| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner, abgesichert hochfahren nicht möglich, rebootWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.06.2013, 17:54
| #1 |
 |  GVU-Trojaner, abgesichert hochfahren nicht möglich, reboot hallo zusammen, mein laptop mag nicht mehr hochfahren. im normalen modus kommt der gvu-trojaner und abgesichert gibts n reboot. hier mal das scan result von frst.exe: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-06-2013
Ran by SYSTEM on 18-06-2013 19:46:23
Running from F:\
Windows Vista (TM) Home Premium (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [90112 2006-07-11] ()
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1025320 2007-10-09] (Synaptics, Inc.)
HKLM\...\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe [820736 2006-12-07] (ODSoft multimedia)
HKLM\...\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [56928 2006-11-23] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe" [54832 2006-12-05] ()
HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [155648 2003-09-30] (Scansoft, Inc.)
HKLM\...\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [69632 2006-03-21] (ScanSoft, Inc.)
HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-10-09] (Synaptics, Inc.)
HKLM\...\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe [152952 2007-08-23] (Symantec Corporation)
HKLM\...\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" [177800 2007-03-12] (Symantec Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [318464 2008-01-19] (Microsoft Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\Lothar\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Lothar\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Lothar\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Lothar\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [ 2012-07-13] (Skype Technologies S.A.)
HKU\Lothar\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Lothar\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Lothar\AppData\Local\Temp\amsxwiykldaqlupvw.exe [ 2013-06-17] (Mozilla Foundation)
HKU\Lothar\...\Winlogon: [Shell] cmd.exe [ 2008-01-19] (Microsoft Corporation) <==== ATTENTION
HKU\Lothar\...\Command Processor: "C:\Users\Lothar\AppData\Local\Temp\amsxwiykldaqlupvw.exe" <===== ATTENTION!
Startup: C:\Users\Lothar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
========================== Services (Whitelisted) =================
S2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [243064 2007-08-31] (Symantec Corporation)
S2 Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [243064 2007-08-31] (Symantec Corporation)
S2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [247096 2010-09-06] ()
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [3192184 2007-08-23] (Symantec Corporation)
S2 NIS; C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.1.14\diMaster.dll [309688 2012-04-13] (Symantec Corporation)
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S2 srvcPVR; C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe [1459712 2006-12-15] (Buhl Data Service GmbH)
S2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)
S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [x]
S2 LiveUpdate Notice Service; "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /m PifEng.dll [x]
==================== Drivers (Whitelisted) ====================
S3 aver7700; C:\Windows\System32\Drivers\aver7700.sys [167424 2007-03-07] (AVerMedia TECHNOLOGIES, Inc.)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130531.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-09] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-09] (Symantec Corporation)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. )
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130614.001\IDSvix86.sys [386720 2012-10-20] (Symantec Corporation)
S3 MTOnlPktAlyX; C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [19200 2010-08-27] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130617.002\NAVENG.SYS [93272 2013-06-13] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130617.002\NAVEX15.SYS [1611992 2013-06-13] (Symantec Corporation)
S3 SD11CL32; C:\Windows\System32\DRIVERS\SD11CL32.sys [82176 2010-06-29] (SCM Microsystems Inc.)
S3 SDI01132; C:\Windows\System32\DRIVERS\SDI01132.sys [65408 2010-05-26] (SCM Microsystems Inc.)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS [340088 2011-08-15] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-07-01] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [35960 2011-11-23] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS [149624 2012-04-18] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS [345208 2012-04-18] (Symantec Corporation)
S3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SipIMNDI; system32\DRIVERS\SipIMNDI.sys [x]
S3 SYMDNS; \SystemRoot\System32\Drivers\NIS\1002000.007\SYMDNS.SYS [x]
S3 SYMFW; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMFW.SYS [x]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS [x]
S3 SYMREDRV; \SystemRoot\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS [x]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
========================== Drivers MD5 =======================
C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 3911B972B55FEA0478476B2E777B29FA
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 90395B64600EBB4552E26E178C94B2E4
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys 0577DF1D323FE75A739C787893D300EA
C:\Windows\system32\drivers\amdk7.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\Drivers\aver7700.sys 01A46C4791540C8CE27EAFB4A9CD42DA
C:\Windows\System32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130531.001\BHDrvx86.sys 6C6AC7CA8A034C15C52B35189BAD58EE
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys ACE85AF1C31F68BDFEE9333F6592917E
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\system32\drivers\cmdide.sys 45201046C776FFDAF3FC8A0029C581C8
C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 5DE0FAEC9E5D1AAE74F8568897891A01
C:\Windows\System32\DRIVERS\e100b325.sys 5C940A174DFB2C42B9F6BA6EDC2BAA0B
C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 85B8B4032A895A746D46A288A9B30DED
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys B5A8A04A6E5B4E86B95B1553AA918F5F
C:\Windows\System32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\System32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fetnd5.sys B2B2C38E916184FF8523C7439DDD417F
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\System32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VSTAZL3.SYS 46D67209550973257601A533E2AC5785
C:\Windows\System32\DRIVERS\HSX_DPV.sys EFED6BD9B9D5F407ADCA918BBE2D410D
C:\Windows\System32\DRIVERS\HSXHWAZL.sys C2EB8396C46E13F76037D70EAE8820A9
C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE
C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130614.001\IDSvix86.sys 404FB2AAF532BC7BBACC8880BE401C74
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 0789485FFAE865458E0F079DCBF4FCD2
C:\Windows\system32\drivers\intelide.sys 97469037714070E45194ED318D636401
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7
C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\System32\DRIVERS\mdmxsdk.sys 0CEA2D0D3FA284B85ED5B68365114F76
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\system32\drivers\msahci.sys 742AED7939E734C36B7E8D6228CE26B7
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\System32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS 036300114255B3C78BFB616CE8BC7AD9
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130617.002\NAVENG.SYS CE2156DF796D41614AB60E68D107D573
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130617.002\NAVEX15.SYS 19CEB8F4EC8C800A53D0B67E658E0367
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\System32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\System32\DRIVERS\NETw3v32.sys ACC6170D80C69E50145B370023B64ED3
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\System32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C
C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\o2media.sys A874F4E22D116BF5701DB6DD8BCB1D27
C:\Windows\System32\DRIVERS\o2sd.sys 55153F3F852C4BC0E050A65F5D914C01
C:\Windows\System32\DRIVERS\ohci1394.sys 6F310E890D46E246E0E261A63D9B36B4
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\System32\DRIVERS\pciide.sys 1636D43F10416AEB483BC6001097B26C
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\atikmdag.sys 554685122B4F973E21D66C2BAAF29543
