| |
| |||||||
Log-Analyse und Auswertung: Systemregistrierung mit Monitoring Tool infiziert.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.06.2014, 20:31
| #1 |
 |  Systemregistrierung mit Monitoring Tool infiziert. Hallo liebes Forum, mein PC ist mit 10 Viren in der Registry infiziert. Hier ein Bild mit dem Log. Hoffe Jemand kann mir helfen?  |
|
16.06.2014, 20:58
| #2 |
| /// the machine /// TB-Ausbilder    | Systemregistrierung mit Monitoring Tool infiziert. hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
17.06.2014, 07:57
| #3 |
| | Systemregistrierung mit Monitoring Tool infiziert. Hallo, erstmal vielen Dank für die Antwort.
__________________Hier die Logdaten nach dem Scan. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by Murat Celik (administrator) on MURATCELIK-PC on 17-06-2014 08:53:39
Running from C:\Users\Murat Celik\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\Turbo Key\TurboKey.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [Turbo Key] => C:\Program Files\ASUS\Turbo Key\TurboKey.exe [1874432 2009-11-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSPanel.exe [734544 2011-04-11] (ecareme)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646232 2012-11-28] ()
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-947860702-3629206099-2466557242-1000\...\Run: [Scan Buttons] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE [214360 2011-01-21] (NewSoft Technology Corporation)
HKU\S-1-5-21-947860702-3629206099-2466557242-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=UP93&ocid=UP93DHP&dt=061413
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Murat Celik\AppData\Roaming\Mozilla\Firefox\Profiles\7udrk8rh.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.4 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Murat Celik\AppData\Roaming\Mozilla\Firefox\Profiles\7udrk8rh.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Murat Celik\AppData\Roaming\Mozilla\Firefox\Profiles\7udrk8rh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013-07-01]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013-07-01]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
==================== Services (Whitelisted) =================
R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-09-19] (AMD) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-17 08:53 - 2014-06-17 08:54 - 00013030 _____ () C:\Users\Murat Celik\Downloads\FRST.txt
2014-06-17 08:53 - 2014-06-17 08:53 - 00000000 ____D () C:\FRST
2014-06-17 08:51 - 2014-06-17 08:51 - 02081280 _____ (Farbar) C:\Users\Murat Celik\Downloads\FRST64.exe
2014-06-16 19:54 - 2014-06-16 19:59 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Wise Registry Cleaner
2014-06-16 19:54 - 2014-06-16 19:54 - 00001187 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-06-16 19:54 - 2014-06-16 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-06-16 19:54 - 2014-06-16 19:54 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-06-16 19:53 - 2014-06-16 19:53 - 02120312 _____ (WiseCleaner.com ) C:\Users\Murat Celik\Downloads\WRC812Free.exe
2014-06-16 19:51 - 2014-06-16 20:24 - 00005560 _____ () C:\Users\Murat Celik\Desktop\log.xml
2014-06-16 19:51 - 2014-06-16 19:51 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Adobe
2014-06-16 19:18 - 2014-06-17 08:47 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-06-16 19:18 - 2014-06-16 19:18 - 00001149 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Nico Mak Computing
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-06-16 19:18 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-06-16 19:16 - 2014-06-16 19:16 - 04892480 _____ (WinZip International LLC ) C:\Users\Murat Celik\Downloads\wzmp_8.exe
2014-06-16 14:56 - 2014-06-16 15:25 - 00000000 ____D () C:\Users\Murat Celik\Desktop\Neuer Ordner
2014-06-14 21:22 - 2014-06-14 21:22 - 00000000 ____D () C:\Users\Murat Celik\Downloads\imperial_officer(MAX5&3DS)
2014-06-14 21:19 - 2014-06-14 21:19 - 00701407 _____ () C:\Users\Murat Celik\Downloads\stormtrooper3(3DS).rar
2014-06-14 21:16 - 2014-06-14 21:16 - 02287022 _____ () C:\Users\Murat Celik\Downloads\tauntaun(3DS).zip
2014-06-14 21:15 - 2014-06-14 21:16 - 03862068 _____ () C:\Users\Murat Celik\Downloads\hothsoldier(3DS).zip
2014-06-14 10:29 - 2014-06-14 10:29 - 00011099 _____ () C:\Users\Murat Celik\AppData\Local\recently-used.xbel
2014-06-12 12:50 - 2014-06-12 13:04 - 00000000 ____D () C:\Users\Murat Celik\Documents\Melde
2014-06-11 09:53 - 2014-06-11 09:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-06 12:05 - 2014-06-16 20:30 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Skype
2014-06-06 12:05 - 2014-06-06 12:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Skype
2014-06-06 12:04 - 2014-06-16 20:30 - 00000000 ____D () C:\ProgramData\Skype
2014-06-06 10:06 - 2014-06-06 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-06 10:06 - 2014-06-06 10:06 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-28 20:44 - 2014-05-28 20:44 - 01376768 _____ () C:\Users\Murat Celik\Downloads\7z920-x64.msi
2014-05-28 17:52 - 2014-05-28 17:52 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2014-05-28 17:50 - 2014-05-28 17:50 - 00000967 _____ () C:\Users\Public\Desktop\Inkscape.lnk
2014-05-28 17:41 - 2014-05-28 17:52 - 00000000 ____D () C:\Program Files (x86)\Inkscape
==================== One Month Modified Files and Folders =======
2014-06-17 08:54 - 2014-06-17 08:53 - 00013030 _____ () C:\Users\Murat Celik\Downloads\FRST.txt
2014-06-17 08:54 - 2012-07-26 20:47 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Temp
2014-06-17 08:53 - 2014-06-17 08:53 - 00000000 ____D () C:\FRST
2014-06-17 08:51 - 2014-06-17 08:51 - 02081280 _____ (Farbar) C:\Users\Murat Celik\Downloads\FRST64.exe
2014-06-17 08:51 - 2012-07-26 20:43 - 01585345 _____ () C:\Windows\WindowsUpdate.log
2014-06-17 08:47 - 2014-06-16 19:18 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-06-17 08:47 - 2013-03-01 20:38 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\.oit
2014-06-17 08:46 - 2012-07-26 21:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-17 08:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-17 08:46 - 2009-07-14 06:51 - 00094072 _____ () C:\Windows\setupact.log
2014-06-16 23:12 - 2013-06-29 12:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-16 21:13 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-16 21:13 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-16 20:30 - 2014-06-06 12:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Skype
2014-06-16 20:30 - 2014-06-06 12:04 - 00000000 ____D () C:\ProgramData\Skype
2014-06-16 20:24 - 2014-06-16 19:51 - 00005560 _____ () C:\Users\Murat Celik\Desktop\log.xml
2014-06-16 19:59 - 2014-06-16 19:54 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Wise Registry Cleaner
2014-06-16 19:54 - 2014-06-16 19:54 - 00001187 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-06-16 19:54 - 2014-06-16 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-06-16 19:54 - 2014-06-16 19:54 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-06-16 19:53 - 2014-06-16 19:53 - 02120312 _____ (WiseCleaner.com ) C:\Users\Murat Celik\Downloads\WRC812Free.exe
2014-06-16 19:52 - 2012-11-28 15:52 - 00000000 ____D () C:\Users\Murat Celik\Documents\Blender Dateien
2014-06-16 19:51 - 2014-06-16 19:51 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Adobe
2014-06-16 19:18 - 2014-06-16 19:18 - 00001149 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Nico Mak Computing
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-06-16 19:16 - 2014-06-16 19:16 - 04892480 _____ (WinZip International LLC ) C:\Users\Murat Celik\Downloads\wzmp_8.exe
2014-06-16 15:25 - 2014-06-16 14:56 - 00000000 ____D () C:\Users\Murat Celik\Desktop\Neuer Ordner
2014-06-16 13:45 - 2012-12-25 20:35 - 00000000 ____D () C:\Users\Murat Celik\dwhelper
2014-06-15 12:27 - 2012-07-30 11:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\CrashDumps
2014-06-14 21:22 - 2014-06-14 21:22 - 00000000 ____D () C:\Users\Murat Celik\Downloads\imperial_officer(MAX5&3DS)
2014-06-14 21:19 - 2014-06-14 21:19 - 00701407 _____ () C:\Users\Murat Celik\Downloads\stormtrooper3(3DS).rar
2014-06-14 21:16 - 2014-06-14 21:16 - 02287022 _____ () C:\Users\Murat Celik\Downloads\tauntaun(3DS).zip
2014-06-14 21:16 - 2014-06-14 21:15 - 03862068 _____ () C:\Users\Murat Celik\Downloads\hothsoldier(3DS).zip
2014-06-14 10:29 - 2014-06-14 10:29 - 00011099 _____ () C:\Users\Murat Celik\AppData\Local\recently-used.xbel
2014-06-14 10:29 - 2012-11-27 00:09 - 00000000 ____D () C:\Users\Murat Celik\.gimp-2.8
2014-06-13 20:34 - 2012-07-28 12:30 - 00000000 ____D () C:\tmp
2014-06-12 19:26 - 2013-06-29 12:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-12 19:26 - 2012-10-22 17:21 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-12 19:26 - 2012-10-22 17:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-12 16:38 - 2009-07-14 06:45 - 00401472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-12 13:11 - 2012-07-26 21:07 - 00119240 _____ () C:\Users\Murat Celik\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-12 13:04 - 2014-06-12 12:50 - 00000000 ____D () C:\Users\Murat Celik\Documents\Melde
2014-06-12 12:52 - 2013-04-07 10:43 - 00000000 ____D () C:\Users\Murat Celik\Documents\MAGIX
2014-06-12 12:52 - 2012-08-05 17:20 - 00000000 ____D () C:\Users\Murat Celik\Documents\Business
2014-06-12 12:35 - 2014-02-05 12:30 - 04339200 ___SH () C:\Users\Murat Celik\Desktop\Thumbs.db
2014-06-11 21:07 - 2011-04-12 09:43 - 00666370 _____ () C:\Windows\system32\perfh007.dat
2014-06-11 21:07 - 2011-04-12 09:43 - 00133386 _____ () C:\Windows\system32\perfc007.dat
2014-06-11 21:07 - 2009-07-14 07:13 - 01519796 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-11 14:09 - 2013-05-21 11:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-11 09:53 - 2014-06-11 09:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 13:17 - 2013-03-17 11:11 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\LocalStorage
2014-06-07 10:31 - 2013-06-07 21:52 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\FreeVideoConverter
2014-06-06 19:55 - 2012-08-22 10:26 - 00015924 _____ () C:\Windows\H74TGD__.TTF
2014-06-06 12:05 - 2014-06-06 12:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Skype
2014-06-06 10:06 - 2014-06-06 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-06 10:06 - 2014-06-06 10:06 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-06 10:06 - 2013-07-01 10:06 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-06 10:06 - 2013-07-01 10:06 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-06 10:06 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-31 13:28 - 2014-01-05 12:18 - 00001897 _____ () C:\Users\Public\Desktop\Blender.lnk
2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-28 20:44 - 2014-05-28 20:44 - 01376768 _____ () C:\Users\Murat Celik\Downloads\7z920-x64.msi
2014-05-28 17:52 - 2014-05-28 17:52 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2014-05-28 17:52 - 2014-05-28 17:41 - 00000000 ____D () C:\Program Files (x86)\Inkscape
2014-05-28 17:50 - 2014-05-28 17:50 - 00000967 _____ () C:\Users\Public\Desktop\Inkscape.lnk
2014-05-24 00:13 - 2010-08-18 11:41 - 00062936 _____ () C:\Windows\ethnocentric rg.ttf
2014-05-20 09:54 - 2014-03-07 16:43 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-20 09:54 - 2014-03-07 16:43 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-19 20:26 - 2013-02-06 20:04 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Windows Live
Some content of TEMP:
====================
C:\Users\Murat Celik\AppData\Local\Temp\avgnt.exe
C:\Users\Murat Celik\AppData\Local\Temp\install_flashplayer11x32_mssd_aih.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-09 20:45
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014
Ran by Murat Celik at 2014-06-17 08:55:16
Running from C:\Users\Murat Celik\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AbiWord 2.9.4 (HKLM-x32\...\AbiWord2) (Version: 2.9.4 - AbiSource Developers)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Anleitung für Epson Connect (HKLM-x32\...\Epson Connect Guide) (Version: - )
ArtRage Studio (HKLM-x32\...\{1BA22D99-A265-4599-91C2-DD4B319C3B3F}) (Version: 3.5.2 - Ambient Design)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.94.193 - eCareme Technologies, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
ATI Catalyst Install Manager (HKLM\...\{62140B07-129A-2BD0-81D2-2A1A7408ADC8}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{70a79d1f-686d-4d5c-962b-07aa1294eae0}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: - Wacom Technology Corp.)
