| |
| |||||||
Log-Analyse und Auswertung: G Data meldet Trojanerfund: Trojan.Agent.BDMIWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.06.2014, 10:44
| #1 |
 |  G Data meldet Trojanerfund: Trojan.Agent.BDMI Hallo zusammen, G Data hat gestern bei der wöchentlichen Überprüfung einen Trojanerfund gemeldet: Trojan.Agent.BDMI Konkret wurde der Trojaner im Papierkorb entdeckt, er soll in einer E-Mail stecken, die ich vor ca. einem Monat bekommen habe, und die ich gleich nach Erhalt gelöscht hatte (nicht wg. Virenverdacht, sondern da erledigt). Vorherige Virenprüfungen hatten bei dieser Mail noch nicht Alarm geschlagen. Mein PC ist schon seit geraumer Zeit recht langsam, hängt sich auch oft mit der Meldung auf (Keine Rückmeldung). Ich habe das immer darauf geschoben, dass er schon 7 Jahre alt ist, noch nie neu aufgesetzt wurde und daher wahrscheinlich ziemlich zugemüllt ist. Über den Kauf eines neuen PC's habe ich zwar schon mal nachgedacht, dann aber wg. dem Aufwand der Datenmigration und auch aus finanziellen Gründen erst mal wieder verworfen... Hier nun der Logfile von FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-06-2014 01
Ran by Vera (administrator) on VERA-PC on 22-06-2014 11:22:46
Running from C:\Users\Vera\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\AAVUpdateManager\aavus.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(ElmüSoft) C:\Program Files\PTBSync\PTBSync.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(ElmüSoft) C:\Program Files\PTBSync\PTBSync.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\Vera\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Tracker Software Products (Canada) Ltd.) C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [PTBSync] => C:\Program Files\PTBSync\PTBSync.exe [334336 2008-04-20] (ElmüSoft)
HKLM\...\Run: [GDFirewallTray] => C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM\...\Run: [G Data ASM] => C:\Program Files\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files\g data\internetsecurity\avkkid\avkcks.exe,C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
HKU\.DEFAULT\...\RunOnce: [AutoLaunch] - C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-784248732-3634660742-3863288525-1000\...\Run: [AA315297649520DAB623D5163E56B88C63351059._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-784248732-3634660742-3863288525-1000\...\Run: [Spotify Web Helper] => C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-02] (Spotify Ltd)
HKU\S-1-5-21-784248732-3634660742-3863288525-1000\...\Run: [Google Update] => C:\Users\Vera\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-31] (Google Inc.)
HKU\S-1-5-21-784248732-3634660742-3863288525-1000\...\Run: [MusicManager] => C:\Users\Vera\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
HKU\S-1-5-21-784248732-3634660742-3863288525-1000\...\MountPoints2: {5ffb39ad-ba3b-11dc-9faf-806e6f6e6963} - F:\ShelExec.exe open.htm
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 0WualaOverlayIcon1 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: 0WualaOverlayIcon2 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: 0WualaOverlayIcon3 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: 0WualaOverlayIcon4 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {0A64A28D-4261-4843-A860-D08018111EF3} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=&geo=DE&ver=18
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Perfect PDF 5 - {9DE41FB9-ACA7-4847-982B-D984042588FC} - C:\Program Files\soft Xpansion\Perfect PDF 5\PDF4ie.dll (soft Xpansion)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538
FF SelectedSearchEngine: hxxp://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Vera\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Vera\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: BrowserProtect - C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538\Extensions\browserprotect@browserprotect.com.xpi [2013-04-13]
FF Extension: Ghostery - C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538\Extensions\firefox@ghostery.com.xpi [2013-08-18]
FF Extension: NoScript - C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-04-13]
FF Extension: Adblock Plus - C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-13]
FF Extension: BetterPrivacy - C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-04-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-10]
Chrome:
=======
CHR StartupUrls: "hxxp://www.google.de/"
CHR NewTab: "chrome-extension://dgpdioedihjhncjafcpgbbjdpbbkikmi/speeddial.html"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-19]
CHR Extension: (Google Drive) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-19]
CHR Extension: (YouTube) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-19]
CHR Extension: (Adblock Plus) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-06-24]
CHR Extension: (Google-Suche) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-19]
CHR Extension: (Speed Dial) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi [2013-11-09]
CHR Extension: (Google Play Music) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-05-31]
CHR Extension: (Privacy manager) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\giccehglhacakcfemddmfhdkahamfcmd [2013-11-09]
CHR Extension: (Google Keep) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2013-09-01]
CHR Extension: (Panel View for Keep) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccocffecajimkdjgfpjhlpiimcnadhb [2014-02-21]
CHR Extension: (Privacy Palette) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkcflkplhgpebknipkekjggglimnone [2013-06-24]
CHR Extension: (Ghostery) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-11-09]
CHR Extension: (dict-cc) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2014-02-02]
CHR Extension: (Google Wallet) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-19]
========================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-04-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2159472 2014-03-25] (G Data Software AG)
R2 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [129840 2011-08-15] (Portrait Displays, Inc.)
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2409280 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [113264 2011-05-05] (Portrait Displays, Inc.)
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 PTBSync; C:\Program Files\PTBSync\PTBSync.exe [334336 2008-04-20] (ElmüSoft) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\SXDS10.exe [160768 2009-07-13] (soft Xpansion) [File not signed]
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [109104 2007-10-08] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [121392 2007-10-08] (VMware, Inc.)
R2 vmount2; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [269104 2007-03-23] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [150064 2007-10-08] (VMware, Inc.)
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
==================== Drivers (Whitelisted) ====================
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [44544 2014-04-09] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt32.sys [20736 2014-04-09] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [101504 2014-04-09] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [56832 2014-04-09] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2014-04-09] (G Data Software AG)
S3 gmer; C:\Windows\System32\DRIVERS\gmer.sys [70001 2008-03-16] (GMER) [File not signed]
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2014-04-12] (G Data Software)
R2 hcmon; C:\Windows\system32\Drivers\hcmon.sys [34864 2007-10-08] (VMware, Inc.)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [50176 2014-04-09] (G Data Software AG)
R3 PdiPorts; C:\Windows\System32\Drivers\PdiPorts.sys [17136 2011-05-05] (Portrait Displays, Inc.)
R2 PortTalk; C:\Windows\system32\Drivers\PtbTalk.sys [3567 2008-04-20] (Beyond Logic hxxp://www.beyondlogic.org) [File not signed]
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-02-07] (Secunia)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
S3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [10070016 2013-04-30] (Advanced Micro Devices, Inc.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [81232 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [452816 2013-03-15] (Paragon)
R1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283600 2013-03-15] (Paragon)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [20912 2007-10-08] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16816 2007-10-08] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [28592 2007-10-08] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25008 2007-10-08] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [924976 2007-10-08] (VMware, Inc.)
R2 vstor2; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [18480 2007-03-23] (VMware, Inc.)
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 AndNetGps; system32\DRIVERS\lgandnetgps.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x86\Sandra.sys [X]
S3 WINFLASH; \??\C:\Users\Vera\Desktop\WinFlash.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-22 11:22 - 2014-06-22 11:23 - 00027178 _____ () C:\Users\Vera\Desktop\FRST.txt
2014-06-22 11:21 - 2014-06-22 11:23 - 00000000 ____D () C:\FRST
2014-06-22 11:20 - 2014-06-22 11:20 - 01070592 _____ (Farbar) C:\Users\Vera\Desktop\FRST.exe
2014-06-22 11:19 - 2014-06-22 11:19 - 00000470 _____ () C:\Users\Vera\Desktop\defogger_disable.log
2014-06-22 11:19 - 2014-06-22 11:19 - 00000000 _____ () C:\Users\Vera\defogger_reenable
2014-06-22 11:17 - 2014-06-22 11:17 - 00050477 _____ () C:\Users\Vera\Desktop\Defogger.exe
2014-06-22 11:15 - 2014-06-22 11:15 - 00050477 _____ () C:\Users\Vera\Downloads\Defogger (1).exe
2014-06-22 11:13 - 2014-06-22 11:13 - 00050477 _____ () C:\Users\Vera\Downloads\Defogger.exe
2014-06-19 13:02 - 2014-06-19 13:07 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-12 20:05 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 20:05 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 20:05 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 20:05 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 20:05 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 20:05 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 20:05 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-12 20:05 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 20:05 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 20:05 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 20:05 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 20:05 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 20:05 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 20:05 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 20:05 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-12 20:05 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 20:05 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 20:05 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 20:05 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-12 20:05 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-12 20:05 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 20:05 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 20:05 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 20:05 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 20:05 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-01 15:10 - 2014-06-15 15:37 - 00000000 ____D () C:\Users\Vera\Desktop\Schnapsfotos
2014-05-31 21:08 - 2014-05-31 21:08 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-31 21:08 - 2014-05-31 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-31 21:07 - 2014-05-31 21:08 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-31 21:07 - 2014-05-31 21:08 - 00000000 ____D () C:\Program Files\iTunes
2014-05-31 21:07 - 2014-05-31 21:07 - 00000000 ____D () C:\Program Files\iPod
2014-05-31 14:23 - 2014-05-31 14:23 - 00000000 ____D () C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2014-05-31 14:21 - 2014-06-22 10:32 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784248732-3634660742-3863288525-1000UA.job
2014-05-31 14:20 - 2014-06-21 18:32 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784248732-3634660742-3863288525-1000Core.job
2014-05-28 17:56 - 2014-05-28 17:56 - 00015866 _____ () C:\Users\Vera\Desktop\Guetta, David.txt
2014-05-24 23:22 - 2014-05-24 23:22 - 00142872 _____ () C:\Windows\Minidump\Mini052414-01.dmp
2014-05-24 23:21 - 2014-05-24 23:21 - 243985422 _____ () C:\Windows\MEMORY.DMP
2014-05-23 18:22 - 2014-05-23 18:22 - 00000000 ____D () C:\ProgramData\Auslogics
==================== One Month Modified Files and Folders =======
2081-04-04 18:39 - 2011-05-28 11:40 - 00000564 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-06-22 11:23 - 2014-06-22 11:22 - 00027178 _____ () C:\Users\Vera\Desktop\FRST.txt
2014-06-22 11:23 - 2014-06-22 11:21 - 00000000 ____D () C:\FRST
2014-06-22 11:20 - 2014-06-22 11:20 - 01070592 _____ (Farbar) C:\Users\Vera\Desktop\FRST.exe
2014-06-22 11:19 - 2014-06-22 11:19 - 00000470 _____ () C:\Users\Vera\Desktop\defogger_disable.log
2014-06-22 11:19 - 2014-06-22 11:19 - 00000000 _____ () C:\Users\Vera\defogger_reenable
2014-06-22 11:19 - 2008-01-08 21:45 - 00000000 ____D () C:\Users\Vera
2014-06-22 11:17 - 2014-06-22 11:17 - 00050477 _____ () C:\Users\Vera\Desktop\Defogger.exe
2014-06-22 11:15 - 2014-06-22 11:15 - 00050477 _____ () C:\Users\Vera\Downloads\Defogger (1).exe
2014-06-22 11:14 - 2012-03-31 13:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-22 11:13 - 2014-06-22 11:13 - 00050477 _____ () C:\Users\Vera\Downloads\Defogger.exe
2014-06-22 11:09 - 2013-02-19 23:42 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-22 10:47 - 2008-01-03 22:38 - 02000283 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 10:32 - 2014-05-31 14:21 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784248732-3634660742-3863288525-1000UA.job
2014-06-22 10:29 - 2008-04-20 15:25 - 00001178 _____ () C:\Users\Vera\Documents\PTBSync-AutoExport-Vera.ini
2014-06-22 10:29 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-22 10:29 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-21 18:32 - 2014-05-31 14:20 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784248732-3634660742-3863288525-1000Core.job
2014-06-21 16:09 - 2013-02-19 23:42 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-21 12:40 - 2011-10-01 12:58 - 00000000 ____D () C:\Temp
2014-06-21 12:36 - 2008-01-09 20:20 - 00000000 ____D () C:\ProgramData\VMware
2014-06-21 12:35 - 2012-05-26 17:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-21 12:35 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-19 22:58 - 2006-11-02 15:01 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-19 22:56 - 2011-11-27 12:43 - 00000000 ____D () C:\Users\Vera\AppData\Roaming\SoftGrid Client
2014-06-19 13:07 - 2014-06-19 13:02 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-15 15:37 - 2014-06-01 15:10 - 00000000 ____D () C:\Users\Vera\Desktop\Schnapsfotos
2014-06-15 14:39 - 2013-01-20 14:04 - 00000000 ____D () C:\Users\Vera\VR-Haushaltsbuch
2014-06-13 00:07 - 2013-08-15 20:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 00:03 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-05 22:08 - 2006-11-02 12:33 - 01585492 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-01 11:30 - 2013-02-20 03:55 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-06-01 09:19 - 2011-06-11 14:41 - 00000000 ____D () C:\Users\Vera\AppData\Local\CrashDumps
2014-05-31 21:08 - 2014-05-31 21:08 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-31 21:08 - 2014-05-31 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-31 21:08 - 2014-05-31 21:07 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-31 21:08 - 2014-05-31 21:07 - 00000000 ____D () C:\Program Files\iTunes
2014-05-31 21:07 - 2014-05-31 21:07 - 00000000 ____D () C:\Program Files\iPod
2014-05-31 21:07 - 2008-01-12 12:38 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-31 14:24 - 2008-01-08 21:48 - 00000000 ____D () C:\Users\Vera\AppData\Local\Google
2014-05-31 14:23 - 2014-05-31 14:23 - 00000000 ____D () C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2014-05-29 20:18 - 2009-05-30 14:00 - 00000000 ____D () C:\Users\Vera\Documents\Steuerfälle
2014-05-29 19:01 - 2011-05-22 15:53 - 00000815 _____ () C:\Users\Vera\Documents\OuProxy.log
2014-05-29 13:24 - 2014-01-12 14:12 - 00001842 _____ () C:\Users\Public\Desktop\BILD Steuer 2014.lnk
2014-05-29 13:24 - 2014-01-12 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BILD Steuer 2014
2014-05-28 18:48 - 2014-06-12 20:05 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 18:39 - 2014-06-12 20:05 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 18:38 - 2014-06-12 20:05 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 18:33 - 2014-06-12 20:05 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 18:32 - 2014-06-12 20:05 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 18:32 - 2014-06-12 20:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 18:31 - 2014-06-12 20:05 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 18:31 - 2014-06-12 20:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 18:30 - 2014-06-12 20:05 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 18:30 - 2014-06-12 20:05 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 18:30 - 2014-06-12 20:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 18:30 - 2014-06-12 20:05 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 18:30 - 2014-06-12 20:05 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 18:30 - 2014-06-12 20:05 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 18:30 - 2014-06-12 20:05 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 18:29 - 2014-06-12 20:05 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 18:29 - 2014-06-12 20:05 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 18:29 - 2014-06-12 20:05 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 18:29 - 2014-06-12 20:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 18:29 - 2014-06-12 20:05 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 18:28 - 2014-06-12 20:05 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-28 17:56 - 2014-05-28 17:56 - 00015866 _____ () C:\Users\Vera\Desktop\Guetta, David.txt
2014-05-25 00:51 - 2012-05-01 20:59 - 00000000 ____D () C:\Users\Vera\AppData\Roaming\Spotify
2014-05-25 00:13 - 2012-05-01 21:01 - 00000000 ____D () C:\Users\Vera\AppData\Local\Spotify
2014-05-24 23:22 - 2014-05-24 23:22 - 00142872 _____ () C:\Windows\Minidump\Mini052414-01.dmp
2014-05-24 23:22 - 2008-07-31 19:42 - 00000000 ____D () C:\Windows\Minidump
2014-05-24 23:21 - 2014-05-24 23:21 - 243985422 _____ () C:\Windows\MEMORY.DMP
2014-05-23 20:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-05-23 18:22 - 2014-05-23 18:22 - 00000000 ____D () C:\ProgramData\Auslogics
2014-05-23 18:22 - 2013-03-28 17:24 - 00000000 ____D () C:\Program Files\Auslogics
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-21 12:50
==================== End Of Log ============================
Ich hoffe es sieht nicht allzu schlimm aus, und ihr könnt mir helfen. vielen Dank schon im Voraus! Vera |
|
22.06.2014, 10:59
| #2 |
| /// the machine /// TB-Ausbilder    | G Data meldet Trojanerfund: Trojan.Agent.BDMI Hi,
__________________Addition.txt fehlt noch 
__________________ |
|
22.06.2014, 11:28
| #3 |
| | G Data meldet Trojanerfund: Trojan.Agent.BDMI hier ist sie... ich hatte das mit dem Hinweis auf den ersten Scan falsch verstanden
__________________ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-06-2014 01
Ran by Vera at 2014-06-22 11:24:30
Running from C:\Users\Vera\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: G Data InternetSecurity (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
1&1 SmartFax (HKLM\...\1&1 SmartFax) (Version: 2.00.231 - 1&1 Internet AG)
7-Zip 4.57 (HKLM\...\7-Zip) (Version: - )
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0429.2313.39747 - Ihr Firmenname) Hidden
AMD VISION Engine Control Center (Version: 2013.0429.2313.39747 - Ihr Firmenname) Hidden
AMDAway INF (HKLM\...\AMDAway INF) (Version: - )
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo UnInstaller Platinum 2.90 (HKLM\...\Ashampoo UnInstaller Platinum 2_is1) (Version: 2.9.0 - ashampoo GmbH & Co. KG)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.007.0731.2233 - )
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd)
Benutzerhandbuch (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
BILD Steuer 2014 (HKLM\...\{6095D412-A42B-4A41-8286-135111F0CB84}) (Version: 19.10.89 - Akademische Arbeitsgemeinschaft)
BILD-Steuer 2011 (HKLM\...\{F2C7A130-9C68-41C4-A8E7-985DFFBD01DF}) (Version: 16.14 - Akademische Arbeitsgemeinschaft Verlag)
BILD-Steuer 2013 (HKLM\...\{33030435-243F-4111-BD25-C6A447E8A84F}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
calibre (HKLM\...\{BC72976B-8232-468E-A7FE-1BD583F633B9}) (Version: 0.8.68 - Kovid Goyal)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MG5300 series Benutzerregistrierung (HKLM\...\Canon MG5300 series Benutzerregistrierung) (Version: - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Core Implementation (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2007.0731.2234.38497 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Chinese Standard (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help English (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help French (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help German (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Hungarian (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Italian (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Japanese (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Korean (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Polish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Portuguese (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Spanish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Thai (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Turkish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
ccc-core-static (Version: 2007.0731.2234.38497 - ATI) Hidden
ccc-utility (Version: 2007.0731.2234.38497 - ATI) Hidden
ccc-utility (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Dell Handbuch zum Einstieg (HKLM\...\{FD023F61-65E9-465C-B558-7C64EB2B97E6}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5830.17 - Dell Inc.)
Dell Support Center (Version: 3.1.5830.17 - PC-Doctor, Inc.) Hidden
DVD Flick (HKLM\...\DVD Flick_is1) (Version: 1.2.2.1 - )
G Data InternetSecurity (HKLM\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Haushaltsbuch8 (HKLM\...\{1BC857FE-62E6-48D3-8E65-FC6C62CE9A69}) (Version: 8.9.94 - Reiners-Software)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LibreOffice 3.6 (HKLM\...\{7FDEBC17-F2F8-4B66-BE25-A2DD59B44F61}) (Version: 3.6.5.2 - The Document Foundation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.6109.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version: - Google, Inc.)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.3 - F.J. Wechselberger)
Nero BackItUp (Version: 12.5.7000 - Nero AG) Hidden
Nero BackItUp 12 Essentials (HKLM\...\{0E3368AC-FB29-4C5E-938E-FA11C12D035E}) (Version: 12.0.01200 - Nero AG)
Nero BackItUp Help (CHM) (Version: 12.0.3000 - Nero AG) Hidden
Nero Backup Drivers (HKLM\...\{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}) (Version: 12.0.4000 - Nero AG)
Nero ControlCenter (Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (Version: 12.0.5000 - Nero AG) Hidden
Nero Core Components (Version: 11.0.21800 - Nero AG) Hidden
Nero Prerequisite Installer 2.0 (HKLM\...\{0DBC021C-95D9-435A-A4B0-E6515AFD1A71}) (Version: 12.0.01000 - Nero AG)
Nero RescueAgent (Version: 12.0.11000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (Version: 12.0.0001 - Nero AG) Hidden
Nero Update (Version: 11.0.11800.31.0 - Nero AG) Hidden
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.0.2 - Nikon)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
NVIDIANetworkDiagnostic (HKLM\...\InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}) (Version: 1.00.0000 - NVIDIA Corporation)
NVIDIANetworkDiagnostic (Version: 1.00.0000 - NVIDIA Corporation) Hidden
O&O SafeErase (HKLM\...\{DCD786A9-31EF-4D35-B7CC-EFB8F548AEE2}) (Version: 2.7.523 - O&O Software GmbH)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Paragon Backup & Recovery™ 2013 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.208.0 - Tracker Software Products Ltd)
PDF-XChange Viewer (HKLM\...\{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}) (Version: 2.5.201.0 - Tracker Software Products Ltd.)
PhotoME (HKLM\...\PhotoME_is1) (Version: 0.79R17 - Jens Duttke)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.0.3 - Nikon)
Pivot Pro Plugin (Version: 9.50.110 - Portrait Displays, Inc.) Hidden
Prerequisite installer (Version: 12.0.0003 - Nero AG) Hidden
PTBSync (Atomuhr Synchronisation & Terminkalender) (HKLM\...\PTBSync) (Version: - )
PWGen 2.2.1 (HKLM\...\{8A5E6B59-2804-4677-8A5F-DEBC218CE4E0}_is1) (Version: - Christian Thoeing)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
QupZilla 1.4.3 (HKLM\...\QupZilla) (Version: 1.4.3 - QupZilla Team)
Raptr (HKLM\...\Raptr) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5548 - Realtek Semiconductor Corp.)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Schwedisch AKTIV (HKLM\...\Schwedisch Aktiv) (Version: - )
SDK (Version: 2.27.002 - Portrait Displays, Inc.) Hidden
Secunia PSI (3.0.0.6005) (HKLM\...\Secunia PSI) (Version: 3.0.0.6005 - Secunia)
Skins (Version: 2007.0731.2234.38497 - ATI) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartControl (HKLM\...\{F4EF231A-7218-41B1-AB84-F5B48B74C50A}) (Version: 2.10.016 - Portrait Displays, Inc.)
soft Xpansion Perfect PDF 5 Premium (HKLM\...\{1FD1567B-0129-4FA0-914C-F3E02833F77B}) (Version: 5.0 - )
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
UFRaw 0.15 (HKLM\...\UFRaw_is1) (Version: - Udi Fuchs)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
ViewNX (HKLM\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.0.3 - Nikon)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
VMware Player (HKLM\...\{A53A11EA-0095-493F-86FA-A15E8A86A405}) (Version: 2.0.2.59824 - VMware, Inc.)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{ED636101-1959-4360-8BF7-209436E7DEE4}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Wuala (HKCU\...\Wuala) (Version: 1.0.444.0 - LaCie)
Wuala CBFS (HKLM\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie)
Wuala OverlayIcons (HKLM\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie)
==================== Restore Points =========================
27-05-2014 17:03:30 Geplanter Prüfpunkt
07-06-2014 11:24:05 Geplanter Prüfpunkt
12-06-2014 22:01:20 Windows Update
14-06-2014 09:10:52 Geplanter Prüfpunkt
15-06-2014 09:18:47 Geplanter Prüfpunkt
19-06-2014 15:21:04 Geplanter Prüfpunkt
21-06-2014 15:24:08 Geplanter Prüfpunkt
22-06-2014 08:36:55 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2006-11-02 12:23 - 2011-05-31 20:28 - 00435255 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 1800searchonline.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {0A279F6A-23BA-4F58-ABC3-7822461D386A} - System32\Tasks\{ADAF638A-B7CB-421A-950F-BD5ED05A2B68} => c:\program files\opera\opera.exe [2014-04-30] (Opera Software)
Task: {185E01A2-731B-4ED5-8723-E47E985B90D2} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {1B8D7E59-7D52-4FE3-B0E5-43CF9258E9C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-19] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2886661C-A05A-488F-9B4F-A8E54FCB197E} - System32\Tasks\{2C059A2A-5679-4E18-B38B-60605172A942} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {2D15DA69-1284-4BD3-AE12-DB75627A4913} - System32\Tasks\Vera_SicherungD 12 0 => C:\Program Files\Nero\Nero 12\Nero BackItUp\NBCore.exe [2013-04-07] (Nero AG)
Task: {35C7D8FE-448F-4147-84D1-E7CEC5FBC363} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Vera => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {3A3AB292-CF3D-469E-B542-B52FCD426487} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-784248732-3634660742-3863288525-1000Core => C:\Users\Vera\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-31] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {4EACFA91-0B24-4281-B585-8FB6722850AF} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {4FF23840-8A54-4A1A-A5CE-5E718DA90F4D} - System32\Tasks\Vera Nero LIVEBackup Merge 12 0 => C:\Program Files\Nero\Nero 12\Nero BackItUp\NBCore.exe [2013-04-07] (Nero AG)
Task: {5185D3FA-D025-443F-96A6-BEFCABB37CD3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-06-21] (PC-Doctor, Inc.)
Task: {7AA6B284-4051-433B-A96C-F1D4A8AB8397} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7DEE202F-301D-4C43-A1B1-40A9BA06F8BE} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {9B8A38D6-9822-4539-BE3B-2C100B1771A7} - System32\Tasks\Vera10082013 12 0 => C:\Program Files\Nero\Nero 12\Nero BackItUp\NBCore.exe [2013-04-07] (Nero AG)
Task: {9C6D8F20-05C0-48EE-AEAE-81DC92C78509} - System32\Tasks\Motorola Device Manager Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {A12101F1-FF52-48A2-9C52-DE728CF7A400} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-06-21] (PC-Doctor, Inc.)
Task: {A27EB8D8-DFE7-434E-9BE3-21F1EF2C0D5C} - System32\Tasks\{0A7668AA-7EE0-48DC-8CDF-7D710BEE0E9E} => c:\program files\opera\opera.exe [2014-04-30] (Opera Software)
Task: {A65508D1-2805-48D4-9D90-1039ADCE95A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-784248732-3634660742-3863288525-1000UA => C:\Users\Vera\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-31] (Google Inc.)
Task: {B392CEC0-2DC4-4F69-9B16-BE041A54F0A7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {B6A669FC-870A-43E4-BC0A-4C323D3C656D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {D4AEE2B0-A0F8-4007-950D-7DC416D9A5EB} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-06-21] (PC-Doctor, Inc.)
Task: {D6D6808C-F4B5-4CDB-B5CB-7E5E6C6F7149} - System32\Tasks\{BFBEEE96-3ED7-464D-AC5E-778727146AD3} => c:\program files\opera\opera.exe [2014-04-30] (Opera Software)
Task: {D6EEE507-A9D0-4C5F-B7BF-0C2CE227F5DE} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {DA17FE76-D13A-4C60-B9F9-300F8FC9E232} - System32\Tasks\{F78DC35A-5FB1-472E-BA32-14E42B431390} => c:\program files\opera\opera.exe [2014-04-30] (Opera Software)
Task: {E2A63712-C44C-4A94-8505-0EC05684FFEB} - System32\Tasks\Vera Nero LIVEBackup 12 0 => C:\Program Files\Nero\Nero 12\Nero BackItUp\NBCore.exe [2013-04-07] (Nero AG)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {E7C675DA-96E4-4721-B6C2-73BA517E8D97} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {F234F7FD-C76F-4410-86FC-6CB9253DA258} - System32\Tasks\nero_24082013 12 0 => C:\Program Files\Nero\Nero 12\Nero BackItUp\NBCore.exe [2013-04-07] (Nero AG)
Task: {FBE31196-83DF-4BEC-90CA-DA2BB57A230A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-19] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784248732-3634660742-3863288525-1000Core.job => C:\Users\Vera\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784248732-3634660742-3863288525-1000UA.job => C:\Users\Vera\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\uaclauncher.exe
==================== Loaded Modules (whitelisted) =============
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\AAVUpdateManager\aavus.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-31 17:05 - 2013-10-31 17:05 - 00172032 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll
2006-11-05 12:28 - 2006-11-05 12:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2007-03-23 11:02 - 2007-03-23 11:02 - 00166704 _____ () C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\SSLEAY32.dll
2007-03-23 11:03 - 2007-03-23 11:03 - 00834352 _____ () C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\LIBEAY32.dll
2007-10-08 10:22 - 2007-10-08 10:22 - 00970288 _____ () C:\Program Files\VMware\VMware Player\libxml2.dll
2007-10-08 10:22 - 2007-10-08 10:22 - 00080432 _____ () C:\Program Files\VMware\VMware Player\zlib1.dll
2013-12-19 04:42 - 2013-12-19 04:42 - 00287864 ____N () C:\Program Files\Common Files\G Data\AVKProxy\PktIcpt2.dll
2013-04-30 04:46 - 2013-04-30 04:46 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2009-04-21 20:50 - 2008-04-13 20:38 - 00172032 _____ () C:\Program Files\PhotoME\PhotoMeShellExt.dll
2013-12-10 23:06 - 2013-12-10 23:06 - 10683392 _____ () C:\Users\Vera\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-12-10 23:06 - 2013-12-10 23:06 - 07741952 _____ () C:\Users\Vera\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-12-10 23:06 - 2013-12-10 23:06 - 02248192 _____ () C:\Users\Vera\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2013-12-10 23:06 - 2013-12-10 23:06 - 01681408 _____ () C:\Users\Vera\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-05-15 23:20 - 2014-05-15 23:20 - 00117248 _____ () C:\Users\Vera\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-05-15 23:20 - 2014-05-15 23:20 - 00231936 _____ () C:\Users\Vera\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-05-15 23:21 - 2014-05-15 23:21 - 00253440 _____ () C:\Users\Vera\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-05-15 23:24 - 2014-05-15 23:24 - 00344064 _____ () C:\Users\Vera\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-12-10 23:06 - 2013-12-10 23:06 - 00026624 _____ () C:\Users\Vera\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2013-04-30 00:24 - 2013-04-30 00:24 - 00095232 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-06-18 16:49 - 2013-06-18 16:49 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-30 00:08 - 2013-04-30 00:08 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-06-15 21:29 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-15 21:29 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-15 21:29 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-19 13:03 - 2014-06-19 13:04 - 03022960 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-06-19 13:03 - 2014-06-19 13:03 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-19 13:03 - 2014-06-19 13:03 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Vera\Documents\My LivePC Documents:Roxio EMC Stream
AlternateDataStreams: C:\Users\Vera\Documents\My LivePCs:Roxio EMC Stream
AlternateDataStreams: C:\Users\Vera\Documents\My Shared LivePC Documents:Roxio EMC Stream
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
HKU\S-1-5-21-784248732-3634660742-3863288525-1000\Software\Classes\.exe: => <===== ATTENTION!
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\Services: BthServ => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupreg: AA315297649520DAB623D5163E56B88C63351059._service_run => "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: AdobeUpdater =>
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: B2C_AGENT => C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: DT PLP => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -PLP
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: Google Desktop Search =>
MSCONFIG\startupreg: GrooveMonitor =>
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: PivotSoftware => "C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Spotify => "C:\Users\Vera\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VMware hqtray => "C:\Program Files\VMware\VMware Player\hqtray.exe"
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
==================== Faulty Device Manager Devices =============
Name: USB-Massenspeichergerät
Description: USB-Massenspeichergerät
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Kompatibles USB-Speichergerät
Service: USBSTOR
Problem: : Windows is removing this device. (Code 21)
Resolution: Wait several seconds, and then press the F5 key to update the Device Manager view.
If that does not resolve the problem, restart your computer.
Name: Broadcom 802.11g-Netzwerkadapter
Description: Broadcom 802.11g-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XV
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/21/2014 06:40:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584
Error: (06/21/2014 06:40:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584
Error: (06/21/2014 06:40:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/19/2014 10:55:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16068
Error: (06/19/2014 10:55:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16068
Error: (06/19/2014 10:55:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/19/2014 06:12:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20780
Error: (06/19/2014 06:12:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20780
Error: (06/19/2014 06:12:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/19/2014 06:12:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19781
System errors:
=============
Error: (06/22/2014 11:25:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (06/22/2014 11:25:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (06/22/2014 11:24:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (06/22/2014 11:24:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (06/22/2014 11:23:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (06/22/2014 11:22:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (06/22/2014 11:22:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (06/22/2014 11:22:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (06/22/2014 11:22:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (06/22/2014 11:21:40 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Microsoft Office Sessions:
=========================
Error: (06/21/2014 06:40:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584
Error: (06/21/2014 06:40:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584
Error: (06/21/2014 06:40:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/19/2014 10:55:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16068
Error: (06/19/2014 10:55:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16068
Error: (06/19/2014 10:55:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/19/2014 06:12:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20780
Error: (06/19/2014 06:12:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20780
Error: (06/19/2014 06:12:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/19/2014 06:12:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19781
CodeIntegrity Errors:
===================================
Date: 2014-06-22 11:23:33.844
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-22 11:23:33.472
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-22 11:23:33.112
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-22 11:23:32.694
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-09 22:47:28.408
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\HookCentre.sys.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-09 22:47:28.031
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\HookCentre.sys.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-09 22:47:27.632
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\HookCentre.sys.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-09 22:47:27.119
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\HookCentre.sys.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-09 22:47:26.393
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-09 22:47:25.894
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 80%
Total physical RAM: 2045.76 MB
Available physical RAM: 405.73 MB
Total Pagefile: 4331.52 MB
Available Pagefile: 1465.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.86 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:136.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATAPART1) (Fixed) (Total:232.83 GB) (Free:211.03 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.98 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 40000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=223 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: F39F1CAD)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Vera |
|
23.06.2014, 11:03
| #4 |
| /// the machine /// TB-Ausbilder | G Data meldet Trojanerfund: Trojan.Agent.BDMI hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.06.2014, 19:17
| #5 |
| | G Data meldet Trojanerfund: Trojan.Agent.BDMI Hallo schrauber, Ich habe die combofix.exe jetzt auf den Desktop herunter geladen. Antivirensoftware habe ich deaktiviert, sonstige Malware Scanner habe ich nicht installiert. Die Internet Verbindung Habe ich vorsichtshalber deaktiviert, war das Ok? Allerdings kriege ich die combofix nicht gestartet. Wenn ich sie anklicke, öffnet sich ganz kurz ein DOS -ähnliches Fenster, was aber sofort wieder verschwindet. Weiter passiert gar nichts mehr. Woran kann das liegen? Danke schon mal! Vera Geändert von sowieso (23.06.2014 um 19:33 Uhr) |
|
24.06.2014, 12:47
| #6 |
| /// the machine /// TB-Ausbilder | G Data meldet Trojanerfund: Trojan.Agent.BDMI Rechtsklick als Admin starten, und Internet nicht trennen
__________________ --> G Data meldet Trojanerfund: Trojan.Agent.BDMI |
|
24.06.2014, 19:48
| #7 | |
| | G Data meldet Trojanerfund: Trojan.Agent.BDMI Ausführen als Admin hatte ich gestern schon mehrfach versucht, und jetzt gerade auch wieder. G-Data hatte ich deaktiviert, Internet war aktiv - aber die combofix startet einfach nicht. Es flackert immer nur kurz ein schwarzes DOS-Fenster auf, und dann passiert nichts mehr. Was tun...  Zitat:
Code:
ATTFilter ComboFix 14-06-24.01 - Vera 24.06.2014 20:24:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1055 [GMT 2:00]
ausgeführt von:: c:\users\Vera\Desktop\ComboFix.exe
AV: G Data InternetSecurity *Disabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0}
FW: G Data Personal Firewall *Disabled* {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
SP: G Data InternetSecurity *Disabled/Updated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-05-24 bis 2014-06-24 ))))))))))))))))))))))))))))))
.
.
2014-06-24 18:38 . 2014-06-24 18:38 -------- d-----w- c:\users\Vera\AppData\Local\temp
2014-06-24 18:38 . 2014-06-24 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-22 09:21 . 2014-06-22 09:25 -------- d-----w- C:\FRST
2014-06-19 11:02 . 2014-06-19 11:07 -------- d-----w- c:\program files\Mozilla Thunderbird
2014-05-31 19:07 . 2014-05-31 19:07 -------- d-----w- c:\program files\iPod
2014-05-31 19:07 . 2014-05-31 19:08 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-31 19:07 . 2014-05-31 19:08 -------- d-----w- c:\program files\iTunes
2014-05-31 12:22 . 2014-05-31 12:22 -------- d-----w- c:\users\Vera\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 18:14 . 2012-03-31 11:05 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-15 18:14 . 2011-05-14 15:34 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-12 12:00 . 2013-03-16 13:40 15192 ----a-w- c:\windows\system32\drivers\GdPhyMem.sys
2014-04-12 12:00 . 2013-08-10 18:25 29528 ----a-w- c:\windows\system32\drivers\GRD.sys
2014-04-09 20:48 . 2013-07-22 19:06 56832 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2014-04-09 20:47 . 2014-04-09 20:47 20736 ----a-w- c:\windows\system32\drivers\GDKBFlt32.sys
2014-04-09 20:47 . 2013-07-22 19:06 53248 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
2014-04-09 20:47 . 2013-07-22 19:06 50176 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2014-04-09 20:47 . 2013-07-22 19:06 44544 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2014-04-09 20:47 . 2013-07-22 19:06 101504 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-05-02 12:10 1688576 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-05-02 12:10 1688576 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-05-02 12:10 1688576 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2012-05-02 12:10 1688576 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{0A64A28D-4261-4843-A860-D08018111EF3}"
[HKEY_CLASSES_ROOT\CLSID\{0A64A28D-4261-4843-A860-D08018111EF3}]
2012-04-09 15:27 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 15:27 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AA315297649520DAB623D5163E56B88C63351059._service_run"="c:\program files\Google\Chrome\Application\chrome.exe" [2014-06-05 860488]
"Spotify Web Helper"="c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-02-02 1171968]
"MusicManager"="c:\users\Vera\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2014-05-15 7631872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"PTBSync"="c:\program files\PTBSync\PTBSync.exe" [2008-04-20 334336]
"GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2013-12-19 1724728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AA315297649520DAB623D5163E56B88C63351059._service_run]
2014-06-05 13:58 860488 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-12 19:57 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2011-09-20 03:19 404568 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-14 17:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-08-04 16:06 1612920 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT PLP]
2011-08-15 10:59 121648 ----a-w- c:\program files\Common Files\Portrait Displays\Shared\DT_Startup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\G Data ASM]
2013-12-19 03:26 431224 ------w- c:\program files\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2011-01-15 15:48 452016 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-05-26 17:12 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
2010-05-13 15:34 110192 ----a-w- c:\program files\Portrait Displays\Pivot Pro Plugin\pivot_Startup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 11:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-11-12 12:56 4706304 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2014-02-02 18:50 6118400 ----a-w- c:\users\Vera\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-02-02 18:50 1171968 ----a-w- c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2007-10-08 08:21 55856 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 09:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-784248732-3634660742-3863288525-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002
.
S2 AAV UpdateService;AAV UpdateService;c:\program files\AAVUpdateManager\aavus.exe [2008-10-24 128296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-15 15:10 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 18:14]
.
2014-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-19 21:42]
.
2014-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-19 21:42]
.
2014-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784248732-3634660742-3863288525-1000Core.job
- c:\users\Vera\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-31 12:20]
.
2014-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784248732-3634660742-3863288525-1000UA.job
- c:\users\Vera\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-31 12:20]
.
2081-04-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
2011-09-13 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538\
FF - prefs.js: browser.search.selectedEngine - hxxp://www.google.com/search
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKU-Default-RunOnce-AutoLaunch - c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-KiesPDLR - c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSConfigStartUp-KiesPreload - c:\program files\Samsung\Kies\Kies.exe
MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-06-24 20:38
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD25 rev.12.0 -> Harddisk0\DR0 -> \Device\00000070
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\CbFsNetRdr3.dll
.
Zeit der Fertigstellung: 2014-06-24 20:42:41
ComboFix-quarantined-files.txt 2014-06-24 18:42
.
Vor Suchlauf: 23 Verzeichnis(se), 145.068.052.480 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 145.219.428.352 Bytes frei
.
- - End Of File - - BF87141EDEF9519B8C73139E4B014C30
5C616939100B85E558DA92B899A0FC36
|
|
25.06.2014, 18:06
| #8 |
| /// the machine /// TB-Ausbilder | G Data meldet Trojanerfund: Trojan.Agent.BDMI Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.06.2014, 21:53
| #9 |
| | G Data meldet Trojanerfund: Trojan.Agent.BDMI Hallo schrauber, und weiter gehts... hier kommen die nächsten Auswertungen: MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 25.06.2014 Suchlauf-Zeit: 20:59:11 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.25.16 Rootkit Datenbank: v2014.06.23.02 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: Vera Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 309645 Verstrichene Zeit: 18 Min, 49 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.213 - Bericht erstellt am 25/06/2014 um 21:55:48
# Aktualisiert 23/06/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Vera - VERA-PC
# Gestartet von : C:\Users\Vera\Desktop\adwcleaner_3.213.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Vera\Desktop\Browser
Ordner Gelöscht : C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi
Datei Gelöscht : C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538\Extensions\browserprotect@browserprotect.com.xpi
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16555
-\\ Mozilla Firefox v29.0.1 (en-US)
[ Datei : C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ Datei : C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://int.search-results.com/web?q={searchTerms}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=19&gct=sb&qsrc=2869
Gelöscht [Extension] : dgpdioedihjhncjafcpgbbjdpbbkikmi
*************************
AdwCleaner[R0].txt - [3701 octets] - [25/01/2014 16:41:08]
AdwCleaner[R1].txt - [3497 octets] - [26/01/2014 14:34:29]
AdwCleaner[R2].txt - [3557 octets] - [25/06/2014 21:29:49]
AdwCleaner[S0].txt - [3478 octets] - [25/06/2014 21:55:48]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3538 octets] ##########
Beim ersten Mal habe ich "yes" gemacht, da ist der PC runtergefahren, hat sich dabei aber aufgehängt, so dass ich ihn nur noch über den Ein/Aus-Knopf auf die brutale Art ausschalten konnte. Beim zweiten Mal habe ich dann bei restart "no" ausgewählt, da lief es problemlos durch. Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Vera on 25.06.2014 at 22:30:44,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.06.2014 at 22:38:58,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-06-2014
Ran by Vera (administrator) on VERA-PC on 25-06-2014 22:43:22
Running from C:\Users\Vera\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\AAVUpdateManager\aavus.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(ElmüSoft) C:\Program Files\PTBSync\PTBSync.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(ElmüSoft) C:\Program Files\PTBSync\PTBSync.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Google Inc.) C:\Users\Vera\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [PTBSync] => C:\Program Files\PTBSync\PTBSync.exe [334336 2008-04-20] (ElmüSoft)
HKLM\...\Run: [GDFirewallTray] => C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [G Data ASM] => C:\Program Files\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG)
HKU\S-1-5-21-784248732-3634660742-3863288525-1000\...\Run: [AA315297649520DAB623D5163E56B88C63351059._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-784248732-3634660742-3863288525-1000\...\Run: [MusicManager] => C:\Users\Vera\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 0WualaOverlayIcon1 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: 0WualaOverlayIcon2 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: 0WualaOverlayIcon3 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: 0WualaOverlayIcon4 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {0A64A28D-4261-4843-A860-D08018111EF3} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Perfect PDF 5 - {9DE41FB9-ACA7-4847-982B-D984042588FC} - C:\Program Files\soft Xpansion\Perfect PDF 5\PDF4ie.dll (soft Xpansion)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538
FF SelectedSearchEngine: hxxp://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Vera\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Vera\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Ghostery - C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538\Extensions\firefox@ghostery.com.xpi [2013-08-18]
FF Extension: NoScript - C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-04-13]
FF Extension: Adblock Plus - C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-13]
FF Extension: BetterPrivacy - C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-04-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-10]
FF Extension: No Name - C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538\extensions\browserprotect@browserprotect.com.xpi []
Chrome:
=======
CHR HomePage:
CHR StartupUrls: "hxxp://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-19]
CHR Extension: (Google Drive) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-19]
CHR Extension: (YouTube) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-19]
CHR Extension: (Adblock Plus) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-06-24]
CHR Extension: (Google-Suche) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-19]
CHR Extension: (Google Play Music) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-05-31]
CHR Extension: (Privacy manager) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\giccehglhacakcfemddmfhdkahamfcmd [2013-11-09]
CHR Extension: (Google Keep) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2013-09-01]
CHR Extension: (Panel View for Keep) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccocffecajimkdjgfpjhlpiimcnadhb [2014-02-21]
CHR Extension: (Privacy Palette) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkcflkplhgpebknipkekjggglimnone [2013-06-24]
CHR Extension: (Ghostery) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-11-09]
CHR Extension: (dict-cc) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2014-02-02]
CHR Extension: (Google Wallet) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-19]
========================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-04-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2159472 2014-03-25] (G Data Software AG)
R2 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [129840 2011-08-15] (Portrait Displays, Inc.)
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2409280 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [113264 2011-05-05] (Portrait Displays, Inc.)
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 PTBSync; C:\Program Files\PTBSync\PTBSync.exe [334336 2008-04-20] (ElmüSoft) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\SXDS10.exe [160768 2009-07-13] (soft Xpansion) [File not signed]
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [109104 2007-10-08] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [121392 2007-10-08] (VMware, Inc.)
R2 vmount2; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [269104 2007-03-23] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [150064 2007-10-08] (VMware, Inc.)
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
==================== Drivers (Whitelisted) ====================
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [44544 2014-04-09] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt32.sys [20736 2014-04-09] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [101504 2014-04-09] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [56832 2014-04-09] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2014-04-09] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2014-04-12] (G Data Software)
R2 hcmon; C:\Windows\system32\Drivers\hcmon.sys [34864 2007-10-08] (VMware, Inc.)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [50176 2014-04-09] (G Data Software AG)
R3 PdiPorts; C:\Windows\System32\Drivers\PdiPorts.sys [17136 2011-05-05] (Portrait Displays, Inc.)
R2 PortTalk; C:\Windows\system32\Drivers\PtbTalk.sys [3567 2008-04-20] (Beyond Logic hxxp://www.beyondlogic.org) [File not signed]
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-02-07] (Secunia)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
S3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [10070016 2013-04-30] (Advanced Micro Devices, Inc.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [81232 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [452816 2013-03-15] (Paragon)
R1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283600 2013-03-15] (Paragon)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [20912 2007-10-08] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16816 2007-10-08] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [28592 2007-10-08] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25008 2007-10-08] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [924976 2007-10-08] (VMware, Inc.)
R2 vstor2; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [18480 2007-03-23] (VMware, Inc.)
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 AndNetGps; system32\DRIVERS\lgandnetgps.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Vera\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x86\Sandra.sys [X]
S3 WINFLASH; \??\C:\Users\Vera\Desktop\WinFlash.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-25 22:38 - 2014-06-25 22:42 - 00000699 _____ () C:\Users\Vera\Desktop\JRT.txt
2014-06-25 22:11 - 2014-06-25 22:11 - 00000000 ____D () C:\Windows\ERUNT
2014-06-25 22:08 - 2014-06-25 22:08 - 01016261 _____ (Thisisu) C:\Users\Vera\Desktop\JRT.exe
2014-06-25 22:01 - 2014-06-25 22:02 - 00003618 _____ () C:\Users\Vera\Desktop\AdwCleaner[S0].txt
2014-06-25 21:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-25 21:28 - 2014-06-25 21:28 - 01342659 _____ () C:\Users\Vera\Desktop\adwcleaner_3.213.exe
2014-06-25 21:27 - 2014-06-25 21:27 - 00001162 _____ () C:\Users\Vera\Desktop\mbam.txt
2014-06-25 20:57 - 2014-06-25 20:58 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-25 20:57 - 2014-06-25 20:57 - 00000901 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-25 20:57 - 2014-06-25 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-25 20:57 - 2014-06-25 20:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-25 20:57 - 2014-06-25 20:57 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-25 20:57 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-25 20:57 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-25 20:57 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-25 20:55 - 2014-06-25 20:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Vera\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-25 20:38 - 2014-06-25 20:38 - 00000000 ____D () C:\Users\Vera\Desktop\FRST-OlderVersion
2014-06-24 20:57 - 2014-06-25 21:59 - 00000860 _____ () C:\Windows\PFRO.log
2014-06-24 20:42 - 2014-06-24 20:42 - 00015916 _____ () C:\ComboFix.txt
2014-06-24 20:21 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-24 20:21 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-24 20:21 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-24 20:21 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-24 20:21 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-24 20:21 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-24 20:21 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-24 20:21 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-24 20:20 - 2014-06-24 20:42 - 00000000 ____D () C:\Qoobox
2014-06-24 20:20 - 2014-06-24 20:42 - 00000000 ____D () C:\ComboFix
2014-06-24 20:19 - 2014-06-24 20:40 - 00000000 ____D () C:\Windows\erdnt
2014-06-23 19:43 - 2014-06-24 20:16 - 05211571 ____R (Swearware) C:\Users\Vera\Desktop\ComboFix.exe
2014-06-22 11:24 - 2014-06-22 11:25 - 00046733 _____ () C:\Users\Vera\Desktop\Addition.txt
2014-06-22 11:22 - 2014-06-25 22:43 - 00024262 _____ () C:\Users\Vera\Desktop\FRST.txt
2014-06-22 11:21 - 2014-06-25 22:43 - 00000000 ____D () C:\FRST
2014-06-22 11:20 - 2014-06-25 20:38 - 01073152 _____ (Farbar) C:\Users\Vera\Desktop\FRST.exe
2014-06-22 11:19 - 2014-06-22 11:19 - 00000470 _____ () C:\Users\Vera\Desktop\defogger_disable.log
2014-06-22 11:19 - 2014-06-22 11:19 - 00000000 _____ () C:\Users\Vera\defogger_reenable
2014-06-22 11:17 - 2014-06-22 11:17 - 00050477 _____ () C:\Users\Vera\Desktop\Defogger.exe
2014-06-22 11:15 - 2014-06-22 11:15 - 00050477 _____ () C:\Users\Vera\Downloads\Defogger (1).exe
2014-06-22 11:13 - 2014-06-22 11:13 - 00050477 _____ () C:\Users\Vera\Downloads\Defogger.exe
2014-06-19 13:02 - 2014-06-19 13:07 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-12 20:05 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 20:05 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 20:05 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 20:05 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 20:05 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 20:05 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 20:05 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-12 20:05 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 20:05 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 20:05 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 20:05 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 20:05 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 20:05 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 20:05 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 20:05 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-12 20:05 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 20:05 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 20:05 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 20:05 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-12 20:05 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-12 20:05 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 20:05 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 20:05 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 20:05 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 20:05 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-01 15:10 - 2014-06-15 15:37 - 00000000 ____D () C:\Users\Vera\Desktop\Schnapsfotos
2014-05-31 21:08 - 2014-05-31 21:08 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-31 21:08 - 2014-05-31 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-31 21:07 - 2014-05-31 21:08 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-31 21:07 - 2014-05-31 21:08 - 00000000 ____D () C:\Program Files\iTunes
2014-05-31 21:07 - 2014-05-31 21:07 - 00000000 ____D () C:\Program Files\iPod
2014-05-31 14:23 - 2014-05-31 14:23 - 00000000 ____D () C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2014-05-31 14:21 - 2014-06-25 22:32 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784248732-3634660742-3863288525-1000UA.job
2014-05-31 14:20 - 2014-06-22 18:42 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784248732-3634660742-3863288525-1000Core.job
2014-05-28 17:56 - 2014-05-28 17:56 - 00015866 _____ () C:\Users\Vera\Desktop\Guetta, David.txt
==================== One Month Modified Files and Folders =======
2081-04-04 18:39 - 2011-05-28 11:40 - 00000564 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-06-25 22:44 - 2014-06-22 11:22 - 00024262 _____ () C:\Users\Vera\Desktop\FRST.txt
2014-06-25 22:43 - 2014-06-22 11:21 - 00000000 ____D () C:\FRST
2014-06-25 22:42 - 2014-06-25 22:38 - 00000699 _____ () C:\Users\Vera\Desktop\JRT.txt
2014-06-25 22:32 - 2014-05-31 14:21 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784248732-3634660742-3863288525-1000UA.job
2014-06-25 22:26 - 2011-09-03 17:17 - 00007944 _____ () C:\Users\Vera\AppData\Local\d3d9caps.dat
2014-06-25 22:25 - 2013-02-19 23:42 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-25 22:25 - 2008-04-20 15:25 - 00001178 _____ () C:\Users\Vera\Documents\PTBSync-AutoExport-Vera.ini
2014-06-25 22:24 - 2011-10-01 12:58 - 00000000 ____D () C:\Temp
2014-06-25 22:24 - 2008-01-09 20:20 - 00000000 ____D () C:\ProgramData\VMware
2014-06-25 22:24 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-25 22:24 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-25 22:23 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-25 22:14 - 2012-03-31 13:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-25 22:14 - 2008-01-03 22:38 - 02070242 _____ () C:\Windows\WindowsUpdate.log
2014-06-25 22:14 - 2006-11-02 15:01 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-25 22:11 - 2014-06-25 22:11 - 00000000 ____D () C:\Windows\ERUNT
2014-06-25 22:08 - 2014-06-25 22:08 - 01016261 _____ (Thisisu) C:\Users\Vera\Desktop\JRT.exe
2014-06-25 22:02 - 2014-06-25 22:01 - 00003618 _____ () C:\Users\Vera\Desktop\AdwCleaner[S0].txt
2014-06-25 21:59 - 2014-06-24 20:57 - 00000860 _____ () C:\Windows\PFRO.log
2014-06-25 21:56 - 2014-01-25 16:41 - 00000000 ____D () C:\AdwCleaner
2014-06-25 21:55 - 2011-11-27 12:43 - 00000000 ____D () C:\Users\Vera\AppData\Roaming\SoftGrid Client
2014-06-25 21:28 - 2014-06-25 21:28 - 01342659 _____ () C:\Users\Vera\Desktop\adwcleaner_3.213.exe
2014-06-25 21:27 - 2014-06-25 21:27 - 00001162 _____ () C:\Users\Vera\Desktop\mbam.txt
2014-06-25 21:15 - 2013-02-19 23:42 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-25 20:58 - 2014-06-25 20:57 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-25 20:57 - 2014-06-25 20:57 - 00000901 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-25 20:57 - 2014-06-25 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-25 20:57 - 2014-06-25 20:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-25 20:57 - 2014-06-25 20:57 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-25 20:56 - 2014-06-25 20:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Vera\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-25 20:38 - 2014-06-25 20:38 - 00000000 ____D () C:\Users\Vera\Desktop\FRST-OlderVersion
2014-06-25 20:38 - 2014-06-22 11:20 - 01073152 _____ (Farbar) C:\Users\Vera\Desktop\FRST.exe
2014-06-24 21:53 - 2013-01-20 14:04 - 00000000 ____D () C:\Users\Vera\VR-Haushaltsbuch
2014-06-24 21:36 - 2013-06-05 22:49 - 00003281 _____ () C:\nospam.log
2014-06-24 20:42 - 2014-06-24 20:42 - 00015916 _____ () C:\ComboFix.txt
2014-06-24 20:42 - 2014-06-24 20:20 - 00000000 ____D () C:\Qoobox
2014-06-24 20:42 - 2014-06-24 20:20 - 00000000 ____D () C:\ComboFix
2014-06-24 20:42 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-06-24 20:42 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-06-24 20:40 - 2014-06-24 20:19 - 00000000 ____D () C:\Windows\erdnt
2014-06-24 20:38 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-06-24 20:16 - 2014-06-23 19:43 - 05211571 ____R (Swearware) C:\Users\Vera\Desktop\ComboFix.exe
2014-06-22 18:42 - 2014-05-31 14:20 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784248732-3634660742-3863288525-1000Core.job
2014-06-22 11:25 - 2014-06-22 11:24 - 00046733 _____ () C:\Users\Vera\Desktop\Addition.txt
2014-06-22 11:19 - 2014-06-22 11:19 - 00000470 _____ () C:\Users\Vera\Desktop\defogger_disable.log
2014-06-22 11:19 - 2014-06-22 11:19 - 00000000 _____ () C:\Users\Vera\defogger_reenable
2014-06-22 11:19 - 2008-01-08 21:45 - 00000000 ____D () C:\Users\Vera
2014-06-22 11:17 - 2014-06-22 11:17 - 00050477 _____ () C:\Users\Vera\Desktop\Defogger.exe
2014-06-22 11:15 - 2014-06-22 11:15 - 00050477 _____ () C:\Users\Vera\Downloads\Defogger (1).exe
2014-06-22 11:13 - 2014-06-22 11:13 - 00050477 _____ () C:\Users\Vera\Downloads\Defogger.exe
2014-06-21 12:35 - 2012-05-26 17:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-19 13:07 - 2014-06-19 13:02 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-15 15:37 - 2014-06-01 15:10 - 00000000 ____D () C:\Users\Vera\Desktop\Schnapsfotos
2014-06-13 00:07 - 2013-08-15 20:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 00:03 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-05 22:08 - 2006-11-02 12:33 - 01585492 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-01 11:30 - 2013-02-20 03:55 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-06-01 09:19 - 2011-06-11 14:41 - 00000000 ____D () C:\Users\Vera\AppData\Local\CrashDumps
2014-05-31 21:08 - 2014-05-31 21:08 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-31 21:08 - 2014-05-31 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-31 21:08 - 2014-05-31 21:07 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-31 21:08 - 2014-05-31 21:07 - 00000000 ____D () C:\Program Files\iTunes
2014-05-31 21:07 - 2014-05-31 21:07 - 00000000 ____D () C:\Program Files\iPod
2014-05-31 21:07 - 2008-01-12 12:38 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-31 14:24 - 2008-01-08 21:48 - 00000000 ____D () C:\Users\Vera\AppData\Local\Google
2014-05-31 14:23 - 2014-05-31 14:23 - 00000000 ____D () C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2014-05-29 20:18 - 2009-05-30 14:00 - 00000000 ____D () C:\Users\Vera\Documents\Steuerfälle
2014-05-29 19:01 - 2011-05-22 15:53 - 00000815 _____ () C:\Users\Vera\Documents\OuProxy.log
2014-05-29 13:24 - 2014-01-12 14:12 - 00001842 _____ () C:\Users\Public\Desktop\BILD Steuer 2014.lnk
2014-05-29 13:24 - 2014-01-12 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BILD Steuer 2014
2014-05-28 18:48 - 2014-06-12 20:05 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 18:39 - 2014-06-12 20:05 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 18:38 - 2014-06-12 20:05 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 18:33 - 2014-06-12 20:05 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 18:32 - 2014-06-12 20:05 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 18:32 - 2014-06-12 20:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 18:31 - 2014-06-12 20:05 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 18:31 - 2014-06-12 20:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 18:30 - 2014-06-12 20:05 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 18:30 - 2014-06-12 20:05 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 18:30 - 2014-06-12 20:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 18:30 - 2014-06-12 20:05 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 18:30 - 2014-06-12 20:05 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 18:30 - 2014-06-12 20:05 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 18:30 - 2014-06-12 20:05 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 18:29 - 2014-06-12 20:05 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 18:29 - 2014-06-12 20:05 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 18:29 - 2014-06-12 20:05 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 18:29 - 2014-06-12 20:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 18:29 - 2014-06-12 20:05 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 18:28 - 2014-06-12 20:05 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-28 17:56 - 2014-05-28 17:56 - 00015866 _____ () C:\Users\Vera\Desktop\Guetta, David.txt
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
Some content of TEMP:
====================
C:\Users\Vera\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-25 22:29
==================== End Of Log ============================
--- --- --- --- --- --- vielen Dank schon mal zwischendurch für deine Hilfe!!! lg Vera |
|
26.06.2014, 20:31
| #10 |
| /// the machine /// TB-Ausbilder | G Data meldet Trojanerfund: Trojan.Agent.BDMIESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.06.2014, 22:18
| #11 |
| | G Data meldet Trojanerfund: Trojan.Agent.BDMI Hallo, da bin ich wieder, hat etwas länger gedauert, weil ich im Job momentan sehr eingespannt bin. Aber hier kommen jetzt die nächsten Logs: Zuerst die Funde von Eset: Code:
ATTFilter C:\Users\Vera\AppData\Roaming\MyPhoneExplorer\samsung GT-I9100 [358490045891356]\Cache\sdcard\AndroidAssistant_appbackup\Christmas & New Year Time Live Wallpaper Free 1.0.2_3.apk Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung
C:\Users\Vera\Documents\samsung\Kies\Backup\GT-I9100\GT-I9100_\GT-I9100_20130726083044\Others\AndroidAssistant_appbackup\Christmas & New Year Time Live Wallpaper Free 1.0.2_3.apk Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung
D:\Downloads\HijackThis - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
D:\Downloads\MyPhoneExplorer_Setup_1.8.3.exe Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung
D:\Vera\Android Datensicherung\Backup20131124\Sunny Seeds 2_2.0.206.apk Variante von Android/AdDisplay.Startapp.A evtl. unerwünschte Anwendung
D:\Vera\Android Datensicherung\Kies\Backup\GT-I9100\GT-I9100_\GT-I9100_20130726085354\Others\AndroidAssistant_appbackup\Christmas & New Year Time Live Wallpaper Free 1.0.2_3.apk Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung
D:\Vera\Android Datensicherung\Speicherkarte\AndroidAssistant_appbackup\Christmas & New Year Time Live Wallpaper Free 1.0.2_3.apk Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung
D:\Vera\Android Datensicherung\Systemspeicher\mnt\asec\com.picsart.studio-1\pkg.apk Variante von Android/AdDisplay.AppLovin.A evtl. unerwünschte Anwendung
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=c3c3cc2443ab2b4c88b31e73ddd62d34
# engine=18926
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-28 10:16:00
# local_time=2014-06-28 12:16:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 70934374 241483288 0 0
# scanned=256632
# found=2
# cleaned=0
# scan_time=4221
sh=6A990EFCA5647D41EB184684BA7449B0FB58C14D ft=1 fh=ab8ad5e2373a84b8 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\HijackThis - CHIP-Installer.exe"
sh=9009F65938DC812D559BFFA044BD8D76DE99FD24 ft=1 fh=38ce86745c6b9a42 vn="Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\MyPhoneExplorer_Setup_1.8.3.exe"
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=c3c3cc2443ab2b4c88b31e73ddd62d34
# engine=18926
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-28 12:08:26
# local_time=2014-06-28 02:08:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 70941120 241490034 0 0
# scanned=112942
# found=2
# cleaned=0
# scan_time=6055
sh=C934355B0FEBA520A2D75F5B3D9B4D486711CE26 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Vera\AppData\Roaming\MyPhoneExplorer\samsung GT-I9100 [358490045891356]\Cache\sdcard\AndroidAssistant_appbackup\Christmas & New Year Time Live Wallpaper Free 1.0.2_3.apk"
sh=C934355B0FEBA520A2D75F5B3D9B4D486711CE26 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Vera\Documents\samsung\Kies\Backup\GT-I9100\GT-I9100_\GT-I9100_20130726083044\Others\AndroidAssistant_appbackup\Christmas & New Year Time Live Wallpaper Free 1.0.2_3.apk"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=c3c3cc2443ab2b4c88b31e73ddd62d34
# engine=18929
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-28 08:15:17
# local_time=2014-06-28 10:15:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 70970331 241519245 0 0
# scanned=256589
# found=8
# cleaned=0
# scan_time=11563
sh=C934355B0FEBA520A2D75F5B3D9B4D486711CE26 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Vera\AppData\Roaming\MyPhoneExplorer\samsung GT-I9100 [358490045891356]\Cache\sdcard\AndroidAssistant_appbackup\Christmas & New Year Time Live Wallpaper Free 1.0.2_3.apk"
sh=C934355B0FEBA520A2D75F5B3D9B4D486711CE26 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Vera\Documents\samsung\Kies\Backup\GT-I9100\GT-I9100_\GT-I9100_20130726083044\Others\AndroidAssistant_appbackup\Christmas & New Year Time Live Wallpaper Free 1.0.2_3.apk"
sh=6A990EFCA5647D41EB184684BA7449B0FB58C14D ft=1 fh=ab8ad5e2373a84b8 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\HijackThis - CHIP-Installer.exe"
sh=9009F65938DC812D559BFFA044BD8D76DE99FD24 ft=1 fh=38ce86745c6b9a42 vn="Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\MyPhoneExplorer_Setup_1.8.3.exe"
sh=04C9921C4833B7EFB775D55F5073C9505E560F27 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.Startapp.A evtl. unerwünschte Anwendung" ac=I fn="D:\Vera\Android Datensicherung\Backup20131124\Sunny Seeds 2_2.0.206.apk"
sh=C934355B0FEBA520A2D75F5B3D9B4D486711CE26 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="D:\Vera\Android Datensicherung\Kies\Backup\GT-I9100\GT-I9100_\GT-I9100_20130726085354\Others\AndroidAssistant_appbackup\Christmas & New Year Time Live Wallpaper Free 1.0.2_3.apk"
sh=C934355B0FEBA520A2D75F5B3D9B4D486711CE26 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="D:\Vera\Android Datensicherung\Speicherkarte\AndroidAssistant_appbackup\Christmas & New Year Time Live Wallpaper Free 1.0.2_3.apk"
sh=22226B20097721E3B0A633349885C3A5407284E9 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AppLovin.A evtl. unerwünschte Anwendung" ac=I fn="D:\Vera\Android Datensicherung\Systemspeicher\mnt\asec\com.picsart.studio-1\pkg.apk"
Code:
ATTFilter Results of screen317's Security Check version 0.99.83
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
G Data InternetSecurity
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.6005)
Gmer
CCleaner
Java 7 Update 51
Java version out of Date!
Adobe Flash Player 13.0.0.214
Mozilla Firefox (29.0.1)
Mozilla Thunderbird (24.6.0)
Google Chrome 35.0.1916.114
Google Chrome 35.0.1916.153
````````Process Check: objlist.exe by Laurent````````
G Data InternetSecurity Firewall GDFwSvc.exe
G Data InternetSecurity Firewall GDFirewallTray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by Vera (administrator) on VERA-PC on 28-06-2014 23:11:53
Running from C:\Users\Vera\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\AAVUpdateManager\aavus.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(ElmüSoft) C:\Program Files\PTBSync\PTBSync.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(ElmüSoft) C:\Program Files\PTBSync\PTBSync.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vera\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Opera Software) C:\Program Files\Opera\opera.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [PTBSync] => C:\Program Files\PTBSync\PTBSync.exe [334336 2008-04-20] (ElmüSoft)
HKLM\...\Run: [GDFirewallTray] => C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [G Data ASM] => C:\Program Files\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG)
HKU\S-1-5-21-784248732-3634660742-3863288525-1000\...\Run: [AA315297649520DAB623D5163E56B88C63351059._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-784248732-3634660742-3863288525-1000\...\Run: [MusicManager] => C:\Users\Vera\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 0WualaOverlayIcon1 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: 0WualaOverlayIcon2 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: 0WualaOverlayIcon3 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: 0WualaOverlayIcon4 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {0A64A28D-4261-4843-A860-D08018111EF3} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Perfect PDF 5 - {9DE41FB9-ACA7-4847-982B-D984042588FC} - C:\Program Files\soft Xpansion\Perfect PDF 5\PDF4ie.dll (soft Xpansion)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538
FF SelectedSearchEngine: hxxp://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Vera\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Vera\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Ghostery - C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538\Extensions\firefox@ghostery.com.xpi [2013-08-18]
FF Extension: NoScript - C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-04-13]
FF Extension: Adblock Plus - C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-13]
FF Extension: BetterPrivacy - C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-04-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-10]
FF Extension: No Name - C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\jslsk1jr.default-1365870140538\extensions\browserprotect@browserprotect.com.xpi []
Chrome:
=======
CHR HomePage:
CHR StartupUrls: "hxxp://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-19]
CHR Extension: (Google Drive) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-19]
CHR Extension: (YouTube) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-19]
CHR Extension: (Adblock Plus) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-06-24]
CHR Extension: (Google-Suche) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-19]
CHR Extension: (Google Play Music) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-05-31]
CHR Extension: (Privacy manager) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\giccehglhacakcfemddmfhdkahamfcmd [2013-11-09]
CHR Extension: (Google Keep) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2013-09-01]
CHR Extension: (Panel View for Keep) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccocffecajimkdjgfpjhlpiimcnadhb [2014-02-21]
CHR Extension: (Privacy Palette) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkcflkplhgpebknipkekjggglimnone [2013-06-24]
CHR Extension: (Ghostery) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-11-09]
CHR Extension: (dict-cc) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2014-02-02]
CHR Extension: (Google Wallet) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-19]
========================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-04-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2159472 2014-03-25] (G Data Software AG)
R2 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [129840 2011-08-15] (Portrait Displays, Inc.)
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2409280 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [113264 2011-05-05] (Portrait Displays, Inc.)
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 PTBSync; C:\Program Files\PTBSync\PTBSync.exe [334336 2008-04-20] (ElmüSoft) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\SXDS10.exe [160768 2009-07-13] (soft Xpansion) [File not signed]
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [109104 2007-10-08] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [121392 2007-10-08] (VMware, Inc.)
R2 vmount2; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [269104 2007-03-23] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [150064 2007-10-08] (VMware, Inc.)
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
==================== Drivers (Whitelisted) ====================
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [44544 2014-04-09] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt32.sys [20736 2014-04-09] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [101504 2014-04-09] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [56832 2014-04-09] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2014-04-09] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2014-04-12] (G Data Software)
R2 hcmon; C:\Windows\system32\Drivers\hcmon.sys [34864 2007-10-08] (VMware, Inc.)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [50176 2014-04-09] (G Data Software AG)
R3 PdiPorts; C:\Windows\System32\Drivers\PdiPorts.sys [17136 2011-05-05] (Portrait Displays, Inc.)
R2 PortTalk; C:\Windows\system32\Drivers\PtbTalk.sys [3567 2008-04-20] (Beyond Logic hxxp://www.beyondlogic.org) [File not signed]
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-02-07] (Secunia)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
S3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [10070016 2013-04-30] (Advanced Micro Devices, Inc.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [81232 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [452816 2013-03-15] (Paragon)
R1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283600 2013-03-15] (Paragon)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [20912 2007-10-08] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16816 2007-10-08] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [28592 2007-10-08] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25008 2007-10-08] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [924976 2007-10-08] (VMware, Inc.)
R2 vstor2; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [18480 2007-03-23] (VMware, Inc.)
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 AndNetGps; system32\DRIVERS\lgandnetgps.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Vera\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x86\Sandra.sys [X]
S3 WINFLASH; \??\C:\Users\Vera\Desktop\WinFlash.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-28 23:10 - 2014-06-28 23:10 - 00001025 _____ () C:\Users\Vera\Desktop\checkup.txt
2014-06-28 23:05 - 2014-06-28 23:05 - 00854367 _____ () C:\Users\Vera\Desktop\SecurityCheck.exe
2014-06-28 22:16 - 2014-06-28 22:16 - 00001463 _____ () C:\Users\Vera\Desktop\Esetfunde.txt
2014-06-28 11:03 - 2014-06-28 11:03 - 00000000 ____D () C:\Program Files\ESET
2014-06-28 10:49 - 2014-06-28 10:49 - 02347384 _____ (ESET) C:\Users\Vera\Desktop\esetsmartinstaller_deu.exe
2014-06-25 22:38 - 2014-06-25 22:42 - 00000699 _____ () C:\Users\Vera\Desktop\JRT.txt
2014-06-25 22:11 - 2014-06-25 22:11 - 00000000 ____D () C:\Windows\ERUNT
2014-06-25 22:08 - 2014-06-25 22:08 - 01016261 _____ (Thisisu) C:\Users\Vera\Desktop\JRT.exe
2014-06-25 22:01 - 2014-06-25 22:02 - 00003618 _____ () C:\Users\Vera\Desktop\AdwCleaner[S0].txt
2014-06-25 21:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-25 21:28 - 2014-06-25 21:28 - 01342659 _____ () C:\Users\Vera\Desktop\adwcleaner_3.213.exe
2014-06-25 21:27 - 2014-06-25 21:27 - 00001162 _____ () C:\Users\Vera\Desktop\mbam.txt
2014-06-25 20:57 - 2014-06-25 20:58 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-25 20:57 - 2014-06-25 20:57 - 00000901 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-25 20:57 - 2014-06-25 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-25 20:57 - 2014-06-25 20:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-25 20:57 - 2014-06-25 20:57 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-25 20:57 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-25 20:57 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-25 20:57 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-25 20:55 - 2014-06-25 20:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Vera\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-25 20:38 - 2014-06-28 23:11 - 00000000 ____D () C:\Users\Vera\Desktop\FRST-OlderVersion
2014-06-24 20:57 - 2014-06-25 21:59 - 00000860 _____ () C:\Windows\PFRO.log
2014-06-24 20:42 - 2014-06-24 20:42 - 00015916 _____ () C:\ComboFix.txt
2014-06-24 20:21 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-24 20:21 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-24 20:21 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-24 20:21 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-24 20:21 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-24 20:21 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-24 20:21 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-24 20:21 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-24 20:20 - 2014-06-24 20:42 - 00000000 ____D () C:\Qoobox
2014-06-24 20:20 - 2014-06-24 20:42 - 00000000 ____D () C:\ComboFix
2014-06-24 20:19 - 2014-06-24 20:40 - 00000000 ____D () C:\Windows\erdnt
2014-06-23 19:43 - 2014-06-24 20:16 - 05211571 ____R (Swearware) C:\Users\Vera\Desktop\ComboFix.exe
2014-06-22 11:24 - 2014-06-22 11:25 - 00046733 _____ () C:\Users\Vera\Desktop\Addition.txt
2014-06-22 11:22 - 2014-06-28 23:12 - 00024385 _____ () C:\Users\Vera\Desktop\FRST.txt
2014-06-22 11:21 - 2014-06-28 23:12 - 00000000 ____D () C:\FRST
2014-06-22 11:20 - 2014-06-28 23:11 - 01073664 _____ (Farbar) C:\Users\Vera\Desktop\FRST.exe
2014-06-22 11:19 - 2014-06-22 11:19 - 00000470 _____ () C:\Users\Vera\Desktop\defogger_disable.log
2014-06-22 11:19 - 2014-06-22 11:19 - 00000000 _____ () C:\Users\Vera\defogger_reenable
2014-06-22 11:17 - 2014-06-22 11:17 - 00050477 _____ () C:\Users\Vera\Desktop\Defogger.exe
2014-06-22 11:15 - 2014-06-22 11:15 - 00050477 _____ () C:\Users\Vera\Downloads\Defogger (1).exe
2014-06-22 11:13 - 2014-06-22 11:13 - 00050477 _____ () C:\Users\Vera\Downloads\Defogger.exe
2014-06-19 13:02 - 2014-06-19 13:07 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-12 20:05 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 20:05 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 20:05 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 20:05 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 20:05 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 20:05 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 20:05 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-12 20:05 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 20:05 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 20:05 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 20:05 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 20:05 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 20:05 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 20:05 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 20:05 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-12 20:05 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 20:05 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 20:05 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 20:05 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-12 20:05 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-12 20:05 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 20:05 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 20:05 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 20:05 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 20:05 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-01 15:10 - 2014-06-15 15:37 - 00000000 ____D () C:\Users\Vera\Desktop\Schnapsfotos
2014-05-31 21:08 - 2014-05-31 21:08 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-31 21:08 - 2014-05-31 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-31 21:07 - 2014-05-31 21:08 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-31 21:07 - 2014-05-31 21:08 - 00000000 ____D () C:\Program Files\iTunes
2014-05-31 21:07 - 2014-05-31 21:07 - 00000000 ____D () C:\Program Files\iPod
2014-05-31 14:23 - 2014-05-31 14:23 - 00000000 ____D () C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2014-05-31 14:21 - 2014-06-28 22:32 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784248732-3634660742-3863288525-1000UA.job
2014-05-31 14:20 - 2014-06-28 18:58 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784248732-3634660742-3863288525-1000Core.job
==================== One Month Modified Files and Folders =======
2081-04-04 18:39 - 2011-05-28 11:40 - 00000564 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-06-28 23:12 - 2014-06-22 11:22 - 00024385 _____ () C:\Users\Vera\Desktop\FRST.txt
2014-06-28 23:12 - 2014-06-22 11:21 - 00000000 ____D () C:\FRST
2014-06-28 23:11 - 2014-06-25 20:38 - 00000000 ____D () C:\Users\Vera\Desktop\FRST-OlderVersion
2014-06-28 23:11 - 2014-06-22 11:20 - 01073664 _____ (Farbar) C:\Users\Vera\Desktop\FRST.exe
2014-06-28 23:10 - 2014-06-28 23:10 - 00001025 _____ () C:\Users\Vera\Desktop\checkup.txt
2014-06-28 23:05 - 2014-06-28 23:05 - 00854367 _____ () C:\Users\Vera\Desktop\SecurityCheck.exe
2014-06-28 22:58 - 2008-04-20 15:25 - 00001178 _____ () C:\Users\Vera\Documents\PTBSync-AutoExport-Vera.ini
2014-06-28 22:58 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-28 22:58 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-28 22:32 - 2014-05-31 14:21 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784248732-3634660742-3863288525-1000UA.job
2014-06-28 22:16 - 2014-06-28 22:16 - 00001463 _____ () C:\Users\Vera\Desktop\Esetfunde.txt
2014-06-28 22:15 - 2013-02-19 23:42 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-28 22:14 - 2012-03-31 13:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-28 19:43 - 2006-11-02 12:33 - 01585492 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-28 19:15 - 2013-02-19 23:42 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-28 18:58 - 2014-05-31 14:20 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784248732-3634660742-3863288525-1000Core.job
2014-06-28 18:58 - 2008-01-03 22:38 - 01062690 _____ () C:\Windows\WindowsUpdate.log
2014-06-28 15:53 - 2011-10-01 12:58 - 00000000 ____D () C:\Temp
2014-06-28 15:49 - 2008-01-09 20:20 - 00000000 ____D () C:\ProgramData\VMware
2014-06-28 15:49 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-28 14:16 - 2006-11-02 15:01 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-28 14:13 - 2011-11-27 12:43 - 00000000 ____D () C:\Users\Vera\AppData\Roaming\SoftGrid Client
2014-06-28 11:03 - 2014-06-28 11:03 - 00000000 ____D () C:\Program Files\ESET
2014-06-28 10:49 - 2014-06-28 10:49 - 02347384 _____ (ESET) C:\Users\Vera\Desktop\esetsmartinstaller_deu.exe
2014-06-25 22:42 - 2014-06-25 22:38 - 00000699 _____ () C:\Users\Vera\Desktop\JRT.txt
2014-06-25 22:26 - 2011-09-03 17:17 - 00007944 _____ () C:\Users\Vera\AppData\Local\d3d9caps.dat
2014-06-25 22:11 - 2014-06-25 22:11 - 00000000 ____D () C:\Windows\ERUNT
2014-06-25 22:08 - 2014-06-25 22:08 - 01016261 _____ (Thisisu) C:\Users\Vera\Desktop\JRT.exe
2014-06-25 22:02 - 2014-06-25 22:01 - 00003618 _____ () C:\Users\Vera\Desktop\AdwCleaner[S0].txt
2014-06-25 21:59 - 2014-06-24 20:57 - 00000860 _____ () C:\Windows\PFRO.log
2014-06-25 21:56 - 2014-01-25 16:41 - 00000000 ____D () C:\AdwCleaner
2014-06-25 21:28 - 2014-06-25 21:28 - 01342659 _____ () C:\Users\Vera\Desktop\adwcleaner_3.213.exe
2014-06-25 21:27 - 2014-06-25 21:27 - 00001162 _____ () C:\Users\Vera\Desktop\mbam.txt
2014-06-25 20:58 - 2014-06-25 20:57 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-25 20:57 - 2014-06-25 20:57 - 00000901 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-25 20:57 - 2014-06-25 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-25 20:57 - 2014-06-25 20:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-25 20:57 - 2014-06-25 20:57 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-25 20:56 - 2014-06-25 20:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Vera\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-24 21:53 - 2013-01-20 14:04 - 00000000 ____D () C:\Users\Vera\VR-Haushaltsbuch
2014-06-24 21:36 - 2013-06-05 22:49 - 00003281 _____ () C:\nospam.log
2014-06-24 20:42 - 2014-06-24 20:42 - 00015916 _____ () C:\ComboFix.txt
2014-06-24 20:42 - 2014-06-24 20:20 - 00000000 ____D () C:\Qoobox
2014-06-24 20:42 - 2014-06-24 20:20 - 00000000 ____D () C:\ComboFix
2014-06-24 20:42 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-06-24 20:42 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-06-24 20:40 - 2014-06-24 20:19 - 00000000 ____D () C:\Windows\erdnt
2014-06-24 20:38 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-06-24 20:16 - 2014-06-23 19:43 - 05211571 ____R (Swearware) C:\Users\Vera\Desktop\ComboFix.exe
2014-06-22 11:25 - 2014-06-22 11:24 - 00046733 _____ () C:\Users\Vera\Desktop\Addition.txt
2014-06-22 11:19 - 2014-06-22 11:19 - 00000470 _____ () C:\Users\Vera\Desktop\defogger_disable.log
2014-06-22 11:19 - 2014-06-22 11:19 - 00000000 _____ () C:\Users\Vera\defogger_reenable
2014-06-22 11:19 - 2008-01-08 21:45 - 00000000 ____D () C:\Users\Vera
2014-06-22 11:17 - 2014-06-22 11:17 - 00050477 _____ () C:\Users\Vera\Desktop\Defogger.exe
2014-06-22 11:15 - 2014-06-22 11:15 - 00050477 _____ () C:\Users\Vera\Downloads\Defogger (1).exe
2014-06-22 11:13 - 2014-06-22 11:13 - 00050477 _____ () C:\Users\Vera\Downloads\Defogger.exe
2014-06-21 12:35 - 2012-05-26 17:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-19 13:07 - 2014-06-19 13:02 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-15 15:37 - 2014-06-01 15:10 - 00000000 ____D () C:\Users\Vera\Desktop\Schnapsfotos
2014-06-13 00:07 - 2013-08-15 20:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 00:03 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-01 11:30 - 2013-02-20 03:55 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-06-01 09:19 - 2011-06-11 14:41 - 00000000 ____D () C:\Users\Vera\AppData\Local\CrashDumps
2014-05-31 21:08 - 2014-05-31 21:08 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-31 21:08 - 2014-05-31 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-31 21:08 - 2014-05-31 21:07 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-31 21:08 - 2014-05-31 21:07 - 00000000 ____D () C:\Program Files\iTunes
2014-05-31 21:07 - 2014-05-31 21:07 - 00000000 ____D () C:\Program Files\iPod
2014-05-31 21:07 - 2008-01-12 12:38 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-31 14:24 - 2008-01-08 21:48 - 00000000 ____D () C:\Users\Vera\AppData\Local\Google
2014-05-31 14:23 - 2014-05-31 14:23 - 00000000 ____D () C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2014-05-29 20:18 - 2009-05-30 14:00 - 00000000 ____D () C:\Users\Vera\Documents\Steuerfälle
2014-05-29 19:01 - 2011-05-22 15:53 - 00000815 _____ () C:\Users\Vera\Documents\OuProxy.log
2014-05-29 13:24 - 2014-01-12 14:12 - 00001842 _____ () C:\Users\Public\Desktop\BILD Steuer 2014.lnk
2014-05-29 13:24 - 2014-01-12 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BILD Steuer 2014
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
Some content of TEMP:
====================
C:\Users\Vera\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-28 16:00
==================== End Of Log ============================
--- --- --- viele Grüße, vera |
|
29.06.2014, 12:32
| #12 |
| /// the machine /// TB-Ausbilder | G Data meldet Trojanerfund: Trojan.Agent.BDMI Java updaten. Funde von ESET von Hand löschen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.06.2014, 20:50
| #13 |
| | G Data meldet Trojanerfund: Trojan.Agent.BDMI Hallo schrauber, ich habe alle Eset-Funde manuell gelöscht und dann deine Liste der To-Do's abgearbeitet. G-Data hat nun keine Funde mehr gemeldet. Allerdings habe ich das Gefühl, dass der PC durch eines der neu installierten Schutzprogramme extrem ausgebremst wird. Ich kann nicht sicher sagen, woran es liegt, habe aber irgendwie WinPatrol im Verdacht. Außerdem meldet mir das Windows-Sicherheitscenter jetzt bei jedem Neustart, dass bei G-Data sowohl Firewall als auch Webschutz deaktiviert sind, obwohl in der Konsole von G-Data selbst alles aktiviert ist. Diese Meldung bekomme ich erst, seit ich im Rahmen der Säuberungsaktion den Virenschutz temporär vollständig abschalten musste. Was muss ich denn tun, damit das Windows-Sicherheitscenter diese Meldung nicht mehr bringt? An dieser Stelle auch ein ganz großes DANKE an dich, dass du mir geholfen hast, meinen PC wieder "keimfrei" zu machen!!! Das hätte ich alleine nie hinbekommen. Vielen Dank für deine Unterstützung!!! lg Vera |
|
01.07.2014, 15:24
| #14 |
| /// the machine /// TB-Ausbilder | G Data meldet Trojanerfund: Trojan.Agent.BDMI Mach Winpatrol weg, das ist nit unbedingt nötig. GDATA würde ich mal sauber neu installieren.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.07.2014, 22:00
| #15 |
| | G Data meldet Trojanerfund: Trojan.Agent.BDMI Hallo schrauber, ich wollte noch eine finale Rückmeldung geben, das Thema kann jetzt geschlossen werden. Der PC läuft (lief) inzwischen wieder normal, die Fehlermeldungen bzgl. GDATA kamen dann nicht mehr. Weil der PC aber nach wie vor mega langsam war, ewig brauchte bis er hochgefahren war, ständig bei Browsern, Mail, iTunes etc. die Meldung "Keine Rückmeldung" kam, habe ich in Anbetracht des Alters des PC's entschieden, dass es jetzt doch Zeit ist, einen neuen Rechner anzuschaffen. Leider habe ich bei diesem jetzt auch schon ein Problem... dazu mache ich aber ein neues Thema auf. Also, vielen Dank ncoh mal für deine Hilfe!!! lg Vera |
|
| Themen zu G Data meldet Trojanerfund: Trojan.Agent.BDMI |
| ad-aware, android/addisplay.airpush.k, android/addisplay.applovin.a, android/addisplay.startapp.a, bonjour, defender, explorer, firewall, google, home, keine rückmeldung, langsam, mozilla, newtab, registry, scan, security, software, spotify web helper, svchost.exe, tracker, trojan.agent.bdmi, win32/downloadsponsor.a, win32/installmonetizer.an, windows, winlogon.exe |
WARNUNG an die MITLESER: 
Linear-Darstellung
