Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 8: FedPol BundesKriminalPolizei Virus auf meinem PC (https://www.trojaner-board.de/143682-windows-8-fedpol-bundeskriminalpolizei-virus-meinem-pc.html)

FlYiNgIcEmAn 28.10.2013 00:57
Windows 8: FedPol BundesKriminalPolizei Virus auf meinem PC
 
Guten Abend,

Ich habe seit ca. 2 h den FEDPOL BundesKriminalPolizei Virus auf meinem Hauptrechner.
Ich habe bereits versucht via Abgesicherten Modus den Spybot Search & Destroy& den Scan von Bitdefender laufen zu lassen, aber keine Chance, kaum ist der Scan gestartet, erscheint auch schon der Virus und blockiert den Computer.

Betriebssystem: Windows 8 Pro with Media Center (X64) / Sprache Deutsch / Upgrade von Windows 7
Antivirenprogramm: Bitdefender Total Security 2013 + Spybot Search and Destroy

Ich habe bereits das FRST64.exe laufen lassen.
Hier der Auszug aus dem Textfile:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2013 01
Ran by SYSTEM on MININT-CKG4JQH on 28-10-2013 00:11:38
Running from G:\
Windows 8 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1568512 2013-07-24] (Bitdefender)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-05-15] (Autodesk, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [UpdReg] - C:\WINDOWS\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [237693 2009-02-03] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe Version Cue CS2] - "d:\Programme\Adobe\Creative_Suite 2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] - "D:\Programme\iTunes\iTunesHelper.exe"
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CTxfiHlp] - C:\Windows\\SysWOW64\CTXFIHLP.EXE [24576 2012-12-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [606040 2013-08-15] (Razer Inc.)
HKU\Michi\...\Run: [Akamai NetSession Interface] - C:\Users\Michi\AppData\Local\Akamai\netsession_win.exe [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\Michi\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\Michi\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\Michi\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\Michi\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)
HKU\Michi\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKU\Michi\...\Run: [SteelSeries Engine] - C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [239104 2013-02-06] (SteelSeries ApS)
HKU\Michi\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\Michi\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION
HKU\Michi\...\Command Processor: "C:\Users\Michi\Documents\15dd4378.exe" <===== ATTENTION!
Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t2rwwl.lnk
ShortcutTarget: 7t2rwwl.lnk -> C:\PROGRA~3\lwwr2t7.dss (Sekizenkan Company)
Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)

==================== Services (Whitelisted) =================

S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-20] (Adobe Systems)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-02-26] (Bitdefender)
S2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [255008 2009-01-06] (NVIDIA)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S2 PnkBstrA; C:\WINDOWS\SysWow64\PnkBstrA.exe [76888 2013-10-02] ()
S2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [95184 2012-12-07] (Bitdefender)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [169504 2009-01-07] (NVIDIA)
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-07-24] (Bitdefender)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1646280 2013-07-24] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\7t2rwwl.pss [62052 2013-10-27] (Microsoft Corporation)
S4 Adobe Version Cue CS2; "d:\Programme\Adobe\Creative_Suite 2\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service [x]
S2 HTCMonitorService; "D:\Programme\HTC Sync Manager\HSMServiceEntry.exe" [x]