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\System32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SD11CL32.sys C1FD0AC3EB9746C2BF7EF3C179807068
C:\Windows\System32\DRIVERS\sdbus.sys 4339A2585708C7D9B0C0CE5AAD3DD6FF
C:\Windows\System32\DRIVERS\SDI01132.sys BD99FA31EE377EF6E96AC19A5B88B286
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\System32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS 7BB297CADA42903328E92425D9761DA6
C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS 475FCF0F28D845BF1C8ABAC27F19003E
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS 690FA0E61B90084C4D9A721BD4F3D779
C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS 8F88EDB211B12537D2DC2A6D73D6067C
C:\Windows\system32\Drivers\SYMEVENT.SYS 74E2521E96176A4449570E50BE91954D
C:\Windows\System32\DRIVERS\SymIMv.sys 6E3AD51710CB4A27EA70ADF685FCA4CA
C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS 2C356CCA706505CF63CBE39D532B9236
C:\Windows\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS 40C6E6417C8B7D7FCF82CFBE71525795
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 03B76B4C38C6A0FCE763FF272E94490D
C:\Windows\System32\drivers\tcpip.sys 548E198BAE21EFC21F8B5F0C1728AD27
C:\Windows\System32\DRIVERS\tcpip.sys 548E198BAE21EFC21F8B5F0C1728AD27
C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\DRIVERS\tssecsrv.sys DCF0F056A2E4F52287264F5AB29CF206
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\System32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\Drivers\usbaapl.sys C1CA131F4E3ED63D6BC89A35FFAD4CDA
C:\Windows\System32\DRIVERS\usbccgp.sys CAF811AE4C147FFCD5B51750C7F09142
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 79E96C23A97CE7B8F14D310DA2DB0C9B
C:\Windows\System32\DRIVERS\usbhub.sys 4673BBCB006AF60E7ABDDBE7A130BA42
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys A508C9BD8724980512136B039BBA65E9
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys FD2E3175FCADA350C7AB4521DCA187EC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\HSX_CNXT.sys D0116C473EF3C381A42BB55036A1ADB1
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wpdusb.sys 0CEC23084B51B8288099EB710224E955
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\Drivers\x10hid.sys AB2D77BF7222B007717ABB61B15F9AE2
C:\Windows\System32\DRIVERS\XAudio32.sys 22A08B9FAECD6A306868F59B7F03F188
C:\Windows\System32\Drivers\x10ufx2.sys 6BBF7A3BAB8FFDCCF82057FA2AAE2B7B
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-18 20:41 - 2013-06-18 19:16 - 01365717 ____A (Farbar) C:\FRST.exe
2013-06-18 19:45 - 2013-06-18 19:45 - 00000000 ____D C:\FRST
2013-06-17 19:27 - 2013-06-17 19:27 - 00163044 ____A C:\ProgramData\2433f433
2013-06-17 19:27 - 2013-06-17 19:27 - 00163032 ____A C:\Users\Lothar\AppData\Roaming\2433f433
2013-06-17 19:27 - 2013-06-17 19:27 - 00163004 ____A C:\Users\Lothar\AppData\Local\2433f433
2013-06-14 19:25 - 2013-06-14 19:25 - 01103360 ____A C:\Users\Lothar\Downloads\ulliscomputergeschichten M.pps
2013-06-12 18:14 - 2013-05-17 00:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 18:14 - 2013-05-16 23:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 18:14 - 2013-05-16 23:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 18:14 - 2013-05-16 23:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 18:14 - 2013-05-16 23:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 18:14 - 2013-05-16 23:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 18:14 - 2013-05-16 23:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 18:14 - 2013-05-16 23:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 18:14 - 2013-05-16 23:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 18:14 - 2013-05-16 23:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 18:14 - 2013-05-16 23:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-12 18:14 - 2013-05-16 23:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 18:14 - 2013-05-16 23:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 18:14 - 2013-05-16 23:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 18:14 - 2013-05-16 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 18:14 - 2013-05-16 23:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 17:59 - 2013-04-17 13:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 17:57 - 2013-05-08 05:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 17:57 - 2013-05-02 05:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 17:57 - 2013-05-02 05:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 17:56 - 2013-05-02 23:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 17:56 - 2013-05-02 23:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 17:56 - 2013-04-24 05:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 17:56 - 2013-04-24 05:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 17:56 - 2013-04-24 05:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 17:56 - 2013-04-24 05:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 17:56 - 2013-04-24 02:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-04 19:54 - 2013-06-04 19:54 - 02112512 ____A C:\Users\Lothar\Downloads\unserem_Gedächtnis_geht_s_an_den_Kragen M.pps
2013-06-01 16:51 - 2013-06-01 16:51 - 02173440 ____A C:\Users\Lothar\Downloads\Bienen D.pps
2013-05-28 20:27 - 2013-05-28 20:27 - 05158912 ____A C:\Users\Lothar\Downloads\Koeniglich_reisen_II D.pps
2013-05-28 20:26 - 2013-05-28 20:26 - 01777152 ____A C:\Users\Lothar\Downloads\AstronautWheelockPics D.pps
2013-05-28 20:25 - 2013-05-28 20:25 - 00891904 ____A C:\Users\Lothar\Downloads\EVWA-de D.pps
2013-05-28 20:23 - 2013-05-28 20:23 - 00507905 ____A C:\Users\Lothar\Downloads\schön schön D.pps
==================== One Month Modified Files and Folders ========
2013-06-18 19:45 - 2013-06-18 19:45 - 00000000 ____D C:\FRST
2013-06-18 19:16 - 2013-06-18 20:41 - 01365717 ____A (Farbar) C:\FRST.exe
2013-06-18 18:56 - 2007-02-01 19:47 - 00000000 ____D C:\users\Lothar
2013-06-18 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\spool
2013-06-18 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-06-18 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-18 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-06-18 18:16 - 2007-02-01 19:44 - 01563046 ____A C:\Windows\WindowsUpdate.log
2013-06-18 18:15 - 2006-11-02 13:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-06-18 18:13 - 2010-04-16 10:43 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-18 18:13 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-18 18:13 - 2006-11-02 13:47 - 00005152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-18 18:13 - 2006-11-02 13:47 - 00005152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-18 15:36 - 2006-11-02 14:01 - 00032588 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-18 15:22 - 2012-11-27 20:07 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-18 15:20 - 2006-11-02 11:33 - 01472526 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-18 15:08 - 2010-04-16 10:44 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-17 19:27 - 2013-06-17 19:27 - 00163044 ____A C:\ProgramData\2433f433
2013-06-17 19:27 - 2013-06-17 19:27 - 00163032 ____A C:\Users\Lothar\AppData\Roaming\2433f433
2013-06-17 19:27 - 2013-06-17 19:27 - 00163004 ____A C:\Users\Lothar\AppData\Local\2433f433
2013-06-17 18:57 - 2011-05-30 14:59 - 00000000 ____D C:\Users\Lothar\AppData\Roaming\Skype
2013-06-14 20:00 - 2009-10-27 18:53 - 00000000 ____D C:\Users\Lothar\AppData\Local\CrashDumps
2013-06-14 19:25 - 2013-06-14 19:25 - 01103360 ____A C:\Users\Lothar\Downloads\ulliscomputergeschichten M.pps
2013-06-13 12:48 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-12 18:03 - 2006-11-02 11:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-11 19:03 - 2012-11-27 20:07 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 19:03 - 2011-06-17 19:27 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-06 20:05 - 2010-02-22 19:29 - 00000000 ___RD C:\Users\Lothar\Dokumente
2013-06-04 19:54 - 2013-06-04 19:54 - 02112512 ____A C:\Users\Lothar\Downloads\unserem_Gedächtnis_geht_s_an_den_Kragen M.pps
2013-06-02 14:09 - 2007-09-17 23:30 - 00000000 ___RD C:\Users\Lothar\Desktop\Bilder
2013-06-02 09:24 - 2007-02-04 17:07 - 00032256 ____A C:\Users\Lothar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-01 16:51 - 2013-06-01 16:51 - 02173440 ____A C:\Users\Lothar\Downloads\Bienen D.pps
2013-05-28 20:27 - 2013-05-28 20:27 - 05158912 ____A C:\Users\Lothar\Downloads\Koeniglich_reisen_II D.pps
2013-05-28 20:26 - 2013-05-28 20:26 - 01777152 ____A C:\Users\Lothar\Downloads\AstronautWheelockPics D.pps
2013-05-28 20:25 - 2013-05-28 20:25 - 00891904 ____A C:\Users\Lothar\Downloads\EVWA-de D.pps
