Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
...und wieder den Rechner infiziert?

...und wieder den Rechner infiziert?


Plagegeister aller Art und deren Bekämpfung: ...und wieder den Rechner infiziert?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.06.2014, 06:52   #1
schrauber
/// the machine
/// TB-Ausbilder
 
...und wieder den Rechner infiziert? - Standard

...und wieder den Rechner infiziert?


poste mal ein frisches FRST log
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.06.2014, 10:53   #2
sweeby1982
 
...und wieder den Rechner infiziert? - Standard

...und wieder den Rechner infiziert?


Schönen guten Morgen Schrauber,
als ich gerade den Rechner gestartet habe, hat er wieder sehr lange gebraucht, hab Kaffee dabei gekocht das Windows Sicherheitscenter meldete sofort das Avira ausgeschaltet wäre, obwohl Avira sagt das alles aktiv und ok wäre, habe das grade mal so gelassen und FRST laufen lassen.
Hier die Logs dazu

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-06-2014 01
Ran by user (administrator) on LUZIFER-PC on 22-06-2014 11:43:27
Running from C:\Users\user\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-05-15] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-12] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-1186053978-4098695625-272641498-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [543320 2013-07-08] (Sandboxie Holdings, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x025CAE961E78CE01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: www.google.de
FF Keyword.URL: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-06-15]
FF Extension: NoScript - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-15]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-07-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-03]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\phi5gcnw.default\extensions\cliqz@cliqz.com

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-30] (AVAST Software)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [129112 2013-07-08] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1228336 2014-02-27] (Sony Corporation)
S2 GlobalUpdater; C:\Program Files\Common Files\IMGUpdater\IMGUpdater.exe [X]
S3 SLUINotify; %SystemRoot%\system32\SLUINotify.dll [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-30] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-05-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-04-30] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-30] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [159208 2013-07-08] (Sandboxie Holdings, LLC)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2014-03-23] () [File not signed]
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [81232 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [452816 2013-03-15] (Paragon)
R1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283600 2013-03-15] (Paragon)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-21] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-22 11:43 - 2014-06-22 11:43 - 00012439 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-22 11:41 - 2014-06-22 11:42 - 01070592 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-06-21 15:56 - 2014-06-21 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-06-15 19:24 - 2014-06-15 19:24 - 00000000 ____D () C:\Users\Wir zusammen\AppData\Roaming\WinPatrol
2014-06-15 17:57 - 2014-06-15 17:57 - 00448512 _____ (OldTimer Tools) C:\Users\user\Downloads\TFC.exe
2014-06-15 17:47 - 2014-06-15 17:47 - 00000000 ____D () C:\Users\user\Downloads\web_of_trust_wot-20131118-fx
2014-06-15 17:45 - 2014-06-15 17:45 - 00526323 _____ () C:\Users\user\Downloads\web_of_trust_wot-20131118-fx.zip
2014-06-15 17:33 - 2014-06-15 17:37 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-06-15 17:33 - 2014-06-15 17:33 - 00000876 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-06-15 17:33 - 2014-06-15 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-06-15 17:33 - 2014-06-15 17:33 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-15 17:27 - 2014-06-15 17:27 - 01064488 _____ (BillP Studios) C:\Users\user\Downloads\wpsetup.exe
2014-06-15 17:20 - 2014-06-15 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2014-06-15 17:20 - 2014-06-15 17:20 - 00000000 ____D () C:\Program Files\MPC-HC
2014-06-15 17:16 - 2014-06-15 17:16 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-06-15 17:16 - 2014-06-15 17:16 - 00000000 ____D () C:\ProgramData\Sun
2014-06-15 17:16 - 2014-06-15 17:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-15 17:16 - 2014-06-15 17:16 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-15 17:16 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-15 17:15 - 2014-06-15 17:15 - 00004126 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-06-15 17:15 - 2014-06-15 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-15 17:15 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-15 17:15 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-15 17:15 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-15 17:13 - 2014-06-15 17:13 - 00918952 _____ (Oracle Corporation) C:\Users\user\Downloads\jxpiinstall.exe
2014-06-15 17:03 - 2014-06-15 17:03 - 05329480 _____ (Secunia) C:\Users\user\Downloads\PSISetup_3.0.0.9016.exe
2014-06-15 16:57 - 2014-06-15 17:00 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-15 16:35 - 2014-06-15 16:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-14 06:51 - 2014-06-21 14:43 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-14 06:51 - 2014-06-21 14:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-13 12:46 - 2014-06-13 12:46 - 00000000 ____D () C:\Users\user\AppData\Roaming\Der Planer 4
2014-06-12 12:46 - 2014-06-22 11:43 - 00000000 ____D () C:\FRST
2014-06-12 11:17 - 2014-06-12 11:17 - 00007626 _____ () C:\ComboFix.txt
2014-06-12 11:06 - 2014-06-15 17:00 - 00000000 ____D () C:\Windows\erdnt
2014-06-12 09:24 - 2014-06-12 10:48 - 00000000 ____D () C:\AdwCleaner
2014-06-12 09:23 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-06-12 09:23 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-06-12 09:22 - 2014-06-12 09:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\Wir zusammen\Downloads\AdwCleaner - CHIP-Installer.exe
2014-06-12 08:21 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 08:21 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 08:21 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 08:21 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 08:21 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 08:21 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 08:21 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-12 08:21 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 08:21 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 08:21 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 08:21 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 08:21 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 08:21 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 08:21 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 08:21 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-12 08:21 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 08:21 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 08:21 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 08:21 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-12 08:21 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-12 08:21 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 08:21 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 08:21 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 08:21 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 08:21 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-05-30 15:06 - 2014-05-30 15:07 - 00000000 ____D () C:\temp

