Unhidden: 0 - Check Unhidden_Files.txt for list of files unhidden
F:\ - Total Files Unhidden: 0 - Check Unhidden_Files.txt for list of files unhidden
Done (29.06.2014 12:43:05)
17 - Repair Windows Updates
Start (29.06.2014 12:43:05)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:43:41)
18 - Repair CD/DVD Missing/Not Working
Start (29.06.2014 12:43:41)
iTunes not found, not applying UpperFilters iTunes Reg Key
Done (29.06.2014 12:43:41)
19 - Repair Volume Shadow Copy Service
Start (29.06.2014 12:43:41)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:44:08)
20 - Repair Windows Sidebar/Gadgets
Start (29.06.2014 12:44:08)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:44:19)
21 - Repair MSI (Windows Installer)
Start (29.06.2014 12:44:19)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:44:34)
22 - Repair Windows Snipping Tool
Start (29.06.2014 12:44:34)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:44:39)
23.01 - Repair bat Association
Start (29.06.2014 12:44:39)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:44:44)
23.02 - Repair cmd Association
Start (29.06.2014 12:44:44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:44:48)
23.03 - Repair com Association
Start (29.06.2014 12:44:48)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:44:57)
23.04 - Repair Directory Association
Start (29.06.2014 12:44:57)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:45:02)
23.05 - Repair Drive Association
Start (29.06.2014 12:45:02)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:45:06)
23.06 - Repair exe Association
Start (29.06.2014 12:45:06)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:45:11)
23.07 - Repair Folder Association
Start (29.06.2014 12:45:11)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:45:16)
23.08 - Repair inf Association
Start (29.06.2014 12:45:16)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:45:21)
23.09 - Repair lnk (Shortcuts) Association
Start (29.06.2014 12:45:21)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:45:25)
23.10 - Repair msc Association
Start (29.06.2014 12:45:25)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:45:30)
23.11 - Repair reg Association
Start (29.06.2014 12:45:30)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:45:39)
23.12 - Repair scr Association
Start (29.06.2014 12:45:39)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:45:44)
24 - Repair Windows Safe Mode
Start (29.06.2014 12:45:44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:45:48)
25 - Repair Print Spooler
Start (29.06.2014 12:45:48)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:46:05)
26 - Restore Important Windows Services
Start (29.06.2014 12:46:06)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:46:21)
27 - Set Windows Services To Default Startup
Start (29.06.2014 12:46:21)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29.06.2014 12:46:34)
Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.0
Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.0
Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.0
Cleaning up empty logs...
All Selected Repairs Done.
Done (29.06.2014 12:46:34)
Total Repair Time: 00:31:22
...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under Current User Account
|
|
29.06.2014, 12:43
| #26 |
| /// the machine /// TB-Ausbilder | ...und wieder den Rechner infiziert? Frisches FRST log bitte. BEstehen aktuell noch Probleme? Das mit dem schwarzen Bildschirm ist schon hart. Neuen Benutzer mit ADminrechten anlegen, in diesen neu starten. Ist es dort auch so?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu ...und wieder den Rechner infiziert? |
| infiziert, malware, msil/faketool.ig, registrierungsdatenbank, super, viren, win32/adware.adpeak.f, win32/adware.adpeak.i, win32/downloadsponsor.a, win32/packed.moleboxultra.a, win32/packed.themida, win32/toolbar.conduit.r |
Linear-Darstellung
