GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich

Sabine99 · 30.06.2013, 14:14

Hi Schrauber,
was habe ich mir denn da hartnäckiges eingefangen?!!!
Ich mach mich mal an die Arbeit.
Melde mich dann.
Da ich mit dem Stick zwischen infiziertem PC und Laptop hin und hergewechselt bin, wie hoch ist die Gefahr, dass ich mir meinen Laptop auch verseucht haben?

Grüße
Sabine99

schrauber · 30.06.2013, 14:27

Gar nicht. ABer wir machen nen kurzen Check des Laptops wenn wir fertig sind

ZeroAccess Rootkit. Eigentlich locker zu entfernen, schon hundert mal gemacht, nur dieser Eine Überbleibsel will nicht weg

Sabine99 · 30.06.2013, 14:44

Hi Schrauber,

booten mittels CD, da ich auf normalem Weg, keinen Weg zur "Reparatur" gefunden habe. Kann aber durchaus an mir liegen

Und hier das file:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-06-2013 01
Ran by SYSTEM on 30-06-2013 15:37:29
Running from I:\
Windows Vista (TM) Home Premium (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [UpdatePPShortCut] "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\4.0" [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] %programfiles%\windows defender\msascui.exe -hide [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [LexwareInfoService] c:\program files\common files\lexware\update manager\lxupdatemanager.exe /autostart [339240 2008-11-03] (Lexware GmbH & Co. KG)
HKLM\...\Run: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\nbkeyscan.exe" [1836328 2007-09-20] (Nero AG)
HKLM\...\Run: [RemoteControl] "c:\program files\homecinema\powerdvd\pdvdserv.exe" [71216 2007-02-09] (Cyberlink Corp.)
HKLM\...\Run: [TVBroadcast] c:\program files\sceneo\absoluttv\services\odsbc\odsbcapp.exe [797696 2007-08-08] (ODSoft multimedia)
HKLM\...\Run: [Ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\monitor.exe [90112 2006-11-29] (Ulead Systems, Inc.)
HKLM\...\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [InboxAce Search Scope Monitor] "C:\PROGRA~1\INBOXA~2\bar\1.bin\1gsrchmn.exe" /m=2 /w /h [44784 2013-06-23] (MindSpark)
HKLM\...\Run: [InboxAce_1g Browser Plugin Loader] C:\PROGRA~1\INBOXA~2\bar\1.bin\1gbrmon.exe [30096 2013-06-23] (VER_COMPANY_NAME)
HKLM\...\Run: [Utility Chest Search Scope Monitor] "C:\PROGRA~1\UTILIT~2\bar\1.bin\49srchmn.exe" /m=2 /w /h [44784 2013-06-25] (MindSpark)
HKLM\...\Run: [UtilityChest_49 Browser Plugin Loader] C:\PROGRA~1\UTILIT~2\bar\1.bin\49brmon.exe [30096 2013-06-25] (VER_COMPANY_NAME)
HKU\*****\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\*****\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\nmbgmonitor.exe" [x]
HKU\*****\...\Run: [SearchEngineProtection] C:\Program Files\GamesBar\update\SearchEngineProtection.exe [x]
HKU\*****\...\Run: [AOL Dialer] C:\Program Files\Common Files\AOL\ACS\AOlDial.exe [x]
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)

========================== Services (Whitelisted) =================

S2 InboxAce_1gService; C:\PROGRA~1\INBOXA~2\bar\1.bin\1gbarsvc.exe [42504 2013-06-23] (COMPANYVERS_NAME)
S2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe [75040 2008-09-05] (Ralink Technology, Corp.)
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1681408 2007-08-16] (Buhl Data Service GmbH)
S2 UtilityChest_49Service; C:\PROGRA~1\UTILIT~2\bar\1.bin\49barsvc.exe [42504 2013-06-25] (COMPANYVERS_NAME)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130531.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S3 CH375; C:\Windows\System32\Drivers\CH375WDM.SYS [28403 2011-03-13] (www.winchiphead.com)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-04-13] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-04-13] (Symantec Corporation)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130621.001\IDSvix86.sys [386720 2013-04-12] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130621.022\NAVENG.SYS [93272 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130621.022\NAVEX15.SYS [1611992 2013-05-22] (Symantec Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [645120 2008-08-21] (Ralink Technology Corp.)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH)
S3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-22] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [36512 2013-03-05] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-29 12:30 - 2013-06-29 12:30 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2013-06-29 09:19 - 2013-06-29 09:19 - 05084379 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2013-06-28 17:35 - 2013-06-29 09:20 - 00000000 ___SD C:\32788R22FWJFW
2013-06-28 17:35 - 2013-06-28 17:35 - 00000000 ____D C:\Windows\erdnt
2013-06-27 20:32 - 2013-06-30 08:26 - 00029395 ____A C:\Users\*****\Desktop\FRST.txt
2013-06-27 20:30 - 2013-06-27 20:30 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\*****\Desktop\JRT.exe
2013-06-27 20:25 - 2013-06-27 20:26 - 00013190 ____A C:\AdwCleaner[S2].txt
2013-06-27 20:25 - 2013-06-27 20:25 - 00648201 ____A C:\Users\*****\Desktop\adwcleaner.exe
2013-06-27 18:17 - 2013-06-27 18:18 - 01370369 ____A (Farbar) C:\Users\*****\Desktop\FRST.exe
2013-06-27 18:15 - 2013-06-27 18:15 - 01370369 ____A (Farbar) C:\Users\*****\Downloads\FRST.exe
2013-06-25 05:39 - 2013-06-25 05:39 - 00000000 ____D C:\Users\*****\AppData\Local\UtilityChest_49
2013-06-25 05:39 - 2013-06-25 05:39 - 00000000 ____D C:\Program Files\UtilityChest_49
2013-06-23 21:24 - 2013-06-23 21:23 - 00890839 ____A C:\Users\*****\Desktop\SecurityCheck.exe
2013-06-23 21:23 - 2013-06-23 21:23 - 00890839 ____A C:\Users\*****\Downloads\SecurityCheck.exe
2013-06-23 10:46 - 2013-06-23 10:46 - 00032092 ____A C:\Users\*****\Documents\FRST.txt
2013-06-23 10:46 - 2013-06-23 10:46 - 00019001 ____A C:\Users\*****\Documents\Addition.txt
2013-06-23 10:44 - 2013-06-29 20:24 - 00000000 ____D C:\FRST
2013-06-23 10:26 - 2013-06-23 10:26 - 00000000 ____D C:\Users\*****\AppData\Local\InboxAce_1g
2013-06-23 10:26 - 2013-06-23 10:26 - 00000000 ____D C:\Users\*****\AppData\Local\IAC
2013-06-23 10:24 - 2013-06-23 10:24 - 00000000 ____D C:\Program Files\InboxAce_1g
2013-06-22 22:20 - 2013-06-22 22:20 - 00000000 ____D C:\_OTL
2013-06-22 21:02 - 2013-06-22 21:02 - 00080210 ____A C:\OTL.Txt
2013-06-22 19:31 - 2013-06-27 20:32 - 00000000 ____D C:\JRT
2013-06-22 19:31 - 2013-06-22 19:31 - 00000000 ____D C:\Users\*****\Documents\PCSpeedUp
2013-06-22 19:25 - 2013-06-22 19:25 - 00002059 ____A C:\Users\*****\Desktop\Search.lnk
2013-06-22 19:23 - 2013-06-22 19:23 - 01110476 ____A C:\Users\*****\Desktop\7zip.exe
2013-06-22 19:23 - 2013-06-22 19:23 - 00000000 ____D C:\Program Files\7-Zip
2013-06-22 19:18 - 2013-06-30 10:58 - 00000332 ____A C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2013-06-22 19:18 - 2013-06-27 20:24 - 00000000 ____D C:\Program Files\PC Speed Up
2013-06-22 19:18 - 2013-06-22 19:18 - 00000809 ____A C:\Users\*****\Desktop\PC Speed Up.lnk
2013-06-22 19:17 - 2013-06-27 17:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-22 19:16 - 2013-06-22 19:16 - 00000000 ____D C:\Users\*****\AppData\Roaming\Opera
2013-06-22 19:08 - 2013-06-22 19:08 - 00006252 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-06-22 19:00 - 2013-06-22 19:00 - 00043012 ____A C:\AdwCleaner[S1].txt
2013-06-22 18:58 - 2013-06-22 18:58 - 00000680 ____A C:\Users\*****\AppData\Local\d3d9caps.dat
2013-06-17 05:19 - 2013-06-17 05:19 - 00001628 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-17 05:18 - 2012-08-21 12:01 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2013-06-17 05:17 - 2013-06-17 05:18 - 00000000 ____D C:\Program Files\iTunes
2013-06-17 05:17 - 2013-06-17 05:17 - 00000000 ____D C:\Program Files\iPod
2013-06-17 05:13 - 2013-06-17 05:13 - 00000000 ____D C:\Program Files\Bonjour
2013-06-17 05:09 - 2013-06-17 05:17 - 00000000 ____D C:\ProgramData\Apple Computer
2013-06-14 12:38 - 2013-05-17 00:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-14 12:38 - 2013-05-16 23:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-14 12:38 - 2013-05-16 23:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-14 12:38 - 2013-05-16 23:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-14 12:38 - 2013-05-16 23:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-14 12:38 - 2013-05-16 23:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-14 12:38 - 2013-05-16 23:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-14 12:38 - 2013-05-16 23:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-14 12:38 - 2013-05-16 23:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-14 12:38 - 2013-05-16 23:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-14 12:38 - 2013-05-16 23:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-14 12:38 - 2013-05-16 23:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-14 12:38 - 2013-05-16 23:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-14 12:38 - 2013-05-16 23:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-14 12:38 - 2013-05-16 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-14 12:38 - 2013-05-16 23:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-14 12:32 - 2013-05-08 05:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-14 12:31 - 2013-05-02 23:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-14 12:31 - 2013-05-02 23:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-14 12:31 - 2013-05-02 05:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-14 12:31 - 2013-05-02 05:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-14 12:31 - 2013-04-24 05:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-14 12:31 - 2013-04-24 05:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-14 12:31 - 2013-04-24 05:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-14 12:31 - 2013-04-24 05:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-14 12:31 - 2013-04-24 02:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-14 12:31 - 2013-04-17 13:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