==================== Drivers (Whitelisted) ====================

S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-29] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [597776 2013-07-24] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23456 2012-07-11] (Bitdefender)
S1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2013-04-09] (BitDefender LLC)
S1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [106568 2012-10-17] (BitDefender LLC)
S1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [78752 2013-05-18] (BitDefender)
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [147232 2013-05-18] (BitDefender LLC)
S3 MagicianSataModeReader; C:\Program Files (x86)\Samsung Magician\magdrvamd64.sys [13216 2013-05-24] ()
S3 NVR0Dev; C:\WINDOWS\nvoclk64.sys [40480 2009-01-06] (NVIDIA Corp.)
S2 NVR0FLASHDev; C:\WINDOWS\nvflsh64.sys [40992 2009-01-07] (NVIDIA Corp.)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39096 2013-08-20] (Razer Inc)
S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [38016 2013-01-10] (SteelSeries Corporation)
S2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-31] (BitDefender S.R.L.)
S5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-12-20] (BitDefender)
S5 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82384 2012-11-12] (BitDefender SRL)
S3 idsvc;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-28 00:11 - 2013-10-28 00:11 - 00000000 ____D C:\FRST
2013-10-28 00:08 - 2013-10-28 00:08 - 00000000 _____ C:\Recovery.txt
2013-10-27 23:30 - 2013-10-28 00:03 - 01210890 _____ C:\Windows\setupact.log
2013-10-27 23:26 - 2013-10-28 00:00 - 95025368 ____T C:\ProgramData\7t2rwwl.bxx
2013-10-27 23:26 - 2013-10-28 00:00 - 00000000 _____ C:\ProgramData\7t2rwwl.fvv
2013-10-27 23:26 - 2013-10-27 23:26 - 00139264 _____ (Sekizenkan Company) C:\ProgramData\lwwr2t7.dss
2013-10-27 23:26 - 2013-10-27 23:26 - 00062052 ____T (Microsoft Corporation) C:\ProgramData\7t2rwwl.pss
2013-10-27 22:20 - 2013-10-27 22:20 - 00017513 _____ C:\Windows\DirectX.log
2013-10-27 22:19 - 2013-10-27 22:19 - 00000728 _____ C:\Users\Public\Desktop\DTM Experience Demo.lnk
2013-10-27 20:15 - 2013-10-27 20:15 - 00000000 ____D C:\Users\Michi\AppData\Local\{E07EEECD-5D0F-4403-A52F-8238A47292DB}
2013-10-26 18:35 - 2013-10-26 18:35 - 00000000 ____D C:\Users\Michi\AppData\Local\{49251084-02AC-4550-B271-3D5F92472FB7}
2013-10-25 17:02 - 2013-10-25 17:02 - 00311544 _____ C:\Users\Michi\Desktop\mgb_holly_halston_480p_1000_big.mp4.exe
2013-10-25 16:47 - 2013-10-25 16:47 - 00000000 ____D C:\Users\Michi\AppData\Local\{27CB6A98-A253-44ED-929D-1F0D9346FA3D}
2013-10-24 15:57 - 2013-10-24 15:57 - 00000000 ____D C:\Users\Michi\AppData\Local\{BBAA9BD6-E9BF-45D8-B545-E6772EEA65DA}
2013-10-23 19:47 - 2013-10-23 19:47 - 00000000 ____D C:\Users\Michi\AppData\Local\{EF06123D-2594-41A5-93BF-35E795C84DB0}
2013-10-22 16:33 - 2013-10-22 16:33 - 00000000 ____D C:\Users\Michi\AppData\Local\{2CE30582-A923-445C-9FAA-72E517D56DC9}
2013-10-21 16:30 - 2013-10-21 16:30 - 00000000 ____D C:\Users\Michi\AppData\Local\{90C33B5A-00B6-4070-91D8-B5E02E44BBF1}
2013-10-20 22:24 - 2013-10-20 22:24 - 00000000 ____D C:\Users\Michi\AppData\Local\{D2BAFBCE-B9DE-4E99-B161-6EFB60CEEE9E}
2013-10-20 01:39 - 2013-10-20 01:39 - 00034172 _____ C:\plugin003.dmp
2013-10-20 01:29 - 2013-10-20 01:29 - 00120976 _____ C:\plugin002.dmp
2013-10-20 00:53 - 2013-10-20 00:53 - 00000000 ____D C:\Users\Michi\AppData\Local\{6FCB6487-F180-4ADE-A56C-550D75BF2D50}
2013-10-18 23:41 - 2013-10-18 23:41 - 00000000 ____D C:\Users\Michi\AppData\Local\{7F7B4820-2E9B-4D06-8C14-3C4A4EF9D215}
2013-10-18 06:54 - 2013-10-18 06:54 - 00000000 ____D C:\Users\Michi\AppData\Local\{EB0BAAC1-5BAE-410B-82AE-859CD30A9DE1}
2013-10-18 03:12 - 2013-10-18 03:12 - 00033772 _____ C:\plugin001.dmp
2013-10-18 03:02 - 2013-10-18 03:02 - 00123696 _____ C:\plugin000.dmp
2013-10-17 16:02 - 2013-10-17 16:02 - 00000000 ____D C:\Users\Michi\AppData\Local\{80B3C1BF-E8DD-4AAF-A2AA-D79F4AACBD9D}
2013-10-16 17:04 - 2013-10-24 21:21 - 00016228 _____ C:\Users\Michi\Desktop\wog.xlsx
2013-10-16 16:29 - 2013-10-16 16:29 - 00009193 _____ C:\Users\Michi\Desktop\teste.txt
2013-10-16 16:01 - 2013-10-16 16:01 - 00000000 ____D C:\Users\Michi\AppData\Local\{4271292A-7E97-4AB5-A96F-21542D8CB77A}
2013-10-14 18:24 - 2013-10-14 18:24 - 00000000 ____D C:\Users\Michi\AppData\Local\{B8D1C393-E9B5-4679-A59A-3A39FB2CEA40}
2013-10-13 22:11 - 2013-10-13 22:11 - 00000669 _____ C:\Users\Public\Desktop\ClipGrab.lnk
2013-10-13 14:38 - 2013-10-13 14:38 - 00000000 ____D C:\Users\Michi\AppData\Local\{9404914B-E53D-4A49-95F3-051F2393FDFE}
2013-10-12 08:29 - 2013-10-12 08:29 - 00000000 ____D C:\Users\Michi\AppData\Local\{246D66E0-8BBF-406B-905F-5AAC212127A6}
2013-10-11 20:29 - 2013-10-11 20:29 - 00000000 ____D C:\Users\Michi\AppData\Local\{7200AA3D-5189-422C-BFDD-E30B61EE8FE1}
2013-10-11 08:27 - 2013-10-11 08:42 - 00000000 ____D C:\Users\Michi\Documents\Battlefield 4 Beta
2013-10-10 21:38 - 2013-10-10 21:38 - 00457440 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-10 21:37 - 2013-10-10 21:37 - 00000000 ____D C:\Users\Michi\AppData\Local\NOS
2013-10-10 21:30 - 2013-10-10 21:30 - 00000000 ____D C:\Users\Michi\AppData\Local\{047C9D4C-1490-4229-9D06-AA8CE3DC6B8F}
2013-10-10 07:26 - 2013-10-10 07:26 - 00000000 ____D C:\Users\Michi\AppData\Local\{801D22B7-1955-4278-B7F6-5F7649C094FA}
2013-10-09 15:46 - 2013-10-09 16:21 - 642330513 _____ C:\Users\Michi\Downloads\mshflollykarlo_720.mp4
2013-10-09 12:40 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 12:40 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 12:40 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 12:40 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 12:40 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 12:40 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 12:40 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 12:40 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 12:40 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-09 12:40 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-09 12:40 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-09 12:40 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-09 12:40 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-09 12:40 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-09 12:40 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-09 12:40 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-09 12:40 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-09 12:40 - 2013-07-06 01:15 - 00652288 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-09 12:40 - 2013-07-05 23:02 - 00099328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-09 12:40 - 2013-07-04 03:13 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 12:40 - 2013-07-02 02:41 - 00447320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2013-10-09 12:40 - 2013-07-02 02:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS
2013-10-09 12:40 - 2013-07-02 02:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UCX01000.SYS
2013-10-09 12:40 - 2013-07-01 23:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbprint.sys
2013-10-09 12:40 - 2013-07-01 02:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-09 12:40 - 2013-07-01 02:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-09 12:40 - 2013-07-01 02:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-09 12:40 - 2013-07-01 02:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-10-09 12:40 - 2013-06-29 04:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-09 12:40 - 2013-06-29 04:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-09 12:40 - 2013-06-29 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-10-09 12:40 - 2013-06-29 04:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-09 12:40 - 2013-06-22 06:45 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-09 12:40 - 2013-06-22 06:45 - 00054488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-10-09 12:40 - 2013-05-15 23:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-10-09 12:40 - 2013-05-15 23:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-10-09 12:40 - 2013-05-14 14:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-09 12:40 - 2013-05-14 10:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 12:40 - 2013-04-28 23:28 - 00915968 _____ (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-10-09 12:40 - 2013-02-21 11:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 12:40 - 2013-02-21 11:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 12:40 - 2013-02-21 11:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 12:40 - 2013-02-21 11:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 12:40 - 2013-02-21 11:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-09 12:40 - 2013-02-21 11:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-09 12:40 - 2013-02-19 10:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-10-09 12:40 - 2012-11-08 05:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-09 12:40 - 2012-11-08 05:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-09 12:39 - 2013-08-23 06:11 - 04040192 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-09 12:39 - 2013-07-19 23:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 12:39 - 2013-07-19 23:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 12:39 - 2013-05-27 00:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 12:39 - 2013-05-26 23:59 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-09 12:39 - 2013-05-25 04:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-09 12:39 - 2013-05-25 03:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 12:37 - 2013-10-09 12:37 - 00000000 ____D C:\Users\Michi\AppData\Local\{C9308253-3DDE-44EB-B441-5F34DE0350CE}