2013-05-28 20:23 - 2013-05-28 20:23 - 00507905 ____A C:\Users\Lothar\Downloads\schön schön D.pps
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-03-13 23:18:56
Restore point made on: 2013-03-13 23:59:02
Restore point made on: 2013-04-08 18:35:36
Restore point made on: 2013-04-08 18:43:48
Restore point made on: 2013-04-11 16:44:21
Restore point made on: 2013-04-11 17:24:33
Restore point made on: 2013-04-24 18:53:14
Restore point made on: 2013-05-15 19:14:33
Restore point made on: 2013-06-12 18:00:31
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=C:
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
default {default}
resumeobject {336fbaea-9c85-11db-a359-ecf147866b44}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
Windows-Startladeprogramm
-------------------------
Bezeichner {default}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale de-DE
inherit {bootloadersettings}
osdevice partition=C:
systemroot \Windows
resumeobject {336fbaea-9c85-11db-a359-ecf147866b44}
nx OptIn
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {336fbaea-9c85-11db-a359-ecf147866b44}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae No
debugoptionenabled No
Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows-Speicherdiagnose
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
Windows-Legacybetriebssystem-Ladeprogramm
-----------------------------------------
Bezeichner {ntldr}
device partition=C:
path \ntldr
description Frhere Windows-Version
EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems Yes
Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM-Defekte
-----------
Bezeichner {badmemory}
Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}
==================== Memory info ===========================
Percentage of memory in use: 19%
Total physical RAM: 2045.45 MB
Available physical RAM: 1641.93 MB
Total Pagefile: 1861.29 MB
Available Pagefile: 1714.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.5 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:129.51 GB) (Free:56.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:19.52 GB) (Free:12.57 GB) FAT32
Drive e: (LRMCFRE_DE_DVD) (CDROM) (Total:2.46 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:3.8 GB) (Free:3.76 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: BCDBF9BE)
Partition 1: (Active) - (Size=130 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: FCA70D1F)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
LastRegBack: 2013-06-18 15:28
==================== End Of Log ============================
schon mal danke für eure mühe |
|
18.06.2013, 18:19
| #2 |
| /// the machine /// TB-Ausbilder    | GVU-Trojaner, abgesichert hochfahren nicht möglich, reboot Hi,
__________________Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Lothar\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Lothar\AppData\Local\Temp\amsxwiykldaqlupvw.exe [ 2013-06-17] (Mozilla Foundation)
HKU\Lothar\...\Winlogon: [Shell] cmd.exe [ 2008-01-19] (Microsoft Corporation) <==== ATTENTION
HKU\Lothar\...\Command Processor: "C:\Users\Lothar\AppData\Local\Temp\amsxwiykldaqlupvw.exe" <===== ATTENTION!
2013-06-17 19:27 - 2013-06-17 19:27 - 00163044 ____A C:\ProgramData\2433f433
2013-06-17 19:27 - 2013-06-17 19:27 - 00163032 ____A C:\Users\Lothar\AppData\Roaming\2433f433
2013-06-17 19:27 - 2013-06-17 19:27 - 00163004 ____A C:\Users\Lothar\AppData\Local\2433f433
__________________ |
|
18.06.2013, 18:34
| #3 |
| | GVU-Trojaner, abgesichert hochfahren nicht möglich, reboot hier der fixlog.txt:
__________________Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-06-2013
Ran by SYSTEM at 2013-06-18 20:33:10 Run:1
Running from F:\
Boot Mode: Recovery
==============================================
HKU\Lothar\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\Lothar\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Lothar\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\Lothar\AppData\Roaming\2433f433 => Moved successfully.
C:\Users\Lothar\AppData\Local\2433f433 => Moved successfully.
==== End of Fixlog ====
|
|
18.06.2013, 18:36
| #4 |
| /// the machine /// TB-Ausbilder | GVU-Trojaner, abgesichert hochfahren nicht möglich, reboot Neu booten, freuen 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.06.2013, 18:38
| #5 |
| | GVU-Trojaner, abgesichert hochfahren nicht möglich, reboot nö leider nicht, der drecksack ist noch da  abgesichert komme ich zumindest mal in bis in die eingabeaufforderung, aber sobald ich den explorer aufrufe, bototet er wieder neu |
|
18.06.2013, 18:43
| #6 |
| /// the machine /// TB-Ausbilder | GVU-Trojaner, abgesichert hochfahren nicht möglich, reboot Das kommt weil die Infektion noch nicht komplett installiert war, poste mal ein frisches FRST log aus der Recovery. Jetzt werden wir die übrigen Zeilen sehen, nach dem nächsten klappt das, Ehrenwort
__________________ --> GVU-Trojaner, abgesichert hochfahren nicht möglich, reboot |
|
18.06.2013, 20:04
| #7 |
| | GVU-Trojaner, abgesichert hochfahren nicht möglich, reboot nagut dann auf ein neues... FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-06-2013
Ran by SYSTEM on 18-06-2013 22:02:17
Running from F:\
Windows Vista (TM) Home Premium (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [90112 2006-07-11] ()
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1025320 2007-10-09] (Synaptics, Inc.)
HKLM\...\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe [820736 2006-12-07] (ODSoft multimedia)
HKLM\...\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [56928 2006-11-23] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe" [54832 2006-12-05] ()
HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [155648 2003-09-30] (Scansoft, Inc.)
HKLM\...\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [69632 2006-03-21] (ScanSoft, Inc.)
HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-10-09] (Synaptics, Inc.)
HKLM\...\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe [152952 2007-08-23] (Symantec Corporation)
HKLM\...\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" [177800 2007-03-12] (Symantec Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [318464 2008-01-19] (Microsoft Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\Lothar\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Lothar\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Lothar\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Lothar\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [ 2012-07-13] (Skype Technologies S.A.)
HKU\Lothar\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)
Startup: C:\Users\Lothar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
========================== Services (Whitelisted) =================
S2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [243064 2007-08-31] (Symantec Corporation)
S2 Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [243064 2007-08-31] (Symantec Corporation)
S2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [247096 2010-09-06] ()
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [3192184 2007-08-23] (Symantec Corporation)
S2 NIS; C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.1.14\diMaster.dll [309688 2012-04-13] (Symantec Corporation)
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S2 srvcPVR; C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe [1459712 2006-12-15] (Buhl Data Service GmbH)
S2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)
S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [x]
S2 LiveUpdate Notice Service; "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /m PifEng.dll [x]
==================== Drivers (Whitelisted) ====================
S3 aver7700; C:\Windows\System32\Drivers\aver7700.sys [167424 2007-03-07] (AVerMedia TECHNOLOGIES, Inc.)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130531.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-09] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-09] (Symantec Corporation)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. )
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130614.001\IDSvix86.sys [386720 2012-10-20] (Symantec Corporation)
S3 MTOnlPktAlyX; C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [19200 2010-08-27] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130617.002\NAVENG.SYS [93272 2013-06-13] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130617.002\NAVEX15.SYS [1611992 2013-06-13] (Symantec Corporation)
S3 SD11CL32; C:\Windows\System32\DRIVERS\SD11CL32.sys [82176 2010-06-29] (SCM Microsystems Inc.)
S3 SDI01132; C:\Windows\System32\DRIVERS\SDI01132.sys [65408 2010-05-26] (SCM Microsystems Inc.)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS [340088 2011-08-15] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-07-01] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [35960 2011-11-23] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS [149624 2012-04-18] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS [345208 2012-04-18] (Symantec Corporation)
S3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SipIMNDI; system32\DRIVERS\SipIMNDI.sys [x]
S3 SYMDNS; \SystemRoot\System32\Drivers\NIS\1002000.007\SYMDNS.SYS [x]
S3 SYMFW; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMFW.SYS [x]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS [x]
S3 SYMREDRV; \SystemRoot\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS [x]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
========================== Drivers MD5 =======================
C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 3911B972B55FEA0478476B2E777B29FA
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 90395B64600EBB4552E26E178C94B2E4
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys 0577DF1D323FE75A739C787893D300EA
C:\Windows\system32\drivers\amdk7.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\Drivers\aver7700.sys 01A46C4791540C8CE27EAFB4A9CD42DA
C:\Windows\System32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130531.001\BHDrvx86.sys 6C6AC7CA8A034C15C52B35189BAD58EE
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys ACE85AF1C31F68BDFEE9333F6592917E
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\system32\drivers\cmdide.sys 45201046C776FFDAF3FC8A0029C581C8
C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 5DE0FAEC9E5D1AAE74F8568897891A01
C:\Windows\System32\DRIVERS\e100b325.sys 5C940A174DFB2C42B9F6BA6EDC2BAA0B
C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 85B8B4032A895A746D46A288A9B30DED
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys B5A8A04A6E5B4E86B95B1553AA918F5F
C:\Windows\System32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\System32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fetnd5.sys B2B2C38E916184FF8523C7439DDD417F
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\System32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VSTAZL3.SYS 46D67209550973257601A533E2AC5785
C:\Windows\System32\DRIVERS\HSX_DPV.sys EFED6BD9B9D5F407ADCA918BBE2D410D
C:\Windows\System32\DRIVERS\HSXHWAZL.sys C2EB8396C46E13F76037D70EAE8820A9
C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE
C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130614.001\IDSvix86.sys 404FB2AAF532BC7BBACC8880BE401C74
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 0789485FFAE865458E0F079DCBF4FCD2
C:\Windows\system32\drivers\intelide.sys 97469037714070E45194ED318D636401
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7
C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\System32\DRIVERS\mdmxsdk.sys 0CEA2D0D3FA284B85ED5B68365114F76
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\system32\drivers\msahci.sys 742AED7939E734C36B7E8D6228CE26B7
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\System32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS 036300114255B3C78BFB616CE8BC7AD9
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130617.002\NAVENG.SYS CE2156DF796D41614AB60E68D107D573
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130617.002\NAVEX15.SYS 19CEB8F4EC8C800A53D0B67E658E0367
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\System32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\System32\DRIVERS\NETw3v32.sys ACC6170D80C69E50145B370023B64ED3
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\System32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C
C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\o2media.sys A874F4E22D116BF5701DB6DD8BCB1D27
C:\Windows\System32\DRIVERS\o2sd.sys 55153F3F852C4BC0E050A65F5D914C01
C:\Windows\System32\DRIVERS\ohci1394.sys 6F310E890D46E246E0E261A63D9B36B4
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\System32\DRIVERS\pciide.sys 1636D43F10416AEB483BC6001097B26C
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\atikmdag.sys 554685122B4F973E21D66C2BAAF29543
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\System32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SD11CL32.sys C1FD0AC3EB9746C2BF7EF3C179807068
C:\Windows\System32\DRIVERS\sdbus.sys 4339A2585708C7D9B0C0CE5AAD3DD6FF
C:\Windows\System32\DRIVERS\SDI01132.sys BD99FA31EE377EF6E96AC19A5B88B286
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\System32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS 7BB297CADA42903328E92425D9761DA6
C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS 475FCF0F28D845BF1C8ABAC27F19003E
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS 690FA0E61B90084C4D9A721BD4F3D779
C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS 8F88EDB211B12537D2DC2A6D73D6067C
C:\Windows\system32\Drivers\SYMEVENT.SYS 74E2521E96176A4449570E50BE91954D
C:\Windows\System32\DRIVERS\SymIMv.sys 6E3AD51710CB4A27EA70ADF685FCA4CA
C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS 2C356CCA706505CF63CBE39D532B9236
C:\Windows\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS 40C6E6417C8B7D7FCF82CFBE71525795
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 03B76B4C38C6A0FCE763FF272E94490D
C:\Windows\System32\drivers\tcpip.sys 548E198BAE21EFC21F8B5F0C1728AD27
C:\Windows\System32\DRIVERS\tcpip.sys 548E198BAE21EFC21F8B5F0C1728AD27
C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\DRIVERS\tssecsrv.sys DCF0F056A2E4F52287264F5AB29CF206
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\System32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\Drivers\usbaapl.sys C1CA131F4E3ED63D6BC89A35FFAD4CDA
C:\Windows\System32\DRIVERS\usbccgp.sys CAF811AE4C147FFCD5B51750C7F09142
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 79E96C23A97CE7B8F14D310DA2DB0C9B
C:\Windows\System32\DRIVERS\usbhub.sys 4673BBCB006AF60E7ABDDBE7A130BA42
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys A508C9BD8724980512136B039BBA65E9
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys FD2E3175FCADA350C7AB4521DCA187EC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\HSX_CNXT.sys D0116C473EF3C381A42BB55036A1ADB1
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wpdusb.sys 0CEC23084B51B8288099EB710224E955
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\Drivers\x10hid.sys AB2D77BF7222B007717ABB61B15F9AE2
C:\Windows\System32\DRIVERS\XAudio32.sys 22A08B9FAECD6A306868F59B7F03F188
C:\Windows\System32\Drivers\x10ufx2.sys 6BBF7A3BAB8FFDCCF82057FA2AAE2B7B
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-18 20:41 - 2013-06-18 19:16 - 01365717 ____A (Farbar) C:\FRST.exe
2013-06-18 19:45 - 2013-06-18 19:45 - 00000000 ____D C:\FRST
2013-06-14 19:25 - 2013-06-14 19:25 - 01103360 ____A C:\Users\Lothar\Downloads\ulliscomputergeschichten M.pps
2013-06-12 18:14 - 2013-05-17 00:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 18:14 - 2013-05-16 23:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 18:14 - 2013-05-16 23:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 18:14 - 2013-05-16 23:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 18:14 - 2013-05-16 23:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 18:14 - 2013-05-16 23:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 18:14 - 2013-05-16 23:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 18:14 - 2013-05-16 23:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 18:14 - 2013-05-16 23:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 18:14 - 2013-05-16 23:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 18:14 - 2013-05-16 23:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-12 18:14 - 2013-05-16 23:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 18:14 - 2013-05-16 23:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 18:14 - 2013-05-16 23:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 18:14 - 2013-05-16 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 18:14 - 2013-05-16 23:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 17:59 - 2013-04-17 13:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 17:57 - 2013-05-08 05:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 17:57 - 2013-05-02 05:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 17:57 - 2013-05-02 05:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 17:56 - 2013-05-02 23:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 17:56 - 2013-05-02 23:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 17:56 - 2013-04-24 05:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 17:56 - 2013-04-24 05:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 17:56 - 2013-04-24 05:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 17:56 - 2013-04-24 05:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 17:56 - 2013-04-24 02:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-04 19:54 - 2013-06-04 19:54 - 02112512 ____A C:\Users\Lothar\Downloads\unserem_Gedächtnis_geht_s_an_den_Kragen M.pps
2013-06-01 16:51 - 2013-06-01 16:51 - 02173440 ____A C:\Users\Lothar\Downloads\Bienen D.pps
2013-05-28 20:27 - 2013-05-28 20:27 - 05158912 ____A C:\Users\Lothar\Downloads\Koeniglich_reisen_II D.pps
2013-05-28 20:26 - 2013-05-28 20:26 - 01777152 ____A C:\Users\Lothar\Downloads\AstronautWheelockPics D.pps
2013-05-28 20:25 - 2013-05-28 20:25 - 00891904 ____A C:\Users\Lothar\Downloads\EVWA-de D.pps
2013-05-28 20:23 - 2013-05-28 20:23 - 00507905 ____A C:\Users\Lothar\Downloads\schön schön D.pps
==================== One Month Modified Files and Folders ========
2013-06-18 19:45 - 2013-06-18 19:45 - 00000000 ____D C:\FRST
2013-06-18 19:36 - 2012-11-08 17:13 - 00002307 ____A C:\Windows\setupact.log
2013-06-18 19:36 - 2010-04-16 10:43 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-18 19:36 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-18 19:36 - 2006-11-02 13:47 - 00005152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-18 19:36 - 2006-11-02 13:47 - 00005152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-18 19:16 - 2013-06-18 20:41 - 01365717 ____A (Farbar) C:\FRST.exe
2013-06-18 18:56 - 2007-02-01 19:47 - 00000000 ____D C:\users\Lothar