==================== One Month Modified Files and Folders ========

2013-06-30 14:33 - 2010-01-24 09:55 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-30 14:33 - 2006-11-02 14:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-30 14:33 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-30 14:33 - 2006-11-02 13:47 - 00003264 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-30 14:33 - 2006-11-02 13:47 - 00003264 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-30 14:17 - 2010-01-23 15:48 - 01777432 ____A C:\Windows\WindowsUpdate.log
2013-06-30 13:51 - 2011-11-22 18:11 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-30 13:50 - 2012-08-22 19:11 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-30 13:45 - 2013-02-02 12:52 - 00000524 ____A C:\Users\*****\Desktop\eMail (12).website
2013-06-30 10:58 - 2013-06-22 19:18 - 00000332 ____A C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2013-06-30 08:26 - 2013-06-27 20:32 - 00029395 ____A C:\Users\*****\Desktop\FRST.txt
2013-06-30 08:24 - 2011-11-22 18:11 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-29 20:24 - 2013-06-23 10:44 - 00000000 ____D C:\FRST
2013-06-29 12:30 - 2013-06-29 12:30 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2013-06-29 09:20 - 2013-06-28 17:35 - 00000000 ___SD C:\32788R22FWJFW
2013-06-29 09:19 - 2013-06-29 09:19 - 05084379 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2013-06-29 08:08 - 2010-01-23 16:02 - 01037194 ____A C:\Windows\PFRO.log
2013-06-28 17:35 - 2013-06-28 17:35 - 00000000 ____D C:\Windows\erdnt
2013-06-27 20:32 - 2013-06-22 19:31 - 00000000 ____D C:\JRT
2013-06-27 20:30 - 2013-06-27 20:30 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\*****\Desktop\JRT.exe
2013-06-27 20:26 - 2013-06-27 20:25 - 00013190 ____A C:\AdwCleaner[S2].txt
2013-06-27 20:25 - 2013-06-27 20:25 - 00648201 ____A C:\Users\*****\Desktop\adwcleaner.exe
2013-06-27 20:24 - 2013-06-22 19:18 - 00000000 ____D C:\Program Files\PC Speed Up
2013-06-27 20:06 - 2010-12-28 11:53 - 00000000 ____D C:\Users\*****\AppData\Local\CrashDumps
2013-06-27 18:18 - 2013-06-27 18:17 - 01370369 ____A (Farbar) C:\Users\*****\Desktop\FRST.exe
2013-06-27 18:15 - 2013-06-27 18:15 - 01370369 ____A (Farbar) C:\Users\*****\Downloads\FRST.exe
2013-06-27 17:59 - 2010-01-26 14:57 - 00002591 ____A C:\Users\*****\Desktop\Microsoft Office Word 2007.lnk
2013-06-27 17:44 - 2013-06-22 19:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-25 05:39 - 2013-06-25 05:39 - 00000000 ____D C:\Users\*****\AppData\Local\UtilityChest_49
2013-06-25 05:39 - 2013-06-25 05:39 - 00000000 ____D C:\Program Files\UtilityChest_49
2013-06-23 21:23 - 2013-06-23 21:24 - 00890839 ____A C:\Users\*****\Desktop\SecurityCheck.exe
2013-06-23 21:23 - 2013-06-23 21:23 - 00890839 ____A C:\Users\*****\Downloads\SecurityCheck.exe
2013-06-23 10:46 - 2013-06-23 10:46 - 00032092 ____A C:\Users\*****\Documents\FRST.txt
2013-06-23 10:46 - 2013-06-23 10:46 - 00019001 ____A C:\Users\*****\Documents\Addition.txt
2013-06-23 10:26 - 2013-06-23 10:26 - 00000000 ____D C:\Users\*****\AppData\Local\InboxAce_1g
2013-06-23 10:26 - 2013-06-23 10:26 - 00000000 ____D C:\Users\*****\AppData\Local\IAC
2013-06-23 10:24 - 2013-06-23 10:24 - 00000000 ____D C:\Program Files\InboxAce_1g
2013-06-22 22:20 - 2013-06-22 22:20 - 00000000 ____D C:\_OTL
2013-06-22 21:02 - 2013-06-22 21:02 - 00080210 ____A C:\OTL.Txt
2013-06-22 20:59 - 2010-01-23 16:06 - 00000000 ___AD C:\users\*****
2013-06-22 19:31 - 2013-06-22 19:31 - 00000000 ____D C:\Users\*****\Documents\PCSpeedUp
2013-06-22 19:25 - 2013-06-22 19:25 - 00002059 ____A C:\Users\*****\Desktop\Search.lnk
2013-06-22 19:23 - 2013-06-22 19:23 - 01110476 ____A C:\Users\*****\Desktop\7zip.exe
2013-06-22 19:23 - 2013-06-22 19:23 - 00000000 ____D C:\Program Files\7-Zip
2013-06-22 19:18 - 2013-06-22 19:18 - 00000809 ____A C:\Users\*****\Desktop\PC Speed Up.lnk
2013-06-22 19:17 - 2011-10-21 12:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-22 19:16 - 2013-06-22 19:16 - 00000000 ____D C:\Users\*****\AppData\Roaming\Opera
2013-06-22 19:08 - 2013-06-22 19:08 - 00006252 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-06-22 19:04 - 2011-04-17 18:29 - 00000000 ____D C:\Windows\System32\Drivers\N360
2013-06-22 19:03 - 2011-04-17 18:30 - 00002023 ____A C:\Users\Public\Desktop\Norton 360.lnk
2013-06-22 19:00 - 2013-06-22 19:00 - 00043012 ____A C:\AdwCleaner[S1].txt
2013-06-22 18:58 - 2013-06-22 18:58 - 00000680 ____A C:\Users\*****\AppData\Local\d3d9caps.dat
2013-06-22 18:54 - 2013-01-09 20:21 - 00001935 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-22 18:23 - 2011-04-17 18:30 - 00142496 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2013-06-22 18:23 - 2011-04-17 18:30 - 00007611 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2013-06-17 05:19 - 2013-06-17 05:19 - 00001628 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-17 05:19 - 2012-05-21 19:02 - 00000000 ____D C:\Users\*****\AppData\Roaming\Apple Computer
2013-06-17 05:19 - 2010-01-26 09:43 - 00000000 ____D C:\Users\*****\AppData\Local\Apple Computer
2013-06-17 05:18 - 2013-06-17 05:17 - 00000000 ____D C:\Program Files\iTunes
2013-06-17 05:17 - 2013-06-17 05:17 - 00000000 ____D C:\Program Files\iPod
2013-06-17 05:17 - 2013-06-17 05:09 - 00000000 ____D C:\ProgramData\Apple Computer
2013-06-17 05:17 - 2010-02-13 13:59 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-17 05:17 - 2010-02-13 13:54 - 00000000 ____D C:\ProgramData\Apple
2013-06-17 05:13 - 2013-06-17 05:13 - 00000000 ____D C:\Program Files\Bonjour
2013-06-17 05:09 - 2012-05-21 05:11 - 00001690 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-06-17 05:09 - 2008-01-23 13:46 - 00000000 ____D C:\Program Files\QuickTime
2013-06-14 16:02 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-06-14 15:48 - 2012-08-22 19:11 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-14 15:48 - 2011-09-04 06:42 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-14 15:43 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-14 12:36 - 2006-11-02 11:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1346077651-4163414706-2657881005-1000\$b3f4bc23f743f11a6c7d77e802656f9e

Files to move or delete:
====================
C:\ProgramData\nvModes.dat

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 3069.56 MB
Available physical RAM: 2629.11 MB
Total Pagefile: 2846.03 MB
Available Pagefile: 2692.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.14 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:445.76 GB) (Free:361.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:19.99 GB) (Free:5.22 GB) FAT32
Drive e: (MEDHOPRDEU) (CDROM) (Total:2.41 GB) (Free:0 GB) CDFS
Drive i: (HITMANPRO) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=446 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended)

========================================================
Disk: 4 (Size: 962 MB) (Disk ID: 75F5AA57)
Partition 1: (Active) - (Size=957 MB) - (Type=0B)


LastRegBack: 2013-06-30 08:29

==================== End Of Log ============================

--- --- ---

--- --- ---

Und vielen Dank für Deine Hilfe, das große Dankeschön kommt aber noch....

Grüße
Sabine99

schrauber · 30.06.2013, 16:18

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

S2 InboxAce_1gService; C:\PROGRA~1\INBOXA~2\bar\1.bin\1gbarsvc.exe [42504 2013-06-23] (COMPANYVERS_NAME)
2013-06-23 10:24 - 2013-06-23 10:24 - 00000000 ____D C:\Program Files\InboxAce_1g
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1346077651-4163414706-2657881005-1000\$b3f4bc23f743f11a6c7d77e802656f9e
C:\ProgramData\nvModes.dat

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Fix Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

und ein frisches FRST Log aus der Recovery bitte

Sabine99 · 30.06.2013, 16:30

Hi,
und hier kommen sie schon.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-06-2013 01
Ran by SYSTEM at 2013-06-30 17:26:28 Run:4
Running from I:\
Boot Mode: Recovery

==============================================

InboxAce_1gService => Service deleted successfully.
C:\Program Files\InboxAce_1g => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-1346077651-4163414706-2657881005-1000\$b3f4bc23f743f11a6c7d77e802656f9e => Directory moved successfully.
C:\ProgramData\nvModes.dat => Moved successfully.

==== End of Fixlog ====

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-06-2013 01
Ran by SYSTEM on 30-06-2013 17:27:12
Running from I:\
Windows Vista (TM) Home Premium (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [UpdatePPShortCut] "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\4.0" [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] %programfiles%\windows defender\msascui.exe -hide [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [LexwareInfoService] c:\program files\common files\lexware\update manager\lxupdatemanager.exe /autostart [339240 2008-11-03] (Lexware GmbH & Co. KG)
HKLM\...\Run: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\nbkeyscan.exe" [1836328 2007-09-20] (Nero AG)
HKLM\...\Run: [RemoteControl] "c:\program files\homecinema\powerdvd\pdvdserv.exe" [71216 2007-02-09] (Cyberlink Corp.)
HKLM\...\Run: [TVBroadcast] c:\program files\sceneo\absoluttv\services\odsbc\odsbcapp.exe [797696 2007-08-08] (ODSoft multimedia)
HKLM\...\Run: [Ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\monitor.exe [90112 2006-11-29] (Ulead Systems, Inc.)
HKLM\...\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [InboxAce Search Scope Monitor] "C:\PROGRA~1\INBOXA~2\bar\1.bin\1gsrchmn.exe" /m=2 /w /h [x]
HKLM\...\Run: [InboxAce_1g Browser Plugin Loader] C:\PROGRA~1\INBOXA~2\bar\1.bin\1gbrmon.exe [x]
HKLM\...\Run: [Utility Chest Search Scope Monitor] "C:\PROGRA~1\UTILIT~2\bar\1.bin\49srchmn.exe" /m=2 /w /h [44784 2013-06-25] (MindSpark)
HKLM\...\Run: [UtilityChest_49 Browser Plugin Loader] C:\PROGRA~1\UTILIT~2\bar\1.bin\49brmon.exe [30096 2013-06-25] (VER_COMPANY_NAME)
HKU\*****\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\*****\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\nmbgmonitor.exe" [x]
HKU\*****\...\Run: [SearchEngineProtection] C:\Program Files\GamesBar\update\SearchEngineProtection.exe [x]
HKU\*****\...\Run: [AOL Dialer] C:\Program Files\Common Files\AOL\ACS\AOlDial.exe [x]
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)

========================== Services (Whitelisted) =================

S2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe [75040 2008-09-05] (Ralink Technology, Corp.)
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1681408 2007-08-16] (Buhl Data Service GmbH)
S2 UtilityChest_49Service; C:\PROGRA~1\UTILIT~2\bar\1.bin\49barsvc.exe [42504 2013-06-25] (COMPANYVERS_NAME)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130620.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S3 CH375; C:\Windows\System32\Drivers\CH375WDM.SYS [28403 2011-03-13] (www.winchiphead.com)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-04-13] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-04-13] (Symantec Corporation)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130628.001\IDSvix86.sys [386720 2013-04-12] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130629.007\NAVENG.SYS [93272 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130629.007\NAVEX15.SYS [1611992 2013-05-22] (Symantec Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [645120 2008-08-21] (Ralink Technology Corp.)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH)
S3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-22] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [36512 2013-03-05] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-29 12:30 - 2013-06-29 12:30 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2013-06-29 09:19 - 2013-06-29 09:19 - 05084379 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2013-06-28 17:35 - 2013-06-29 09:20 - 00000000 ___SD C:\32788R22FWJFW
2013-06-28 17:35 - 2013-06-28 17:35 - 00000000 ____D C:\Windows\erdnt
2013-06-27 20:32 - 2013-06-30 08:26 - 00029395 ____A C:\Users\*****\Desktop\FRST.txt
2013-06-27 20:30 - 2013-06-27 20:30 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\*****\Desktop\JRT.exe
2013-06-27 20:25 - 2013-06-27 20:26 - 00013190 ____A C:\AdwCleaner[S2].txt
2013-06-27 20:25 - 2013-06-27 20:25 - 00648201 ____A C:\Users\*****\Desktop\adwcleaner.exe
2013-06-27 18:17 - 2013-06-27 18:18 - 01370369 ____A (Farbar) C:\Users\*****\Desktop\FRST.exe
2013-06-27 18:15 - 2013-06-27 18:15 - 01370369 ____A (Farbar) C:\Users\*****\Downloads\FRST.exe
2013-06-25 05:39 - 2013-06-25 05:39 - 00000000 ____D C:\Users\*****\AppData\Local\UtilityChest_49
2013-06-25 05:39 - 2013-06-25 05:39 - 00000000 ____D C:\Program Files\UtilityChest_49
2013-06-23 21:24 - 2013-06-23 21:23 - 00890839 ____A C:\Users\*****\Desktop\SecurityCheck.exe
2013-06-23 21:23 - 2013-06-23 21:23 - 00890839 ____A C:\Users\*****\Downloads\SecurityCheck.exe
2013-06-23 10:46 - 2013-06-23 10:46 - 00032092 ____A C:\Users\*****\Documents\FRST.txt
2013-06-23 10:46 - 2013-06-23 10:46 - 00019001 ____A C:\Users\*****\Documents\Addition.txt
2013-06-23 10:44 - 2013-06-29 20:24 - 00000000 ____D C:\FRST
2013-06-23 10:26 - 2013-06-23 10:26 - 00000000 ____D C:\Users\*****\AppData\Local\InboxAce_1g
2013-06-23 10:26 - 2013-06-23 10:26 - 00000000 ____D C:\Users\*****\AppData\Local\IAC
2013-06-22 22:20 - 2013-06-22 22:20 - 00000000 ____D C:\_OTL
2013-06-22 21:02 - 2013-06-22 21:02 - 00080210 ____A C:\OTL.Txt
2013-06-22 19:31 - 2013-06-27 20:32 - 00000000 ____D C:\JRT
2013-06-22 19:31 - 2013-06-22 19:31 - 00000000 ____D C:\Users\*****\Documents\PCSpeedUp
2013-06-22 19:25 - 2013-06-22 19:25 - 00002059 ____A C:\Users\*****\Desktop\Search.lnk
2013-06-22 19:23 - 2013-06-22 19:23 - 01110476 ____A C:\Users\*****\Desktop\7zip.exe
2013-06-22 19:23 - 2013-06-22 19:23 - 00000000 ____D C:\Program Files\7-Zip
2013-06-22 19:18 - 2013-06-30 15:52 - 00000332 ____A C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2013-06-22 19:18 - 2013-06-27 20:24 - 00000000 ____D C:\Program Files\PC Speed Up
2013-06-22 19:18 - 2013-06-22 19:18 - 00000809 ____A C:\Users\*****\Desktop\PC Speed Up.lnk
2013-06-22 19:17 - 2013-06-27 17:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-22 19:16 - 2013-06-22 19:16 - 00000000 ____D C:\Users\*****\AppData\Roaming\Opera
2013-06-22 19:08 - 2013-06-22 19:08 - 00006252 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-06-22 19:00 - 2013-06-22 19:00 - 00043012 ____A C:\AdwCleaner[S1].txt
2013-06-22 18:58 - 2013-06-22 18:58 - 00000680 ____A C:\Users\*****\AppData\Local\d3d9caps.dat
2013-06-17 05:19 - 2013-06-17 05:19 - 00001628 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-17 05:18 - 2012-08-21 12:01 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2013-06-17 05:17 - 2013-06-17 05:18 - 00000000 ____D C:\Program Files\iTunes
2013-06-17 05:17 - 2013-06-17 05:17 - 00000000 ____D C:\Program Files\iPod
2013-06-17 05:13 - 2013-06-17 05:13 - 00000000 ____D C:\Program Files\Bonjour
2013-06-17 05:09 - 2013-06-17 05:17 - 00000000 ____D C:\ProgramData\Apple Computer
2013-06-14 12:38 - 2013-05-17 00:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-14 12:38 - 2013-05-16 23:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-14 12:38 - 2013-05-16 23:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-14 12:38 - 2013-05-16 23:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-14 12:38 - 2013-05-16 23:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-14 12:38 - 2013-05-16 23:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-14 12:38 - 2013-05-16 23:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-14 12:38 - 2013-05-16 23:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-14 12:38 - 2013-05-16 23:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-14 12:38 - 2013-05-16 23:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-14 12:38 - 2013-05-16 23:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-14 12:38 - 2013-05-16 23:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-14 12:38 - 2013-05-16 23:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-14 12:38 - 2013-05-16 23:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-14 12:38 - 2013-05-16 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-14 12:38 - 2013-05-16 23:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-14 12:32 - 2013-05-08 05:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-14 12:31 - 2013-05-02 23:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-14 12:31 - 2013-05-02 23:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-14 12:31 - 2013-05-02 05:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-14 12:31 - 2013-05-02 05:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-14 12:31 - 2013-04-24 05:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-14 12:31 - 2013-04-24 05:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-14 12:31 - 2013-04-24 05:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-14 12:31 - 2013-04-24 05:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-14 12:31 - 2013-04-24 02:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-14 12:31 - 2013-04-17 13:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