Bamboo (HKLM-x32\...\Pen Tablet Driver) (Version: - )
Bamboo Dock (x32 Version: 3.3.0 - Wacom Europe GmH) Hidden
Bamboo Dock 3.3 (HKLM-x32\...\Bamboo Dock) (Version: 3.3 - Wacom Co., Ltd.)
Blender (HKLM\...\Blender) (Version: 2.70a - Blender Foundation)
CPUID CPU-Z 1.61.2 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CrystalDiskInfo 5.3.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.3.0 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Benutzerhandbuch WF-2530 Series (HKLM-x32\...\WF-2530 Series Useg) (Version: - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{695C8469-7822-4B31-A673-5ED84815B649}) (Version: 1.17.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-2530 Series (HKLM-x32\...\WF-2530 Series Netg) (Version: - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
HitFilm 2 Ultimate (HKLM\...\{CC428850-E9FC-4C86-9ADB-CF3086C6BF50}) (Version: 2.0.1425.50622 - FXhome)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Foto & Grafik Designer 7 (HKLM-x32\...\MAGIX_MSI_Foto_Grafik_Designer_7) (Version: 7.1.2.17305 - MAGIX AG)
MAGIX Foto & Grafik Designer 7 (x32 Version: 7.1.2.17305 - MAGIX AG) Hidden
MAGIX Foto Manager MX Deluxe (HKLM-x32\...\MAGIX_{A01EDF83-011F-46FC-889B-16FFD2BEE968}) (Version: 9.0.2.251 - MAGIX AG)
MAGIX Foto Manager MX Deluxe (Version: 9.0.2.251 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Premium (HKLM-x32\...\MAGIX_{00A8886C-FF3D-4B52-A95D-321735687B32}) (Version: 19.0.5.57 - MAGIX AG)
MAGIX Music Maker 2013 Premium (Version: 19.0.5.57 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Premium Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Studio (HKLM-x32\...\MAGIX_{58AF1918-E670-44DF-BE45-BF5014AF144C}) (Version: 19.0.0.12 - MAGIX AG)
MAGIX Music Studio (Version: 19.0.0.12 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM-x32\...\MAGIX_{341D13B7-3C84-4D68-90B7-1F4B6C2BCB21}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Slideshow Maker 2 (HKLM-x32\...\MAGIX_{7AD52089-1158-42B0-BD44-475578594E43}) (Version: 2.0.1.9 - MAGIX AG)
MAGIX Slideshow Maker 2 (Version: 2.0.1.9 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{94930B8D-D689-48E1-9E82-9CCEEB0E269A}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.0.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 275.33 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.86 - ASUSTeK Computer Inc.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Presto! PageManager 9.03 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.5 - AMD)
RAIDXpert (x32 Version: 3.2.1540.5 - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6402 - Realtek Semiconductor Corp.)
Samplitude Pro X Silver (HKLM-x32\...\MAGIX_{08E5C3CC-05DC-4E8F-B1A1-4ED2C3C065A7}) (Version: 12.0.2.115 - MAGIX AG)
Samplitude Pro X Silver (Version: 12.0.2.115 - MAGIX AG) Hidden
Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Turbo Key (HKLM-x32\...\{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}) (Version: 1.01.03 - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Vita 2 (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 Zusatzcontent (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Bass Machine (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Rock Drums (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita String Ensemble (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita World Percussion (Version: 1.0.0.0 - MAGIX AG) Hidden
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.5 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.4 - Wacom Technology Corp.)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)
Wise Registry Cleaner 8.12 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.12 - WiseCleaner.com, Inc.)
==================== Restore Points =========================
28-05-2014 18:45:02 Installed 7-Zip 9.20 (x64 edition)
09-06-2014 18:52:46 Geplanter Prüfpunkt
16-06-2014 18:29:27 Removed Skype™ 6.16
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-05-20 15:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {21EEED09-12EE-4D34-952C-BDD3F6EFFC72} - System32\Tasks\Games\UpdateCheck_S-1-5-21-947860702-3629206099-2466557242-1000
Task: {47B88171-3B77-4A1F-8C02-AEA1E90CDE83} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {83C50C88-AF3D-400B-81BA-9C95512C69BB} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: {8D041B82-FA49-4C92-9B1D-E23DBE48182C} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {99345FC5-C8CA-4724-9BD7-2C9B1783403C} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {E045CF6D-3EBB-49C5-AAAC-DDBBEEF23356} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-12] (Adobe Systems Incorporated)
Task: {EBB0266F-2220-49CE-A9CD-4ECF04BA815C} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2012-11-28 00:25 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-09-19 14:38 - 2009-09-19 14:38 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2010-07-28 23:58 - 2012-11-28 13:49 - 00646232 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2009-09-19 14:40 - 2009-09-19 14:40 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-09-19 14:40 - 2009-09-19 14:40 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2012-07-26 20:57 - 2009-03-19 22:35 - 00208896 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
2012-07-26 20:57 - 2009-03-19 22:35 - 00008704 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
2012-07-26 20:57 - 2009-01-15 14:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2012-07-26 20:57 - 2009-03-25 16:53 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
2014-06-16 19:18 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll
2014-06-16 19:18 - 2013-07-15 16:53 - 01717936 _____ () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll
2009-09-07 13:54 - 2009-09-07 13:54 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2013-03-01 20:33 - 2010-05-07 12:46 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PerformOcr.dll
2013-03-01 20:33 - 2010-12-23 14:17 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMISM.dll
2013-03-01 20:33 - 2007-03-30 11:24 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Qem.dll
2013-03-01 20:33 - 2010-12-29 18:52 - 00147456 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMCommon.dll
2013-03-01 20:33 - 2008-08-25 18:19 - 00069632 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PHooKDlg.dll
2013-03-01 20:33 - 2011-03-11 11:47 - 00151040 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ScanModule.dll
2013-03-01 20:33 - 2010-12-20 17:21 - 00098304 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\CategoryManager.dll
2013-03-01 20:33 - 2010-10-22 11:01 - 00139264 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSet.dll
2013-03-01 20:33 - 2010-10-22 11:22 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSave.dll
2013-03-01 20:33 - 2010-12-29 19:32 - 00614400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDB_N.dll
2013-03-01 20:33 - 2009-08-06 11:22 - 00421888 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\FT.dll
2013-03-01 20:33 - 2010-09-09 19:00 - 00061440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMINSO.dll
2013-03-01 20:33 - 2009-09-09 15:44 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMANO.dll
2013-03-01 20:33 - 2007-03-30 10:49 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ComClass.dll
2013-03-01 20:33 - 2010-08-03 11:44 - 00049152 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMOffice.dll
2013-03-01 20:33 - 2007-12-20 15:37 - 00176128 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\DocCate.dll
2013-03-01 20:33 - 2011-01-21 16:05 - 00258048 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMScnSet.dll
2013-03-01 20:33 - 2009-11-26 18:49 - 00081920 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NetFun2k.dll
2012-07-26 21:07 - 2009-04-29 14:24 - 00253952 _____ () C:\Program Files\ASUS\Turbo Key\pngio.dll
2012-07-26 21:07 - 2009-04-29 14:24 - 00208896 _____ () C:\Program Files\ASUS\Turbo Key\AiNap.dll
2012-07-26 21:07 - 2009-04-29 14:24 - 00008704 _____ () C:\Program Files\ASUS\Turbo Key\vvc.dll
2014-05-05 10:37 - 2014-05-05 10:37 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-05 10:37 - 2014-05-05 10:37 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-03-01 20:33 - 2008-11-17 15:56 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\nsSign.dll
2013-03-01 20:33 - 2010-11-30 17:42 - 00352256 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMTree.dll
2013-03-01 20:33 - 2010-07-13 11:48 - 00106496 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMProp.dll
2013-03-01 20:33 - 2007-08-31 18:51 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMVoice.dll
2013-03-01 20:33 - 2010-09-08 18:10 - 00073728 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\OutlookVBA.dll
2013-03-01 20:33 - 2009-11-27 18:38 - 00331776 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAppBar.dll
2013-03-01 20:33 - 2010-11-26 11:33 - 04583424 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMView.dll
2013-03-01 20:33 - 2007-03-30 11:01 - 00038992 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NsOEMKey.dll
2013-03-01 20:33 - 2010-09-26 12:13 - 00430080 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPageVW.dll
2013-03-01 20:33 - 2010-03-02 16:09 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDocVW.dll
2013-03-01 20:33 - 2009-06-26 10:03 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMApSet.dll
2013-03-01 20:33 - 2010-08-03 11:51 - 01036288 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\SlideBarDLL.dll
2013-03-01 20:33 - 2009-12-04 18:20 - 00323584 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAnoSet.dll
2013-03-01 20:33 - 2010-09-26 12:13 - 00184320 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImgVW.dll
2013-03-01 20:33 - 2008-08-25 17:16 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMIEVW.dll
2013-03-01 20:33 - 2010-09-08 11:52 - 00036864 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPDFView.dll
2013-03-01 20:33 - 2010-04-27 16:20 - 00065536 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMStatus.dll
2013-03-01 20:33 - 2007-03-30 10:57 - 00034896 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Import.dll
2013-03-01 20:33 - 2010-11-26 11:45 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImageSplitter.dll
2014-03-07 16:44 - 2014-05-05 10:37 - 00049744 _____ () C:\Users\Murat Celik\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-06-11 09:53 - 2014-06-11 09:53 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-12 19:26 - 2014-06-12 19:26 - 17024688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/17/2014 08:48:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 09:07:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 10:02:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/15/2014 04:59:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/15/2014 00:27:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x14b4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (06/15/2014 08:08:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/14/2014 04:44:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/14/2014 04:43:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.12.20002, Zeitstempel: 0x53674d9b
Name des fehlerhaften Moduls: ccwkrlib.dll, Version: 14.0.4.620, Zeitstempel: 0x53610df5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004402f
ID des fehlerhaften Prozesses: 0xdf0
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3
Error: (06/14/2014 04:43:23 PM) (Source: TabletServicePen) (EventID: 1) (User: )
Description: Prefs: Failed to get user path
Error: (06/14/2014 04:43:22 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.AccessViolationException
Stapel:
bei Avira.OE.AvConnector.Interface.ILicensePlugin.GetLicenseType()
bei Avira.OE.AvConnector.AvStatusReporter.GetLicenseType()
bei Avira.OE.ServiceHost.ComputerAndServicesInfo.CreateMessagePayload()
bei Avira.OE.ServiceHost.AvServiceHost.SendAnonymousSyncStatus(Avira.OE.Communicator.Interface.ICommunicator)
bei Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
System errors:
=============
Error: (06/17/2014 08:49:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/17/2014 08:49:50 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (06/17/2014 08:47:48 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (06/16/2014 09:08:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/16/2014 09:08:43 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (06/16/2014 09:06:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (06/16/2014 08:26:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (06/16/2014 02:37:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.
