Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU TROJANER, Farbar Recovery Scan Tool (https://www.trojaner-board.de/138184-gvu-trojaner-farbar-recovery-scan-tool.html)

thommy391 14.07.2013 09:02
GVU TROJANER, Farbar Recovery Scan Tool
 
Hallo,

habe mir soeben (mal wieder) einen GVU-Trojaner eingefangen. Bisher konnte ich diesen aber immer im abgesicherten Modus umgehen & ihn dann mit der Systemwiederherstellung verbannen.

Dies ist nun nicht mehr möglich. Sobald ich in den abgesicherten Modus will starter er automatisch Windows neu. Unter der Option im Boot-Menü "Computer reparieren" kann ich auch keine Systemwiederherstellung machen, da dort immer wieder eine Fehlermeldung auftritt.

Also habe ich mich ein wenig belesen & bin auf die Bereinigung via Farbar Recovery Scan Tool gestoßen, die bei vielen geholfen haben soll...also hab ich alles wie beschrieben befolgt und bin jetzt bei dem Fix angelangt & weiß nicht mehr weiter.

Die Log-Datei meines Scans sieht wie folgt aus:

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013
Ran by SYSTEM on 14-07-2013 09:55:55
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [AtherosBtStack] - "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [790688 2011-04-29] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [657568 2011-04-29] (Atheros Commnucations)
HKLM\...\Run: [Apoint] - %ProgramFiles%\Apoint\Apoint.exe [226672 2011-10-17] (Alps Electric Co., Ltd.)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-21] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] - "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKU\Thomas Petermann\...\Run: [Google Update] - "C:\Users\Thomas Petermann\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-15] (Google Inc.)
HKU\Thomas Petermann\...\Run: [ICQ] - "C:\Program Files (x86)\ICQ7M\ICQ.exe" silent loginmode=4 [x]
HKU\Thomas Petermann\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKU\Thomas Petermann\...\Run: [Facebook Update] - "C:\Users\Thomas Petermann\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\Thomas Petermann\...\Run: [Spotify] - "C:\Users\Thomas Petermann\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [5576408 2012-08-22] (Spotify Ltd)
HKU\Thomas Petermann\...\Run: [Spotify Web Helper] - "C:\Users\Thomas Petermann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-08-22] ()
HKU\Thomas Petermann\...\Run: [GoogleChromeAutoLaunch_1027F4892E1177BE3943D82A41C0F5CC] - "C:\Users\Thomas Petermann\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window [846288 2013-07-03] (Google Inc.)
HKU\Thomas Petermann\...\Run: [Ypxuyd] - "C:\Users\Thomas Petermann\AppData\Roaming\Yzleky\onyxy.exe" [261632 2012-05-25] (Корпорация Майкрософт)

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Ant App service; C:\Program Files (x86)\Ant.com\File1 Package Manager\AppService.exe [504816 2013-02-05] (Helios Technologies Ltd)
S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-09] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [502032 2012-03-22] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199272 2012-03-20] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [210584 2012-03-20] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [162192 2012-03-20] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1021112 2011-03-30] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-15] (DT Soft Ltd)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-14 09:28 - 2013-07-14 09:28 - 00000000 ____D C:\FRST
2013-07-14 07:29 - 2013-07-14 07:29 - 01084692 _____ C:\Users\Thomas Petermann\AppData\Roaming\2433f433
2013-07-14 07:29 - 2013-07-14 07:29 - 01084676 _____ C:\Users\Thomas Petermann\AppData\Local\2433f433
2013-07-14 07:29 - 2013-07-14 07:29 - 01084671 _____ C:\ProgramData\2433f433
2013-07-07 09:28 - 2013-07-07 09:29 - 00000000 ____D C:\Users\Thomas Petermann\Documents\Bluetooth Folder
2013-07-03 17:31 - 2013-07-03 17:32 - 95023320 ____T C:\ProgramData\34gol.pad
2013-07-03 17:31 - 2013-07-03 17:31 - 00161792 _____ (Microsoft Corporation) C:\ProgramData\log43.dat
2013-06-30 08:06 - 2013-06-30 08:06 - 00161188 _____ C:\Users\Thomas Petermann\Downloads\NO$GBA.2.6a.zip
2013-06-29 08:39 - 2013-06-29 08:49 - 367101809 _____ C:\Users\Thomas Petermann\Downloads\YGOPRO Dawn of a New Era 2.9.12.2242.7z
2013-06-29 08:37 - 2013-06-29 08:37 - 00977904 _____ (Conduit) C:\Users\Thomas Petermann\Downloads\SwissConverter_2.1.exe
2013-06-29 08:06 - 2013-06-29 08:27 - 61315799 _____ C:\Users\Thomas Petermann\Downloads\4828.zip
2013-06-29 07:11 - 2013-06-29 07:55 - 134217802 _____ C:\Users\Thomas Petermann\Downloads\PHG.rar
2013-06-24 02:21 - 2013-06-24 02:21 - 00892416 _____ (                                                            ) C:\Users\Thomas Petermann\Downloads\Words_of_Concrete_-East_German_Cold.exe
2013-06-24 02:21 - 2013-06-24 02:21 - 00892416 _____ (                                                            ) C:\Users\Thomas Petermann\Downloads\Words_of_Concrete_-East_German_Cold (1).exe
2013-06-24 02:21 - 2013-06-24 02:21 - 00892416 _____ (                                                            ) C:\Users\Thomas Petermann\Downloads\Words_Of_Concrete%2c_Delusions_of_Lunacy_-_New_Kids_On_The_Block_-_Split_-_Pedrada_Na_Cara.exe
2013-06-22 13:02 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-22 13:02 - 2013-04-17 07:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 19233792 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 14327808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-22 08:21 - 2013-06-22 08:21 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-22 08:21 - 2013-06-22 08:21 - 02648064 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-22 08:21 - 2013-06-22 08:21 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-22 08:21 - 2013-06-22 08:21 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-22 08:21 - 2013-06-22 08:21 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-22 08:21 - 2013-06-22 08:21 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-22 08:21 - 2013-06-22 08:21 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-22 08:21 - 2013-06-22 08:21 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-22 08:21 - 2013-06-22 08:21 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-22 08:21 - 2013-06-22 08:21 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-22 08:19 - 2013-06-22 08:19 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 02776576 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 01682432 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 01238528 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 01175552 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00648192 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00522752 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00363008 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00333312 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00245248 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00194560 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-21 03:56 - 2013-06-22 08:27 - 00016047 _____ C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-07-14 09:28 - 2013-07-14 09:28 - 00000000 ____D C:\FRST
2013-07-14 09:15 - 2012-05-15 13:37 - 00000000 ____D C:\users\Thomas Petermann
2013-07-14 09:15 - 2011-12-28 20:21 - 00000000 ____D C:\Windows\ShellNew
2013-07-14 09:15 - 2011-12-28 20:21 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-14 09:15 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-07-14 09:15 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-14 09:15 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-14 09:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-07-14 09:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-07-14 09:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-07-14 09:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-07-14 09:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-14 09:14 - 2013-03-14 20:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-14 09:14 - 2013-03-14 20:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-14 09:14 - 2012-05-15 13:48 - 00000000 ____D C:\Users\Thomas Petermann\AppData\Roaming\ArcSoft
2013-07-14 09:14 - 2012-02-13 16:44 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-07-14 09:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-07-14 09:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-14 09:14 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-14 09:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-07-14 09:08 - 2012-02-13 16:57 - 00000000 ____D C:\ProgramData\Adobe
2013-07-14 09:08 - 2012-02-13 16:43 - 00000000 ____D C:\Program Files\mcafee
2013-07-14 09:08 - 2012-02-13 16:43 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-07-14 08:17 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-14 08:16 - 2009-07-14 05:51 - 00066679 _____ C:\Windows\setupact.log
2013-07-14 07:29 - 2013-07-14 07:29 - 01084692 _____ C:\Users\Thomas Petermann\AppData\Roaming\2433f433
2013-07-14 07:29 - 2013-07-14 07:29 - 01084676 _____ C:\Users\Thomas Petermann\AppData\Local\2433f433
2013-07-14 07:29 - 2013-07-14 07:29 - 01084671 _____ C:\ProgramData\2433f433
2013-07-13 05:28 - 2012-05-15 19:36 - 00000000 ____D C:\Users\Thomas Petermann\AppData\Local\CrashDumps
2013-07-11 04:44 - 2012-05-15 13:35 - 01101309 _____ C:\Windows\WindowsUpdate.log
2013-07-11 04:42 - 2012-05-15 13:43 - 00004002 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AB97A7B6-954A-42C8-B2C6-8D141E6F0DC3}
2013-07-11 04:27 - 2012-05-15 13:41 - 00001164 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3215360950-588211589-919153894-1000UA.job
2013-07-11 04:26 - 2012-06-10 21:13 - 00001182 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3215360950-588211589-919153894-1000UA.job
2013-07-11 04:26 - 2012-06-10 21:13 - 00001160 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3215360950-588211589-919153894-1000Core.job
2013-07-11 03:55 - 2012-06-17 19:41 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-10 13:36 - 2009-07-14 05:45 - 00020720 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-10 13:36 - 2009-07-14 05:45 - 00020720 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-10 13:34 - 2012-02-14 01:19 - 00697322 _____ C:\Windows\System32\perfh007.dat
2013-07-10 13:34 - 2012-02-14 01:19 - 00148328 _____ C:\Windows\System32\perfc007.dat
2013-07-10 13:34 - 2009-07-14 06:13 - 01614036 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-10 13:29 - 2012-06-20 19:55 - 00000000 ____D C:\Users\Thomas Petermann\AppData\Roaming\Spotify
2013-07-07 10:32 - 2012-05-15 13:41 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3215360950-588211589-919153894-1000Core.job
2013-07-07 09:29 - 2013-07-07 09:28 - 00000000 ____D C:\Users\Thomas Petermann\Documents\Bluetooth Folder
2013-07-07 09:19 - 2013-03-15 06:42 - 00000000 ____D C:\Users\Thomas Petermann\Desktop\Grundlagen Pneumatik
2013-07-06 10:22 - 2012-05-15 13:41 - 00004156 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3215360950-588211589-919153894-1000UA
2013-07-06 10:22 - 2012-05-15 13:41 - 00003760 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3215360950-588211589-919153894-1000Core
2013-07-03 17:32 - 2013-07-03 17:31 - 95023320 ____T C:\ProgramData\34gol.pad
2013-07-03 17:31 - 2013-07-03 17:31 - 00161792 _____ (Microsoft Corporation) C:\ProgramData\log43.dat
2013-07-03 17:31 - 2013-05-24 12:01 - 00000000 _____ C:\ProgramData\as98213.txt
2013-07-02 03:27 - 2013-03-06 12:32 - 00000000 ____D C:\Users\Thomas Petermann\Desktop\Ausdruck NEU
2013-07-02 03:27 - 2013-02-27 08:57 - 00000000 ____D C:\Users\Thomas Petermann\Desktop\Überstromschutzeinrichtungen
2013-07-02 03:27 - 2013-02-27 05:04 - 00000000 ____D C:\Users\Thomas Petermann\Desktop\Grundlagen Elektrotechnik
2013-07-02 03:27 - 2013-02-27 05:04 - 00000000 ____D C:\Users\Thomas Petermann\Desktop\Betriebsmittel
2013-07-02 03:27 - 2013-02-27 05:03 - 00000000 ____D C:\Users\Thomas Petermann\Desktop\Datentechnik
2013-07-02 03:27 - 2013-02-27 05:03 - 00000000 ____D C:\Users\Thomas Petermann\Desktop\Arbeitsschutz
2013-06-30 08:06 - 2013-06-30 08:06 - 00161188 _____ C:\Users\Thomas Petermann\Downloads\NO$GBA.2.6a.zip
2013-06-29 08:49 - 2013-06-29 08:39 - 367101809 _____ C:\Users\Thomas Petermann\Downloads\YGOPRO Dawn of a New Era 2.9.12.2242.7z
2013-06-29 08:37 - 2013-06-29 08:37 - 00977904 _____ (Conduit) C:\Users\Thomas Petermann\Downloads\SwissConverter_2.1.exe
2013-06-29 08:27 - 2013-06-29 08:06 - 61315799 _____ C:\Users\Thomas Petermann\Downloads\4828.zip
2013-06-29 07:55 - 2013-06-29 07:11 - 134217802 _____ C:\Users\Thomas Petermann\Downloads\PHG.rar
2013-06-27 13:01 - 2010-11-21 04:47 - 00012390 _____ C:\Windows\PFRO.log
2013-06-24 16:13 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-24 02:21 - 2013-06-24 02:21 - 00892416 _____ (                                                            ) C:\Users\Thomas Petermann\Downloads\Words_of_Concrete_-East_German_Cold.exe
2013-06-24 02:21 - 2013-06-24 02:21 - 00892416 _____ (                                                            ) C:\Users\Thomas Petermann\Downloads\Words_of_Concrete_-East_German_Cold (1).exe
2013-06-24 02:21 - 2013-06-24 02:21 - 00892416 _____ (                                                            ) C:\Users\Thomas Petermann\Downloads\Words_Of_Concrete%2c_Delusions_of_Lunacy_-_New_Kids_On_The_Block_-_Split_-_Pedrada_Na_Cara.exe
2013-06-23 08:40 - 2012-05-15 13:36 - 00006621 _____ C:\Windows\IE9_main.log
2013-06-22 08:27 - 2013-06-21 03:56 - 00016047 _____ C:\Windows\IE10_main.log
2013-06-22 08:21 - 2013-06-22 08:21 - 19233792 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 14327808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-22 08:21 - 2013-06-22 08:21 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-22 08:21 - 2013-06-22 08:21 - 02648064 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-22 08:21 - 2013-06-22 08:21 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-22 08:21 - 2013-06-22 08:21 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-22 08:21 - 2013-06-22 08:21 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-22 08:21 - 2013-06-22 08:21 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-22 08:21 - 2013-06-22 08:21 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-22 08:21 - 2013-06-22 08:21 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-22 08:21 - 2013-06-22 08:21 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-22 08:21 - 2013-06-22 08:21 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-22 08:21 - 2013-06-22 08:21 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-22 08:21 - 2013-06-22 08:21 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-22 08:19 - 2013-06-22 08:19 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 02776576 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 01682432 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 01238528 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 01175552 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00648192 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00522752 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00363008 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00333312 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00245248 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00194560 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-22 08:19 - 2013-06-22 08:19 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-16 10:19 - 2011-02-11 00:03 - 01591930 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

Files to move or delete:
====================
C:\Users\Thomas Petermann\AppData\Roaming\skype.dat
C:\ProgramData\0ofiw.pad
C:\ProgramData\1jofol.pad
C:\ProgramData\34gol.pad
C:\ProgramData\avodf.pad
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\ProgramData\fdova.dat
C:\ProgramData\iwwamj.pad
C:\ProgramData\jmawwi.dat
C:\ProgramData\lofoj1.dat
C:\ProgramData\log43.dat
C:\ProgramData\wifo0.dat

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-30 09:44:26
Restore point made on: 2013-07-07 10:09:14
Restore point made on: 2013-07-11 04:44:39

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4043.86 MB
Available physical RAM: 3435.91 MB
Total Pagefile: 4042.01 MB
Available Pagefile: 3439.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:451.56 GB) (Free:394.84 GB) NTFS (Disk=0 Partition=3)
Drive e: (Recovery) (Fixed) (Total:14.11 GB) (Free:1.1 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive f: (<WWE1243>) (CDROM) (Total:7.93 GB) (Free:0 GB) UDF
Drive g: (STORE N GO) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 0465763F)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)


LastRegBack: 2013-07-07 10:01

==================== End Of Log ============================

Wäre echt dringend, dass mir schnell jemand hilft. Vielen Dank schon einmal im vorraus!

MfG,
thommy391

t'john 14.07.2013 09:06
:hallo:

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\Thomas Petermann\...\Run: [Ypxuyd] - "C:\Users\Thomas Petermann\AppData\Roaming\Yzleky\onyxy.exe" [261632 2012-05-25] (Корпорация Майкрософт)
C:\Users\Thomas Petermann\AppData\Roaming\2433f433
C:\Users\Thomas Petermann\AppData\Local\2433f433
C:\ProgramData\2433f433
C:\ProgramData\iwwamj.pad
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\ProgramData\avodf.pad
C:\ProgramData\34gol.pad
C:\ProgramData\34gol.pad
C:\ProgramData\1jofol.pad
C:\ProgramData\0ofiw.pad
C:\Users\Thomas Petermann\AppData\Roaming\skype.dat
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

thommy391 14.07.2013 09:40
Erstmal vielen Dank für die schnelle Antwort!