==================== One Month Modified Files and Folders ========

2013-06-30 16:22 - 2010-01-23 15:48 - 01785487 ____A C:\Windows\WindowsUpdate.log
2013-06-30 16:22 - 2006-11-02 14:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-30 16:22 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-30 16:22 - 2006-11-02 13:47 - 00003264 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-30 16:22 - 2006-11-02 13:47 - 00003264 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-30 16:16 - 2011-11-22 18:11 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-30 15:52 - 2013-06-22 19:18 - 00000332 ____A C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2013-06-30 15:51 - 2011-11-22 18:11 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-30 15:50 - 2012-08-22 19:11 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-30 15:21 - 2010-01-24 09:55 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-30 13:45 - 2013-02-02 12:52 - 00000524 ____A C:\Users\*****\Desktop\eMail (12).website
2013-06-30 08:26 - 2013-06-27 20:32 - 00029395 ____A C:\Users\*****\Desktop\FRST.txt
2013-06-29 20:24 - 2013-06-23 10:44 - 00000000 ____D C:\FRST
2013-06-29 12:30 - 2013-06-29 12:30 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2013-06-29 09:20 - 2013-06-28 17:35 - 00000000 ___SD C:\32788R22FWJFW
2013-06-29 09:19 - 2013-06-29 09:19 - 05084379 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2013-06-29 08:08 - 2010-01-23 16:02 - 01037194 ____A C:\Windows\PFRO.log
2013-06-28 17:35 - 2013-06-28 17:35 - 00000000 ____D C:\Windows\erdnt
2013-06-27 20:32 - 2013-06-22 19:31 - 00000000 ____D C:\JRT
2013-06-27 20:30 - 2013-06-27 20:30 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\*****\Desktop\JRT.exe
2013-06-27 20:26 - 2013-06-27 20:25 - 00013190 ____A C:\AdwCleaner[S2].txt
2013-06-27 20:25 - 2013-06-27 20:25 - 00648201 ____A C:\Users\*****\Desktop\adwcleaner.exe
2013-06-27 20:24 - 2013-06-22 19:18 - 00000000 ____D C:\Program Files\PC Speed Up
2013-06-27 20:06 - 2010-12-28 11:53 - 00000000 ____D C:\Users\*****\AppData\Local\CrashDumps
2013-06-27 18:18 - 2013-06-27 18:17 - 01370369 ____A (Farbar) C:\Users\*****\Desktop\FRST.exe
2013-06-27 18:15 - 2013-06-27 18:15 - 01370369 ____A (Farbar) C:\Users\*****\Downloads\FRST.exe
2013-06-27 17:59 - 2010-01-26 14:57 - 00002591 ____A C:\Users\*****\Desktop\Microsoft Office Word 2007.lnk
2013-06-27 17:44 - 2013-06-22 19:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-25 05:39 - 2013-06-25 05:39 - 00000000 ____D C:\Users\*****\AppData\Local\UtilityChest_49
2013-06-25 05:39 - 2013-06-25 05:39 - 00000000 ____D C:\Program Files\UtilityChest_49
2013-06-23 21:23 - 2013-06-23 21:24 - 00890839 ____A C:\Users\*****\Desktop\SecurityCheck.exe
2013-06-23 21:23 - 2013-06-23 21:23 - 00890839 ____A C:\Users\*****\Downloads\SecurityCheck.exe
2013-06-23 10:46 - 2013-06-23 10:46 - 00032092 ____A C:\Users\*****\Documents\FRST.txt
2013-06-23 10:46 - 2013-06-23 10:46 - 00019001 ____A C:\Users\*****\Documents\Addition.txt
2013-06-23 10:26 - 2013-06-23 10:26 - 00000000 ____D C:\Users\*****\AppData\Local\InboxAce_1g
2013-06-23 10:26 - 2013-06-23 10:26 - 00000000 ____D C:\Users\*****\AppData\Local\IAC
2013-06-22 22:20 - 2013-06-22 22:20 - 00000000 ____D C:\_OTL
2013-06-22 21:02 - 2013-06-22 21:02 - 00080210 ____A C:\OTL.Txt
2013-06-22 20:59 - 2010-01-23 16:06 - 00000000 ___AD C:\users\*****
2013-06-22 19:31 - 2013-06-22 19:31 - 00000000 ____D C:\Users\*****\Documents\PCSpeedUp
2013-06-22 19:25 - 2013-06-22 19:25 - 00002059 ____A C:\Users\*****\Desktop\Search.lnk
2013-06-22 19:23 - 2013-06-22 19:23 - 01110476 ____A C:\Users\*****\Desktop\7zip.exe
2013-06-22 19:23 - 2013-06-22 19:23 - 00000000 ____D C:\Program Files\7-Zip
2013-06-22 19:18 - 2013-06-22 19:18 - 00000809 ____A C:\Users\*****\Desktop\PC Speed Up.lnk
2013-06-22 19:17 - 2011-10-21 12:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-22 19:16 - 2013-06-22 19:16 - 00000000 ____D C:\Users\*****\AppData\Roaming\Opera
2013-06-22 19:08 - 2013-06-22 19:08 - 00006252 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-06-22 19:04 - 2011-04-17 18:29 - 00000000 ____D C:\Windows\System32\Drivers\N360
2013-06-22 19:03 - 2011-04-17 18:30 - 00002023 ____A C:\Users\Public\Desktop\Norton 360.lnk
2013-06-22 19:00 - 2013-06-22 19:00 - 00043012 ____A C:\AdwCleaner[S1].txt
2013-06-22 18:58 - 2013-06-22 18:58 - 00000680 ____A C:\Users\*****\AppData\Local\d3d9caps.dat
2013-06-22 18:54 - 2013-01-09 20:21 - 00001935 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-22 18:23 - 2011-04-17 18:30 - 00142496 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2013-06-22 18:23 - 2011-04-17 18:30 - 00007611 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2013-06-17 05:19 - 2013-06-17 05:19 - 00001628 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-17 05:19 - 2012-05-21 19:02 - 00000000 ____D C:\Users\*****\AppData\Roaming\Apple Computer
2013-06-17 05:19 - 2010-01-26 09:43 - 00000000 ____D C:\Users\*****\AppData\Local\Apple Computer
2013-06-17 05:18 - 2013-06-17 05:17 - 00000000 ____D C:\Program Files\iTunes
2013-06-17 05:17 - 2013-06-17 05:17 - 00000000 ____D C:\Program Files\iPod
2013-06-17 05:17 - 2013-06-17 05:09 - 00000000 ____D C:\ProgramData\Apple Computer
2013-06-17 05:17 - 2010-02-13 13:59 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-17 05:17 - 2010-02-13 13:54 - 00000000 ____D C:\ProgramData\Apple
2013-06-17 05:13 - 2013-06-17 05:13 - 00000000 ____D C:\Program Files\Bonjour
2013-06-17 05:09 - 2012-05-21 05:11 - 00001690 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-06-17 05:09 - 2008-01-23 13:46 - 00000000 ____D C:\Program Files\QuickTime
2013-06-14 16:02 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-06-14 15:48 - 2012-08-22 19:11 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-14 15:48 - 2011-09-04 06:42 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-14 15:43 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-14 12:36 - 2006-11-02 11:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 3069.56 MB
Available physical RAM: 2626.97 MB
Total Pagefile: 2846.03 MB
Available Pagefile: 2691.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.6 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:445.76 GB) (Free:361.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:19.99 GB) (Free:5.22 GB) FAT32
Drive e: (MEDHOPRDEU) (CDROM) (Total:2.41 GB) (Free:0 GB) CDFS
Drive i: (HITMANPRO) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=446 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended)

========================================================
Disk: 4 (Size: 962 MB) (Disk ID: 75F5AA57)
Partition 1: (Active) - (Size=957 MB) - (Type=0B)


LastRegBack: 2013-06-30 15:36

==================== End Of Log ============================

--- --- ---

--- --- ---

Ich hoffe, jetzt sind alle Reste weg.

Grüße

Sabine99

schrauber · 30.06.2013, 19:45

Ooooh, bitte mal nen frischen FRST Scan aus dem normalen Windows

Sabine99 · 30.06.2013, 19:52

Hi Schrauber,

hier ist sie, normales Windows, du machst mich ein bisschen nervös (ooooh -positiv oder negativ?)

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2013 02
Ran by ***** (administrator) on 30-06-2013 20:48:23
Running from C:\Users\*****\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Buhl Data Service GmbH) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
(COMPANYVERS_NAME) C:\PROGRA~1\UTILIT~2\bar\1.bin\49barsvc.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\system32\userinit.exe
(Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Cyberlink Corp.) C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
(ODSoft multimedia) C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(VER_COMPANY_NAME) C:\Program Files\UtilityChest_49\bar\1.bin\49brmon.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [UpdatePPShortCut] "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\4.0" [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] %programfiles%\windows defender\msascui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [LexwareInfoService] c:\program files\common files\lexware\update manager\lxupdatemanager.exe /autostart [339240 2008-11-03] (Lexware GmbH & Co. KG)
HKLM\...\Run: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\nbkeyscan.exe" [1836328 2007-09-20] (Nero AG)
HKLM\...\Run: [RemoteControl] "c:\program files\homecinema\powerdvd\pdvdserv.exe" [71216 2007-02-09] (Cyberlink Corp.)
HKLM\...\Run: [TVBroadcast] c:\program files\sceneo\absoluttv\services\odsbc\odsbcapp.exe [797696 2007-08-08] (ODSoft multimedia)
HKLM\...\Run: [Ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\monitor.exe [90112 2006-11-29] (Ulead Systems, Inc.)
HKLM\...\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [InboxAce Search Scope Monitor] "C:\PROGRA~1\INBOXA~2\bar\1.bin\1gsrchmn.exe" /m=2 /w /h [x]
HKLM\...\Run: [InboxAce_1g Browser Plugin Loader] C:\PROGRA~1\INBOXA~2\bar\1.bin\1gbrmon.exe [x]
HKLM\...\Run: [Utility Chest Search Scope Monitor] "C:\PROGRA~1\UTILIT~2\bar\1.bin\49srchmn.exe" /m=2 /w /h [44784 2013-06-25] (MindSpark)
HKLM\...\Run: [UtilityChest_49 Browser Plugin Loader] C:\PROGRA~1\UTILIT~2\bar\1.bin\49brmon.exe [30096 2013-06-25] (VER_COMPANY_NAME)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\nmbgmonitor.exe" [202024 2007-10-15] (Nero AG)
HKCU\...\Run: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autorun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [SearchEngineProtection] C:\Program Files\GamesBar\update\SearchEngineProtection.exe [x]
HKCU\...\Run: [AOL Dialer] C:\Program Files\Common Files\AOL\ACS\AOlDial.exe [x]
HKCU\...\Policies\system: [disableregistrytools] 0
MountPoints2: {efcd0c81-082c-11df-b5e6-806e6f6e6963} - H:\setup.exe
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)