2013-10-08 15:50 - 2013-10-08 15:50 - 00000000 ____D C:\Users\Michi\AppData\Local\{4C987E85-C912-4211-BF85-955951C2FDC5}
2013-10-07 16:15 - 2013-10-07 16:15 - 00000000 ____D C:\Users\Michi\AppData\Local\{CF92C35C-7944-4475-BD32-A167C2E40063}
2013-10-06 09:36 - 2013-10-06 09:36 - 00003586 _____ C:\Windows\System32\Tasks\Bitdefender Auto-Scan
2013-10-05 18:02 - 2013-10-05 18:02 - 00000000 ____D C:\Users\Michi\AppData\Local\{B1762FEA-2B74-4A45-9187-3B3E81963153}
2013-10-05 04:06 - 2013-10-05 04:06 - 00000000 ____D C:\Users\Michi\AppData\Local\{1C61FDC5-48EA-49A5-8011-DCFB98ABEA33}
2013-10-04 11:43 - 2013-10-04 11:43 - 00000000 ____D C:\Users\Michi\AppData\Local\{840C8AEB-C88A-4E92-BCFD-AA5E4E2A34B1}
2013-10-03 17:18 - 2013-10-03 17:18 - 00000000 ____D C:\Users\Michi\AppData\Local\{580A8D53-CBFC-459F-9997-62F6E2E75160}
2013-10-02 22:02 - 2013-10-02 22:02 - 00000000 ____D C:\Users\Michi\AppData\Local\{5E84FF87-58DE-46E3-9353-10475D7FB6F9}
2013-10-02 18:48 - 2013-10-02 18:57 - 00000000 ____D C:\Users\Michi\Documents\Battlefield 4
2013-10-02 18:45 - 2013-10-02 18:45 - 00000726 _____ C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk
2013-10-02 18:34 - 2013-10-02 18:34 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-10-02 18:33 - 2013-10-02 18:33 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-02 18:32 - 2013-10-20 03:59 - 00000000 ____D C:\Windows\System32\appmgmt
2013-10-01 20:54 - 2012-03-14 04:00 - 00385024 _____ (CANON INC.) C:\Windows\System32\CNMLMAU.DLL
2013-10-01 20:53 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\System32\SettingSync.dll
2013-10-01 20:53 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncInfo.dll
2013-10-01 20:53 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-10-01 20:53 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\System32\wdc.dll
2013-10-01 20:53 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\System32\wvc.dll
2013-10-01 20:53 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\System32\sysmon.ocx
2013-10-01 20:53 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-10-01 20:53 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-10-01 20:53 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-10-01 20:53 - 2013-08-02 07:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-10-01 20:53 - 2013-08-02 07:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-10-01 20:53 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-10-01 20:53 - 2013-08-02 07:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-10-01 20:53 - 2013-08-02 06:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-01 20:53 - 2013-08-02 06:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-10-01 20:53 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-10-01 20:53 - 2013-08-02 06:06 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-10-01 20:53 - 2013-08-01 11:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-01 20:53 - 2013-07-31 00:30 - 00386923 _____ C:\Windows\System32\ApnDatabase.xml
2013-10-01 20:53 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-10-01 20:53 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\System32\mbsmsapi.dll
2013-10-01 20:53 - 2013-07-13 07:15 - 00459776 _____ (Microsoft Corporation) C:\Windows\System32\appmgr.dll
2013-10-01 20:53 - 2013-07-13 05:23 - 00366592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2013-10-01 20:53 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll
2013-10-01 20:53 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-10-01 17:52 - 2013-10-01 17:52 - 00000000 ____D C:\Users\Michi\AppData\Local\NVIDIA
2013-10-01 17:51 - 2013-10-01 17:51 - 00001351 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-10-01 17:51 - 2013-10-01 17:51 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-01 17:50 - 2013-10-01 17:50 - 00002137 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2013-10-01 17:50 - 2013-10-01 17:50 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten
2013-10-01 17:50 - 2013-07-10 20:28 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2013-10-01 17:49 - 2013-10-20 03:59 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-01 17:49 - 2013-09-27 09:57 - 30334752 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 25256224 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 22925088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 18259624 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 18229224 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 15832920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 15232424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 12528416 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-10-01 17:49 - 2013-09-27 09:57 - 11345168 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 11292144 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 09480840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 09436544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 03130144 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 03121952 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 03052616 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 02945312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 02745632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 02682816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433140.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433140.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 01432408 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 01239304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 00696096 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 00654624 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 00559904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 00317472 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 00168616 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-10-01 17:49 - 2013-09-27 09:57 - 00023307 _____ C:\Windows\System32\nvinfo.pb
2013-10-01 17:49 - 2013-09-27 08:45 - 06641440 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-10-01 17:49 - 2013-09-27 08:45 - 03483424 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-10-01 17:49 - 2013-09-27 08:44 - 00922912 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-10-01 17:49 - 2013-09-27 08:44 - 00219424 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-10-01 17:49 - 2013-09-27 08:44 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-10-01 17:49 - 2013-09-26 14:32 - 03386608 _____ C:\Windows\System32\nvcoproc.bin
2013-10-01 17:49 - 2013-08-20 14:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2013-10-01 17:49 - 2013-08-20 14:32 - 00029984 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap64v.dll
2013-10-01 17:49 - 2013-08-20 14:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-10-01 17:49 - 2013-06-16 13:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2013-10-01 17:49 - 2013-06-16 13:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2013-10-01 17:49 - 2013-01-29 09:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2013-10-01 17:26 - 2013-10-01 17:26 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-10-01 17:25 - 2013-10-01 17:25 - 00000000 ____D C:\ProgramData\Samsung
2013-10-01 17:25 - 2013-10-01 17:25 - 00000000 ____D C:\Program Files (x86)\Samsung Magician
2013-10-01 15:59 - 2013-10-01 15:59 - 00000000 ____D C:\Users\Michi\AppData\Local\{0EDB0FA7-120B-4B7C-9D41-AAF765A4E81B}
2013-09-30 15:57 - 2013-09-30 15:58 - 00000000 ____D C:\Users\Michi\AppData\Local\{A9DA5267-CA67-4E6D-B053-F01BE1B2C4AF}
2013-09-30 05:46 - 2013-10-20 05:47 - 00000000 ___HD C:\$Windows.~BT
2013-09-29 21:52 - 2013-09-29 21:52 - 00000000 ____D C:\Users\Michi\AppData\Local\{FE1E4D3D-9013-431A-803C-7C1221A00C13}
2013-09-28 19:37 - 2013-09-28 19:38 - 00000000 ____D C:\Users\Michi\AppData\Local\{C5962516-9652-4231-8038-377549D0CF72}
2013-09-28 06:43 - 2013-09-28 06:43 - 00000000 ____D C:\Users\Michi\AppData\Local\{3837875B-84AD-4B74-8785-7723956583B7}