Hier ist die Fixlog:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2013
Ran by SYSTEM at 2013-07-14 10:38:01 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

HKU\Thomas Petermann\Software\Microsoft\Windows\CurrentVersion\Run\\Ypxuyd => Value deleted successfully.
C:\Users\Thomas Petermann\AppData\Roaming\2433f433  => Moved successfully.
C:\Users\Thomas Petermann\AppData\Local\2433f433  => Moved successfully.
C:\ProgramData\2433f433  => Moved successfully.
C:\ProgramData\iwwamj.pad  => Moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad  => Moved successfully.
C:\ProgramData\avodf.pad  => Moved successfully.
C:\ProgramData\34gol.pad  => Moved successfully.
"C:\ProgramData\34gol.pad " => File/Directory not found.
C:\ProgramData\1jofol.pad  => Moved successfully.
C:\ProgramData\0ofiw.pad  => Moved successfully.
C:\Users\Thomas Petermann\AppData\Roaming\skype.dat => Moved successfully.

==== End of Fixlog ====

t'john 14.07.2013 09:48
Geht der Normalstart jetzt?

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


dann:
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

thommy391 14.07.2013 10:54
Hier ist erst einmal die Logfile vom MBAR:

Code:
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.14.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Thomas Petermann :: THOMASPETERMANN [administrator]

14.07.2013 11:30:49
mbar-log-2013-07-14 (11-30-49).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 249789
Time elapsed: 22 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Und hier die Logfile vom AdwCleaner:

Code:
# AdwCleaner v2.305 - Datei am 14/07/2013 um 11:56:18 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Thomas Petermann - THOMASPETERMANN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Thomas Petermann\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Thomas Petermann\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\THOMAS~1\AppData\Local\Temp\OCS

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16618

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v28.0.1500.71

Datei : C:\Users\Thomas Petermann\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2336 octets] - [14/07/2013 11:56:18]

########## EOF - C:\AdwCleaner[S1].txt - [2396 octets] ##########

t'john 14.07.2013 11:07
Sehr gut! :daumenhoc

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

thommy391 14.07.2013 11:32
JRT:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows 7 Home Premium x64
Ran by Thomas Petermann on 14.07.2013 at 12:25:11,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.07.2013 at 12:30:46,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a9380639f9cf634a9affbc3c88b161f0
# engine=14388
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-14 12:10:23
# local_time=2013-07-14 02:10:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777213 100 79 36481367 84417881 0 0
# compatibility_mode=5893 16776574 100 94 14121 125433673 0 0
# scanned=157792
# found=25
# cleaned=0
# scan_time=5747
sh=1AD0AD9E87E1719871D3074AC7A41BF47F071EA0 ft=1 fh=a0000bd283237b53 vn="Win32/LockScreen.APR trojan" ac=I fn="C:\FRST\Quarantine\skype.dat"
sh=77F93D62D57EF98F1072FE609949F68F6DB5E60E ft=0 fh=0000000000000000 vn="JS/Exploit.Pdfka.QBN trojan" ac=I fn="C:\Users\Thomas Petermann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5OKAHID5\INADEQUATE1[1].pdf"
sh=0D2F74DF04D2727888B09664386A06253045C8D4 ft=0 fh=0000000000000000 vn="Win32/Exploit.CVE-2011-3402.C trojan" ac=I fn="C:\Users\Thomas Petermann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8B948BUO\64s_font[1].eot"
sh=693743EE87875C414EE1F8F820E1EDF28019ACE9 ft=0 fh=0000000000000000 vn="JS/Exploit.Pdfka.QHE trojan" ac=I fn="C:\Users\Thomas Petermann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EYOFE9PQ\thu[1].pdf"
sh=F6A37584EBB5151313A2696EC31BE83BB29AF69F ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NEC.Gen trojan" ac=I fn="C:\Users\Thomas Petermann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EYOFE9PQ\Vessel[1].htm"
sh=701BEF3FE9F16808D506B78E4EA22537B75348DC ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NEC.Gen trojan" ac=I fn="C:\Users\Thomas Petermann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G6T4D2WW\Oblige[1].htm"
sh=D8EB948355695C81A7850B5FE5894CC2CE5E0B0A ft=0 fh=0000000000000000 vn="JS/Exploit.Pdfka.QBN trojan" ac=I fn="C:\Users\Thomas Petermann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K7IBS445\FACT1[1].pdf"
sh=81DE1629941BA4B9AA995B72AAD59E54320F8081 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\Thomas Petermann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W6YWGF7H\hardcoresmoothies_xxx[1].htm"
sh=3739108D8F19D9C40A9A83CAC6254AB7D1843F82 ft=0 fh=0000000000000000 vn="Win32/LockScreen.AXJ trojan" ac=I fn="C:\Users\Thomas Petermann\AppData\Local\Temp\index.html"
sh=5F4511909F6520E201AF81EBF7B54726C9ED74C7 ft=1 fh=e438ddc642cd602c vn="a variant of Win32/Kryptik.AUNO trojan" ac=I fn="C:\Users\Thomas Petermann\AppData\Local\Temp\tmp08856cea\old01.exe"
sh=5F4511909F6520E201AF81EBF7B54726C9ED74C7 ft=1 fh=e438ddc642cd602c vn="a variant of Win32/Kryptik.AUNO trojan" ac=I fn="C:\Users\Thomas Petermann\AppData\Local\Temp\tmp2db711bf\old01.exe"
sh=5F4511909F6520E201AF81EBF7B54726C9ED74C7 ft=1 fh=e438ddc642cd602c vn="a variant of Win32/Kryptik.AUNO trojan" ac=I fn="C:\Users\Thomas Petermann\AppData\Local\Temp\tmp3c7eb5e3\old01.exe"
sh=3EA6E3F8831DCF372D664300785B2E22E96E61C8 ft=1 fh=c71c0011de95c769 vn="a variant of Win32/Kryptik.AVDS trojan" ac=I fn="C:\Users\Thomas Petermann\AppData\Local\Temp\tmpa13edb6f\old01.exe"
sh=64025E6CC4B14661EF9756D040CB1AB9793E89C5 ft=1 fh=e438ddc66514b161 vn="a variant of Win32/Kryptik.AUNO trojan" ac=I fn="C:\Users\Thomas Petermann\AppData\Local\Temp\tmpfa1d1810\old01.exe"
sh=634323767BD92F76472050DC7E66876427A72467 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Thomas Petermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\52e3cf0e-5150a995"
sh=034AE874F23FBBA77B7BCA11947997BCFE01487C ft=1 fh=4faeb6470c656e35 vn="Win32/LockScreen.ANX trojan" ac=I fn="C:\Users\Thomas Petermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\3b93842-3f2570ae"
sh=A50E7ECA169EA15A65D562D0FA84CE2512073B3E ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NFN trojan" ac=I fn="C:\Users\Thomas Petermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\4c5a5258-7439be3b"
sh=56EB9FAC07DCDC8B203F877BEC34B980C694C258 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Thomas Petermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\47bff25d-794a1ff5"
sh=0F4A7F9F6100725667111648F136026406E36FD0 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Thomas Petermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1903b143-2805caf0"
sh=A6984338A6A4F00348CB418DEA342B76075232AF ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-4681.AM trojan" ac=I fn="C:\Users\Thomas Petermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\2a53e21e-5785a977"
sh=6FC1C320CC23DF5EE4C25D31CF3EBA28D555E06B ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2423.DZ trojan" ac=I fn="C:\Users\Thomas Petermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\440ca1f3-5f4190a5"
sh=0A6D915FB7B6EADF5CCFDCE91057C682B17808A8 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Thomas Petermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\5552f637-3c1134df"
sh=3D68384EABE42AA58CA434A4603C46BCDE9A9AB5 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Thomas Petermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\1e566bc-3e137149"
sh=C118E047E584835AE2BAFE487DA71F0CEFA61B79 ft=1 fh=362c2c32455f1159 vn="a variant of Win32/Kryptik.BFHK trojan" ac=I fn="C:\Users\Thomas Petermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\17b5663d-573191b3"
sh=373E1275C5C97E501B1254D142AE09DE4F70679B ft=1 fh=eb66c822d5b0ce2c vn="Win32/Reveton.N trojan" ac=I fn="C:\Users\Thomas Petermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\3df9c7c8-1ca61056"
Beim Security Check kommt nun diese Fehlermeldung:

UNSUPPORTED OPERATING SYSTEM! ABORTED!

t'john 14.07.2013 14:19
Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.



dann loesche die geladene SecurityCheck.exe und lade neu!

thommy391 14.07.2013 14:30
Die Meldung erscheint erneut...

t'john 14.07.2013 21:07
ok:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


t'john 06.10.2013 09:21
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:14 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131