2013-06-18 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\spool
2013-06-18 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-06-18 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-18 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-06-18 18:16 - 2007-02-01 19:44 - 01563046 ____A C:\Windows\WindowsUpdate.log
2013-06-18 18:15 - 2006-11-02 13:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-06-18 15:36 - 2006-11-02 14:01 - 00032588 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-18 15:22 - 2012-11-27 20:07 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-18 15:20 - 2006-11-02 11:33 - 01472526 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-18 15:08 - 2010-04-16 10:44 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-17 18:57 - 2011-05-30 14:59 - 00000000 ____D C:\Users\Lothar\AppData\Roaming\Skype
2013-06-14 20:00 - 2009-10-27 18:53 - 00000000 ____D C:\Users\Lothar\AppData\Local\CrashDumps
2013-06-14 19:25 - 2013-06-14 19:25 - 01103360 ____A C:\Users\Lothar\Downloads\ulliscomputergeschichten M.pps
2013-06-13 12:48 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-12 18:03 - 2006-11-02 11:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-11 19:03 - 2012-11-27 20:07 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 19:03 - 2011-06-17 19:27 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-06 20:05 - 2010-02-22 19:29 - 00000000 ___RD C:\Users\Lothar\Dokumente
2013-06-04 19:54 - 2013-06-04 19:54 - 02112512 ____A C:\Users\Lothar\Downloads\unserem_Gedächtnis_geht_s_an_den_Kragen M.pps
2013-06-02 14:09 - 2007-09-17 23:30 - 00000000 ___RD C:\Users\Lothar\Desktop\Bilder
2013-06-02 09:24 - 2007-02-04 17:07 - 00032256 ____A C:\Users\Lothar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-01 16:51 - 2013-06-01 16:51 - 02173440 ____A C:\Users\Lothar\Downloads\Bienen D.pps
2013-05-28 20:27 - 2013-05-28 20:27 - 05158912 ____A C:\Users\Lothar\Downloads\Koeniglich_reisen_II D.pps
2013-05-28 20:26 - 2013-05-28 20:26 - 01777152 ____A C:\Users\Lothar\Downloads\AstronautWheelockPics D.pps
2013-05-28 20:25 - 2013-05-28 20:25 - 00891904 ____A C:\Users\Lothar\Downloads\EVWA-de D.pps
2013-05-28 20:23 - 2013-05-28 20:23 - 00507905 ____A C:\Users\Lothar\Downloads\schön schön D.pps
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-03-13 23:18:56
Restore point made on: 2013-03-13 23:59:02
Restore point made on: 2013-04-08 18:35:36
Restore point made on: 2013-04-08 18:43:48
Restore point made on: 2013-04-11 16:44:21
Restore point made on: 2013-04-11 17:24:33
Restore point made on: 2013-04-24 18:53:14
Restore point made on: 2013-05-15 19:14:33
Restore point made on: 2013-06-12 18:00:31
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=C:
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
default {default}
resumeobject {336fbaea-9c85-11db-a359-ecf147866b44}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
Windows-Startladeprogramm
-------------------------
Bezeichner {default}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale de-DE
inherit {bootloadersettings}
osdevice partition=C:
systemroot \Windows
resumeobject {336fbaea-9c85-11db-a359-ecf147866b44}
nx OptIn
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {336fbaea-9c85-11db-a359-ecf147866b44}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae No
debugoptionenabled No
Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows-Speicherdiagnose
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
Windows-Legacybetriebssystem-Ladeprogramm
-----------------------------------------
Bezeichner {ntldr}
device partition=C:
path \ntldr
description Frhere Windows-Version
EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems Yes
Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM-Defekte
-----------
Bezeichner {badmemory}
Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}
==================== Memory info ===========================
Percentage of memory in use: 19%
Total physical RAM: 2045.45 MB
Available physical RAM: 1642.03 MB
Total Pagefile: 1861.29 MB
Available Pagefile: 1713.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.14 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:129.51 GB) (Free:58.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:19.52 GB) (Free:12.57 GB) FAT32
Drive e: (LRMCFRE_DE_DVD) (CDROM) (Total:2.46 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:3.8 GB) (Free:3.76 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: BCDBF9BE)
Partition 1: (Active) - (Size=130 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: FCA70D1F)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
LastRegBack: 2013-06-18 15:28
==================== End Of Log ============================
|
|
19.06.2013, 07:07
| #8 |
| /// the machine /// TB-Ausbilder | GVU-Trojaner, abgesichert hochfahren nicht möglich, reboot Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Lothar\AppData\Local\Temp\amsxwiykldaqlupvw.dll
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.06.2013, 14:42
| #9 |
| | GVU-Trojaner, abgesichert hochfahren nicht möglich, reboot huhuuuu, ihr seid die besten. vielen vielen dank für die hilfe!  |
|
19.06.2013, 15:36
| #10 |
| /// the machine /// TB-Ausbilder | GVU-Trojaner, abgesichert hochfahren nicht möglich, reboot wir sind noch nicht fertig Ab jetzt Kontrollscans, alles im Normalen WIndows: Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.06.2013, 19:27
| #11 |
| | GVU-Trojaner, abgesichert hochfahren nicht möglich, rebootCode:
ATTFilter # AdwCleaner v2.303 - Datei am 19/06/2013 um 19:45:16 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Lothar - LOTHAR-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Lothar\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : ICQ Service
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files\Mozilla Firefox\.autoreg
Datei Gelöscht : C:\Users\Lothar\AppData\Roaming\Mozilla\Firefox\Profiles\xnt2fjzx.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Lothar\AppData\Roaming\Mozilla\Firefox\Profiles\xnt2fjzx.default\searchplugins\MyStart Search.xml
Ordner Gelöscht : C:\Program Files\AskTBar
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\Incredibar-Games_EN
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Lothar\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Lothar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpimglhojapikoeeifcifanbeinephdm
Ordner Gelöscht : C:\Users\Lothar\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Lothar\AppData\Local\Temp\CT3158970
Ordner Gelöscht : C:\Users\Lothar\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Lothar\AppData\LocalLow\Incredibar-Games_EN
Ordner Gelöscht : C:\Users\Lothar\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Lothar\AppData\Roaming\Mozilla\Firefox\Profiles\xnt2fjzx.default\extensions\{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9}
Ordner Gelöscht : C:\Users\Lothar\AppData\Roaming\Mozilla\Firefox\Profiles\xnt2fjzx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Incredibar-Games_EN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\dpimglhojapikoeeifcifanbeinephdm
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\incredibar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{322F82C7-DE90-4579-93AA-971DCF45B5E9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{322F82C7-DE90-4579-93AA-971DCF45B5E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.useroptions
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3158970
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dpimglhojapikoeeifcifanbeinephdm
Schlüssel Gelöscht : HKLM\Software\Incredibar-Games_EN
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C02FDA9-B3A8-40A2-A3D2-F425051D24B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA1B212B-2251-4582-BBEB-E5CDF9BCFA2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{322F82C7-DE90-4579-93AA-971DCF45B5E9}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FE063DB9-4EC0-403E-8DD8-394C54984B2C}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FE063DB9-4EC0-403E-8DD8-394C54984B2C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16490
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v2.0.0.12 (de)
Datei : C:\Users\Lothar\AppData\Roaming\Mozilla\Firefox\Profiles\xnt2fjzx.default\prefs.js
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", true);
Gelöscht : user_pref("icqtoolbar.geolastmodified", 1301672241);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Gelöscht : user_pref("icqtoolbar.installTime", "1301672241");
Gelöscht : user_pref("icqtoolbar.installsource", "1");
Gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "2.0.0.12");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uniqueID", "120250621212025062091301672241567");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1301672298);
Gelöscht : user_pref("icqtoolbar.version", "1.1.7");
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.Incredibar.com?a=1ex6ShxOLpp&i=38");
Gelöscht : user_pref("CT3158970.autoDisableScopes", -1);
-\\ Google Chrome v27.0.1453.110
Datei : C:\Users\Lothar\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [10460 octets] - [19/06/2013 19:45:16]
########## EOF - C:\AdwCleaner[S1].txt - [10521 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Lothar on 19.06.2013 at 20:30:37,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AEDB2CF0-F89B-4F59-A893-9DA2234DB823}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Lothar\AppData\Roaming\incredibar"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.06.2013 at 20:34:43,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2013
Ran by Lothar (administrator) on 19-06-2013 20:42:05
Running from C:\Users\Lothar\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(O2Micro International) C:\Windows\system32\o2flash.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Buhl Data Service GmbH) C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe
(X10) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ODSoft multimedia) C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe
(Cyberlink Corp.) C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\system32\werfault.exe
(Farbar) C:\Users\Lothar\Downloads\FRST (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [90112 2006-07-11] ()
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1025320 2007-10-09] (Synaptics, Inc.)
HKLM\...\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe [820736 2006-12-07] (ODSoft multimedia)
HKLM\...\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [56928 2006-11-23] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe" [54832 2006-12-05] ()
HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [155648 2003-09-30] (Scansoft, Inc.)
HKLM\...\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [69632 2006-03-21] (ScanSoft, Inc.)
HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-10-09] (Synaptics, Inc.)
HKLM\...\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe [152952 2007-08-23] (Symantec Corporation)
HKLM\...\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" [177800 2007-03-12] (Symantec Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-10] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-03-23] (Google Inc.)
HKCU\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableRegedit] 0
HKCU\...\Policies\Explorer: [NoDesktop] 0
Startup: C:\Users\Lothar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=bdtdhp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444552540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6255FE83-1899-4701-B5CC-2CB908BAFEB8}: [NameServer]192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Lothar\AppData\Roaming\Mozilla\Firefox\Profiles\xnt2fjzx.default
FF Homepage: hxxp://www.msn.com/?pc=BDT3&ocid=bdtdhp
FF Keyword.URL: hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q=
FF SearchEngine: Bing
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Microsoft Choice Guard - C:\Users\Lothar\AppData\Roaming\Mozilla\Firefox\Profiles\xnt2fjzx.default\Extensions\ChoiceGuard@Microsoft
FF Extension: No Name - C:\Users\Lothar\AppData\Roaming\Mozilla\Firefox\Profiles\xnt2fjzx.default\Extensions\staged-xpis
FF Extension: No Name - C:\Users\Lothar\AppData\Roaming\Mozilla\Firefox\Profiles\xnt2fjzx.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=BDT3&ocid=bdtdhp
CHR RestoreOnStartup: "hxxp://www.msn.com/?pc=BDT3&ocid=bdtdhp", "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Lothar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Norton Confidential) - C:\Users\Lothar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll (Symantec Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Skype Click to Call) - C:\Users\Lothar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Norton Identity Protection) - C:\Users\Lothar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0
========================== Services (Whitelisted) =================
R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [243064 2007-08-31] (Symantec Corporation)
S2 Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [243064 2007-08-31] (Symantec Corporation)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [3192184 2007-08-23] (Symantec Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.1.14\diMaster.dll [309688 2012-04-13] (Symantec Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 srvcPVR; C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe [1459712 2006-12-15] (Buhl Data Service GmbH)
R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)
S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [x]
R2 LiveUpdate Notice Service; "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /m PifEng.dll [x]
==================== Drivers (Whitelisted) ====================
R3 aver7700; C:\Windows\System32\Drivers\aver7700.sys [167424 2007-03-07] (AVerMedia TECHNOLOGIES, Inc.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130531.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-09] (Symantec Corporation)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. )
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130618.001\IDSvix86.sys [386720 2012-10-20] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MTOnlPktAlyX; C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [19200 2010-08-27] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130619.002\NAVENG.SYS [93272 2013-06-13] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130619.002\NAVEX15.SYS [1611992 2013-06-13] (Symantec Corporation)
S3 SD11CL32; C:\Windows\System32\DRIVERS\SD11CL32.sys [82176 2010-06-29] (SCM Microsystems Inc.)
S3 SDI01132; C:\Windows\System32\DRIVERS\SDI01132.sys [65408 2010-05-26] (SCM Microsystems Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS [340088 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-07-01] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [35960 2011-11-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS [149624 2012-04-18] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS [345208 2012-04-18] (Symantec Corporation)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SipIMNDI; system32\DRIVERS\SipIMNDI.sys [x]
S3 SYMDNS; \SystemRoot\System32\Drivers\NIS\1002000.007\SYMDNS.SYS [x]
S3 SYMFW; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMFW.SYS [x]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS [x]
S3 SYMREDRV; \SystemRoot\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS [x]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-19 20:40 - 2013-06-19 20:41 - 01367073 ____A (Farbar) C:\Users\Lothar\Downloads\FRST (1).exe
2013-06-19 20:39 - 2013-06-19 20:39 - 01367073 ____A (Farbar) C:\Users\Lothar\Downloads\FRST.exe
2013-06-19 20:34 - 2013-06-19 20:34 - 00000861 ____A C:\Users\Lothar\Desktop\JRT.txt
2013-06-19 20:30 - 2013-06-19 20:30 - 00000000 ____D C:\Windows\ERUNT
2013-06-19 20:30 - 2013-06-19 20:30 - 00000000 ____D C:\JRT
2013-06-19 20:28 - 2013-06-19 20:28 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Lothar\Downloads\JRT.exe
2013-06-19 19:45 - 2013-06-19 19:45 - 00010591 ____A C:\AdwCleaner[S1].txt
2013-06-19 19:43 - 2013-06-19 19:43 - 00648201 ____A C:\Users\Lothar\Downloads\adwcleaner.exe
2013-06-19 16:33 - 2013-06-19 16:33 - 00000910 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-19 16:33 - 2013-06-19 16:33 - 00000000 ____D C:\Users\Lothar\AppData\Roaming\Malwarebytes
2013-06-19 16:33 - 2013-06-19 16:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-19 16:33 - 2013-06-19 16:33 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-19 16:33 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-18 21:41 - 2013-06-18 20:16 - 01365717 ____A (Farbar) C:\FRST.exe
2013-06-18 20:45 - 2013-06-18 20:45 - 00000000 ____D C:\FRST
2013-06-14 20:25 - 2013-06-14 20:25 - 01103360 ____A C:\Users\Lothar\Downloads\ulliscomputergeschichten M.pps
2013-06-12 19:14 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 19:14 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 19:14 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 19:14 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 19:14 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 19:14 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 19:14 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 19:14 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 19:14 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 19:14 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 19:14 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-12 19:14 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 19:14 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 19:14 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 19:14 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 19:14 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 18:59 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 18:57 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 18:57 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 18:57 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 18:56 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 18:56 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 18:56 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 18:56 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 18:56 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 18:56 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 18:56 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-04 20:54 - 2013-06-04 20:54 - 02112512 ____A C:\Users\Lothar\Downloads\unserem_Gedächtnis_geht_s_an_den_Kragen M.pps
2013-06-01 17:51 - 2013-06-01 17:51 - 02173440 ____A C:\Users\Lothar\Downloads\Bienen D.pps
2013-05-28 21:27 - 2013-05-28 21:27 - 05158912 ____A C:\Users\Lothar\Downloads\Koeniglich_reisen_II D.pps
2013-05-28 21:26 - 2013-05-28 21:26 - 01777152 ____A C:\Users\Lothar\Downloads\AstronautWheelockPics D.pps
2013-05-28 21:25 - 2013-05-28 21:25 - 00891904 ____A C:\Users\Lothar\Downloads\EVWA-de D.pps
2013-05-28 21:23 - 2013-05-28 21:23 - 00507905 ____A C:\Users\Lothar\Downloads\schön schön D.pps
==================== One Month Modified Files and Folders ========
2013-06-19 20:41 - 2013-06-19 20:40 - 01367073 ____A (Farbar) C:\Users\Lothar\Downloads\FRST (1).exe
2013-06-19 20:39 - 2013-06-19 20:39 - 01367073 ____A (Farbar) C:\Users\Lothar\Downloads\FRST.exe
2013-06-19 20:34 - 2013-06-19 20:34 - 00000861 ____A C:\Users\Lothar\Desktop\JRT.txt
2013-06-19 20:30 - 2013-06-19 20:30 - 00000000 ____D C:\Windows\ERUNT
2013-06-19 20:30 - 2013-06-19 20:30 - 00000000 ____D C:\JRT
2013-06-19 20:28 - 2013-06-19 20:28 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Lothar\Downloads\JRT.exe
2013-06-19 20:22 - 2012-11-27 21:07 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-19 20:20 - 2007-02-01 20:44 - 01596956 ____A C:\Windows\WindowsUpdate.log
2013-06-19 20:15 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-06-19 20:12 - 2010-04-16 11:43 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-19 20:12 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 20:12 - 2006-11-02 14:47 - 00005152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-19 20:12 - 2006-11-02 14:47 - 00005152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-19 19:53 - 2006-11-02 15:01 - 00032588 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-19 19:45 - 2013-06-19 19:45 - 00010591 ____A C:\AdwCleaner[S1].txt
2013-06-19 19:45 - 2008-07-12 14:44 - 00000000 ____D C:\ProgramData\ICQ
2013-06-19 19:45 - 2008-02-08 23:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-19 19:43 - 2013-06-19 19:43 - 00648201 ____A C:\Users\Lothar\Downloads\adwcleaner.exe
2013-06-19 19:11 - 2010-04-16 11:44 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-19 19:09 - 2012-11-13 19:05 - 00008096 ____A C:\Windows\PFRO.log
2013-06-19 19:09 - 2007-01-05 10:17 - 00000000 ____D C:\Windows\PCHEALTH
2013-06-19 16:34 - 2011-05-30 15:59 - 00000000 ____D C:\Users\Lothar\AppData\Roaming\Skype
2013-06-19 16:33 - 2013-06-19 16:33 - 00000910 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-19 16:33 - 2013-06-19 16:33 - 00000000 ____D C:\Users\Lothar\AppData\Roaming\Malwarebytes
2013-06-19 16:33 - 2013-06-19 16:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-19 16:33 - 2013-06-19 16:33 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-19 16:33 - 2006-11-02 12:33 - 01475976 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-18 20:45 - 2013-06-18 20:45 - 00000000 ____D C:\FRST
2013-06-18 20:36 - 2012-11-08 18:13 - 00002307 ____A C:\Windows\setupact.log
2013-06-18 20:16 - 2013-06-18 21:41 - 01365717 ____A (Farbar) C:\FRST.exe
2013-06-18 19:56 - 2007-02-01 20:47 - 00000000 ____D C:\users\Lothar
2013-06-18 19:54 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\spool
2013-06-18 19:54 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-06-18 19:54 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-18 19:54 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-14 21:00 - 2009-10-27 19:53 - 00000000 ____D C:\Users\Lothar\AppData\Local\CrashDumps
2013-06-14 20:25 - 2013-06-14 20:25 - 01103360 ____A C:\Users\Lothar\Downloads\ulliscomputergeschichten M.pps
2013-06-13 13:48 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-12 19:03 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-11 20:03 - 2012-11-27 21:07 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 20:03 - 2011-06-17 20:27 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-06 21:05 - 2010-02-22 20:29 - 00000000 ___RD C:\Users\Lothar\Dokumente
2013-06-04 20:54 - 2013-06-04 20:54 - 02112512 ____A C:\Users\Lothar\Downloads\unserem_Gedächtnis_geht_s_an_den_Kragen M.pps
2013-06-02 15:09 - 2007-09-18 00:30 - 00000000 ___RD C:\Users\Lothar\Desktop\Bilder
2013-06-02 10:24 - 2007-02-04 18:07 - 00032256 ____A C:\Users\Lothar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-01 17:51 - 2013-06-01 17:51 - 02173440 ____A C:\Users\Lothar\Downloads\Bienen D.pps
2013-05-28 21:27 - 2013-05-28 21:27 - 05158912 ____A C:\Users\Lothar\Downloads\Koeniglich_reisen_II D.pps
2013-05-28 21:26 - 2013-05-28 21:26 - 01777152 ____A C:\Users\Lothar\Downloads\AstronautWheelockPics D.pps
2013-05-28 21:25 - 2013-05-28 21:25 - 00891904 ____A C:\Users\Lothar\Downloads\EVWA-de D.pps
2013-05-28 21:23 - 2013-05-28 21:23 - 00507905 ____A C:\Users\Lothar\Downloads\schön schön D.pps
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-19 20:21
==================== End Of Log ============================
und addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-06-2013 Ran by Lothar at 2013-06-19 20:44:06 Run: Running from C:\Users\Lothar\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) Activation Assistant for the 2007 Microsoft Office suites Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Reader 9.5.5 - Deutsch (Version: 9.5.5) Apple Application Support (Version: 2.3) Apple Mobile Device Support (Version: 6.0.0.59) Apple Software Update (Version: 2.1.3.127) ArcSoft PhotoStudio 5.5 Ask Toolbar ATI Catalyst Control Center Ex (Version: 2.0.2519.38216) ATI Catalyst Install Manager (Version: 3.0.641.0) Bonjour (Version: 3.0.0.10) Canon MP Navigator 3.0 Canon MP510 Benutzerregistrierung Canon Utilities Easy-PhotoPrint CCleaner (Version: 3.00) DHTML Editing Component (Version: 6.02.0001) Die Sims™ 2 H&M®-Fashion-Accessoires Die Sims™ 2 IKEA® Home-Accessoires Die Sims™ 2 Super Deluxe Die Sims™ 2 Villen- und Garten-Accessoires EA SPORTS online 2007 Easy-WebPrint FIFA 07 FIFA Fussball-Weltmeisterschaft 2006 (TM) Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) (Version: 2.0.0.1) Google Chrome (Version: 27.0.1453.110) Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.4.3607.2246) Google Update Helper (Version: 1.3.21.145) HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.2.0) ICQ7.2 (Version: 7.2) Intel(R) PRO Network Connections 11.2.0.69 (Version: ) Intel(R) PRO Network Connections Drivers iTunes (Version: 10.7.0.21) Java 7 Update 9 (Version: 7.0.90) KKH-Allianz Sicherheitskit-Starter LetsTrade Komponenten Lidl-Fotos LightScribe 1.4.124.1 (Version: 1.4.124.1) LiveUpdate (Symantec Corporation) (Version: 3.4.0.162) LiveUpdate (Symantec Corporation) (Version: 3.4.0.164) LiveUpdate Notice (Symantec Corporation) (Version: 1.2.0) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) MediaShow 3.0 Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322) Microsoft Visual J# 2.0 Redistributable Package - SE Microsoft Visual J# 2.0 Redistributable Package - SE (Version: 2.0.50728) Microsoft Works (Version: 08.05.0822) Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0) Microsoft XML Parser (Version: 8.0.7820.0) Mozilla Firefox (2.0.0.12) (Version: 2.0.0.12 (de)) MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0) MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0) MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Nero 7 Essentials (Version: 7.02.9753) neroxml (Version: 1.0.0) Norton Internet Security (Version: 19.9.1.14) O2Micro Flash Memory Card Windows Driver V3.00 (Version: 3.00) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0) OpenOffice.org Installer 1.0 (Version: 1.0.9221) OutRun2006 Coast 2 Coast (Version: 1.00.0000) PhotoNow! 1.0 PowerDirector PowerDVD (Version: 7.0.2414.0) PowerProducer QuickTime (Version: 7.73.80.64) Realtek High Definition Audio Driver (Version: 6.0.1.5331) ScanSoft OmniPage SE 4.0 (Version: 15.00.0020) Sceneo Bonavista SDI011 dual interface reader (Version: 1.00) Skype Click to Call (Version: 6.3.11079) Skype™ 5.10 (Version: 5.10.116) Synaptics Pointing Device Driver (Version: 10.0.19.0) T-Online 6.0 T-Online eMail Center Desktop-Startsymbole 1.0 (Version: 1.0) T-Online WLAN-Access Finder Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2) Windows Live Sync (Version: 14.0.8089.726) Windows Vista Upgrade Advisor (Version: 1.0.0.657) X10 Hardware(TM) ==================== Restore Points ========================= 13-03-2013 22:18:21 Windows Update 13-03-2013 22:58:28 Windows Update 08-04-2013 17:34:26 Windows Update 08-04-2013 17:43:41 Removed Bing-Desktop 11-04-2013 15:43:48 Windows Update 11-04-2013 16:23:55 Windows Update 24-04-2013 17:52:37 Windows Update 15-05-2013 18:14:01 Windows Update 12-06-2013 16:59:56 Windows Update ==================== Scheduled Tasks (whitelisted) ============= Task: {00A12C63-3981-460B-A072-6F10BDC9CF8B} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation) Task: {142FAC90-443F-4081-A7D9-BD3DAF043AB1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-16] (Google Inc.) Task: {151C97C4-85CD-47D1-B405-725B96514663} - System32\Tasks\User_Feed_Synchronization-{D5C26CFA-5583-4C8C-A31B-6D1A65D07A67} => C:\Windows\system32\msfeedssync.exe [2011-04-14] (Microsoft Corporation) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {2EB071E7-B849-4E50-9D57-D949F0EA9270} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated) Task: {2FDBDC47-7148-49DB-9D32-32E6A003C996} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\rundll32 No File Task: {34C74BBC-3065-43E0-A836-EE4785945BC1} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {434CAC4A-E094-4215-8644-ED046C600E4E} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Lothar => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation) Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation) Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs [2008-01-05] () Task: {7289D982-D6CC-4C07-8A74-72A1942E4075} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2650016521-2561111902-2907318483-1001 => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation) Task: {9049FF2C-E329-429C-A2F1-F8057EA3D698} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.) Task: {92133098-DE37-4432-829B-4DB6C3F02507} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation) Task: {AD64B443-9C01-4035-893F-4C853C0B9BEE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-16] (Google Inc.) Task: {BB513D87-3909-4052-9B49-CB1594781157} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation) Task: {C01BF21E-CE42-4301-B225-16B5375CEC0C} - System32\Tasks\{BB8C5BD4-7F01-4F35-B850-42486A839C51} => C:\Program Files\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.) Task: {D986A1F2-9CFB-42C5-8002-426C45F22A5F} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] () Task: {E9D5BA76-E7F8-4BC3-96C7-590F19855CF2} - System32\Tasks\{AE168C55-E022-4C27-95F8-2F1A3C05B143} => C:\Program Files\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.) Task: {EB4F663C-D728-4EFD-BAA4-066F68175A29} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation) Task: {F8D6E476-24FE-4649-A4D7-985706B29128} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\rundll32 No File ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/19/2013 08:41:37 PM) (Source: Application Hang) (User: ) Description: Programm FRST.exe, Version 3.3.8.1 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1314 Anfangszeit: 01ce6d1c54ad0c70 Zeitpunkt der Beendigung: 9 System errors: ============= Microsoft Office Sessions: ========================= Error: (01/01/2011 10:40:50 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 257 seconds with 180 seconds of active time. This session ended with a crash. Error: (08/09/2010 07:43:22 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2013-06-19 20:43:41.506 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-19 20:43:41.123 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-19 20:43:40.618 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-19 20:43:40.238 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-19 20:43:32.961 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130531.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-19 20:43:32.582 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130531.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-19 20:43:32.191 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130531.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-19 20:43:31.771 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130531.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-19 18:15:49.045 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-19 18:15:48.634 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 50% Total physical RAM: 2045.34 MB Available physical RAM: 1004.6 MB Total Pagefile: 4323.98 MB Available Pagefile: 3167.28 MB Total Virtual: 2047.88 MB Available Virtual: 1887.13 MB ==================== Drives ================================ Drive c: (BOOT) (Fixed) (Total:129.51 GB) (Free:55.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (RECOVER) (Fixed) (Total:19.52 GB) (Free:12.57 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: BCDBF9BE) Partition 1: (Active) - (Size=130 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended) ==================== End Of Log ============================ Hoffe es ist nun alles sauber... Geändert von nusseis2001 (19.06.2013 um 19:50 Uhr) |
|
20.06.2013, 07:31
| #12 |
| /// the machine /// TB-Ausbilder | GVU-Trojaner, abgesichert hochfahren nicht möglich, reboot Schaut sehr gut aus, noch en Onlinescan und wir sind durch ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Log. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.06.2013, 18:46
| #13 |
| | GVU-Trojaner, abgesichert hochfahren nicht möglich, reboot hier der log vom est: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2f60067eb45e574f8b57451e029d7133
# engine=14117
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-20 05:07:07
# local_time=2013-06-20 07:07:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3591 16777213 100 99 171997 134344612 0 0
# compatibility_mode=5892 16776574 66 100 30619616 209280755 0 0
# scanned=227626
# found=0
# cleaned=0
# scan_time=13551
Code:
ATTFilter Results of screen317's Security Check version 0.99.64 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Norton Internet Security Online WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Java 7 Update 9 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (2.0.0 Firefox out of Date! Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Geändert von nusseis2001 (20.06.2013 um 18:59 Uhr) |
|
21.06.2013, 07:08
| #14 |
| /// the machine /// TB-Ausbilder | GVU-Trojaner, abgesichert hochfahren nicht möglich, reboot Java, Adobe und Firefox updaten. FRST Log fehlt noch. Noch Probleme? Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier. Scan mit SystemLook Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.06.2013, 09:59
| #15 |
| | GVU-Trojaner, abgesichert hochfahren nicht möglich, reboot Vielen vielen Dank für die hilfe. Bin echt begeistert. |
|
| Themen zu GVU-Trojaner, abgesichert hochfahren nicht möglich, reboot |
| abgesichert, adobe, adobe flash player, association, bootmgr, defender, desktop, explorer, explorer.exe, farbar, farbar recovery scan tool, flash player, frst.exe, frst.txt, google, gvu-trojaner, hdaudio.sys, home, i8042prt.sys, icq, log, microsoft, mozilla, nicht möglich, registry, scan, security, services.exe, svchost.exe, symantec, system, temp, vista, winlogon.exe, wmp |
Linear-Darstellung