==================== One Month Modified Files and Folders =======

2013-10-28 00:11 - 2013-10-28 00:11 - 00000000 ____D C:\FRST
2013-10-28 00:08 - 2013-10-28 00:08 - 00000000 _____ C:\Recovery.txt
2013-10-28 00:03 - 2013-10-27 23:30 - 01210890 _____ C:\Windows\setupact.log
2013-10-28 00:03 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-28 00:03 - 2012-07-08 00:32 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-28 00:00 - 2013-10-27 23:26 - 95025368 ____T C:\ProgramData\7t2rwwl.bxx
2013-10-28 00:00 - 2013-10-27 23:26 - 00000000 _____ C:\ProgramData\7t2rwwl.fvv
2013-10-28 00:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\sru
2013-10-28 00:00 - 2012-07-08 02:12 - 00000000 ____D C:\Users\Michi\Tracing
2013-10-27 23:51 - 2013-05-28 21:47 - 00000000 ____D C:\Users\Michi\AppData\Local\HTC MediaHub
2013-10-27 23:31 - 2013-09-22 11:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-27 23:30 - 2012-07-08 02:48 - 00000000 ____D C:\Users\Michi\Documents\Outlook-Dateien
2013-10-27 23:28 - 2012-12-26 16:21 - 01381232 _____ C:\Windows\WindowsUpdate.log
2013-10-27 23:26 - 2013-10-27 23:26 - 00139264 _____ (Sekizenkan Company) C:\ProgramData\lwwr2t7.dss
2013-10-27 23:26 - 2013-10-27 23:26 - 00062052 ____T (Microsoft Corporation) C:\ProgramData\7t2rwwl.pss
2013-10-27 23:15 - 2012-07-08 02:13 - 01912320 ___SH C:\Users\Michi\Desktop\Thumbs.db
2013-10-27 22:20 - 2013-10-27 22:20 - 00017513 _____ C:\Windows\DirectX.log
2013-10-27 22:20 - 2012-11-28 18:09 - 00000000 ____D C:\Users\Michi\Documents\My Games
2013-10-27 22:19 - 2013-10-27 22:19 - 00000728 _____ C:\Users\Public\Desktop\DTM Experience Demo.lnk
2013-10-27 20:56 - 2012-12-26 16:32 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2929898079-2260005087-1386965309-1000
2013-10-27 20:15 - 2013-10-27 20:15 - 00000000 ____D C:\Users\Michi\AppData\Local\{E07EEECD-5D0F-4403-A52F-8238A47292DB}
2013-10-26 23:21 - 2012-07-26 11:27 - 00755402 _____ C:\Windows\System32\perfh007.dat
2013-10-26 23:21 - 2012-07-26 11:27 - 00156630 _____ C:\Windows\System32\perfc007.dat
2013-10-26 23:21 - 2012-07-26 08:28 - 01754016 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-26 22:25 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\System32\config\ELAM
2013-10-26 18:41 - 2012-07-08 02:12 - 00043008 _____ C:\Users\Michi\Desktop\Film_Liste.xls
2013-10-26 18:35 - 2013-10-26 18:35 - 00000000 ____D C:\Users\Michi\AppData\Local\{49251084-02AC-4550-B271-3D5F92472FB7}
2013-10-25 17:02 - 2013-10-25 17:02 - 00311544 _____ C:\Users\Michi\Desktop\mgb_holly_halston_480p_1000_big.mp4.exe
2013-10-25 16:47 - 2013-10-25 16:47 - 00000000 ____D C:\Users\Michi\AppData\Local\{27CB6A98-A253-44ED-929D-1F0D9346FA3D}
2013-10-24 22:59 - 2013-07-06 10:17 - 00000000 ____D C:\Users\Michi\AppData\Roaming\vlc
2013-10-24 21:21 - 2013-10-16 17:04 - 00016228 _____ C:\Users\Michi\Desktop\wog.xlsx
2013-10-24 15:57 - 2013-10-24 15:57 - 00000000 ____D C:\Users\Michi\AppData\Local\{BBAA9BD6-E9BF-45D8-B545-E6772EEA65DA}
2013-10-23 19:47 - 2013-10-23 19:47 - 00000000 ____D C:\Users\Michi\AppData\Local\{EF06123D-2594-41A5-93BF-35E795C84DB0}
2013-10-22 19:33 - 2012-07-14 10:57 - 00000000 ____D C:\Users\Michi\AppData\Roaming\Skype
2013-10-22 16:33 - 2013-10-22 16:33 - 00000000 ____D C:\Users\Michi\AppData\Local\{2CE30582-A923-445C-9FAA-72E517D56DC9}
2013-10-21 16:37 - 2013-07-11 04:54 - 00000000 ____D C:\Users\Michi\AppData\Local\CrashDumps
2013-10-21 16:30 - 2013-10-21 16:30 - 00000000 ____D C:\Users\Michi\AppData\Local\{90C33B5A-00B6-4070-91D8-B5E02E44BBF1}
2013-10-20 22:24 - 2013-10-20 22:24 - 00000000 ____D C:\Users\Michi\AppData\Local\{D2BAFBCE-B9DE-4E99-B161-6EFB60CEEE9E}
2013-10-20 05:47 - 2013-09-30 05:46 - 00000000 ___HD C:\$Windows.~BT
2013-10-20 03:59 - 2013-10-02 18:32 - 00000000 ____D C:\Windows\System32\appmgmt
2013-10-20 03:59 - 2013-10-01 17:49 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-20 03:59 - 2013-06-26 16:45 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2013-10-20 03:59 - 2013-01-20 13:42 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-10-20 03:59 - 2012-12-26 16:27 - 00000000 ____D C:\ProgramData\PRICache
2013-10-20 03:59 - 2012-12-26 16:19 - 00000000 ____D C:\users\Michi
2013-10-20 03:59 - 2012-12-26 16:19 - 00000000 ____D C:\ProgramData\Creative
2013-10-20 03:59 - 2012-12-26 16:18 - 00000000 ____D C:\Windows\SysWOW64\data
2013-10-20 03:59 - 2012-12-26 16:18 - 00000000 ____D C:\Windows\System32\data
2013-10-20 03:59 - 2012-12-26 16:18 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-20 03:59 - 2012-12-26 16:18 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-10-20 03:59 - 2012-12-26 16:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-20 03:59 - 2012-07-26 11:29 - 00000000 ____D C:\Windows\ShellNew