==================== Internet (Whitelisted) ====================

ProxyServer: 192.168.1.1:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
URLSearchHook: (No Name) - {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - C:\Program Files\UtilityChest_49\bar\1.bin\49SrcAs.dll (MindSpark)
URLSearchHook: (No Name) - {5fdb0cd8-5760-44d1-8d13-a78bf558c3c7} - C:\Program Files\InboxAce_1g\bar\1.bin\1gSrcAs.dll No File
HKCU SearchScopes: DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
BHO: Search Assistant BHO - {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - C:\Program Files\UtilityChest_49\bar\1.bin\49SrcAs.dll (MindSpark)
BHO: GamesBar (W) - {2e94b700-eafb-4c9e-a696-77200aa3f89b} - C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll ()
BHO: Toolbar BHO - {58f7b5ca-1162-42e8-8bbc-d543b4edd780} - C:\PROGRA~1\UTILIT~2\bar\1.bin\49bar.dll (MindSpark)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Search Assistant BHO - {9359da42-06fb-46f2-9e4a-05c05b98a5ef} - C:\Program Files\InboxAce_1g\bar\1.bin\1gSrcAs.dll No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Toolbar BHO - {d5a1d22b-9e17-454f-8ecd-83c578fb3983} - C:\PROGRA~1\INBOXA~2\bar\1.bin\1gbar.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - GamesBar (W) - {2e94b700-eafb-4c9e-a696-77200aa3f89b} - C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll ()
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - InboxAce - {3775afd7-5921-4571-968f-85a631203d1c} - C:\Program Files\InboxAce_1g\bar\1.bin\1gbar.dll No File
Toolbar: HKLM - Utility Chest - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -InboxAce - {3775AFD7-5921-4571-968F-85A631203D1C} - C:\Program Files\InboxAce_1g\bar\1.bin\1gbar.dll No File
Toolbar: HKCU -Utility Chest - {CF67755F-9265-449C-87CF-B945519E073B} - C:\Program Files\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome: 
=======
CHR HomePage: hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=TJ&userid=dea475c8-3714-4b9c-9dc7-bc9f234f8bb6&searchtype=hp&installDate=22/06/2013
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=TJ&userid=dea475c8-3714-4b9c-9dc7-bc9f234f8bb6&searchtype=hp&installDate=22/06/2013"
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (Norton Identity Protection) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0
CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe [75040 2008-09-05] (Ralink Technology, Corp.)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1681408 2007-08-16] (Buhl Data Service GmbH)
R2 UtilityChest_49Service; C:\PROGRA~1\UTILIT~2\bar\1.bin\49barsvc.exe [42504 2013-06-25] (COMPANYVERS_NAME)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130620.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S3 CH375; C:\Windows\System32\Drivers\CH375WDM.SYS [28403 2011-03-14] (www.winchiphead.com)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-04-13] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-04-13] (Symantec Corporation)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130628.001\IDSvix86.sys [386720 2013-04-12] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130629.007\NAVENG.SYS [93272 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130629.007\NAVEX15.SYS [1611992 2013-05-22] (Symantec Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [645120 2008-08-21] (Ralink Technology Corp.)
R3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH)
S3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-22] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [36512 2013-03-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-30] (America Online, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-29 13:30 - 2013-06-29 13:30 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2013-06-29 10:19 - 2013-06-29 10:19 - 05084379 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2013-06-28 18:35 - 2013-06-29 10:20 - 00000000 ___SD C:\32788R22FWJFW
2013-06-28 18:35 - 2013-06-28 18:35 - 00000000 ____D C:\Windows\erdnt
2013-06-27 21:30 - 2013-06-27 21:30 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\*****\Desktop\JRT.exe
2013-06-27 21:25 - 2013-06-27 21:26 - 00013190 ____A C:\AdwCleaner[S2].txt
2013-06-27 21:25 - 2013-06-27 21:25 - 00648201 ____A C:\Users\*****\Desktop\adwcleaner.exe
2013-06-27 19:17 - 2013-06-27 19:18 - 01370369 ____A (Farbar) C:\Users\*****\Desktop\FRST.exe
2013-06-27 19:15 - 2013-06-27 19:15 - 01370369 ____A (Farbar) C:\Users\*****\Downloads\FRST.exe
2013-06-25 06:39 - 2013-06-25 06:39 - 00000000 ____D C:\Users\*****\AppData\Local\UtilityChest_49
2013-06-25 06:39 - 2013-06-25 06:39 - 00000000 ____D C:\Program Files\UtilityChest_49
2013-06-23 22:24 - 2013-06-23 22:23 - 00890839 ____A C:\Users\*****\Desktop\SecurityCheck.exe
2013-06-23 22:23 - 2013-06-23 22:23 - 00890839 ____A C:\Users\*****\Downloads\SecurityCheck.exe
2013-06-23 11:46 - 2013-06-23 11:46 - 00032092 ____A C:\Users\*****\Documents\FRST.txt
2013-06-23 11:46 - 2013-06-23 11:46 - 00019001 ____A C:\Users\*****\Documents\Addition.txt
2013-06-23 11:44 - 2013-06-29 21:24 - 00000000 ____D C:\FRST
2013-06-23 11:26 - 2013-06-23 11:26 - 00000000 ____D C:\Users\*****\AppData\Local\InboxAce_1g
2013-06-23 11:26 - 2013-06-23 11:26 - 00000000 ____D C:\Users\*****\AppData\Local\IAC
2013-06-22 23:20 - 2013-06-22 23:20 - 00000000 ____D C:\_OTL
2013-06-22 22:02 - 2013-06-22 22:02 - 00080210 ____A C:\OTL.Txt
2013-06-22 20:31 - 2013-06-27 21:32 - 00000000 ____D C:\JRT
2013-06-22 20:31 - 2013-06-22 20:31 - 00000000 ____D C:\Users\*****\Documents\PCSpeedUp
2013-06-22 20:25 - 2013-06-22 20:25 - 00002059 ____A C:\Users\*****\Desktop\Search.lnk
2013-06-22 20:23 - 2013-06-22 20:23 - 01110476 ____A C:\Users\*****\Desktop\7zip.exe
2013-06-22 20:23 - 2013-06-22 20:23 - 00000000 ____D C:\Program Files\7-Zip
2013-06-22 20:18 - 2013-06-30 16:52 - 00000332 ____A C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2013-06-22 20:18 - 2013-06-27 21:24 - 00000000 ____D C:\Program Files\PC Speed Up
2013-06-22 20:18 - 2013-06-22 20:18 - 00000809 ____A C:\Users\*****\Desktop\PC Speed Up.lnk
2013-06-22 20:17 - 2013-06-27 18:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-22 20:16 - 2013-06-22 20:16 - 00000000 ____D C:\Users\*****\AppData\Roaming\Opera
2013-06-22 20:08 - 2013-06-22 20:08 - 00006252 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-06-22 20:00 - 2013-06-22 20:00 - 00043012 ____A C:\AdwCleaner[S1].txt
2013-06-22 19:58 - 2013-06-22 19:58 - 00000680 ____A C:\Users\*****\AppData\Local\d3d9caps.dat
2013-06-17 06:19 - 2013-06-17 06:19 - 00001628 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-17 06:18 - 2012-08-21 13:01 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2013-06-17 06:17 - 2013-06-17 06:18 - 00000000 ____D C:\Program Files\iTunes
2013-06-17 06:17 - 2013-06-17 06:17 - 00000000 ____D C:\Program Files\iPod
2013-06-17 06:13 - 2013-06-17 06:13 - 00000000 ____D C:\Program Files\Bonjour
2013-06-17 06:09 - 2013-06-17 06:17 - 00000000 ____D C:\ProgramData\Apple Computer
2013-06-14 13:38 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-14 13:38 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-14 13:38 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-14 13:38 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-14 13:38 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-14 13:38 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-14 13:38 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-14 13:38 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-14 13:38 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-14 13:38 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-14 13:38 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-14 13:38 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-14 13:38 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-14 13:38 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-14 13:38 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-14 13:38 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-14 13:32 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-14 13:31 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-14 13:31 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-14 13:31 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-14 13:31 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-14 13:31 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-14 13:31 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-14 13:31 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-14 13:31 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-14 13:31 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-14 13:31 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

==================== One Month Modified Files and Folders ========

2013-06-30 20:48 - 2011-11-22 19:11 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-30 20:47 - 2010-01-24 10:55 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-30 20:47 - 2010-01-23 17:02 - 01040940 ____A C:\Windows\PFRO.log
2013-06-30 20:47 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-30 20:47 - 2006-11-02 14:47 - 00003264 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-30 20:47 - 2006-11-02 14:47 - 00003264 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-30 17:22 - 2010-01-23 16:48 - 01785487 ____A C:\Windows\WindowsUpdate.log
2013-06-30 17:22 - 2006-11-02 15:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-30 16:52 - 2013-06-22 20:18 - 00000332 ____A C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2013-06-30 16:51 - 2011-11-22 19:11 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-30 16:50 - 2012-08-22 20:11 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-30 14:45 - 2013-02-02 13:52 - 00000524 ____A C:\Users\*****\Desktop\eMail (12).website
2013-06-29 21:24 - 2013-06-23 11:44 - 00000000 ____D C:\FRST
2013-06-29 13:30 - 2013-06-29 13:30 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2013-06-29 10:20 - 2013-06-28 18:35 - 00000000 ___SD C:\32788R22FWJFW
2013-06-29 10:19 - 2013-06-29 10:19 - 05084379 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2013-06-28 18:35 - 2013-06-28 18:35 - 00000000 ____D C:\Windows\erdnt
2013-06-27 21:32 - 2013-06-22 20:31 - 00000000 ____D C:\JRT
2013-06-27 21:30 - 2013-06-27 21:30 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\*****\Desktop\JRT.exe
2013-06-27 21:26 - 2013-06-27 21:25 - 00013190 ____A C:\AdwCleaner[S2].txt
2013-06-27 21:25 - 2013-06-27 21:25 - 00648201 ____A C:\Users\*****\Desktop\adwcleaner.exe
2013-06-27 21:24 - 2013-06-22 20:18 - 00000000 ____D C:\Program Files\PC Speed Up
2013-06-27 21:06 - 2010-12-28 12:53 - 00000000 ____D C:\Users\*****\AppData\Local\CrashDumps
2013-06-27 19:18 - 2013-06-27 19:17 - 01370369 ____A (Farbar) C:\Users\*****\Desktop\FRST.exe
2013-06-27 19:15 - 2013-06-27 19:15 - 01370369 ____A (Farbar) C:\Users\*****\Downloads\FRST.exe
2013-06-27 18:59 - 2010-01-26 15:57 - 00002591 ____A C:\Users\*****\Desktop\Microsoft Office Word 2007.lnk
2013-06-27 18:44 - 2013-06-22 20:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-25 06:39 - 2013-06-25 06:39 - 00000000 ____D C:\Users\*****\AppData\Local\UtilityChest_49
2013-06-25 06:39 - 2013-06-25 06:39 - 00000000 ____D C:\Program Files\UtilityChest_49
2013-06-23 22:23 - 2013-06-23 22:24 - 00890839 ____A C:\Users\*****\Desktop\SecurityCheck.exe
2013-06-23 22:23 - 2013-06-23 22:23 - 00890839 ____A C:\Users\*****\Downloads\SecurityCheck.exe
2013-06-23 11:46 - 2013-06-23 11:46 - 00032092 ____A C:\Users\*****\Documents\FRST.txt
2013-06-23 11:46 - 2013-06-23 11:46 - 00019001 ____A C:\Users\*****\Documents\Addition.txt
2013-06-23 11:26 - 2013-06-23 11:26 - 00000000 ____D C:\Users\*****\AppData\Local\InboxAce_1g
2013-06-23 11:26 - 2013-06-23 11:26 - 00000000 ____D C:\Users\*****\AppData\Local\IAC
2013-06-22 23:20 - 2013-06-22 23:20 - 00000000 ____D C:\_OTL
2013-06-22 22:02 - 2013-06-22 22:02 - 00080210 ____A C:\OTL.Txt
2013-06-22 21:59 - 2010-01-23 17:06 - 00000000 ___AD C:\users\*****
2013-06-22 20:31 - 2013-06-22 20:31 - 00000000 ____D C:\Users\*****\Documents\PCSpeedUp
2013-06-22 20:25 - 2013-06-22 20:25 - 00002059 ____A C:\Users\*****\Desktop\Search.lnk
2013-06-22 20:23 - 2013-06-22 20:23 - 01110476 ____A C:\Users\*****\Desktop\7zip.exe
2013-06-22 20:23 - 2013-06-22 20:23 - 00000000 ____D C:\Program Files\7-Zip
2013-06-22 20:18 - 2013-06-22 20:18 - 00000809 ____A C:\Users\*****\Desktop\PC Speed Up.lnk
2013-06-22 20:17 - 2011-10-21 13:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-22 20:16 - 2013-06-22 20:16 - 00000000 ____D C:\Users\*****\AppData\Roaming\Opera
2013-06-22 20:08 - 2013-06-22 20:08 - 00006252 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-06-22 20:04 - 2011-04-17 19:29 - 00000000 ____D C:\Windows\System32\Drivers\N360
2013-06-22 20:03 - 2011-04-17 19:30 - 00002023 ____A C:\Users\Public\Desktop\Norton 360.lnk
2013-06-22 20:00 - 2013-06-22 20:00 - 00043012 ____A C:\AdwCleaner[S1].txt
2013-06-22 19:58 - 2013-06-22 19:58 - 00000680 ____A C:\Users\*****\AppData\Local\d3d9caps.dat
2013-06-22 19:54 - 2013-01-09 21:21 - 00001935 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-22 19:23 - 2011-04-17 19:30 - 00142496 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2013-06-22 19:23 - 2011-04-17 19:30 - 00007611 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2013-06-17 06:19 - 2013-06-17 06:19 - 00001628 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-17 06:19 - 2012-05-21 20:02 - 00000000 ____D C:\Users\*****\AppData\Roaming\Apple Computer
2013-06-17 06:19 - 2010-01-26 10:43 - 00000000 ____D C:\Users\*****\AppData\Local\Apple Computer
2013-06-17 06:18 - 2013-06-17 06:17 - 00000000 ____D C:\Program Files\iTunes
2013-06-17 06:17 - 2013-06-17 06:17 - 00000000 ____D C:\Program Files\iPod
2013-06-17 06:17 - 2013-06-17 06:09 - 00000000 ____D C:\ProgramData\Apple Computer
2013-06-17 06:17 - 2010-02-13 14:59 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-17 06:17 - 2010-02-13 14:54 - 00000000 ____D C:\ProgramData\Apple
2013-06-17 06:13 - 2013-06-17 06:13 - 00000000 ____D C:\Program Files\Bonjour
2013-06-17 06:09 - 2012-05-21 06:11 - 00001690 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-06-17 06:09 - 2008-01-23 14:46 - 00000000 ____D C:\Program Files\QuickTime
2013-06-14 17:02 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-14 16:48 - 2012-08-22 20:11 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-14 16:48 - 2011-09-04 07:42 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-14 16:43 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-14 13:36 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-30 16:36