==================== One Month Modified Files and Folders =======

2014-06-22 11:43 - 2014-06-22 11:43 - 00012439 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-22 11:43 - 2014-06-12 12:46 - 00000000 ____D () C:\FRST
2014-06-22 11:42 - 2014-06-22 11:41 - 01070592 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-06-22 11:39 - 2008-01-21 03:35 - 01060828 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 11:31 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-22 11:31 - 2006-11-02 14:47 - 00004160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-22 11:31 - 2006-11-02 14:47 - 00004160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-21 16:55 - 2013-07-02 15:15 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-06-21 16:55 - 2006-11-02 15:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-21 15:57 - 2013-07-04 17:32 - 00002836 _____ () C:\Windows\Sandboxie.ini
2014-06-21 15:56 - 2014-06-21 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-06-21 14:43 - 2014-06-14 06:51 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-21 14:43 - 2014-06-14 06:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-15 19:24 - 2014-06-15 19:24 - 00000000 ____D () C:\Users\Wir zusammen\AppData\Roaming\WinPatrol
2014-06-15 18:17 - 2013-07-03 21:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-15 18:17 - 2008-01-21 04:47 - 00159022 _____ () C:\Windows\PFRO.log
2014-06-15 17:57 - 2014-06-15 17:57 - 00448512 _____ (OldTimer Tools) C:\Users\user\Downloads\TFC.exe
2014-06-15 17:47 - 2014-06-15 17:47 - 00000000 ____D () C:\Users\user\Downloads\web_of_trust_wot-20131118-fx
2014-06-15 17:46 - 2013-07-28 17:14 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-15 17:45 - 2014-06-15 17:45 - 00526323 _____ () C:\Users\user\Downloads\web_of_trust_wot-20131118-fx.zip
2014-06-15 17:37 - 2014-06-15 17:33 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-06-15 17:33 - 2014-06-15 17:33 - 00000876 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-06-15 17:33 - 2014-06-15 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-06-15 17:33 - 2014-06-15 17:33 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-15 17:27 - 2014-06-15 17:27 - 01064488 _____ (BillP Studios) C:\Users\user\Downloads\wpsetup.exe
2014-06-15 17:20 - 2014-06-15 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2014-06-15 17:20 - 2014-06-15 17:20 - 00000000 ____D () C:\Program Files\MPC-HC
2014-06-15 17:16 - 2014-06-15 17:16 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-06-15 17:16 - 2014-06-15 17:16 - 00000000 ____D () C:\ProgramData\Sun
2014-06-15 17:16 - 2014-06-15 17:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-15 17:16 - 2014-06-15 17:16 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-15 17:15 - 2014-06-15 17:15 - 00004126 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-06-15 17:15 - 2014-06-15 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-15 17:15 - 2014-01-15 20:04 - 00000000 ____D () C:\Program Files\Java
2014-06-15 17:13 - 2014-06-15 17:13 - 00918952 _____ (Oracle Corporation) C:\Users\user\Downloads\jxpiinstall.exe
2014-06-15 17:03 - 2014-06-15 17:03 - 05329480 _____ (Secunia) C:\Users\user\Downloads\PSISetup_3.0.0.9016.exe
2014-06-15 17:00 - 2014-06-15 16:57 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-15 17:00 - 2014-06-12 11:06 - 00000000 ____D () C:\Windows\erdnt
2014-06-15 16:53 - 2014-03-23 00:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\DAEMON Tools Lite
2014-06-15 16:49 - 2014-01-06 15:54 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-15 16:43 - 2013-07-13 15:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\Adobe
2014-06-15 16:35 - 2014-06-15 16:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-15 15:55 - 2008-01-21 09:16 - 01566076 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-13 12:46 - 2014-06-13 12:46 - 00000000 ____D () C:\Users\user\AppData\Roaming\Der Planer 4
2014-06-12 13:00 - 2013-07-13 02:10 - 00000000 ____D () C:\Update
2014-06-12 11:17 - 2014-06-12 11:17 - 00007626 _____ () C:\ComboFix.txt
2014-06-12 11:17 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-06-12 11:17 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-06-12 11:15 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-06-12 10:48 - 2014-06-12 09:24 - 00000000 ____D () C:\AdwCleaner
2014-06-12 10:35 - 2014-02-03 09:11 - 00000000 ____D () C:\Program Files\Google
2014-06-12 09:47 - 2014-05-16 15:01 - 00000000 ____D () C:\Users\user\AppData\Roaming\DVDVideoSoft
2014-06-12 09:46 - 2013-07-12 13:29 - 00000000 ____D () C:\Program Files\Adobe
2014-06-12 09:22 - 2014-06-12 09:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\Wir zusammen\Downloads\AdwCleaner - CHIP-Installer.exe
2014-06-12 08:26 - 2013-07-11 00:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 08:25 - 2013-07-10 13:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 08:23 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-31 12:22 - 2013-08-09 21:51 - 00000834 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-31 12:22 - 2013-08-09 21:51 - 00000834 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-30 15:07 - 2014-05-30 15:06 - 00000000 ____D () C:\temp
2014-05-28 18:48 - 2014-06-12 08:21 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 18:39 - 2014-06-12 08:21 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 18:38 - 2014-06-12 08:21 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 18:33 - 2014-06-12 08:21 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 18:32 - 2014-06-12 08:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 18:32 - 2014-06-12 08:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 18:31 - 2014-06-12 08:21 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 18:31 - 2014-06-12 08:21 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 18:30 - 2014-06-12 08:21 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 18:30 - 2014-06-12 08:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 18:30 - 2014-06-12 08:21 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 18:30 - 2014-06-12 08:21 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 18:30 - 2014-06-12 08:21 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 18:30 - 2014-06-12 08:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 18:30 - 2014-06-12 08:21 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 18:29 - 2014-06-12 08:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 18:29 - 2014-06-12 08:21 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 18:29 - 2014-06-12 08:21 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 18:29 - 2014-06-12 08:21 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 18:29 - 2014-06-12 08:21 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 18:28 - 2014-06-12 08:21 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-24 11:53 - 2014-01-05 14:20 - 00000000 ____D () C:\Users\Wir zusammen\AppData\Roaming\vlc

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-22 11:41

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-06-2014 01
Ran by user at 2014-06-22 11:44:06
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Assassin's Creed (HKLM\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
ATI Catalyst Install Manager (HKLM\...\{0B9B76C9-4967-59FC-C994-191AEA152F04}) (Version: 3.0.710.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2018 - Avast Software)
Borderlands (HKLM\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0515.32.42252 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0515.32.42252 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0515.32.42252 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0515.32.42252 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2009.0515.32.42252 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0515.32.42252 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0515.32.42252 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0515.32.42252 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Czech (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Danish (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Dutch (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help English (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Finnish (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help French (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help German (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Greek (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Italian (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Japanese (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Korean (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Polish (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Russian (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Spanish (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Swedish (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Thai (Version: 2009.0515.0031.42252 - ATI) Hidden
CCC Help Turkish (Version: 2009.0515.0031.42252 - ATI) Hidden
ccc-core-static (Version: 2009.0515.32.42252 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0515.32.42252 - ATI) Hidden
Der Planer 4 Version 1.3 (HKLM\...\{BA9E9ED5-FFF3-4E0D-95B9-62527672268B}_is1) (Version:  - rondomedia Marketing & Vertriebs GmbH)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{72EEB695-388B-4835-8EA6-0C04545B06B9}) (Version: 12.04.3000 - Intel(R) Corporation)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
K-Lite Mega Codec Pack 9.9.0 (HKLM\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
Panda USB Vaccine 1.0.1.4 (HKLM\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
Paragon Backup & Recovery™ 2013 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF-XChange Editor (HKLM\...\{e6c66f24-ae75-4cce-8afc-8ed58d732f6a}) (Version: 3.0.307.0 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 3.0.307.0 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Lite 2012 (HKLM\...\{AD09CC9A-6901-4921-B66D-9402FF32EF27}_is1) (Version: 5.0.273.0 - Tracker Software Products Ltd)
Sandboxie 4.04 (32-bit) (HKLM\...\Sandboxie) (Version: 4.04 - Sandboxie Holdings, LLC)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skins (Version: 2009.0515.32.42252 - ATI) Hidden
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VAIO Update (HKLM\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VU5x86 (Version: 1.1.0 - Sony Corporation ) Hidden

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {105436F0-8111-45FB-B3F7-05E3EF93F6D0} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4F6E6931-9911-4070-85BF-7BD2E0C612BD} - System32\Tasks\PandaUSBVaccine => C:\Program Files\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {88252F50-6484-4DBD-96A8-20723D944594} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation)
Task: {89C883DC-A7CF-4109-B438-4BAF892F6C15} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {90259E5E-10DB-4FC2-B203-8C9E2548C055} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-30] (AVAST Software)
Task: {911778AD-D4DC-48C0-895B-118D7CE0B587} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FBEE929F-68F5-46FD-B578-BFB64AB084E7} - System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => C:\Users\user\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe

==================== Loaded Modules (whitelisted) =============

2014-06-22 11:31 - 2014-06-22 11:31 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062200\algo.dll
2009-05-21 13:18 - 2009-05-21 13:18 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2009-05-14 22:22 - 2009-05-14 22:22 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2013-11-23 22:43 - 2013-11-23 22:43 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-07-02 15:58 - 2013-07-02 15:58 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-08-26 11:41 - 2008-08-26 11:41 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2014 11:31:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/21/2014 04:55:05 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/21/2014 03:58:03 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/21/2014 02:52:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/21/2014 02:49:23 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/21/2014 02:23:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2014 01:22:51 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/20/2014 09:58:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2014 06:55:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2014 10:35:03 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


System errors:
=============
Error: (06/22/2014 11:31:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: GlobalUpdater%%2

Error: (06/22/2014 11:31:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/21/2014 02:52:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: GlobalUpdater%%2

Error: (06/21/2014 02:52:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/21/2014 02:30:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: VUAgent%%1053

Error: (06/21/2014 02:30:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000VUAgent

Error: (06/21/2014 02:29:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: VUAgent%%1053

Error: (06/21/2014 02:29:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000VUAgent

Error: (06/21/2014 02:29:42 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053VUAgent{4EE3B587-5512-4A71-BB81-ADFC0559687B}

Error: (06/21/2014 02:27:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Modules Installer%%1053


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-07-03 18:17:04.121
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-03 18:17:03.934
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-03 18:17:03.871
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-03 18:17:03.809
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-03 18:17:03.700
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 3038.12 MB
Available physical RAM: 2050.76 MB
Total Pagefile: 6277.24 MB
Available Pagefile: 5242.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.48 GB) (Free:67.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:106.62 GB) (Free:99.74 GB) NTFS
Drive f: (Volume) (Fixed) (Total:106.51 GB) (Free:106.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 373 GB) (Disk ID: 21568989)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=107 GB) - (Type=OF Extended)

==================== End Of Log ============================
__________________
Antwort

Themen zu ...und wieder den Rechner infiziert?
infiziert, malware, msil/faketool.ig, registrierungsdatenbank, super, viren, win32/adware.adpeak.f, win32/adware.adpeak.i, win32/downloadsponsor.a, win32/packed.moleboxultra.a, win32/packed.themida, win32/toolbar.conduit.r


« Telekom-Trojaner geöffnet | Anti Twin Portable - Chip Installer.exe installiert von www.chip.de - Virenallarm »


Ähnliche Themen: ...und wieder den Rechner infiziert?


  1. Rechner geht nach Löschen einer Datei wieder schnell, aber ein Programm startet langsam - Bin ich infiziert?
    Plagegeister aller Art und deren Bekämpfung - 06.11.2014 (7)
  2. Ist Mein Rechner Infiziert?
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (18)
  3. Rechner ist infiziert u.a. mit TrojanFake.MS
    Log-Analyse und Auswertung - 10.08.2013 (11)
  4. Rechner mit Spyhunter 4 infiziert
    Plagegeister aller Art und deren Bekämpfung - 04.06.2013 (34)
  5. Rechner infiziert........
    Plagegeister aller Art und deren Bekämpfung - 16.03.2011 (4)
  6. Internat Lahm - ist der Rechner infiziert?
    Log-Analyse und Auswertung - 08.12.2010 (8)
  7. GOZI -- Rechner infiziert?
    Plagegeister aller Art und deren Bekämpfung - 20.11.2010 (2)
  8. rechner immernoch infiziert?
    Log-Analyse und Auswertung - 23.02.2010 (6)
  9. Rechner infiziert?
    Plagegeister aller Art und deren Bekämpfung - 19.01.2010 (4)
  10. PC nach formatierung wieder infiziert
    Log-Analyse und Auswertung - 19.10.2009 (2)
  11. Ist mein Rechner infiziert?
    Log-Analyse und Auswertung - 23.12.2008 (4)
  12. Rechner infiziert!?
    Log-Analyse und Auswertung - 22.12.2008 (2)
  13. Rechner infiziert?
    Mülltonne - 21.12.2008 (0)
  14. Rechner infiziert mit Malware!
    Log-Analyse und Auswertung - 14.06.2008 (1)
  15. Ist mein Rechner infiziert???
    Mülltonne - 30.04.2007 (1)
  16. Rechner infiziert
    Plagegeister aller Art und deren Bekämpfung - 07.03.2007 (2)
  17. Hilfe!!! Schon wieder infiziert???
    Plagegeister aller Art und deren Bekämpfung - 24.11.2004 (14)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema ...und wieder den Rechner infiziert? - poste mal ein frisches FRST log - ...und wieder den Rechner infiziert?...
Archiv
Du betrachtest: ...und wieder den Rechner infiziert? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131