2013-10-20 03:59 - 2012-07-26 11:27 - 00000000 ____D C:\Windows\SysWOW64\WCN
2013-10-20 03:59 - 2012-07-26 11:27 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2013-10-20 03:59 - 2012-07-26 11:27 - 00000000 ____D C:\Windows\System32\WCN
2013-10-20 03:59 - 2012-07-26 09:18 - 00000000 ____D C:\Windows\DigitalLocker
2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 __SHD C:\Program Files\Windows Sidebar
2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\IME
2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\spool
2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\Recovery
2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\NDF
2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\MUI
2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\IME
2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\schemas
2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\LiveKernelReports
2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\IME
2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\Help
2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Common Files\System
2013-10-20 03:59 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-10-20 03:59 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\SysWOW64\SMI
2013-10-20 03:59 - 2012-07-08 01:07 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2013-10-20 03:59 - 2012-07-08 01:07 - 00000000 ____D C:\Windows\System32\STRING
2013-10-20 03:59 - 2011-04-12 08:54 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-10-20 01:39 - 2013-10-20 01:39 - 00034172 _____ C:\plugin003.dmp
2013-10-20 01:29 - 2013-10-20 01:29 - 00120976 _____ C:\plugin002.dmp
2013-10-20 01:15 - 2011-06-03 14:45 - 00000000 __SHD C:\Recovery
2013-10-20 01:10 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\System32\config\BBI
2013-10-20 01:07 - 2012-12-26 16:19 - 00089538 _____ C:\Windows\diagwrn.xml
2013-10-20 01:07 - 2012-12-26 16:19 - 00089538 _____ C:\Windows\diagerr.xml
2013-10-20 01:04 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\registration
2013-10-20 00:53 - 2013-10-20 00:53 - 00000000 ____D C:\Users\Michi\AppData\Local\{6FCB6487-F180-4ADE-A56C-550D75BF2D50}
2013-10-18 23:41 - 2013-10-18 23:41 - 00000000 ____D C:\Users\Michi\AppData\Local\{7F7B4820-2E9B-4D06-8C14-3C4A4EF9D215}
2013-10-18 23:41 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-10-18 06:54 - 2013-10-18 06:54 - 00000000 ____D C:\Users\Michi\AppData\Local\{EB0BAAC1-5BAE-410B-82AE-859CD30A9DE1}
2013-10-18 03:12 - 2013-10-18 03:12 - 00033772 _____ C:\plugin001.dmp
2013-10-18 03:02 - 2013-10-18 03:02 - 00123696 _____ C:\plugin000.dmp
2013-10-17 16:02 - 2013-10-17 16:02 - 00000000 ____D C:\Users\Michi\AppData\Local\{80B3C1BF-E8DD-4AAF-A2AA-D79F4AACBD9D}
2013-10-16 21:26 - 2012-12-26 16:18 - 00094514 _____ C:\Windows\PFRO.log
2013-10-16 16:29 - 2013-10-16 16:29 - 00009193 _____ C:\Users\Michi\Desktop\teste.txt
2013-10-16 16:01 - 2013-10-16 16:01 - 00000000 ____D C:\Users\Michi\AppData\Local\{4271292A-7E97-4AB5-A96F-21542D8CB77A}
2013-10-14 18:58 - 2012-07-08 11:05 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-14 18:44 - 2012-07-08 11:05 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-14 18:27 - 2012-07-08 09:49 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-14 18:24 - 2013-10-14 18:24 - 00000000 ____D C:\Users\Michi\AppData\Local\{B8D1C393-E9B5-4679-A59A-3A39FB2CEA40}
2013-10-13 22:11 - 2013-10-13 22:11 - 00000669 _____ C:\Users\Public\Desktop\ClipGrab.lnk
2013-10-13 14:38 - 2013-10-13 14:38 - 00000000 ____D C:\Users\Michi\AppData\Local\{9404914B-E53D-4A49-95F3-051F2393FDFE}
2013-10-12 08:29 - 2013-10-12 08:29 - 00000000 ____D C:\Users\Michi\AppData\Local\{246D66E0-8BBF-406B-905F-5AAC212127A6}
2013-10-11 20:29 - 2013-10-11 20:29 - 00000000 ____D C:\Users\Michi\AppData\Local\{7200AA3D-5189-422C-BFDD-E30B61EE8FE1}
2013-10-11 16:41 - 2013-05-14 15:59 - 00050688 ___SH C:\Users\Michi\Downloads\Thumbs.db
2013-10-11 08:42 - 2013-10-11 08:27 - 00000000 ____D C:\Users\Michi\Documents\Battlefield 4 Beta
2013-10-10 21:38 - 2013-10-10 21:38 - 00457440 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-10 21:37 - 2013-10-10 21:37 - 00000000 ____D C:\Users\Michi\AppData\Local\NOS
2013-10-10 21:37 - 2012-07-15 15:37 - 00000000 ____D C:\Users\Michi\AppData\Local\Adobe
2013-10-10 21:30 - 2013-10-10 21:30 - 00000000 ____D C:\Users\Michi\AppData\Local\{047C9D4C-1490-4229-9D06-AA8CE3DC6B8F}
2013-10-10 17:39 - 2013-01-28 18:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-10 17:39 - 2012-07-14 10:57 - 00000000 ____D C:\ProgramData\Skype