==================== End Of Log ============================

--- --- ---

Grüße

Sabine99

schrauber · 30.06.2013, 19:57

100% positiv

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Sabine99 · 30.06.2013, 20:40

Hi Schrauber,
super, dann arbeite ich mich mal durch Deine Liste. Der PC ist jetzt wieder sicher? Ich mach nämlich auch online Banking damit.

Naja, jetzt habe ich eben gelernt, dass regelmäßige updates von Windows und Norton auch nicht reichen
Ich hab noch mitbekommen, dass Norton den PC langsam macht, was würdest Du mir denn empfehlen? Und wie bekomm ich das denn komplett von meinem PC.

Wir wollten noch einen scan von meinem Laptop machen

Der hat als Betriebssystem Windows 7 home Edition.
Aber erst morgen oder so.

Also nochmals vielen Dank für Deine Hilfe

Ohne Dich wäre ich ganzschön aufgeschmissen gewesen.

Sabine99

PS: Irgendwie finde ich die Combofix.exe nicht, auch das Notepad geht so nicht. Ich hatte aber Probleme beim installieren und es auch nicht benutzt, kann ich es einfach so in den Papierkorb schieben und löschen? Mache dann morgen weiter...

schrauber · 01.07.2013, 07:39

Las einfach Delfix laufen, das entfernt auch Combofix.

Banking nur mit ChipTan oder höher.

FRST Logs vom laptop bitte.

Sabine99 · 01.07.2013, 17:16

HI Schrauber,

anbei FRST vom Laptop, sollte eigentlich (hoffentlich) nichts sein, da wir mit dem bis auf die letzten 2 Wochen selten im Netz waren:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03
Ran by ***** (administrator) on 01-07-2013 18:11:51
Running from C:\Users\*****\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
() C:\windows\SysWOW64\Rezip.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(AOL LLC) c:\program files (x86)\aol\aol toolbar 4.0\AolTbServer.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems, Inc.) C:\windows\SysWow64\Macromed\Flash\FlashUtil9f.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup [16413288 2010-02-10] (NVIDIA Corporation)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-04-26] (Google Inc.)
MountPoints2: {3d82f461-6aa4-11e0-be41-00038a000015} - F:\AutoRun.exe
MountPoints2: {3d82f46f-6aa4-11e0-be41-00038a000015} - F:\AutoRun.exe
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [APLangApp] "C:\Program Files (x86)\AnyPC Client\APLangApp.exe" [13312 2009-11-20] (DoctorSoft)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime [98304 2011-04-19] (Apple Computer, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZO^xdm071^YY^de&ptb=D97F0AC6-4413-4C40-871C-2B11E34E28B4&si=EL_UT_GER_11
URLSearchHook: (No Name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} -  No File
SearchScopes: HKLM-x32 - {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZO^xdm071^YY^de&si=EL_UT_GER_11&ptb=D97F0AC6-4413-4C40-871C-2B11E34E28B4&ind=2013061914&n=77fce31a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=26A578E4005D23FF&affID=119357&tt=180613_10&tsp=4918
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}
SearchScopes: HKCU - {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZO^xdm071^YY^de&si=EL_UT_GER_11&ptb=D97F0AC6-4413-4C40-871C-2B11E34E28B4&ind=2013061914&n=77fce31a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=DE&ver=5
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9737BF33-AC5F-4930-BBC0-1A3182B820F8}: [NameServer]193.189.244.225 193.189.244.206

==================== Services (Whitelisted) =================

R2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R3 CryptOSD; C:\Windows\System32\DRIVERS\CryptOSD.sys [431488 2009-06-25] (Phoenix Technologies)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-03-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-03-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-03-15] (Symantec Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20130628.001\IDSvia64.sys [513184 2013-06-15] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20130628.001\IDSvia64.sys [513184 2013-06-15] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20130629.007\ENG64.SYS [126040 2013-06-23] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20130629.007\ENG64.SYS [126040 2013-06-23] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20130629.007\EX64.SYS [2098776 2013-06-23] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20130629.007\EX64.SYS [2098776 2013-06-23] (Symantec Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-06-24] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-06-24] (Windows (R) 2003 DDK 3790 provider)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2010-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S2 ASCTRM; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-01 18:11 - 2013-07-01 18:11 - 00023556 ____A C:\Users\*****\Desktop\Addition.txt
2013-07-01 18:10 - 2013-07-01 18:10 - 01933758 ____A (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-07-01 18:10 - 2013-07-01 18:10 - 00000000 ____D C:\FRST
2013-06-30 22:12 - 2012-08-23 16:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-06-30 22:12 - 2012-08-23 16:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-06-30 22:12 - 2012-08-23 16:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-06-30 22:12 - 2012-08-23 15:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-06-30 22:12 - 2012-08-23 15:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-06-30 22:12 - 2012-08-23 15:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-06-30 22:12 - 2012-08-23 15:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-06-30 22:12 - 2012-08-23 15:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-06-30 22:12 - 2012-08-23 15:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-06-30 22:12 - 2012-08-23 15:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-06-30 22:12 - 2012-08-23 15:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-06-30 22:12 - 2012-08-23 15:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-06-30 22:12 - 2012-08-23 14:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-06-30 22:12 - 2012-08-23 13:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-06-30 22:12 - 2012-08-23 13:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-06-30 22:12 - 2012-08-23 13:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-06-30 22:12 - 2012-08-23 13:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-06-30 22:12 - 2012-08-23 12:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-06-30 22:12 - 2012-08-23 12:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-06-30 22:12 - 2012-08-23 12:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-06-30 22:12 - 2012-08-23 12:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-06-30 22:12 - 2012-08-23 11:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-06-30 22:12 - 2012-08-23 10:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-06-30 22:12 - 2012-08-23 10:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-06-30 22:09 - 2013-06-30 22:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-06-30 22:08 - 2012-08-24 20:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-06-30 22:08 - 2012-08-24 20:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-06-30 22:08 - 2012-08-24 20:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-06-30 22:08 - 2012-08-24 20:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-06-30 22:08 - 2012-08-24 18:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-06-30 22:08 - 2012-08-24 18:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-06-30 22:08 - 2012-08-24 18:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-06-30 22:08 - 2012-05-04 13:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-06-30 22:08 - 2012-05-04 11:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-06-23 16:59 - 2013-07-01 17:59 - 00001364 ____A C:\Windows\setupact.log
2013-06-23 16:59 - 2013-06-30 16:35 - 00028342 ____A C:\Windows\PFRO.log
2013-06-23 16:59 - 2013-06-23 16:59 - 00000000 ____A C:\Windows\setuperr.log
2013-06-23 11:25 - 2013-06-23 11:25 - 00000005 ____A C:\Users\*****\AppData\Roaming\WBPU-Q2-TTL.DAT
2013-06-22 15:35 - 2013-06-22 15:35 - 00000000 ____A C:\Users\*****\defogger_reenable
2013-06-22 14:37 - 2013-06-29 13:56 - 00000898 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-06-22 14:36 - 2013-06-28 19:01 - 00000000 ____D C:\Program Files (x86)\CoolLyrics
2013-06-22 14:33 - 2013-06-22 14:33 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-06-22 14:02 - 2013-06-22 14:06 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-22 13:58 - 2013-06-22 13:58 - 00000000 ___AD C:\Program Files (x86)\InboxAce_1gEI
2013-06-22 13:23 - 2013-06-29 14:23 - 00000005 ____A C:\Users\*****\AppData\Roaming\WBPU-TTL.DAT
2013-06-22 12:46 - 2013-07-01 18:00 - 00000480 ____A C:\Windows\Tasks\SpeedMaxPc Registration3.job
2013-06-22 12:46 - 2013-06-23 16:58 - 00000000 ____D C:\Users\*****\Desktop\SpeedMaxPc
2013-06-22 12:46 - 2013-06-22 13:02 - 00000438 ____A C:\Windows\Tasks\SpeedMaxPc Update3.job
2013-06-22 12:46 - 2013-06-22 13:02 - 00000404 ____A C:\Windows\Tasks\SpeedMaxPc.job
2013-06-22 12:46 - 2013-06-22 12:46 - 00000692 ____A C:\Users\*****\Desktop\SpeedMaxPc.lnk
2013-06-22 12:46 - 2013-06-22 12:46 - 00000000 ____D C:\Users\*****\AppData\Roaming\SpeedMaxPc
2013-06-22 12:46 - 2013-06-22 12:46 - 00000000 ____D C:\Users\*****\AppData\Roaming\DriverCure
2013-06-22 12:46 - 2013-06-22 12:46 - 00000000 ____D C:\ProgramData\SpeedMaxPc
2013-06-19 21:36 - 2013-06-19 21:36 - 00000000 ____D C:\Users\*****\AppData\Local\IAC
2013-06-19 21:23 - 2013-06-30 22:23 - 00000308 ____A C:\Windows\Tasks\DSite.job
2013-06-19 21:23 - 2013-06-19 21:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\DSite
2013-06-19 21:23 - 2013-06-19 21:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\Babylon
2013-06-19 21:23 - 2013-06-19 21:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\BabSolution
2013-06-19 21:23 - 2013-06-19 21:23 - 00000000 ____D C:\ProgramData\Babylon
2013-06-19 21:23 - 2013-06-19 21:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-19 20:53 - 2013-06-19 20:53 - 00000000 ____D C:\Users\*****\AppData\Roaming\Tific
2013-06-19 20:22 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-19 20:22 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-19 20:22 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-19 20:22 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-19 20:22 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-19 20:22 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-19 20:21 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-19 20:21 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-19 20:21 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-19 20:21 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-19 20:21 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-19 20:21 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-19 20:21 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-19 20:21 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-19 20:21 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-19 20:21 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-19 20:21 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-19 20:21 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-18 20:02 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-18 20:02 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-18 20:02 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-18 20:02 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-18 20:02 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-18 20:02 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-18 20:02 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-18 20:02 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-18 20:02 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-18 20:02 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-18 20:02 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-18 20:02 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-18 20:02 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-18 20:02 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-18 20:02 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-18 20:02 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-18 20:02 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-18 20:02 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-18 20:02 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-06-18 20:02 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-06-18 20:02 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-06-18 20:02 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-18 20:02 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-06-18 20:02 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-06-18 20:02 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-06-18 20:02 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-06-18 20:02 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-06-18 20:02 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-06-18 20:02 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-06-18 20:02 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-06-18 20:02 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-06-18 20:02 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-06-18 20:02 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll

==================== One Month Modified Files and Folders =======

2013-07-01 18:11 - 2013-07-01 18:11 - 00023556 ____A C:\Users\*****\Desktop\Addition.txt
2013-07-01 18:10 - 2013-07-01 18:10 - 01933758 ____A (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-07-01 18:10 - 2013-07-01 18:10 - 00000000 ____D C:\FRST
2013-07-01 18:07 - 2009-07-14 06:45 - 00013936 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-01 18:07 - 2009-07-14 06:45 - 00013936 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 18:03 - 2010-04-26 10:14 - 01186725 ____A C:\Windows\WindowsUpdate.log
2013-07-01 18:00 - 2013-06-22 12:46 - 00000480 ____A C:\Windows\Tasks\SpeedMaxPc Registration3.job
2013-07-01 18:00 - 2011-02-06 13:32 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 17:59 - 2013-06-23 16:59 - 00001364 ____A C:\Windows\setupact.log
2013-07-01 17:59 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-30 22:23 - 2013-06-19 21:23 - 00000308 ____A C:\Windows\Tasks\DSite.job
2013-06-30 22:20 - 2009-07-14 06:45 - 00353120 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-30 22:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-30 22:11 - 2010-05-26 02:01 - 00654166 ____A C:\Windows\System32\perfh007.dat
2013-06-30 22:11 - 2010-05-26 02:01 - 00130006 ____A C:\Windows\System32\perfc007.dat
2013-06-30 22:11 - 2009-07-14 07:13 - 01519874 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-30 22:09 - 2013-06-30 22:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-06-30 21:34 - 2011-02-06 13:32 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-30 16:35 - 2013-06-23 16:59 - 00028342 ____A C:\Windows\PFRO.log
2013-06-29 17:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-29 14:23 - 2013-06-22 13:23 - 00000005 ____A C:\Users\*****\AppData\Roaming\WBPU-TTL.DAT
2013-06-29 13:56 - 2013-06-22 14:37 - 00000898 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-06-28 19:01 - 2013-06-22 14:36 - 00000000 ____D C:\Program Files (x86)\CoolLyrics
2013-06-23 21:04 - 2013-03-23 18:04 - 00000000 ____D C:\Users\*****\AppData\Local\Microsoft Games
2013-06-23 16:59 - 2013-06-23 16:59 - 00000000 ____A C:\Windows\setuperr.log
2013-06-23 16:58 - 2013-06-22 12:46 - 00000000 ____D C:\Users\*****\Desktop\SpeedMaxPc
2013-06-23 11:25 - 2013-06-23 11:25 - 00000005 ____A C:\Users\*****\AppData\Roaming\WBPU-Q2-TTL.DAT
2013-06-22 22:26 - 2011-02-06 13:28 - 00000000 ____D C:\Users\*****\AppData\Local\Google
2013-06-22 16:19 - 2011-07-10 10:17 - 00001425 ____A C:\0
2013-06-22 15:35 - 2013-06-22 15:35 - 00000000 ____A C:\Users\*****\defogger_reenable
2013-06-22 15:35 - 2011-01-31 22:09 - 00000000 ____D C:\users\*****
2013-06-22 14:33 - 2013-06-22 14:33 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-06-22 14:06 - 2013-06-22 14:02 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-22 13:58 - 2013-06-22 13:58 - 00000000 ___AD C:\Program Files (x86)\InboxAce_1gEI
2013-06-22 13:02 - 2013-06-22 12:46 - 00000438 ____A C:\Windows\Tasks\SpeedMaxPc Update3.job
2013-06-22 13:02 - 2013-06-22 12:46 - 00000404 ____A C:\Windows\Tasks\SpeedMaxPc.job
2013-06-22 12:57 - 2011-04-19 21:01 - 00000000 ____D C:\Users\*****\AppData\Local\CrashDumps
2013-06-22 12:57 - 2011-04-19 20:51 - 00000000 ____D C:\Windows\SysWOW64\QuickTime
2013-06-22 12:57 - 2011-04-19 20:51 - 00000000 ____D C:\ProgramData\QuickTime
2013-06-22 12:57 - 2011-02-06 14:37 - 00000000 ____D C:\ProgramData\Norton
2013-06-22 12:57 - 2010-04-26 10:43 - 00000000 ____D C:\ProgramData\Partner
2013-06-22 12:57 - 2009-08-02 04:27 - 00000000 ____D C:\Windows\Panther
2013-06-22 12:57 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-06-22 12:46 - 2013-06-22 12:46 - 00000692 ____A C:\Users\*****\Desktop\SpeedMaxPc.lnk
2013-06-22 12:46 - 2013-06-22 12:46 - 00000000 ____D C:\Users\*****\AppData\Roaming\SpeedMaxPc
2013-06-22 12:46 - 2013-06-22 12:46 - 00000000 ____D C:\Users\*****\AppData\Roaming\DriverCure
2013-06-22 12:46 - 2013-06-22 12:46 - 00000000 ____D C:\ProgramData\SpeedMaxPc
2013-06-19 21:36 - 2013-06-19 21:36 - 00000000 ____D C:\Users\*****\AppData\Local\IAC
2013-06-19 21:23 - 2013-06-19 21:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\DSite
2013-06-19 21:23 - 2013-06-19 21:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\Babylon
2013-06-19 21:23 - 2013-06-19 21:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\BabSolution
2013-06-19 21:23 - 2013-06-19 21:23 - 00000000 ____D C:\ProgramData\Babylon
2013-06-19 21:23 - 2013-06-19 21:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-19 20:53 - 2013-06-19 20:53 - 00000000 ____D C:\Users\*****\AppData\Roaming\Tific
2013-06-08 16:08 - 2013-06-19 20:21 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-19 20:21 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-19 20:21 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-19 20:21 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-19 20:21 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-19 20:21 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-19 20:21 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-19 20:21 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-19 20:21 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-19 20:21 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-19 20:21 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-19 20:21 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-02 17:11 - 2013-03-16 18:56 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-29 16:33

==================== End Of Log ============================

--- --- ---

--- --- ---

und die Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-06-2013 03
Ran by ***** at 2013-07-01 18:12:09
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 4.65 (x32)
Adobe Flash Player ActiveX (x32 Version: 9.0.124.0)
Adobe Reader 9.1 - Deutsch (x32 Version: 9.1.0)
Alice Greenfingers (x32)
AnyPC Client (x32 Version: 1.0.0.25)
AOL Mail and AIM Gadget (x32 Version: 1.0.0)
AOL Meine Fotos Bildschirmschoner (x32)
Atheros Client Installation Program (x32 Version: 1.0.2.1119)
BatteryLifeExtender (x32 Version: 1.0.1)
Bonbon Quest (x32)
Cake Mania (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
CyberLink DVD Suite (x32 Version: 6.0.2806)
CyberLink LabelPrint (x32 Version: 2.5.1916)
CyberLink Power2Go (x32 Version: 6.0.3108a)
CyberLink PowerDirector (x32 Version: 7.0.3213)
CyberLink PowerDVD 8 (x32 Version: 8.0.2815b)
CyberLink PowerProducer (x32 Version: 5.0.1.1812)
CyberLink YouCam (x32 Version: 2.0.3625)
Daycare Nightmare (x32)
Easy Display Manager (x32 Version: 3.0)
Easy Network Manager (x32 Version: 4.2.8)
Easy SpeedUp Manager (x32 Version: 3.0.0.5)
EasyBatteryManager (x32 Version: 4.0.0.3)
Flip Words (x32)
Galapago (x32)
Game Pack (x32 Version: 6.3.1.1)
Gem Shop (x32)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.145)
Insaniquarium Deluxe (x32)
Intel(R) Rapid Storage Technology (x32 Version: 9.5.4.1001)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.01.01.1007)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Learn2 Player (Uninstall Only) (x32)
Mahjong Escape Ancient China (x32)
Marvell Miniport Driver (x32 Version: 11.22.3.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Works (x32 Version: 9.7.0621)
Mobile Partner (x32 Version: 16.002.03.01.40)
MSVCRT (x32 Version: 14.0.1468.721)
Norton 360 (x32 Version: 5.2.2.3)
NVIDIA Drivers (Version: 1.4)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
QuickTime (x32)
RealPlayer Basic (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6003)
REALTEK Wireless LAN Software (x32 Version: 0133.09.1202)
Samsung Recovery Solution 4 (x32 Version: 4.0.0.6)
Samsung R-Series (x32 Version: 1.0)
Samsung Support Center (x32 Version: 1.1.0)
Samsung Update Plus (x32 Version: 2.0)
Slingo (x32)
SpeedMaxPc (x32 Version: 3.1.6.0)
Synaptics Pointing Device Driver (Version: 15.0.10.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Word 2007 (KB974631) (x32)
Update for Zip Opener (HKCU)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
User Guide (x32 Version: 1.0)
Viewpoint Media Player (x32)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)

==================== Restore Points  =========================

22-06-2013 10:56:10 SpeedMaxPc Backup
22-06-2013 15:33:46 SpeedMaxPc Backup
23-06-2013 14:57:49 SpeedMaxPc Backup
23-06-2013 19:41:06 Windows Update
30-06-2013 17:49:58 Norton 360 Registry Clean
30-06-2013 20:08:40 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {0E2EFDA6-77DB-4459-825E-C112DA8FBA09} - System32\Tasks\SpeedMaxPc => C:\Users\*****\Desktop\SpeedMaxPc\SpeedMaxPc.exe [2013-03-13] (SpeedMaxPc)
Task: {19CC413D-BC66-4EB2-BEB7-9DEF79BCE287} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.)
Task: {1BE6628C-9EB4-4414-A24E-FFB6C616B262} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {1E9629D8-D3B9-4213-8EAA-ED42CE39402F} - System32\Tasks\Symantec\Norton Error Analyzer 5.2.2.3 => C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {234931D2-633B-4BAC-A805-1F0187FF5EC4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-06] (Google Inc.)
Task: {295E8677-BAC1-49DA-899C-B6BE51ABC077} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe [2013-01-24] (Microsoft Corporation)
Task: {2CAC840C-88E6-4B9D-A96E-01D36193C02F} - System32\Tasks\Symantec\Norton Error Processor 5.2.2.3 => C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {34EF141E-7D50-400C-9A5C-8DACFAA75A20} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {434576E0-E121-4132-87A1-46AB21DB0D49} - System32\Tasks\APSchedulerC => C:\Program Files (x86)\AnyPC Client\APLanMgrC.exe [2009-11-20] (DoctorSoft)
Task: {56E25516-EAC3-40A1-AECD-57A2DEBFB56B} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {570D23AB-AB48-4C96-9D64-55DE4860E855} - System32\Tasks\SpeedMaxPc Update3 => C:\Program Files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe [2013-03-13] (SpeedMaxPc)
Task: {661C0A17-A793-42E0-B66B-EE69EEDF5000} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-06] (Google Inc.)
Task: {796AD053-1F9C-4CDD-8061-EA9ABB63BDB2} - System32\Tasks\EasyBatteryManager => %ProgramFiles(x86)%\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe No File
Task: {7DC0065F-DD26-43B8-BE70-BD62D4682A57} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe No File
Task: {7F8A1AA7-AEA4-4B30-AB2F-0E2596B0B401} - System32\Tasks\EPUpdater => C:\Users\HEGGEN~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-06-06] ()
Task: {80003C4A-C600-433B-B5C3-1A328A876DB3} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {8067921D-B86A-4C86-8F12-CD0EE2AAD107} - System32\Tasks\SamsungSupportCenter => %programfiles(x86)%\Samsung\Samsung Support Center\SSCKbdHk.exe No File
Task: {81DC64DF-1CB2-4FC8-BBC9-D24EEF9EBB40} - System32\Tasks\DSite => C:\Users\HEGGEN~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE [2013-06-19] ()
Task: {84C8830E-14C6-4DA2-A462-03A034B1CABF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1087647220-443236407-352421928-1000
Task: {86BEEE8B-7D99-4E9F-955B-04A8AAF89D08} - System32\Tasks\0 => C:\program files\internet explorer\iexplore.exe [2013-05-17] (Microsoft Corporation)
Task: {88534FDD-00FB-495C-9054-D382C63E3662} - System32\Tasks\4786 => C:\Windows\System32\wscript.exe [2009-07-14] (Microsoft Corporation)
Task: {8E70D459-DA4A-4256-80DC-C8F337232F33} - System32\Tasks\{1D8CACDD-252D-45EC-B902-1D5300A4CB1C} => C:\Program Files (x86)\AOL 9.0\aol.exe No File
Task: {8FB535E4-6337-4B24-9FE6-CE98E8A06CDA} - System32\Tasks\{E2016C3B-ABA0-44B7-9197-B9E765D93E72} => C:\Program Files (x86)\AOL 9.0 VR\aol.exe No File
Task: {92771263-ACB9-4FDA-B3FC-EE3381DA704D} - System32\Tasks\{E89D77F2-DAF5-43DA-B03B-2531B6078BFF} => C:\Program Files (x86)\AOL 9.0 VR\aol.exe No File
Task: {929C129C-8C60-4AC3-A1DD-4DD5A6389B51} - System32\Tasks\SpeedMaxPc Registration3 => C:\windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {C0B10714-1B48-4DEB-85AF-E08418E4D64E} - System32\Tasks\{33E221D8-0BF4-4AB5-94C3-12AA6EAEF43E} => C:\Program Files (x86)\AOL 9.0\aol.exe No File
Task: {D1E74A13-3F54-49E2-8F74-EBF359044531} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {DC072DCE-F82C-4DCA-AF06-3FCD0C66318C} - System32\Tasks\{133D515A-7053-441E-AB7B-7644AB9BCEBC} => C:\Program Files (x86)\AOL 9.0 VR\aol.exe No File
Task: {DFBE31C6-8FDD-4FF8-930D-7184586D5B35} - System32\Tasks\EasySpeedUpManager => %programfiles(x86)%\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe No File
Task: C:\windows\Tasks\DSite.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\SpeedMaxPc Registration3.job => C:\windows\system32\rundll32.exe
Task: C:\windows\Tasks\SpeedMaxPc Update3.job => C:\Program Files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe
Task: C:\windows\Tasks\SpeedMaxPc.job => C:\Users\*****\Desktop\SpeedMaxPc\SpeedMaxPc.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2013 03:27:58 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/29/2013 04:34:39 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (06/27/2013 07:17:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/25/2013 08:13:40 PM) (Source: Iminent) (User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
   bei System.Delegate.DynamicInvokeImpl(Object[] args)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (06/24/2013 06:06:02 AM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16611 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 3c0