Error: (06/16/2014 10:04:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/16/2014 10:04:38 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Microsoft Office Sessions:
=========================
Error: (06/17/2014 08:48:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 09:07:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 10:02:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/15/2014 04:59:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/15/2014 00:27:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b14b401cf88602fe1a064C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll971a37d7-f477-11e3-9afa-c860005fdeb5
Error: (06/15/2014 08:08:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/14/2014 04:44:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/14/2014 04:43:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.12.2000253674d9bccwkrlib.dll14.0.4.62053610df5c00000050004402fdf001cf87dee9209fccC:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\Program Files (x86)\Avira\AntiVir Desktop\ccwkrlib.dll441fdcab-f3d2-11e3-91c9-c860005fdeb5
Error: (06/14/2014 04:43:23 PM) (Source: TabletServicePen) (EventID: 1) (User: )
Description: Prefs: Failed to get user path
Error: (06/14/2014 04:43:22 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.AccessViolationException
Stapel:
bei Avira.OE.AvConnector.Interface.ILicensePlugin.GetLicenseType()
bei Avira.OE.AvConnector.AvStatusReporter.GetLicenseType()
bei Avira.OE.ServiceHost.ComputerAndServicesInfo.CreateMessagePayload()
bei Avira.OE.ServiceHost.AvServiceHost.SendAnonymousSyncStatus(Avira.OE.Communicator.Interface.ICommunicator)
bei Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
CodeIntegrity Errors:
===================================
Date: 2013-08-04 16:07:27.522
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-04 16:07:27.522
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-04 16:07:27.522
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-04 16:07:27.506
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-04 16:07:27.506
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-04 16:07:27.506
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-01 09:24:26.419
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-01 09:24:26.419
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-01 09:24:26.419
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-01 09:24:26.404
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 30%
Total physical RAM: 8174.12 MB
Available physical RAM: 5714.29 MB
Total Pagefile: 16346.41 MB
Available Pagefile: 13710.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:403.68 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 10438563)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
17.06.2014, 10:57
| #4 |
| /// the machine /// TB-Ausbilder | Systemregistrierung mit Monitoring Tool infiziert. hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.06.2014, 11:47
| #5 |
| | Systemregistrierung mit Monitoring Tool infiziert. Hier der Log mit ComboFix. Da hab ich wohl einiges versäumt mit dem Virenschutz. Ich war leider lange im Krankenhaus und konnte mich nicht richtig um mein System kümmern. Code:
ATTFilter ComboFix 14-06-16.01 - Murat Celik 17.06.2014 12:31:25.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8174.5812 [GMT 2:00]
ausgeführt von:: c:\users\Murat Celik\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-05-17 bis 2014-06-17 ))))))))))))))))))))))))))))))
.
.
2014-06-17 10:41 . 2014-06-17 10:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-06-17 10:41 . 2014-06-17 10:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-17 10:41 . 2014-06-17 10:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-06-17 06:53 . 2014-06-17 06:56 -------- d-----w- C:\FRST
2014-06-16 17:54 . 2014-06-16 17:59 -------- d-----w- c:\users\Murat Celik\AppData\Roaming\Wise Registry Cleaner
2014-06-16 17:54 . 2014-06-16 17:54 -------- d-----w- c:\program files (x86)\Wise
2014-06-16 17:51 . 2014-06-17 10:22 -------- d-----w- c:\users\Murat Celik\AppData\Local\Adobe
2014-06-16 17:18 . 2014-06-16 17:18 -------- d-----w- c:\users\Murat Celik\AppData\Roaming\Nico Mak Computing
2014-06-16 17:18 . 2014-06-16 17:18 -------- d-----w- c:\programdata\Nico Mak Computing
2014-06-16 17:18 . 2014-06-16 17:18 -------- d-----w- c:\program files (x86)\WinZip Malware Protector
2014-06-16 17:18 . 2013-03-15 15:10 20480 ----a-w- c:\windows\system32\wsusnative64.exe
2014-06-06 10:05 . 2014-06-06 10:05 -------- d-----w- c:\users\Murat Celik\AppData\Local\Skype
2014-06-06 10:05 . 2014-06-16 18:30 -------- d-----w- c:\users\Murat Celik\AppData\Roaming\Skype
2014-06-06 10:04 . 2014-06-16 18:30 -------- d-----w- c:\programdata\Skype
2014-05-28 18:45 . 2014-05-28 18:45 -------- d-----w- c:\program files\7-Zip
2014-05-28 15:41 . 2014-05-28 15:52 -------- d-----w- c:\program files (x86)\Inkscape
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-12 17:26 . 2012-10-22 15:21 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-12 17:26 . 2012-10-22 15:21 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-29 16:59 . 2012-08-06 19:58 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Scan Buttons"="c:\program files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE" [2011-01-21 214360]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE" [2012-02-28 283232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Turbo Key"="c:\program files\ASUS\Turbo Key\TurboKey.exe" [2009-11-24 1874432]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSPanel.exe" [2011-04-11 734544]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-04-03 502912]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-04-03 863360]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
"PMSpeed"="c:\program files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE" [2010-07-29 116632]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - avipbb
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-22 17:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-04-11 03:35 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-04-11 03:35 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2008-05-24 26448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Murat Celik\AppData\Roaming\Mozilla\Firefox\Profiles\7udrk8rh.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - user.js: network.http.max-connections - 256
FF - user.js: network.http.max-connections-per-server - 48
FF - user.js: network.http.max-persistent-connections-per-proxy - 32
FF - user.js: network.http.max-persistent-connections-per-server - 18
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager.9.alb"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.eps"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.gif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.iff"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.pcd"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.png"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tga"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tiff"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-17 12:45:45
ComboFix-quarantined-files.txt 2014-06-17 10:45
.
Vor Suchlauf: 15 Verzeichnis(se), 436.040.179.712 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 436.108.193.792 Bytes frei
.