2013-10-10 16:09 - 2012-07-14 17:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 16:09 - 2012-07-14 17:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-10 07:26 - 2013-10-10 07:26 - 00000000 ____D C:\Users\Michi\AppData\Local\{801D22B7-1955-4278-B7F6-5F7649C094FA}
2013-10-09 16:21 - 2013-10-09 15:46 - 642330513 _____ C:\Users\Michi\Downloads\mshflollykarlo_720.mp4
2013-10-09 16:08 - 2013-09-25 19:04 - 261601425 _____ C:\Users\Michi\Downloads\mshfsirityler_qt.mp4
2013-10-09 15:53 - 2013-09-25 19:04 - 185203649 _____ C:\Users\Michi\Downloads\mfhmevadanny2_qt.mp4
2013-10-09 13:02 - 2013-08-11 12:36 - 00000000 ____D C:\Windows\System32\MRT
2013-10-09 13:02 - 2012-07-08 00:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 13:01 - 2012-07-17 20:19 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-09 12:37 - 2013-10-09 12:37 - 00000000 ____D C:\Users\Michi\AppData\Local\{C9308253-3DDE-44EB-B441-5F34DE0350CE}
2013-10-08 18:31 - 2013-09-22 11:50 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 15:50 - 2013-10-08 15:50 - 00000000 ____D C:\Users\Michi\AppData\Local\{4C987E85-C912-4211-BF85-955951C2FDC5}
2013-10-07 16:15 - 2013-10-07 16:15 - 00000000 ____D C:\Users\Michi\AppData\Local\{CF92C35C-7944-4475-BD32-A167C2E40063}
2013-10-06 09:36 - 2013-10-06 09:36 - 00003586 _____ C:\Windows\System32\Tasks\Bitdefender Auto-Scan
2013-10-05 18:02 - 2013-10-05 18:02 - 00000000 ____D C:\Users\Michi\AppData\Local\{B1762FEA-2B74-4A45-9187-3B3E81963153}
2013-10-05 04:06 - 2013-10-05 04:06 - 00000000 ____D C:\Users\Michi\AppData\Local\{1C61FDC5-48EA-49A5-8011-DCFB98ABEA33}
2013-10-04 11:43 - 2013-10-04 11:43 - 00000000 ____D C:\Users\Michi\AppData\Local\{840C8AEB-C88A-4E92-BCFD-AA5E4E2A34B1}
2013-10-03 17:18 - 2013-10-03 17:18 - 00000000 ____D C:\Users\Michi\AppData\Local\{580A8D53-CBFC-459F-9997-62F6E2E75160}
2013-10-02 22:02 - 2013-10-02 22:02 - 00000000 ____D C:\Users\Michi\AppData\Local\{5E84FF87-58DE-46E3-9353-10475D7FB6F9}
2013-10-02 18:57 - 2013-10-02 18:48 - 00000000 ____D C:\Users\Michi\Documents\Battlefield 4
2013-10-02 18:48 - 2012-08-09 16:53 - 00000000 ____D C:\Users\Michi\AppData\Local\PunkBuster
2013-10-02 18:45 - 2013-10-02 18:45 - 00000726 _____ C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk
2013-10-02 18:45 - 2012-07-08 11:05 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-02 18:34 - 2013-10-02 18:34 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-10-02 18:33 - 2013-10-02 18:33 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-02 02:38 - 2012-07-26 09:14 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-02 02:38 - 2012-07-26 09:14 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-01 22:57 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-10-01 21:02 - 2012-07-08 10:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-01 21:01 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-10-01 20:54 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2013-10-01 17:52 - 2013-10-01 17:52 - 00000000 ____D C:\Users\Michi\AppData\Local\NVIDIA
2013-10-01 17:51 - 2013-10-01 17:51 - 00001351 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-10-01 17:51 - 2013-10-01 17:51 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-01 17:50 - 2013-10-01 17:50 - 00002137 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2013-10-01 17:50 - 2013-10-01 17:50 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-10-01 17:50 - 2013-10-01 17:50 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten
2013-10-01 17:44 - 2012-12-05 17:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-01 17:44 - 2012-07-08 00:16 - 00000000 ____D C:\Users\Michi\AppData\Local\Mozilla
2013-10-01 17:26 - 2013-10-01 17:26 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-10-01 17:26 - 2012-07-08 00:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-01 17:25 - 2013-10-01 17:25 - 00000000 ____D C:\ProgramData\Samsung
2013-10-01 17:25 - 2013-10-01 17:25 - 00000000 ____D C:\Program Files (x86)\Samsung Magician
2013-10-01 15:59 - 2013-10-01 15:59 - 00000000 ____D C:\Users\Michi\AppData\Local\{0EDB0FA7-120B-4B7C-9D41-AAF765A4E81B}
2013-09-30 15:58 - 2013-09-30 15:57 - 00000000 ____D C:\Users\Michi\AppData\Local\{A9DA5267-CA67-4E6D-B053-F01BE1B2C4AF}
2013-09-29 22:06 - 2012-08-05 19:29 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-09-29 21:52 - 2013-09-29 21:52 - 00000000 ____D C:\Users\Michi\AppData\Local\{FE1E4D3D-9013-431A-803C-7C1221A00C13}
2013-09-28 19:38 - 2013-09-28 19:37 - 00000000 ____D C:\Users\Michi\AppData\Local\{C5962516-9652-4231-8038-377549D0CF72}
2013-09-28 06:43 - 2013-09-28 06:43 - 00000000 ____D C:\Users\Michi\AppData\Local\{3837875B-84AD-4B74-8785-7723956583B7}

Files to move or delete:
====================
C:\ProgramData\lwwr2t7.dss


Some content of TEMP:
====================
C:\Users\Michi\AppData\Local\Temp\h1584282133.tmp.dll
C:\Users\Michi\AppData\Local\Temp\jrrihwdjav.exe
C:\Users\Michi\AppData\Local\Temp\owxmdn.exe
C:\Users\Michi\AppData\Local\Temp\sonarinst.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

4
Restore point made on: 2013-10-16 17:18:42
Restore point made on: 2013-10-20 00:54:28
Restore point made on: 2013-10-24 16:10:13
Restore point made on: 2013-10-27 22:19:54

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8175.29 MB
Available physical RAM: 7323.59 MB
Total Pagefile: 8175.29 MB
Available Pagefile: 7330.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:51.1 GB) NTFS
Drive d: (Volume) (Fixed) (Total:232.88 GB) (Free:227.18 GB) NTFS
Drive e: (new_hdd) (Fixed) (Total:931.51 GB) (Free:566.96 GB) NTFS
Drive f: (Volume) (Fixed) (Total:492.15 GB) (Free:24.44 GB) NTFS
Drive g: () (Removable) (Total:7.31 GB) (Free:7.28 GB) FAT32
Drive h: (Volume) (Fixed) (Total:439.36 GB) (Free:412.67 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 3EF9D02B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 518B5D2A)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6F3C21DD)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 76417FF0)
Partition 1: (Not Active) - (Size=932 GB) - (Type=42)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-10-27 20:56

==================== End Of Log ============================
--- --- ---


Was kann ich nun tun, um diesen Trojaner zu entfernen?

Vielen Dank im Voraus für eure Antworten.

Gruss
Michi

schrauber 28.10.2013 08:35
hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\Michi\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION
HKU\Michi\...\Command Processor: "C:\Users\Michi\Documents\15dd4378.exe" <===== ATTENTION!
Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t2rwwl.lnk
ShortcutTarget: 7t2rwwl.lnk -> C:\PROGRA~3\lwwr2t7.dss (Sekizenkan Company)
S2 Winmgmt; C:\PROGRA~3\7t2rwwl.pss [62052 2013-10-27] (Microsoft Corporation)
C:\ProgramData\lwwr2t7.dss
C:\Users\Michi\Documents\15dd4378.exe
C:\Users\Michi\AppData\Local\Temp\h1584282133.tmp.dll
C:\Users\Michi\AppData\Local\Temp\jrrihwdjav.exe
C:\Users\Michi\AppData\Local\Temp\owxmdn.exe
C:\Users\Michi\AppData\Local\Temp\sonarinst.exe
2013-10-28 00:00 - 2013-10-27 23:26 - 95025368 ____T C:\ProgramData\7t2rwwl.bxx
2013-10-28 00:00 - 2013-10-27 23:26 - 00000000 _____ C:\ProgramData\7t2rwwl.fvv
2013-10-27 23:26 - 2013-10-28 00:00 - 95025368 ____T C:\ProgramData\7t2rwwl.bxx
2013-10-27 23:26 - 2013-10-28 00:00 - 00000000 _____ C:\ProgramData\7t2rwwl.fvv
2013-10-27 23:26 - 2013-10-27 23:26 - 00139264 _____ (Sekizenkan Company) C:\ProgramData\lwwr2t7.dss
2013-10-27 23:26 - 2013-10-27 23:26 - 00062052 ____T (Microsoft Corporation) C:\ProgramData\7t2rwwl.pss
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Rechner normal starten.

FlYiNgIcEmAn 28.10.2013 21:18
Hallo schrauber,

Vielen Dank für deine Antwort.
Den Fix habe ich, gemäss Anleitung ausgeführt.
Hier die Daten vom Fixlog

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2013 01
Ran by SYSTEM at 2013-10-28 17:25:08 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Michi\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION
HKU\Michi\...\Command Processor: "C:\Users\Michi\Documents\15dd4378.exe" <===== ATTENTION!
Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t2rwwl.lnk
ShortcutTarget: 7t2rwwl.lnk -> C:\PROGRA~3\lwwr2t7.dss (Sekizenkan Company)
S2 Winmgmt; C:\PROGRA~3\7t2rwwl.pss [62052 2013-10-27] (Microsoft Corporation)
C:\ProgramData\lwwr2t7.dss
C:\Users\Michi\Documents\15dd4378.exe
C:\Users\Michi\AppData\Local\Temp\h1584282133.tmp.dll
C:\Users\Michi\AppData\Local\Temp\jrrihwdjav.exe
C:\Users\Michi\AppData\Local\Temp\owxmdn.exe
C:\Users\Michi\AppData\Local\Temp\sonarinst.exe
2013-10-28 00:00 - 2013-10-27 23:26 - 95025368 ____T C:\ProgramData\7t2rwwl.bxx
2013-10-28 00:00 - 2013-10-27 23:26 - 00000000 _____ C:\ProgramData\7t2rwwl.fvv
2013-10-27 23:26 - 2013-10-28 00:00 - 95025368 ____T C:\ProgramData\7t2rwwl.bxx
2013-10-27 23:26 - 2013-10-28 00:00 - 00000000 _____ C:\ProgramData\7t2rwwl.fvv
2013-10-27 23:26 - 2013-10-27 23:26 - 00139264 _____ (Sekizenkan Company) C:\ProgramData\lwwr2t7.dss
2013-10-27 23:26 - 2013-10-27 23:26 - 00062052 ____T (Microsoft Corporation) C:\ProgramData\7t2rwwl.pss
*****************

HKU\Michi\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Michi\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t2rwwl.lnk => Moved successfully.
C:\PROGRA~3\lwwr2t7.dss => Moved successfully.
Winmgmt => Service restored successfully.
"C:\ProgramData\lwwr2t7.dss" => File/Directory not found.
"C:\Users\Michi\Documents\15dd4378.exe" => File/Directory not found.
C:\Users\Michi\AppData\Local\Temp\h1584282133.tmp.dll => Moved successfully.
C:\Users\Michi\AppData\Local\Temp\jrrihwdjav.exe => Moved successfully.
C:\Users\Michi\AppData\Local\Temp\owxmdn.exe => Moved successfully.
C:\Users\Michi\AppData\Local\Temp\sonarinst.exe => Moved successfully.
C:\ProgramData\7t2rwwl.bxx => Moved successfully.
C:\ProgramData\7t2rwwl.fvv => Moved successfully.
"C:\ProgramData\7t2rwwl.bxx" => File/Directory not found.
"C:\ProgramData\7t2rwwl.fvv" => File/Directory not found.
"C:\ProgramData\lwwr2t7.dss" => File/Directory not found.
C:\ProgramData\7t2rwwl.pss => Moved successfully.

==== End of Fixlog ====
Erscheinen tut er jedenfalls bis jetzt nicht mehr, aber denke weg ist er noch nicht.
Wie geht es nun weiter?

Vielen Dank für die Hilfe!

Sorry für den doppel Post, ich habe mich vorhin entschieden, meinen Rechner neuzuinstallieren.
Die Daten konnte ich nun dank deiner Hilfe auch sichern.
Hoffe es ist OK für dich.

schrauber 29.10.2013 12:42
ok.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19