Startzeit: 01ce709011ce30da

Endzeit: 32

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (06/23/2013 10:23:59 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/23/2013 10:19:56 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/23/2013 10:02:42 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16611 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1218

Startzeit: 01ce704c8b0ba9b4

Endzeit: 15

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (06/23/2013 05:01:44 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <4, 0x8004117f, Fehler beim Hinzufügen des Projekts: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (06/23/2013 05:01:44 PM) (Source: Windows Search Service) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0x8004117f - Der Inhaltsindexserver kann wegen eines Datenbankfehlers keine Daten aktualisieren oder auf sie zugreifen. Beenden Sie den Suchdienst, und starten Sie ihn erneut. Wenn das Problem weiterhin besteht, setzen Sie den Inhaltsindex zurück, und crawlen Sie ihn erneut. In manchen Fällen muss der Inhaltsindex möglicherweise gelöscht und erneut erstellt werden.  (HRESULT : 0x8004117f))


System errors:
=============
Error: (07/01/2013 05:59:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/01/2013 05:59:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ASCTRM" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/01/2013 05:59:49 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ASCTRM.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/01/2013 06:02:44 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/01/2013 06:02:44 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ASCTRM" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/01/2013 06:02:44 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ASCTRM.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/30/2013 10:20:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/30/2013 10:20:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ASCTRM" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (06/30/2013 10:20:45 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ASCTRM.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/30/2013 04:36:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 3956.55 MB
Available physical RAM: 2375.66 MB
Total Pagefile: 7911.29 MB
Available Pagefile: 6096.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:270.4 GB) (Free:227.66 GB) NTFS (Disk=0 Partition=3)
Drive d: () (Fixed) (Total:180.27 GB) (Free:180.17 GB) NTFS (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: C760B073)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=180 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Danke und Grüße

Sabine99

schrauber · 01.07.2013, 19:13

Leider doch.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Sabine99 · 01.07.2013, 19:47

Hi Schrauber,
und hier die gewünschten Files:

log adwear cleaner:

Code:

ATTFilter

# AdwCleaner v2.303 - Datei am 01/07/2013 um 20:24:39 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ***** - ROSEN15
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\windows\Tasks\DSite.job
Ordner Gelöscht : C:\Program Files (x86)\Common Files\SpeedMaxPc
Ordner Gelöscht : C:\Program Files (x86)\Viewpoint
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\SpeedMaxPc
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Users\*****\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedMaxPc
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\SpeedMaxPc
Ordner Gelöscht : C:\Users\*****\Desktop\SpeedMaxPc

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\SpeedMaxPC
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\MetaStream
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gelöscht : HKLM\Software\SpeedMaxPC
Schlüssel Gelöscht : HKLM\Software\Viewpoint
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZO^xdm071^YY^de&ptb=D97F0AC6-4413-4C40-871C-2B11E34E28B4&si=EL_UT_GER_11 --> hxxp://www.google.com

*************************

AdwCleaner[S1].txt - [13458 octets] - [01/07/2013 20:24:39]

########## EOF - C:\AdwCleaner[S1].txt - [13519 octets] ##########

und das JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by ***** on 01.07.2013 at 20:34:31,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\*****\appdata\local\iac"
Successfully deleted: [Folder] "C:\Users\*****\appdata\locallow\iac"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.07.2013 at 20:38:26,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Bis bald

Sabine99

schrauber · 01.07.2013, 19:50

Downloade dir bitte Rogue Killer von hier.

Speichere das Tool auf deinem Desktop !
Schließe alle laufenden Programme.
Starte die RogueKiller.exe
Warte bis Prescan abgeschlossen erscheint und klicke dann auf Scannen.
Wenn der Scan beendet wurde, klicke auf Bericht und poste diesen hier.
Du findest die Logdatei RKreport[1].txt auch auf deinem Desktop.

Gleich danach, wenn Roguekiller gescannt hat, auf Löschen klicken, beide Logfiles und ein frisches FRST log posten

Sabine99 · 01.07.2013, 20:15

Hi Schrauber,

das geht heut ja richtig schnell

1. Logfile:

Code:

ATTFilter

RogueKiller V8.6.1 [Jun 17 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Webseite : hxxp://tigzy.geekstogo.com/roguekiller.php
Blog : hxxp://tigzyrk.blogspot.com/

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : ***** [Admin Rechte]
Funktion : Scannen -- Datum : 07/01/2013 21:01:44
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 7 ¤¤¤
[DNS] HKLM\[...]\CCSet\[...]\{9737BF33-AC5F-4930-BBC0-1A3182B820F8} : NameServer (193.189.244.225 193.189.244.206) -> GEFUNDEN
[DNS] HKLM\[...]\CS001\[...]\{9737BF33-AC5F-4930-BBC0-1A3182B820F8} : NameServer (193.189.244.225 193.189.244.206) -> GEFUNDEN
[DNS] HKLM\[...]\CS002\[...]\{9737BF33-AC5F-4930-BBC0-1A3182B820F8} : NameServer (193.189.244.225 193.189.244.206) -> GEFUNDEN
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> GEFUNDEN
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN

¤¤¤ Geplante Tasks : 4 ¤¤¤
[V1][SUSP PATH] SpeedMaxPc.job : C:\Users\*****\Desktop\SpeedMaxPc\SpeedMaxPc.exe - -scan [x] -> GEFUNDEN
[V2][ROGUE ST] 4786 : wscript.exe - C:\Users\HEGGEN~1\AppData\Local\Temp\launchie.vbs //B -> GEFUNDEN
[V2][SUSP PATH] EPUpdater : C:\Users\HEGGEN~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [x] -> GEFUNDEN
[V2][SUSP PATH] SpeedMaxPc : C:\Users\*****\Desktop\SpeedMaxPc\SpeedMaxPc.exe - -scan [x] -> GEFUNDEN

¤¤¤ Autostart-Einträge : 0 ¤¤¤

¤¤¤ Web-Browsern : 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infektion :  ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] 5f376de65b3a95857c1f1c50bcb042ef
[BSP] 1125a08c4893addf1067300760f1ca47 : KIWI Image system MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 276885 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598724608 | Size: 184593 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[0]_S_07012013_210144.txt >>
RKreport[0]_S_07012013_205820.txt

2.Logfile (vor dem löschen)

Code:

ATTFilter

RogueKiller V8.6.1 [Jun 17 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Webseite : hxxp://tigzy.geekstogo.com/roguekiller.php
Blog : hxxp://tigzyrk.blogspot.com/

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : ***** [Admin Rechte]
Funktion : Scannen -- Datum : 07/01/2013 21:01:44
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 7 ¤¤¤
[DNS] HKLM\[...]\CCSet\[...]\{9737BF33-AC5F-4930-BBC0-1A3182B820F8} : NameServer (193.189.244.225 193.189.244.206) -> GEFUNDEN
[DNS] HKLM\[...]\CS001\[...]\{9737BF33-AC5F-4930-BBC0-1A3182B820F8} : NameServer (193.189.244.225 193.189.244.206) -> GEFUNDEN
[DNS] HKLM\[...]\CS002\[...]\{9737BF33-AC5F-4930-BBC0-1A3182B820F8} : NameServer (193.189.244.225 193.189.244.206) -> GEFUNDEN
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> GEFUNDEN
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN

¤¤¤ Geplante Tasks : 4 ¤¤¤
[V1][SUSP PATH] SpeedMaxPc.job : C:\Users\*****\Desktop\SpeedMaxPc\SpeedMaxPc.exe - -scan [x] -> GEFUNDEN
[V2][ROGUE ST] 4786 : wscript.exe - C:\Users\HEGGEN~1\AppData\Local\Temp\launchie.vbs //B -> GEFUNDEN
[V2][SUSP PATH] EPUpdater : C:\Users\HEGGEN~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [x] -> GEFUNDEN
[V2][SUSP PATH] SpeedMaxPc : C:\Users\*****\Desktop\SpeedMaxPc\SpeedMaxPc.exe - -scan [x] -> GEFUNDEN

¤¤¤ Autostart-Einträge : 0 ¤¤¤

¤¤¤ Web-Browsern : 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infektion :  ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] 5f376de65b3a95857c1f1c50bcb042ef
[BSP] 1125a08c4893addf1067300760f1ca47 : KIWI Image system MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 276885 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598724608 | Size: 184593 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[0]_S_07012013_210144.txt >>
RKreport[0]_S_07012013_205820.txt

und FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03
Ran by ***** (administrator) on 01-07-2013 21:03:09
Running from C:\Users\*****\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
() C:\windows\SysWOW64\Rezip.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(AOL LLC) c:\program files (x86)\aol\aol toolbar 4.0\AolTbServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup [16413288 2010-02-10] (NVIDIA Corporation)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-04-26] (Google Inc.)
MountPoints2: {3d82f461-6aa4-11e0-be41-00038a000015} - F:\AutoRun.exe
MountPoints2: {3d82f46f-6aa4-11e0-be41-00038a000015} - F:\AutoRun.exe
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [APLangApp] "C:\Program Files (x86)\AnyPC Client\APLangApp.exe" [13312 2009-11-20] (DoctorSoft)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime [98304 2011-04-19] (Apple Computer, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
URLSearchHook: (No Name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} -  No File
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9737BF33-AC5F-4930-BBC0-1A3182B820F8}: [NameServer]193.189.244.225 193.189.244.206