- - End Of File - - 444000CC1B89F4922DDCBA85A53C0BDE
A36C5E4F47E84449FF07ED3517B43A31
|
|
18.06.2014, 09:04
| #6 |
| /// the machine /// TB-Ausbilder | Systemregistrierung mit Monitoring Tool infiziert. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Systemregistrierung mit Monitoring Tool infiziert. |
|
18.06.2014, 11:45
| #7 |
| | Systemregistrierung mit Monitoring Tool infiziert. mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 18.06.2014 Scan Time: 12:09:44 Logfile: LogMalwarbites.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.18.03 Rootkit Database: v2014.06.02.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Murat Celik Scan Type: Threat Scan Result: Completed Objects Scanned: 326085 Time Elapsed: 10 min, 29 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.Babylon.A, C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml, , [2ebd9bde8eedd2645896caf4bc46d22e], Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 18/06/2014 um 12:26:39
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Murat Celik - MURATCELIK-PC
# Gestartet von : C:\Users\Murat Celik\Downloads\adwcleaner_3.212.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\Users\Murat Celik\AppData\Roaming\simplitec
Datei Gelöscht : C:\Users\Murat Celik\AppData\Roaming\Mozilla\Firefox\Profiles\7udrk8rh.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16843
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Murat Celik\AppData\Roaming\Mozilla\Firefox\Profiles\7udrk8rh.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1193 octets] - [18/06/2014 12:22:33]
AdwCleaner[S0].txt - [1114 octets] - [18/06/2014 12:26:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1174 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Murat Celik on 18.06.2014 at 12:30:29,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\free video converter"
~~~ FireFox
Emptied folder: C:\Users\Murat Celik\AppData\Roaming\mozilla\firefox\profiles\7udrk8rh.default\minidumps [153 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.06.2014 at 12:37:09,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014 Ran by Murat Celik (administrator) on MURATCELIK-PC on 18-06-2014 12:40:38 Running from C:\Users\Murat Celik\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\Turbo Key\TurboKey.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe (Microsoft Corporation) C:\Windows\splwow64.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe () C:\Windows\SysWOW64\WinMsgBalloonServer.exe () C:\Windows\SysWOW64\WinMsgBalloonClient.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe (Farbar) C:\Users\Murat Celik\Downloads\FRST64(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor) HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation) HKLM-x32\...\Run: [Turbo Key] => C:\Program Files\ASUS\Turbo Key\TurboKey.exe [1874432 2009-11-24] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSPanel.exe [734544 2011-04-11] (ecareme) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKU\S-1-5-21-947860702-3629206099-2466557242-1000\...\Run: [Scan Buttons] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE [214360 2011-01-21] (NewSoft Technology Corporation) HKU\S-1-5-21-947860702-3629206099-2466557242-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=UP93&ocid=UP93DHP&dt=061413 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Murat Celik\AppData\Roaming\Mozilla\Firefox\Profiles\7udrk8rh.default FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: DownloadHelper - C:\Users\Murat Celik\AppData\Roaming\Mozilla\Firefox\Profiles\7udrk8rh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25] FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013-07-01] FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013-07-01] ==================== Services (Whitelisted) ================= R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-09-19] (AMD) [File not signed] R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed] R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-18] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-18 12:39 - 2014-06-18 12:39 - 00027667 _____ () C:\Users\Murat Celik\Desktop\FRST.txt 2014-06-18 12:38 - 2014-06-18 12:40 - 00010814 _____ () C:\Users\Murat Celik\Downloads\FRST.txt 2014-06-18 12:37 - 2014-06-18 12:37 - 00000850 _____ () C:\Users\Murat Celik\Desktop\JRT.txt 2014-06-18 12:33 - 2014-06-18 12:33 - 02081280 _____ (Farbar) C:\Users\Murat Celik\Downloads\FRST64(1).exe 2014-06-18 12:30 - 2014-06-18 12:30 - 01016261 _____ (Thisisu) C:\Users\Murat Celik\Downloads\JRT.exe 2014-06-18 12:25 - 2014-06-18 12:28 - 00001254 _____ () C:\Users\Murat Celik\Desktop\AdwCleaner[R0].txt 2014-06-18 12:21 - 2014-06-18 12:26 - 00000000 ____D () C:\AdwCleaner 2014-06-18 12:19 - 2014-06-18 12:19 - 01333465 _____ () C:\Users\Murat Celik\Downloads\adwcleaner_3.212.exe 2014-06-18 12:08 - 2014-06-18 12:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-18 12:08 - 2014-06-18 12:08 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-18 12:08 - 2014-06-18 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-18 12:08 - 2014-06-18 12:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-18 12:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-18 12:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-18 12:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-18 12:06 - 2014-06-18 12:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Murat Celik\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-17 12:45 - 2014-06-17 12:45 - 00011323 _____ () C:\ComboFix.txt 2014-06-17 12:45 - 2014-06-17 12:45 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp 2014-06-17 12:45 - 2014-06-17 12:45 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-06-17 12:45 - 2014-06-17 12:45 - 00000000 ____D () C:\Users\Mevlüde Celik\AppData\Local\temp 2014-06-17 12:45 - 2014-06-17 12:45 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-06-17 12:45 - 2014-06-17 12:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-06-17 12:28 - 2014-06-17 12:45 - 00000000 ____D () C:\Qoobox 2014-06-17 12:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-06-17 12:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-06-17 12:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-06-17 12:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-06-17 12:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-06-17 12:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-06-17 12:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-06-17 12:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-06-17 12:18 - 2014-06-17 12:19 - 05206841 ____R (Swearware) C:\Users\Murat Celik\Downloads\ComboFix.exe 2014-06-17 11:06 - 2014-06-17 11:06 - 00000000 ____D () C:\Users\Murat Celik\Downloads\hothsoldier(3DS) 2014-06-17 11:05 - 2014-06-17 11:06 - 00000000 ____D () C:\Users\Murat Celik\Downloads\tauntaun(3DS) 2014-06-17 08:53 - 2014-06-18 12:40 - 00000000 ____D () C:\FRST 2014-06-17 08:51 - 2014-06-17 08:51 - 02081280 _____ (Farbar) C:\Users\Murat Celik\Downloads\FRST64.exe 2014-06-16 19:54 - 2014-06-16 19:59 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Wise Registry Cleaner 2014-06-16 19:54 - 2014-06-16 19:54 - 00001187 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk 2014-06-16 19:54 - 2014-06-16 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner 2014-06-16 19:54 - 2014-06-16 19:54 - 00000000 ____D () C:\Program Files (x86)\Wise 2014-06-16 19:53 - 2014-06-16 19:53 - 02120312 _____ (WiseCleaner.com ) C:\Users\Murat Celik\Downloads\WRC812Free.exe 2014-06-16 19:51 - 2014-06-17 12:22 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Adobe 2014-06-16 19:18 - 2014-06-18 12:29 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2014-06-16 19:18 - 2014-06-16 19:18 - 00001149 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk 2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Nico Mak Computing 2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector 2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector 2014-06-16 19:18 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe 2014-06-16 19:16 - 2014-06-16 19:16 - 04892480 _____ (WinZip International LLC ) C:\Users\Murat Celik\Downloads\wzmp_8.exe 2014-06-16 14:56 - 2014-06-18 12:37 - 00000000 ____D () C:\Users\Murat Celik\Desktop\Neuer Ordner 2014-06-14 21:19 - 2014-06-14 21:19 - 00701407 _____ () C:\Users\Murat Celik\Documents\stormtrooper3(3DS).rar 2014-06-14 10:29 - 2014-06-14 10:29 - 00011099 _____ () C:\Users\Murat Celik\AppData\Local\recently-used.xbel 2014-06-12 12:50 - 2014-06-17 13:52 - 00000000 ____D () C:\Users\Murat Celik\Documents\Melde 2014-06-11 09:53 - 2014-06-11 09:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-06 12:05 - 2014-06-16 20:30 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Skype 2014-06-06 12:05 - 2014-06-06 12:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Skype 2014-06-06 12:04 - 2014-06-16 20:30 - 00000000 ____D () C:\ProgramData\Skype 2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\Program Files\7-Zip 2014-05-28 20:44 - 2014-05-28 20:44 - 01376768 _____ () C:\Users\Murat Celik\Downloads\7z920-x64.msi 2014-05-28 17:52 - 2014-05-28 17:52 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk 2014-05-28 17:50 - 2014-05-28 17:50 - 00000967 _____ () C:\Users\Public\Desktop\Inkscape.lnk 2014-05-28 17:41 - 2014-05-28 17:52 - 00000000 ____D () C:\Program Files (x86)\Inkscape ==================== One Month Modified Files and Folders ======= 2014-06-18 12:40 - 2014-06-18 12:38 - 00010814 _____ () C:\Users\Murat Celik\Downloads\FRST.txt 2014-06-18 12:40 - 2014-06-17 08:53 - 00000000 ____D () C:\FRST 2014-06-18 12:40 - 2012-07-26 20:47 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Temp 2014-06-18 12:39 - 2014-06-18 12:39 - 00027667 _____ () C:\Users\Murat Celik\Desktop\FRST.txt 2014-06-18 12:37 - 2014-06-18 12:37 - 00000850 _____ () C:\Users\Murat Celik\Desktop\JRT.txt 2014-06-18 12:37 - 2014-06-16 14:56 - 00000000 ____D () C:\Users\Murat Celik\Desktop\Neuer Ordner 2014-06-18 12:36 - 2014-01-05 12:18 - 00002074 _____ () C:\Users\Public\Desktop\Blender.lnk 2014-06-18 12:35 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-18 12:35 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-18 12:33 - 2014-06-18 12:33 - 02081280 _____ (Farbar) C:\Users\Murat Celik\Downloads\FRST64(1).exe 2014-06-18 12:32 - 2012-07-30 11:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\CrashDumps 2014-06-18 12:31 - 2012-07-26 20:43 - 01663887 _____ () C:\Windows\WindowsUpdate.log 2014-06-18 12:30 - 2014-06-18 12:30 - 01016261 _____ (Thisisu) C:\Users\Murat Celik\Downloads\JRT.exe 2014-06-18 12:30 - 2013-05-21 10:43 - 00000000 ____D () C:\Windows\ERUNT 2014-06-18 12:29 - 2014-06-18 12:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-18 12:29 - 2014-06-16 19:18 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2014-06-18 12:28 - 2014-06-18 12:25 - 00001254 _____ () C:\Users\Murat Celik\Desktop\AdwCleaner[R0].txt 2014-06-18 12:28 - 2013-03-01 20:38 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\.oit 2014-06-18 12:27 - 2012-07-26 21:13 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-18 12:27 - 2010-11-21 05:47 - 00349842 _____ () C:\Windows\PFRO.log 2014-06-18 12:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-18 12:27 - 2009-07-14 06:51 - 00094576 _____ () C:\Windows\setupact.log 2014-06-18 12:26 - 2014-06-18 12:21 - 00000000 ____D () C:\AdwCleaner 2014-06-18 12:19 - 2014-06-18 12:19 - 01333465 _____ () C:\Users\Murat Celik\Downloads\adwcleaner_3.212.exe 2014-06-18 12:12 - 2013-06-29 12:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-18 12:08 - 2014-06-18 12:08 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-18 12:08 - 2014-06-18 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-18 12:08 - 2014-06-18 12:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-18 12:08 - 2013-05-20 21:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-18 12:06 - 2014-06-18 12:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Murat Celik\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-17 13:52 - 2014-06-12 12:50 - 00000000 ____D () C:\Users\Murat Celik\Documents\Melde 2014-06-17 12:45 - 2014-06-17 12:45 - 00011323 _____ () C:\ComboFix.txt 2014-06-17 12:45 - 2014-06-17 12:45 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp 2014-06-17 12:45 - 2014-06-17 12:45 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-06-17 12:45 - 2014-06-17 12:45 - 00000000 ____D () C:\Users\Mevlüde Celik\AppData\Local\temp 2014-06-17 12:45 - 2014-06-17 12:45 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-06-17 12:45 - 2014-06-17 12:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-06-17 12:45 - 2014-06-17 12:28 - 00000000 ____D () C:\Qoobox 2014-06-17 12:41 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-06-17 12:27 - 2013-05-19 22:24 - 00000000 ____D () C:\Windows\erdnt 2014-06-17 12:25 - 2014-05-03 12:51 - 00000000 ____D () C:\Program Files (x86)\AbiWord 2014-06-17 12:25 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup 2014-06-17 12:22 - 2014-06-16 19:51 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Adobe 2014-06-17 12:22 - 2012-07-26 21:05 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-06-17 12:19 - 2014-06-17 12:18 - 05206841 ____R (Swearware) C:\Users\Murat Celik\Downloads\ComboFix.exe 2014-06-17 11:06 - 2014-06-17 11:06 - 00000000 ____D () C:\Users\Murat Celik\Downloads\hothsoldier(3DS) 2014-06-17 11:06 - 2014-06-17 11:05 - 00000000 ____D () C:\Users\Murat Celik\Downloads\tauntaun(3DS) 2014-06-17 08:51 - 2014-06-17 08:51 - 02081280 _____ (Farbar) C:\Users\Murat Celik\Downloads\FRST64.exe 2014-06-16 20:30 - 2014-06-06 12:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Skype 2014-06-16 20:30 - 2014-06-06 12:04 - 00000000 ____D () C:\ProgramData\Skype 2014-06-16 19:59 - 2014-06-16 19:54 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Wise Registry Cleaner 2014-06-16 19:54 - 2014-06-16 19:54 - 00001187 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk 2014-06-16 19:54 - 2014-06-16 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner 2014-06-16 19:54 - 2014-06-16 19:54 - 00000000 ____D () C:\Program Files (x86)\Wise 2014-06-16 19:53 - 2014-06-16 19:53 - 02120312 _____ (WiseCleaner.com ) C:\Users\Murat Celik\Downloads\WRC812Free.exe 2014-06-16 19:52 - 2012-11-28 15:52 - 00000000 ____D () C:\Users\Murat Celik\Documents\Blender Dateien 2014-06-16 19:18 - 2014-06-16 19:18 - 00001149 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk 2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Nico Mak Computing 2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector 2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector 2014-06-16 19:16 - 2014-06-16 19:16 - 04892480 _____ (WinZip International LLC ) C:\Users\Murat Celik\Downloads\wzmp_8.exe 2014-06-16 13:45 - 2012-12-25 20:35 - 00000000 ____D () C:\Users\Murat Celik\dwhelper 2014-06-14 21:19 - 2014-06-14 21:19 - 00701407 _____ () C:\Users\Murat Celik\Documents\stormtrooper3(3DS).rar 2014-06-14 10:29 - 2014-06-14 10:29 - 00011099 _____ () C:\Users\Murat Celik\AppData\Local\recently-used.xbel 2014-06-14 10:29 - 2012-11-27 00:09 - 00000000 ____D () C:\Users\Murat Celik\.gimp-2.8 2014-06-13 20:34 - 2012-07-28 12:30 - 00000000 ____D () C:\tmp 2014-06-12 19:26 - 2013-06-29 12:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-06-12 19:26 - 2012-10-22 17:21 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-06-12 19:26 - 2012-10-22 17:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-12 16:38 - 2009-07-14 06:45 - 00401472 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-06-12 13:11 - 2012-07-26 21:07 - 00119240 _____ () C:\Users\Murat Celik\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-12 12:52 - 2013-04-07 10:43 - 00000000 ____D () C:\Users\Murat Celik\Documents\MAGIX 2014-06-12 12:52 - 2012-08-05 17:20 - 00000000 ____D () C:\Users\Murat Celik\Documents\Business 2014-06-12 12:35 - 2014-02-05 12:30 - 04339200 ___SH () C:\Users\Murat Celik\Desktop\Thumbs.db 2014-06-11 21:07 - 2011-04-12 09:43 - 00666370 _____ () C:\Windows\system32\perfh007.dat 2014-06-11 21:07 - 2011-04-12 09:43 - 00133386 _____ () C:\Windows\system32\perfc007.dat 2014-06-11 21:07 - 2009-07-14 07:13 - 01519796 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-11 14:09 - 2013-05-21 11:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-11 09:53 - 2014-06-11 09:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-10 13:17 - 2013-03-17 11:11 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\LocalStorage 2014-06-07 10:31 - 2013-06-07 21:52 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\FreeVideoConverter 2014-06-06 19:55 - 2012-08-22 10:26 - 00015924 _____ () C:\Windows\H74TGD__.TTF 2014-06-06 12:05 - 2014-06-06 12:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Skype 2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\Program Files\7-Zip 2014-05-28 20:44 - 2014-05-28 20:44 - 01376768 _____ () C:\Users\Murat Celik\Downloads\7z920-x64.msi 2014-05-28 17:52 - 2014-05-28 17:52 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk 2014-05-28 17:52 - 2014-05-28 17:41 - 00000000 ____D () C:\Program Files (x86)\Inkscape 2014-05-28 17:50 - 2014-05-28 17:50 - 00000967 _____ () C:\Users\Public\Desktop\Inkscape.lnk 2014-05-24 00:13 - 2010-08-18 11:41 - 00062936 _____ () C:\Windows\ethnocentric rg.ttf 2014-05-19 20:26 - 2013-02-06 20:04 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Windows Live Some content of TEMP: ==================== C:\Users\Murat Celik\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-09 20:45 ==================== End Of Log ============================ Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014
Ran by Murat Celik at 2014-06-18 12:40:55
Running from C:\Users\Murat Celik\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Anleitung für Epson Connect (HKLM-x32\...\Epson Connect Guide) (Version: - )
ArtRage Studio (HKLM-x32\...\{1BA22D99-A265-4599-91C2-DD4B319C3B3F}) (Version: 3.5.2 - Ambient Design)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.94.193 - eCareme Technologies, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
ATI Catalyst Install Manager (HKLM\...\{62140B07-129A-2BD0-81D2-2A1A7408ADC8}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Bamboo (HKLM-x32\...\Pen Tablet Driver) (Version: - )
Blender (HKLM\...\Blender) (Version: 2.70a - Blender Foundation)
CPUID CPU-Z 1.61.2 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CrystalDiskInfo 5.3.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.3.0 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Benutzerhandbuch WF-2530 Series (HKLM-x32\...\WF-2530 Series Useg) (Version: - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{695C8469-7822-4B31-A673-5ED84815B649}) (Version: 1.17.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-2530 Series (HKLM-x32\...\WF-2530 Series Netg) (Version: - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Foto & Grafik Designer 7 (HKLM-x32\...\MAGIX_MSI_Foto_Grafik_Designer_7) (Version: 7.1.2.17305 - MAGIX AG)
MAGIX Foto & Grafik Designer 7 (x32 Version: 7.1.2.17305 - MAGIX AG) Hidden
MAGIX Foto Manager MX Deluxe (HKLM-x32\...\MAGIX_{A01EDF83-011F-46FC-889B-16FFD2BEE968}) (Version: 9.0.2.251 - MAGIX AG)
MAGIX Foto Manager MX Deluxe (Version: 9.0.2.251 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Premium (HKLM-x32\...\MAGIX_{00A8886C-FF3D-4B52-A95D-321735687B32}) (Version: 19.0.5.57 - MAGIX AG)
MAGIX Music Maker 2013 Premium (Version: 19.0.5.57 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Premium Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Studio (HKLM-x32\...\MAGIX_{58AF1918-E670-44DF-BE45-BF5014AF144C}) (Version: 19.0.0.12 - MAGIX AG)
MAGIX Music Studio (Version: 19.0.0.12 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM-x32\...\MAGIX_{341D13B7-3C84-4D68-90B7-1F4B6C2BCB21}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Slideshow Maker 2 (HKLM-x32\...\MAGIX_{7AD52089-1158-42B0-BD44-475578594E43}) (Version: 2.0.1.9 - MAGIX AG)
MAGIX Slideshow Maker 2 (Version: 2.0.1.9 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{94930B8D-D689-48E1-9E82-9CCEEB0E269A}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.0.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 275.33 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.86 - ASUSTeK Computer Inc.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Presto! PageManager 9.03 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.5 - AMD)
RAIDXpert (x32 Version: 3.2.1540.5 - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6402 - Realtek Semiconductor Corp.)
Samplitude Pro X Silver (HKLM-x32\...\MAGIX_{08E5C3CC-05DC-4E8F-B1A1-4ED2C3C065A7}) (Version: 12.0.2.115 - MAGIX AG)
Samplitude Pro X Silver (Version: 12.0.2.115 - MAGIX AG) Hidden
Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Turbo Key (HKLM-x32\...\{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}) (Version: 1.01.03 - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Vita 2 (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 Zusatzcontent (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Bass Machine (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Rock Drums (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita String Ensemble (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita World Percussion (Version: 1.0.0.0 - MAGIX AG) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)
Wise Registry Cleaner 8.12 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.12 - WiseCleaner.com, Inc.)
==================== Restore Points =========================
28-05-2014 18:45:02 Installed 7-Zip 9.20 (x64 edition)
09-06-2014 18:52:46 Geplanter Prüfpunkt
16-06-2014 18:29:27 Removed Skype™ 6.16
17-06-2014 10:23:15 Removed HitFilm 2 Ultimate
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-06-17 12:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {21EEED09-12EE-4D34-952C-BDD3F6EFFC72} - System32\Tasks\Games\UpdateCheck_S-1-5-21-947860702-3629206099-2466557242-1000
Task: {47B88171-3B77-4A1F-8C02-AEA1E90CDE83} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {7AF1E38A-4BEA-40E9-B402-3BD1B6D14F20} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: {8D041B82-FA49-4C92-9B1D-E23DBE48182C} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {99345FC5-C8CA-4724-9BD7-2C9B1783403C} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {E045CF6D-3EBB-49C5-AAAC-DDBBEEF23356} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-12] (Adobe Systems Incorporated)
Task: {EBB0266F-2220-49CE-A9CD-4ECF04BA815C} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2012-11-28 00:25 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-09-19 14:38 - 2009-09-19 14:38 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2009-09-19 14:40 - 2009-09-19 14:40 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-09-19 14:40 - 2009-09-19 14:40 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2009-09-07 13:54 - 2009-09-07 13:54 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2012-07-26 20:57 - 2009-03-19 22:35 - 00208896 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
2012-07-26 20:57 - 2009-03-19 22:35 - 00008704 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
2012-07-26 20:57 - 2009-01-15 14:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2014-06-16 19:18 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll
2014-06-16 19:18 - 2013-07-15 16:53 - 01717936 _____ () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll
2014-06-16 19:18 - 2013-02-28 16:53 - 00168448 _____ () C:\Program Files (x86)\WinZip Malware Protector\UNRAR.DLL
2013-03-01 20:33 - 2010-05-07 12:46 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PerformOcr.dll
2013-03-01 20:33 - 2010-12-23 14:17 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMISM.dll
2013-03-01 20:33 - 2007-03-30 11:24 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Qem.dll
2013-03-01 20:33 - 2010-12-29 18:52 - 00147456 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMCommon.dll
2013-03-01 20:33 - 2008-08-25 18:19 - 00069632 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PHooKDlg.dll
2013-03-01 20:33 - 2011-03-11 11:47 - 00151040 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ScanModule.dll
2013-03-01 20:33 - 2010-12-20 17:21 - 00098304 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\CategoryManager.dll
2013-03-01 20:33 - 2010-10-22 11:01 - 00139264 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSet.dll
2013-03-01 20:33 - 2010-10-22 11:22 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSave.dll
2013-03-01 20:33 - 2010-12-29 19:32 - 00614400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDB_N.dll
2013-03-01 20:33 - 2009-08-06 11:22 - 00421888 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\FT.dll
2013-03-01 20:33 - 2010-09-09 19:00 - 00061440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMINSO.dll
2013-03-01 20:33 - 2009-09-09 15:44 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMANO.dll
2013-03-01 20:33 - 2007-03-30 10:49 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ComClass.dll
2013-03-01 20:33 - 2010-08-03 11:44 - 00049152 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMOffice.dll
2013-03-01 20:33 - 2007-12-20 15:37 - 00176128 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\DocCate.dll
2013-03-01 20:33 - 2011-01-21 16:05 - 00258048 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMScnSet.dll
2013-03-01 20:33 - 2009-11-26 18:49 - 00081920 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NetFun2k.dll
2012-07-26 21:07 - 2009-04-29 14:24 - 00253952 _____ () C:\Program Files\ASUS\Turbo Key\pngio.dll
2012-07-26 21:07 - 2009-04-29 14:24 - 00208896 _____ () C:\Program Files\ASUS\Turbo Key\AiNap.dll
2012-07-26 21:07 - 2009-04-29 14:24 - 00008704 _____ () C:\Program Files\ASUS\Turbo Key\vvc.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-03-01 20:33 - 2008-11-17 15:56 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\nsSign.dll
2013-03-01 20:33 - 2010-11-30 17:42 - 00352256 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMTree.dll
2013-03-01 20:33 - 2010-07-13 11:48 - 00106496 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMProp.dll
2013-03-01 20:33 - 2007-08-31 18:51 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMVoice.dll
2013-03-01 20:33 - 2010-09-08 18:10 - 00073728 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\OutlookVBA.dll
2013-03-01 20:33 - 2009-11-27 18:38 - 00331776 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAppBar.dll
2013-03-01 20:33 - 2010-11-26 11:33 - 04583424 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMView.dll
2013-03-01 20:33 - 2007-03-30 11:01 - 00038992 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NsOEMKey.dll
2013-03-01 20:33 - 2010-09-26 12:13 - 00430080 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPageVW.dll
2013-03-01 20:33 - 2010-03-02 16:09 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDocVW.dll
2013-03-01 20:33 - 2009-06-26 10:03 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMApSet.dll
2013-03-01 20:33 - 2010-08-03 11:51 - 01036288 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\SlideBarDLL.dll
2013-03-01 20:33 - 2009-12-04 18:20 - 00323584 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAnoSet.dll
2013-03-01 20:33 - 2010-09-26 12:13 - 00184320 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImgVW.dll
2013-03-01 20:33 - 2008-08-25 17:16 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMIEVW.dll
2013-03-01 20:33 - 2010-09-08 11:52 - 00036864 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPDFView.dll
2013-03-01 20:33 - 2010-04-27 16:20 - 00065536 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMStatus.dll
2013-03-01 20:33 - 2007-03-30 10:57 - 00034896 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Import.dll
2013-03-01 20:33 - 2010-11-26 11:45 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImageSplitter.dll
2014-06-11 09:53 - 2014-06-11 09:53 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-12 19:26 - 2014-06-12 19:26 - 17024688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-06-17 12:41:00.969
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-06-17 12:41:00.813
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-04 16:07:27.522
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-04 16:07:27.522
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-04 16:07:27.522
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-04 16:07:27.506
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-04 16:07:27.506
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-04 16:07:27.506
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-01 09:24:26.419
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-01 09:24:26.419
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 25%
Total physical RAM: 8174.12 MB
Available physical RAM: 6050.67 MB
Total Pagefile: 16346.41 MB
Available Pagefile: 14033.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:405.82 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 10438563)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
19.06.2014, 11:51
| #8 |
| /// the machine /// TB-Ausbilder | Systemregistrierung mit Monitoring Tool infiziert.ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.06.2014, 13:18
| #9 |
| | Systemregistrierung mit Monitoring Tool infiziert. ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=798b167ec166064ba932b867ec8e3713
# engine=18783
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-19 12:02:25
# local_time=2014-06-19 02:02:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 12106706 154809195 0 0
# scanned=202285
# found=4
# cleaned=0
# scan_time=3505
sh=7560ADB6881D658A46F52AD1DCDF667B615F6EDE ft=1 fh=19f14dde2ee67322 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe"
sh=A751D3553295B4CA8A7DECA5F2E9D02BA8FD5C1B ft=1 fh=0981b9ec2bf947e8 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Murat Celik\Desktop\CrystalDiskInfo5_3_0-en.exe"
sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Murat Celik\Downloads\wzmp_8.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="${Memory}"
Code:
ATTFilter Results of screen317's Security Check version 0.99.83 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 14.0.0.125 Adobe Reader XI Mozilla Firefox (30.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe WinZip Malware Protector WinZipMalwareProtector.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014 Ran by Murat Celik (administrator) on MURATCELIK-PC on 19-06-2014 14:15:08 Running from C:\Users\Murat Celik\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe (Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\Turbo Key\TurboKey.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe (Microsoft Corporation) C:\Windows\splwow64.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe () C:\Windows\SysWOW64\WinMsgBalloonServer.exe () C:\Windows\SysWOW64\WinMsgBalloonClient.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor) HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation) HKLM-x32\...\Run: [Turbo Key] => C:\Program Files\ASUS\Turbo Key\TurboKey.exe [1874432 2009-11-24] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSPanel.exe [734544 2011-04-11] (ecareme) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKU\S-1-5-21-947860702-3629206099-2466557242-1000\...\Run: [Scan Buttons] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE [214360 2011-01-21] (NewSoft Technology Corporation) HKU\S-1-5-21-947860702-3629206099-2466557242-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=UP93&ocid=UP93DHP&dt=061413 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Murat Celik\AppData\Roaming\Mozilla\Firefox\Profiles\7udrk8rh.default FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: DownloadHelper - C:\Users\Murat Celik\AppData\Roaming\Mozilla\Firefox\Profiles\7udrk8rh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25] FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013-07-01] FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013-07-01] ==================== Services (Whitelisted) ================= R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-09-19] (AMD) [File not signed] R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed] R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-19 14:15 - 2014-06-19 14:15 - 00010630 _____ () C:\Users\Murat Celik\Downloads\FRST.txt 2014-06-19 14:14 - 2014-06-19 14:14 - 02082304 _____ (Farbar) C:\Users\Murat Celik\Downloads\FRST64.exe 2014-06-19 14:11 - 2014-06-19 14:11 - 00000914 _____ () C:\Users\Murat Celik\Desktop\checkup.txt 2014-06-19 13:01 - 2014-06-19 13:01 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-19 11:29 - 2014-06-19 11:29 - 00020286 _____ () C:\Users\Murat Celik\AppData\Local\recently-used.xbel 2014-06-18 12:41 - 2014-06-18 12:41 - 00026765 _____ () C:\Users\Murat Celik\Desktop\Addition.txt 2014-06-18 12:39 - 2014-06-18 12:41 - 00027762 _____ () C:\Users\Murat Celik\Desktop\FRST.txt 2014-06-18 12:37 - 2014-06-18 12:37 - 00000850 _____ () C:\Users\Murat Celik\Desktop\JRT.txt 2014-06-18 12:25 - 2014-06-18 12:28 - 00001254 _____ () C:\Users\Murat Celik\Desktop\AdwCleaner[R0].txt 2014-06-18 12:21 - 2014-06-18 12:26 - 00000000 ____D () C:\AdwCleaner 2014-06-18 12:08 - 2014-06-19 14:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-18 12:08 - 2014-06-18 12:08 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-18 12:08 - 2014-06-18 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-18 12:08 - 2014-06-18 12:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-18 12:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-18 12:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-18 12:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-17 12:45 - 2014-06-17 12:45 - 00011323 _____ () C:\ComboFix.txt 2014-06-17 12:28 - 2014-06-17 12:45 - 00000000 ____D () C:\Qoobox 2014-06-17 12:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-06-17 12:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-06-17 12:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-06-17 12:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-06-17 12:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-06-17 12:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-06-17 12:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-06-17 12:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-06-17 08:53 - 2014-06-19 14:15 - 00000000 ____D () C:\FRST 2014-06-16 19:51 - 2014-06-17 12:22 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Adobe 2014-06-16 19:18 - 2014-06-19 08:00 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2014-06-16 19:18 - 2014-06-16 19:18 - 00001149 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk 2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Nico Mak Computing 2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector 2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector 2014-06-16 19:18 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe 2014-06-16 14:56 - 2014-06-19 11:14 - 00000000 ____D () C:\Users\Murat Celik\Desktop\Neuer Ordner 2014-06-12 12:50 - 2014-06-17 13:52 - 00000000 ____D () C:\Users\Murat Celik\Documents\Melde 2014-06-11 09:53 - 2014-06-11 09:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-06 12:05 - 2014-06-16 20:30 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Skype 2014-06-06 12:05 - 2014-06-06 12:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Skype 2014-06-06 12:04 - 2014-06-16 20:30 - 00000000 ____D () C:\ProgramData\Skype 2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\Program Files\7-Zip 2014-05-28 17:52 - 2014-05-28 17:52 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk 2014-05-28 17:50 - 2014-05-28 17:50 - 00000967 _____ () C:\Users\Public\Desktop\Inkscape.lnk 2014-05-28 17:41 - 2014-05-28 17:52 - 00000000 ____D () C:\Program Files (x86)\Inkscape ==================== One Month Modified Files and Folders ======= 2014-06-19 14:15 - 2014-06-19 14:15 - 00010630 _____ () C:\Users\Murat Celik\Downloads\FRST.txt 2014-06-19 14:15 - 2014-06-17 08:53 - 00000000 ____D () C:\FRST 2014-06-19 14:14 - 2014-06-19 14:14 - 02082304 _____ (Farbar) C:\Users\Murat Celik\Downloads\FRST64.exe 2014-06-19 14:12 - 2013-06-29 12:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-19 14:11 - 2014-06-19 14:11 - 00000914 _____ () C:\Users\Murat Celik\Desktop\checkup.txt 2014-06-19 14:10 - 2014-06-18 12:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-19 13:01 - 2014-06-19 13:01 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-19 12:17 - 2012-07-26 20:43 - 01699042 _____ () C:\Windows\WindowsUpdate.log 2014-06-19 11:32 - 2012-11-28 15:52 - 00000000 ____D () C:\Users\Murat Celik\Documents\Blender Dateien 2014-06-19 11:30 - 2012-11-27 00:09 - 00000000 ____D () C:\Users\Murat Celik\.gimp-2.8 2014-06-19 11:29 - 2014-06-19 11:29 - 00020286 _____ () C:\Users\Murat Celik\AppData\Local\recently-used.xbel 2014-06-19 11:14 - 2014-06-16 14:56 - 00000000 ____D () C:\Users\Murat Celik\Desktop\Neuer Ordner 2014-06-19 08:07 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-19 08:07 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-19 08:03 - 2009-07-14 06:51 - 00094800 _____ () C:\Windows\setupact.log 2014-06-19 08:00 - 2014-06-16 19:18 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2014-06-19 08:00 - 2013-03-01 20:38 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\.oit 2014-06-19 07:59 - 2012-07-26 21:13 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-19 07:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-18 12:41 - 2014-06-18 12:41 - 00026765 _____ () C:\Users\Murat Celik\Desktop\Addition.txt 2014-06-18 12:41 - 2014-06-18 12:39 - 00027762 _____ () C:\Users\Murat Celik\Desktop\FRST.txt 2014-06-18 12:37 - 2014-06-18 12:37 - 00000850 _____ () C:\Users\Murat Celik\Desktop\JRT.txt 2014-06-18 12:36 - 2014-01-05 12:18 - 00002074 _____ () C:\Users\Public\Desktop\Blender.lnk 2014-06-18 12:32 - 2012-07-30 11:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\CrashDumps 2014-06-18 12:30 - 2013-05-21 10:43 - 00000000 ____D () C:\Windows\ERUNT 2014-06-18 12:28 - 2014-06-18 12:25 - 00001254 _____ () C:\Users\Murat Celik\Desktop\AdwCleaner[R0].txt 2014-06-18 12:27 - 2010-11-21 05:47 - 00349842 _____ () C:\Windows\PFRO.log 2014-06-18 12:26 - 2014-06-18 12:21 - 00000000 ____D () C:\AdwCleaner 2014-06-18 12:08 - 2014-06-18 12:08 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-18 12:08 - 2014-06-18 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-18 12:08 - 2014-06-18 12:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-18 12:08 - 2013-05-20 21:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-17 13:52 - 2014-06-12 12:50 - 00000000 ____D () C:\Users\Murat Celik\Documents\Melde 2014-06-17 12:45 - 2014-06-17 12:45 - 00011323 _____ () C:\ComboFix.txt 2014-06-17 12:45 - 2014-06-17 12:28 - 00000000 ____D () C:\Qoobox 2014-06-17 12:41 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-06-17 12:27 - 2013-05-19 22:24 - 00000000 ____D () C:\Windows\erdnt 2014-06-17 12:25 - 2014-05-03 12:51 - 00000000 ____D () C:\Program Files (x86)\AbiWord 2014-06-17 12:22 - 2014-06-16 19:51 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Adobe 2014-06-17 12:22 - 2012-07-26 21:05 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-06-16 20:30 - 2014-06-06 12:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Skype 2014-06-16 20:30 - 2014-06-06 12:04 - 00000000 ____D () C:\ProgramData\Skype 2014-06-16 19:18 - 2014-06-16 19:18 - 00001149 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk 2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\Nico Mak Computing 2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector 2014-06-16 19:18 - 2014-06-16 19:18 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector 2014-06-16 13:45 - 2012-12-25 20:35 - 00000000 ____D () C:\Users\Murat Celik\dwhelper 2014-06-13 20:34 - 2012-07-28 12:30 - 00000000 ____D () C:\tmp 2014-06-12 19:26 - 2013-06-29 12:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-06-12 19:26 - 2012-10-22 17:21 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-06-12 19:26 - 2012-10-22 17:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-12 16:38 - 2009-07-14 06:45 - 00401472 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-06-12 13:11 - 2012-07-26 21:07 - 00119240 _____ () C:\Users\Murat Celik\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-12 12:52 - 2013-04-07 10:43 - 00000000 ____D () C:\Users\Murat Celik\Documents\MAGIX 2014-06-12 12:52 - 2012-08-05 17:20 - 00000000 ____D () C:\Users\Murat Celik\Documents\Business 2014-06-12 12:35 - 2014-02-05 12:30 - 04339200 ___SH () C:\Users\Murat Celik\Desktop\Thumbs.db 2014-06-11 21:07 - 2011-04-12 09:43 - 00666370 _____ () C:\Windows\system32\perfh007.dat 2014-06-11 21:07 - 2011-04-12 09:43 - 00133386 _____ () C:\Windows\system32\perfc007.dat 2014-06-11 21:07 - 2009-07-14 07:13 - 01519796 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-11 14:09 - 2013-05-21 11:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-11 09:53 - 2014-06-11 09:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-10 13:17 - 2013-03-17 11:11 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\LocalStorage 2014-06-07 10:31 - 2013-06-07 21:52 - 00000000 ____D () C:\Users\Murat Celik\AppData\Roaming\FreeVideoConverter 2014-06-06 19:55 - 2012-08-22 10:26 - 00015924 _____ () C:\Windows\H74TGD__.TTF 2014-06-06 12:05 - 2014-06-06 12:05 - 00000000 ____D () C:\Users\Murat Celik\AppData\Local\Skype 2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-05-28 20:45 - 2014-05-28 20:45 - 00000000 ____D () C:\Program Files\7-Zip 2014-05-28 17:52 - 2014-05-28 17:52 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk 2014-05-28 17:52 - 2014-05-28 17:41 - 00000000 ____D () C:\Program Files (x86)\Inkscape 2014-05-28 17:50 - 2014-05-28 17:50 - 00000967 _____ () C:\Users\Public\Desktop\Inkscape.lnk 2014-05-24 00:13 - 2010-08-18 11:41 - 00062936 _____ () C:\Windows\ethnocentric rg.ttf Some content of TEMP: ==================== C:\Users\Murat Celik\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-09 20:45 ==================== End Of Log ============================ Die Systemsteuerung lässt sich nicht öffnen. Der Explorer hat auch Probleme mit der Anzeige der Ordner. Da ist definitiv was Faul und versteckte Prozesse versuche was vor mir zu verstecken. |
|
20.06.2014, 14:12
| #10 |
| /// the machine /// TB-Ausbilder | Systemregistrierung mit Monitoring Tool infiziert. WinZip Malware Protector deinstallieren! Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.06.2014, 14:25
| #11 |
| | Systemregistrierung mit Monitoring Tool infiziert.Code:
ATTFilter Farbar Service Scanner Version: 10-06-2014
Ran by Murat Celik (administrator) on 20-06-2014 at 15:24:07
Running from "C:\Users\Murat Celik\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
|
|
21.06.2014, 09:23
| #12 |
| /// the machine /// TB-Ausbilder | Systemregistrierung mit Monitoring Tool infiziert. Lass das mal bitte laufen: http://www.trojaner-board.de/126216-...epair-aio.html
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.06.2014, 12:38
| #13 | |
| | Systemregistrierung mit Monitoring Tool infiziert.Zitat:
Danke. Werde das mal laufen lassen. Die Repair Anleitung müsste mal wieder geupdated werden. Die neueste Version ist 2.7.5. Da sind einige Veränderungen in der Oberfläche. Auch die Version auf Filepony ist veraltet. Noch immer die 2.6.3. EDIT: Hier das Log. War aber unter einem anderen Dateipfad. Hoffe dass es das richtige Log ist. Die Zeit scheint zu stimmen. Code:
ATTFilter System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: MURATCELIK-PC
Windows Drive: C:\
Windows Path: C:\Windows
Current Profile: C:\Users\Murat Celik
Current Profile SID: S-1-5-21-947860702-3629206099-2466557242-1000
Current Profile Classes: S-1-5-21-947860702-3629206099-2466557242-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Murat Celik\AppData\Local
--------------------------------------------------------------------------------
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:39:43
Process Count: 73
Commit Total: 2,29 GB
Commit Limit: 15,96 GB
Commit Peak: 2,70 GB
Handle Count: 21399
Kernel Total: 598,92 MB
Kernel Paged: 508,04 MB
Kernel Non Paged: 90,88 MB
System Cache: 5,60 GB
Thread Count: 893
--------------------------------------------------------------------------------
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7,98 GB
Memory Used: 2,25 GB(28,1257%)
Memory Avail.: 5,74 GB
--------------------------------------------------------------------------------
Cleaning Memory Before Starting Repairs...
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7,98 GB
Memory Used: 1,88 GB(23,5821%)
Memory Avail.: 6,10 GB
--------------------------------------------------------------------------------
Starting Repairs...
Start (21.06.2014 12:08:21)
01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (21.06.2014 12:08:27)
Running Repair Under Current User Account
Done (21.06.2014 12:08:36)
01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (21.06.2014 12:08:36)
Running Repair Under System Account
Done (21.06.2014 12:11:26)
01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (21.06.2014 12:11:26)
Running Repair Under System Account
Done (21.06.2014 12:13:44)
02 - Reset File Permissions: C:
C: & Sub Folders
Start (21.06.2014 12:13:45)
Running Repair Under System Account
Done (21.06.2014 12:21:00)
02 - Reset File Permissions: All Profiles
C:\Users & Sub Folders
Start (21.06.2014 12:21:00)
Running Repair Under System Account
Done (21.06.2014 12:22:03)
02 - Reset File Permissions: Current Profile
C:\Users\Murat Celik & Sub Folders
Start (21.06.2014 12:22:03)
Running Repair Under System Account
Done (21.06.2014 12:22:27)
02 - Reset File Permissions: Cleanup
Repairing Restricted Folders Permissions To Avoid Infinite Loops
Start (21.06.2014 12:22:27)
Running Repair Under System Account
Processing ACL of: <\\?\C:\Documents and Settings>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Application Data>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Desktop>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Documents>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Favorites>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Start Menu>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Templates>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Application Data>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Desktop>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Documents>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Favorites>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Start Menu>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Templates>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default User>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Application Data>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Cookies>
Reading the SD from <\\?\C:\Users\Default\Cookies> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Default\Local Settings>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\My Documents>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\NetHood>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\PrintHood>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Recent>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\SendTo>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Start Menu>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Templates>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Application Data>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\History>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Temporary Internet Files>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Music>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Pictures>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Videos>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Music>
Reading the SD from <\\?\C:\Users\Public\Documents\My Music> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Pictures>
Reading the SD from <\\?\C:\Users\Public\Documents\My Pictures> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Videos>
Reading the SD from <\\?\C:\Users\Public\Documents\My Videos> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Mevlüde Celik\Application Data>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\Application Data> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Mevlüde Celik\Cookies>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\Cookies> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Mevlüde Celik\Local Settings>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\Local Settings> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Mevlüde Celik\My Documents>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\My Documents> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Mevlüde Celik\NetHood>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\NetHood> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Mevlüde Celik\PrintHood>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\PrintHood> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Mevlüde Celik\Recent>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\Recent> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Mevlüde Celik\SendTo>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\SendTo> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Mevlüde Celik\Start Menu>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\Start Menu> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Mevlüde Celik\Templates>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\Templates> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Mevlüde Celik\AppData\Local\Application Data>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\AppData\Local\Application Data> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Mevlüde Celik\AppData\Local\History>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\AppData\Local\History> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Mevlüde Celik\AppData\Local\Temporary Internet Files>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\AppData\Local\Temporary Internet Files> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Mevlüde Celik\Documents\My Music>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\Documents\My Music> failed with: Das System kann den angegebenen Pfad nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann den angegebenen Pfad nicht finden.
Processing ACL of: <\\?\C:\Users\Mevlüde Celik\Documents\My Pictures>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\Documents\My Pictures> failed with: Das System kann den angegebenen Pfad nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann den angegebenen Pfad nicht finden.
Processing ACL of: <\\?\C:\Users\Mevlüde Celik\Documents\My Videos>
Reading the SD from <\\?\C:\Users\Mevlüde Celik\Documents\My Videos> failed with: Das System kann den angegebenen Pfad nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann den angegebenen Pfad nicht finden.
Processing ACL of: <\\?\C:\Users\Murat Celik\Application Data>
Reading the SD from <\\?\C:\Users\Murat Celik\Application Data> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Murat Celik\Cookies>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Murat Celik\Local Settings>
Reading the SD from <\\?\C:\Users\Murat Celik\Local Settings> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Murat Celik\My Documents>
Reading the SD from <\\?\C:\Users\Murat Celik\My Documents> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Murat Celik\NetHood>
Reading the SD from <\\?\C:\Users\Murat Celik\NetHood> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Murat Celik\PrintHood>
Reading the SD from <\\?\C:\Users\Murat Celik\PrintHood> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Murat Celik\Recent>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Murat Celik\SendTo>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Murat Celik\Start Menu>
Reading the SD from <\\?\C:\Users\Murat Celik\Start Menu> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Murat Celik\Templates>
Reading the SD from <\\?\C:\Users\Murat Celik\Templates> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Murat Celik\AppData\Local\Application Data>
Reading the SD from <\\?\C:\Users\Murat Celik\AppData\Local\Application Data> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Murat Celik\AppData\Local\History>
Reading the SD from <\\?\C:\Users\Murat Celik\AppData\Local\History> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Murat Celik\AppData\Local\Temporary Internet Files>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Murat Celik\Documents\My Music>
Reading the SD from <\\?\C:\Users\Murat Celik\Documents\My Music> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Murat Celik\Documents\My Pictures>
Reading the SD from <\\?\C:\Users\Murat Celik\Documents\My Pictures> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Murat Celik\Documents\My Videos>
Reading the SD from <\\?\C:\Users\Murat Celik\Documents\My Videos> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\UpdatusUser\Application Data>
Reading the SD from <\\?\C:\Users\UpdatusUser\Application Data> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\UpdatusUser\Cookies>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\UpdatusUser\Local Settings>
Reading the SD from <\\?\C:\Users\UpdatusUser\Local Settings> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\UpdatusUser\My Documents>
Reading the SD from <\\?\C:\Users\UpdatusUser\My Documents> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\UpdatusUser\NetHood>
Reading the SD from <\\?\C:\Users\UpdatusUser\NetHood> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\UpdatusUser\PrintHood>
Reading the SD from <\\?\C:\Users\UpdatusUser\PrintHood> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\UpdatusUser\Recent>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\UpdatusUser\SendTo>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\UpdatusUser\Start Menu>
Reading the SD from <\\?\C:\Users\UpdatusUser\Start Menu> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\UpdatusUser\Templates>
Reading the SD from <\\?\C:\Users\UpdatusUser\Templates> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\UpdatusUser\AppData\Local\Application Data>
Reading the SD from <\\?\C:\Users\UpdatusUser\AppData\Local\Application Data> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\UpdatusUser\AppData\Local\History>
Reading the SD from <\\?\C:\Users\UpdatusUser\AppData\Local\History> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\UpdatusUser\Documents\My Music>
Reading the SD from <\\?\C:\Users\UpdatusUser\Documents\My Music> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\UpdatusUser\Documents\My Pictures>
Reading the SD from <\\?\C:\Users\UpdatusUser\Documents\My Pictures> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\UpdatusUser\Documents\My Videos>
Reading the SD from <\\?\C:\Users\UpdatusUser\Documents\My Videos> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Done (21.06.2014 12:22:42)
03 - Register System Files
Start (21.06.2014 12:22:42)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 12:28:12)
04 - Repair WMI
Start (21.06.2014 12:28:12)
Starting Security Center So We Can Export The Security Info.
Exporting Antivirus Info...
Microsoft Security Essentials Exported.
Exporting AntiSpyware Info...
Windows Defender Exported.
Microsoft Security Essentials Exported.
Exporting 3rd Party Firewall Info...
No Firewall Products Reported.
Running Repair Under Current User Account
Done (21.06.2014 12:32:54)
05 - Repair Windows Firewall
Start (21.06.2014 12:32:54)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 12:35:51)
06 - Repair Internet Explorer
Start (21.06.2014 12:35:51)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 12:38:16)
07 - Repair MDAC/MS Jet
Start (21.06.2014 12:38:16)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 12:42:50)
08 - Repair Hosts File
Start (21.06.2014 12:42:50)
Running Repair Under System Account
Done (21.06.2014 12:42:57)
09 - Remove Policies Set By Infections
Start (21.06.2014 12:42:57)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 12:43:18)
10 - Repair Start Menu Icons Removed By Infections
Start (21.06.2014 12:43:18)
Running Repair Under System Account
Done (21.06.2014 12:44:24)
11 - Repair Icons
Start (21.06.2014 12:44:24)
Running Repair Under Current User Account
Done (21.06.2014 12:44:27)
12 - Repair Winsock & DNS Cache
Start (21.06.2014 12:44:28)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 12:45:06)
13 - Remove Temp Files
Start (21.06.2014 12:45:06)
Running Repair Under System Account
Done (21.06.2014 12:45:10)
14 - Repair Proxy Settings
Start (21.06.2014 12:45:10)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 12:45:27)
15 - Unhide Non System Files
Start (21.06.2014 12:45:27)
C:\ - Total Files Unhidden: 1949 - Check Unhidden_Files.txt for list of files unhidden
Done (21.06.2014 12:48:44)
16 - Repair Windows Updates
Start (21.06.2014 12:48:44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 12:53:00)
17 - Repair CD/DVD Missing/Not Working
Start (21.06.2014 12:53:00)
iTunes not found, not applying UpperFilters iTunes Reg Key
Done (21.06.2014 12:53:00)
18 - Repair Volume Shadow Copy Service
Start (21.06.2014 12:53:00)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 12:53:19)
19 - Repair Windows Sidebar/Gadgets
Start (21.06.2014 12:53:19)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 12:53:34)
20 - Repair MSI (Windows Installer)
Start (21.06.2014 12:53:34)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 12:54:58)
21 - Repair Windows Snipping Tool
Start (21.06.2014 12:54:58)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 12:55:04)
22.01 - Repair bat Association
Start (21.06.2014 12:55:04)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 12:55:21)
22.02 - Repair cmd Association
Start (21.06.2014 12:55:21)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 13:00:43)
22.03 - Repair com Association
Start (21.06.2014 13:00:43)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 13:00:56)
22.04 - Repair Directory Association
Start (21.06.2014 13:00:56)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 13:01:02)
22.05 - Repair Drive Association
Start (21.06.2014 13:01:02)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 13:01:08)
22.06 - Repair exe Association
Start (21.06.2014 13:01:08)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 13:01:19)
22.07 - Repair Folder Association
Start (21.06.2014 13:01:19)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 13:01:30)
22.08 - Repair inf Association
Start (21.06.2014 13:01:30)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 13:01:39)
22.09 - Repair lnk (Shortcuts) Association
Start (21.06.2014 13:01:39)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 13:01:49)
22.10 - Repair msc Association
Start (21.06.2014 13:01:49)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 13:01:55)
22.11 - Repair reg Association
Start (21.06.2014 13:01:56)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 13:02:02)
22.12 - Repair scr Association
Start (21.06.2014 13:02:02)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 13:02:33)
23 - Repair Windows Safe Mode
Start (21.06.2014 13:02:33)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 13:02:40)
24 - Repair Print Spooler
Start (21.06.2014 13:02:40)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 13:02:59)
25 - Restore Important Windows Services
Start (21.06.2014 13:02:59)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 13:03:51)
26 - Set Windows Services To Default Startup
Start (21.06.2014 13:03:51)
Running Repair Under Current User Account
Running Repair Under System Account
Done (21.06.2014 13:04:10)
Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1
Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1
Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1
Cleaning up empty logs...
All Selected Repairs Done.
Done (21.06.2014 13:04:11)
Total Repair Time: 00:55:54
...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under Current User Account
|
|
22.06.2014, 06:47
| #14 |
| /// the machine /// TB-Ausbilder | Systemregistrierung mit Monitoring Tool infiziert. Wie läuft der Rechner jetzt?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.06.2014, 08:57
| #15 |
| | Systemregistrierung mit Monitoring Tool infiziert. Soweit so gut. Ich werde jetzt mal eine Woche lang Testbetrieb fahren und sollte es wieder Probleme geben, mache ich einen neuen Thread auf. Vielen Dank nochmal für die Hilfe.  |
|
| Themen zu Systemregistrierung mit Monitoring Tool infiziert. |
| bild, forum, hoffe, infiziert, infiziert., monitoring, registry, tool, viren |
WARNUNG an die MITLESER: 
Linear-Darstellung