==================== Services (Whitelisted) =================

R2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R3 CryptOSD; C:\Windows\System32\DRIVERS\CryptOSD.sys [431488 2009-06-25] (Phoenix Technologies)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-03-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-03-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-03-15] (Symantec Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20130628.001\IDSvia64.sys [513184 2013-06-15] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20130628.001\IDSvia64.sys [513184 2013-06-15] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20130701.001\ENG64.SYS [126040 2013-06-23] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20130701.001\ENG64.SYS [126040 2013-06-23] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20130701.001\EX64.SYS [2098776 2013-06-23] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20130701.001\EX64.SYS [2098776 2013-06-23] (Symantec Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-06-24] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-06-24] (Windows (R) 2003 DDK 3790 provider)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2010-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S2 ASCTRM; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-01 21:02 - 2013-07-01 21:02 - 00002887 ____A C:\Users\*****\Desktop\RKreport[0]_D_07012013_210208_3.txt
2013-07-01 21:02 - 2013-07-01 21:02 - 00002887 ____A C:\Users\*****\Desktop\RKreport[0]_D_07012013_210208.txt
2013-07-01 21:02 - 2013-07-01 21:02 - 00002746 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_210144_2.txt
2013-07-01 21:01 - 2013-07-01 21:01 - 00002746 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_210144.txt
2013-07-01 20:59 - 2013-07-01 20:59 - 00002689 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_205820_1.txt
2013-07-01 20:58 - 2013-07-01 20:58 - 00002713 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_205820.txt
2013-07-01 20:56 - 2013-07-01 21:02 - 00000000 ____D C:\Users\*****\Desktop\RK_Quarantine
2013-07-01 20:55 - 2013-07-01 20:55 - 00909312 ____A C:\Users\*****\Downloads\RogueKiller_8.6.1.exe
2013-07-01 20:55 - 2013-07-01 20:55 - 00909312 ____A C:\Users\*****\Desktop\RogueKiller_8.6.1.exe
2013-07-01 20:39 - 2013-07-01 20:39 - 00001057 ____A C:\Users\*****\Desktop\JRT1.txt
2013-07-01 20:38 - 2013-07-01 20:38 - 00001081 ____A C:\Users\*****\Desktop\JRT.txt
2013-07-01 20:34 - 2013-07-01 20:34 - 00000000 ____D C:\Windows\ERUNT
2013-07-01 20:32 - 2013-07-01 20:33 - 00000000 ____D C:\JRT
2013-07-01 20:32 - 2013-07-01 20:32 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\*****\Desktop\JRT.exe
2013-07-01 20:29 - 2013-07-01 20:29 - 00013413 ____A C:\Users\*****\Desktop\AdwCleaner[S1].txt
2013-07-01 20:24 - 2013-07-01 20:24 - 00013493 ____A C:\AdwCleaner[S1].txt
2013-07-01 20:23 - 2013-07-01 20:23 - 00648201 ____A C:\Users\*****\Desktop\adwcleaner.exe
2013-07-01 18:11 - 2013-07-01 18:12 - 00023557 ____A C:\Users\*****\Desktop\Addition.txt
2013-07-01 18:10 - 2013-07-01 18:10 - 01933758 ____A (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-07-01 18:10 - 2013-07-01 18:10 - 00000000 ____D C:\FRST
2013-06-30 22:12 - 2012-08-23 16:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-06-30 22:12 - 2012-08-23 16:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-06-30 22:12 - 2012-08-23 16:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-06-30 22:12 - 2012-08-23 15:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-06-30 22:12 - 2012-08-23 15:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-06-30 22:12 - 2012-08-23 15:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-06-30 22:12 - 2012-08-23 15:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-06-30 22:12 - 2012-08-23 15:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-06-30 22:12 - 2012-08-23 15:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-06-30 22:12 - 2012-08-23 15:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-06-30 22:12 - 2012-08-23 15:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-06-30 22:12 - 2012-08-23 15:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-06-30 22:12 - 2012-08-23 14:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-06-30 22:12 - 2012-08-23 13:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-06-30 22:12 - 2012-08-23 13:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-06-30 22:12 - 2012-08-23 13:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-06-30 22:12 - 2012-08-23 13:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-06-30 22:12 - 2012-08-23 12:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-06-30 22:12 - 2012-08-23 12:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-06-30 22:12 - 2012-08-23 12:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-06-30 22:12 - 2012-08-23 12:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-06-30 22:12 - 2012-08-23 11:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-06-30 22:12 - 2012-08-23 10:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-06-30 22:12 - 2012-08-23 10:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-06-30 22:09 - 2013-06-30 22:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-06-30 22:08 - 2012-08-24 20:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-06-30 22:08 - 2012-08-24 20:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-06-30 22:08 - 2012-08-24 20:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-06-30 22:08 - 2012-08-24 20:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-06-30 22:08 - 2012-08-24 18:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-06-30 22:08 - 2012-08-24 18:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-06-30 22:08 - 2012-08-24 18:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-06-30 22:08 - 2012-05-04 13:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-06-30 22:08 - 2012-05-04 11:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-06-23 16:59 - 2013-07-01 20:25 - 00001420 ____A C:\Windows\setupact.log
2013-06-23 16:59 - 2013-06-30 16:35 - 00028342 ____A C:\Windows\PFRO.log
2013-06-23 16:59 - 2013-06-23 16:59 - 00000000 ____A C:\Windows\setuperr.log
2013-06-23 11:25 - 2013-06-23 11:25 - 00000005 ____A C:\Users\*****\AppData\Roaming\WBPU-Q2-TTL.DAT
2013-06-22 15:35 - 2013-06-22 15:35 - 00000000 ____A C:\Users\*****\defogger_reenable
2013-06-22 14:37 - 2013-06-29 13:56 - 00000898 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-06-22 14:36 - 2013-06-28 19:01 - 00000000 ____D C:\Program Files (x86)\CoolLyrics
2013-06-22 14:33 - 2013-06-22 14:33 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-06-22 14:02 - 2013-06-22 14:06 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-22 13:58 - 2013-06-22 13:58 - 00000000 ___AD C:\Program Files (x86)\InboxAce_1gEI
2013-06-22 13:23 - 2013-07-01 18:38 - 00000005 ____A C:\Users\*****\AppData\Roaming\WBPU-TTL.DAT
2013-06-22 12:46 - 2013-07-01 18:00 - 00000480 ____A C:\Windows\Tasks\SpeedMaxPc Registration3.job
2013-06-22 12:46 - 2013-06-22 13:02 - 00000438 ____A C:\Windows\Tasks\SpeedMaxPc Update3.job
2013-06-22 12:46 - 2013-06-22 12:46 - 00000692 ____A C:\Users\*****\Desktop\SpeedMaxPc.lnk
2013-06-19 21:23 - 2013-06-19 21:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-19 20:53 - 2013-06-19 20:53 - 00000000 ____D C:\Users\*****\AppData\Roaming\Tific
2013-06-19 20:22 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-19 20:22 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-19 20:22 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-19 20:22 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-19 20:22 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-19 20:22 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-19 20:21 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-19 20:21 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-19 20:21 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-19 20:21 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-19 20:21 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-19 20:21 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-19 20:21 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-19 20:21 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-19 20:21 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-19 20:21 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-19 20:21 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-19 20:21 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-18 20:02 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-18 20:02 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-18 20:02 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-18 20:02 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-18 20:02 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-18 20:02 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-18 20:02 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-18 20:02 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-18 20:02 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-18 20:02 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-18 20:02 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-18 20:02 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-18 20:02 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-18 20:02 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-18 20:02 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-18 20:02 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-18 20:02 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-18 20:02 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-18 20:02 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-06-18 20:02 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-06-18 20:02 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-06-18 20:02 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-18 20:02 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-06-18 20:02 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-06-18 20:02 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-06-18 20:02 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-06-18 20:02 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-06-18 20:02 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-06-18 20:02 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-06-18 20:02 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-06-18 20:02 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-06-18 20:02 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-06-18 20:02 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll

==================== One Month Modified Files and Folders =======

2013-07-01 21:02 - 2013-07-01 21:02 - 00002887 ____A C:\Users\*****\Desktop\RKreport[0]_D_07012013_210208_3.txt
2013-07-01 21:02 - 2013-07-01 21:02 - 00002887 ____A C:\Users\*****\Desktop\RKreport[0]_D_07012013_210208.txt
2013-07-01 21:02 - 2013-07-01 21:02 - 00002746 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_210144_2.txt
2013-07-01 21:02 - 2013-07-01 20:56 - 00000000 ____D C:\Users\*****\Desktop\RK_Quarantine
2013-07-01 21:01 - 2013-07-01 21:01 - 00002746 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_210144.txt
2013-07-01 20:59 - 2013-07-01 20:59 - 00002689 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_205820_1.txt
2013-07-01 20:58 - 2013-07-01 20:58 - 00002713 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_205820.txt
2013-07-01 20:55 - 2013-07-01 20:55 - 00909312 ____A C:\Users\*****\Downloads\RogueKiller_8.6.1.exe
2013-07-01 20:55 - 2013-07-01 20:55 - 00909312 ____A C:\Users\*****\Desktop\RogueKiller_8.6.1.exe
2013-07-01 20:39 - 2013-07-01 20:39 - 00001057 ____A C:\Users\*****\Desktop\JRT1.txt
2013-07-01 20:38 - 2013-07-01 20:38 - 00001081 ____A C:\Users\*****\Desktop\JRT.txt
2013-07-01 20:34 - 2013-07-01 20:34 - 00000000 ____D C:\Windows\ERUNT
2013-07-01 20:33 - 2013-07-01 20:32 - 00000000 ____D C:\JRT
2013-07-01 20:33 - 2011-02-06 13:32 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 20:33 - 2009-07-14 06:45 - 00013936 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-01 20:33 - 2009-07-14 06:45 - 00013936 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 20:32 - 2013-07-01 20:32 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\*****\Desktop\JRT.exe
2013-07-01 20:29 - 2013-07-01 20:29 - 00013413 ____A C:\Users\*****\Desktop\AdwCleaner[S1].txt
2013-07-01 20:26 - 2011-02-06 13:32 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 20:26 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 20:25 - 2013-06-23 16:59 - 00001420 ____A C:\Windows\setupact.log
2013-07-01 20:25 - 2010-04-26 10:14 - 01195746 ____A C:\Windows\WindowsUpdate.log
2013-07-01 20:24 - 2013-07-01 20:24 - 00013493 ____A C:\AdwCleaner[S1].txt
2013-07-01 20:23 - 2013-07-01 20:23 - 00648201 ____A C:\Users\*****\Desktop\adwcleaner.exe
2013-07-01 18:38 - 2013-06-22 13:23 - 00000005 ____A C:\Users\*****\AppData\Roaming\WBPU-TTL.DAT
2013-07-01 18:23 - 2010-05-26 02:01 - 00654346 ____A C:\Windows\System32\perfh007.dat
2013-07-01 18:23 - 2010-05-26 02:01 - 00130186 ____A C:\Windows\System32\perfc007.dat
2013-07-01 18:23 - 2009-07-14 07:13 - 01498510 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-01 18:12 - 2013-07-01 18:11 - 00023557 ____A C:\Users\*****\Desktop\Addition.txt
2013-07-01 18:10 - 2013-07-01 18:10 - 01933758 ____A (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-07-01 18:10 - 2013-07-01 18:10 - 00000000 ____D C:\FRST
2013-07-01 18:00 - 2013-06-22 12:46 - 00000480 ____A C:\Windows\Tasks\SpeedMaxPc Registration3.job
2013-06-30 22:20 - 2009-07-14 06:45 - 00353120 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-30 22:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-30 22:09 - 2013-06-30 22:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-06-30 16:35 - 2013-06-23 16:59 - 00028342 ____A C:\Windows\PFRO.log
2013-06-29 17:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-29 13:56 - 2013-06-22 14:37 - 00000898 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-06-28 19:01 - 2013-06-22 14:36 - 00000000 ____D C:\Program Files (x86)\CoolLyrics
2013-06-23 21:04 - 2013-03-23 18:04 - 00000000 ____D C:\Users\*****\AppData\Local\Microsoft Games
2013-06-23 16:59 - 2013-06-23 16:59 - 00000000 ____A C:\Windows\setuperr.log
2013-06-23 11:25 - 2013-06-23 11:25 - 00000005 ____A C:\Users\*****\AppData\Roaming\WBPU-Q2-TTL.DAT
2013-06-22 22:26 - 2011-02-06 13:28 - 00000000 ____D C:\Users\*****\AppData\Local\Google
2013-06-22 16:19 - 2011-07-10 10:17 - 00001425 ____A C:\0
2013-06-22 15:35 - 2013-06-22 15:35 - 00000000 ____A C:\Users\*****\defogger_reenable
2013-06-22 15:35 - 2011-01-31 22:09 - 00000000 ____D C:\users\*****
2013-06-22 14:33 - 2013-06-22 14:33 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-06-22 14:06 - 2013-06-22 14:02 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-22 13:58 - 2013-06-22 13:58 - 00000000 ___AD C:\Program Files (x86)\InboxAce_1gEI
2013-06-22 13:02 - 2013-06-22 12:46 - 00000438 ____A C:\Windows\Tasks\SpeedMaxPc Update3.job
2013-06-22 12:57 - 2011-04-19 21:01 - 00000000 ____D C:\Users\*****\AppData\Local\CrashDumps
2013-06-22 12:57 - 2011-04-19 20:51 - 00000000 ____D C:\Windows\SysWOW64\QuickTime
2013-06-22 12:57 - 2011-04-19 20:51 - 00000000 ____D C:\ProgramData\QuickTime
2013-06-22 12:57 - 2011-02-06 14:37 - 00000000 ____D C:\ProgramData\Norton
2013-06-22 12:57 - 2009-08-02 04:27 - 00000000 ____D C:\Windows\Panther
2013-06-22 12:57 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-06-22 12:46 - 2013-06-22 12:46 - 00000692 ____A C:\Users\*****\Desktop\SpeedMaxPc.lnk
2013-06-19 21:23 - 2013-06-19 21:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-19 20:53 - 2013-06-19 20:53 - 00000000 ____D C:\Users\*****\AppData\Roaming\Tific
2013-06-08 16:08 - 2013-06-19 20:21 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-19 20:21 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-19 20:21 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-19 20:21 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-19 20:21 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-19 20:21 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-19 20:21 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-19 20:21 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-19 20:21 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-19 20:21 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-19 20:21 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-19 20:21 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-02 17:11 - 2013-03-16 18:56 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-29 16:33

==================== End Of Log ============================

--- --- ---

--- --- ---

Tschüß
Sabine99

30.06.2013, 14:27	#32
schrauber /// the machine /// TB-Ausbilder	GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich Gar nicht. ABer wir machen nen kurzen Check des Laptops wenn wir fertig sind ZeroAccess Rootkit. Eigentlich locker zu entfernen, schon hundert mal gemacht, nur dieser Eine Überbleibsel will nicht weg __________________ __________________

30.06.2013, 19:45	#36
schrauber /// the machine /// TB-Ausbilder	GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich Ooooh, bitte mal nen frischen FRST Scan aus dem normalen Windows __________________ --> GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich

01.07.2013, 07:39	#40
schrauber /// the machine /// TB-Ausbilder	GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich Las einfach Delfix laufen, das entfernt auch Combofix. Banking nur mit ChipTan oder höher. FRST Logs vom laptop bitte. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich

Log-Analyse und Auswertung: GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich