Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 02.07.2013, 07:22   #46
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich - Standard

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich



Hast Du RogueKiller löschen lassen? Ich glabe nicht

Also nochmal Pre-Scan, Scan und dann löschen lassen, Logfile posten und frisches FRST Log bitte
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.07.2013, 17:07   #47
Sabine99
 
GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich - Standard

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich



ja, Du hast Recht, beim ersten mal nicht, dann hab ich es gesehen und nochmal gemacht :-)
auch mit löschen, hoffe ich habe die files nicht durcheinander gebracht,
habe es jetzt eben nochmal laufen lassen...

Kann es sein, dass mein Norton stört? Ich habe es nicht deaktiviert.

anbei die files
vor dem löschen:
Code:
ATTFilter
RogueKiller V8.6.1 [Jun 17 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Webseite : hxxp://tigzy.geekstogo.com/roguekiller.php
Blog : hxxp://tigzyrk.blogspot.com/

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : ***** [Admin Rechte]
Funktion : Scannen -- Datum : 07/02/2013 17:58:30
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 3 ¤¤¤
[DNS] HKLM\[...]\CCSet\[...]\{9737BF33-AC5F-4930-BBC0-1A3182B820F8} : NameServer (193.189.244.225 193.189.244.206) -> GEFUNDEN
[DNS] HKLM\[...]\CS001\[...]\{9737BF33-AC5F-4930-BBC0-1A3182B820F8} : NameServer (193.189.244.225 193.189.244.206) -> GEFUNDEN
[DNS] HKLM\[...]\CS002\[...]\{9737BF33-AC5F-4930-BBC0-1A3182B820F8} : NameServer (193.189.244.225 193.189.244.206) -> GEFUNDEN

¤¤¤ Geplante Tasks : 0 ¤¤¤

¤¤¤ Autostart-Einträge : 0 ¤¤¤

¤¤¤ Web-Browsern : 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infektion :  ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] 5f376de65b3a95857c1f1c50bcb042ef
[BSP] 1125a08c4893addf1067300760f1ca47 : KIWI Image system MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 276885 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598724608 | Size: 184593 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[0]_S_07022013_175830.txt >>
RKreport[0]_D_07012013_210208.txt;RKreport[0]_S_07012013_205820.txt;RKreport[0]_S_07012013_210144.txt
         
nach dem löschen:

Code:
ATTFilter
RogueKiller V8.6.1 [Jun 17 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Webseite : hxxp://tigzy.geekstogo.com/roguekiller.php
Blog : hxxp://tigzyrk.blogspot.com/

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : ***** [Admin Rechte]
Funktion : Entfernen -- Datum : 07/02/2013 18:00:42
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 3 ¤¤¤
[DNS] HKLM\[...]\CCSet\[...]\{9737BF33-AC5F-4930-BBC0-1A3182B820F8} : NameServer (193.189.244.225 193.189.244.206) -> NICHT ENTFERNT, DNS REPARIEREN BENUTZEN
[DNS] HKLM\[...]\CS001\[...]\{9737BF33-AC5F-4930-BBC0-1A3182B820F8} : NameServer (193.189.244.225 193.189.244.206) -> NICHT ENTFERNT, DNS REPARIEREN BENUTZEN
[DNS] HKLM\[...]\CS002\[...]\{9737BF33-AC5F-4930-BBC0-1A3182B820F8} : NameServer (193.189.244.225 193.189.244.206) -> NICHT ENTFERNT, DNS REPARIEREN BENUTZEN

¤¤¤ Geplante Tasks : 0 ¤¤¤

¤¤¤ Autostart-Einträge : 0 ¤¤¤

¤¤¤ Web-Browsern : 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infektion :  ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] 5f376de65b3a95857c1f1c50bcb042ef
[BSP] 1125a08c4893addf1067300760f1ca47 : KIWI Image system MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 276885 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598724608 | Size: 184593 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[0]_D_07022013_180042.txt >>
RKreport[0]_D_07012013_210208.txt;RKreport[0]_S_07012013_205820.txt;RKreport[0]_S_07012013_210144.txt
RKreport[0]_S_07022013_175830.txt
         
und das neue FRST


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03
Ran by ***** (administrator) on 02-07-2013 18:02:14
Running from C:\Users\*****\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
() C:\windows\SysWOW64\Rezip.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(AOL LLC) c:\program files (x86)\aol\aol toolbar 4.0\AolTbServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems, Inc.) C:\windows\SysWow64\Macromed\Flash\FlashUtil9f.exe
(Microsoft Corporation) C:\windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup [16413288 2010-02-10] (NVIDIA Corporation)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-04-26] (Google Inc.)
MountPoints2: {3d82f461-6aa4-11e0-be41-00038a000015} - F:\AutoRun.exe
MountPoints2: {3d82f46f-6aa4-11e0-be41-00038a000015} - F:\AutoRun.exe
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [APLangApp] "C:\Program Files (x86)\AnyPC Client\APLangApp.exe" [13312 2009-11-20] (DoctorSoft)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime [98304 2011-04-19] (Apple Computer, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
URLSearchHook: (No Name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} -  No File
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9737BF33-AC5F-4930-BBC0-1A3182B820F8}: [NameServer]193.189.244.225 193.189.244.206

==================== Services (Whitelisted) =================

R2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R3 CryptOSD; C:\Windows\System32\DRIVERS\CryptOSD.sys [431488 2009-06-25] (Phoenix Technologies)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-03-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-03-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-03-15] (Symantec Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20130628.001\IDSvia64.sys [513184 2013-06-15] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20130628.001\IDSvia64.sys [513184 2013-06-15] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20130701.001\ENG64.SYS [126040 2013-06-23] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20130701.001\ENG64.SYS [126040 2013-06-23] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20130701.001\EX64.SYS [2098776 2013-06-23] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20130701.001\EX64.SYS [2098776 2013-06-23] (Symantec Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-06-24] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-06-24] (Windows (R) 2003 DDK 3790 provider)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2010-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S2 ASCTRM; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-02 18:01 - 2013-07-02 18:01 - 00002185 ____A C:\Users\*****\Desktop\RKreport[0]_D_07022013_180042_Di_2.txt
2013-07-02 18:00 - 2013-07-02 18:00 - 00002193 ____A C:\Users\*****\Desktop\RKreport[0]_D_07022013_180042.txt
2013-07-02 18:00 - 2013-07-02 18:00 - 00002057 ____A C:\Users\*****\Desktop\RKreport[0]_S_07022013_175830_Di_1.txt
2013-07-02 17:58 - 2013-07-02 17:58 - 00002065 ____A C:\Users\*****\Desktop\RKreport[0]_S_07022013_175830.txt
2013-07-01 21:08 - 2013-07-01 21:08 - 00002863 ____A C:\Users\*****\Desktop\RKreport[0]_D_07012013_210208_3_korr.txt
2013-07-01 21:04 - 2013-07-01 21:04 - 00034835 ____A C:\Users\*****\Desktop\FRST_neu.txt
2013-07-01 21:02 - 2013-07-01 21:02 - 00002887 ____A C:\Users\*****\Desktop\RKreport[0]_D_07012013_210208_3.txt
2013-07-01 21:02 - 2013-07-01 21:02 - 00002887 ____A C:\Users\*****\Desktop\RKreport[0]_D_07012013_210208.txt
2013-07-01 21:02 - 2013-07-01 21:02 - 00002746 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_210144_2.txt
2013-07-01 21:01 - 2013-07-01 21:01 - 00002746 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_210144.txt
2013-07-01 20:59 - 2013-07-01 20:59 - 00002689 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_205820_1.txt
2013-07-01 20:58 - 2013-07-01 20:58 - 00002713 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_205820.txt
2013-07-01 20:56 - 2013-07-01 21:02 - 00000000 ____D C:\Users\*****\Desktop\RK_Quarantine
2013-07-01 20:55 - 2013-07-01 20:55 - 00909312 ____A C:\Users\*****\Downloads\RogueKiller_8.6.1.exe
2013-07-01 20:55 - 2013-07-01 20:55 - 00909312 ____A C:\Users\*****\Desktop\RogueKiller_8.6.1.exe
2013-07-01 20:39 - 2013-07-01 20:39 - 00001057 ____A C:\Users\*****\Desktop\JRT1.txt
2013-07-01 20:38 - 2013-07-01 20:38 - 00001081 ____A C:\Users\*****\Desktop\JRT.txt
2013-07-01 20:34 - 2013-07-01 20:34 - 00000000 ____D C:\Windows\ERUNT
2013-07-01 20:32 - 2013-07-01 20:33 - 00000000 ____D C:\JRT
2013-07-01 20:32 - 2013-07-01 20:32 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\*****\Desktop\JRT.exe
2013-07-01 20:29 - 2013-07-01 20:29 - 00013413 ____A C:\Users\*****\Desktop\AdwCleaner[S1].txt
2013-07-01 20:24 - 2013-07-01 20:24 - 00013493 ____A C:\AdwCleaner[S1].txt
2013-07-01 20:23 - 2013-07-01 20:23 - 00648201 ____A C:\Users\*****\Desktop\adwcleaner.exe
2013-07-01 18:11 - 2013-07-01 18:12 - 00023557 ____A C:\Users\*****\Desktop\Addition.txt
2013-07-01 18:10 - 2013-07-01 18:10 - 01933758 ____A (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-07-01 18:10 - 2013-07-01 18:10 - 00000000 ____D C:\FRST
2013-06-30 22:12 - 2012-08-23 16:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-06-30 22:12 - 2012-08-23 16:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-06-30 22:12 - 2012-08-23 16:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-06-30 22:12 - 2012-08-23 15:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-06-30 22:12 - 2012-08-23 15:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-06-30 22:12 - 2012-08-23 15:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-06-30 22:12 - 2012-08-23 15:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-06-30 22:12 - 2012-08-23 15:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-06-30 22:12 - 2012-08-23 15:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-06-30 22:12 - 2012-08-23 15:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-06-30 22:12 - 2012-08-23 15:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-06-30 22:12 - 2012-08-23 15:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-06-30 22:12 - 2012-08-23 14:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-06-30 22:12 - 2012-08-23 13:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-06-30 22:12 - 2012-08-23 13:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-06-30 22:12 - 2012-08-23 13:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-06-30 22:12 - 2012-08-23 13:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-06-30 22:12 - 2012-08-23 12:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-06-30 22:12 - 2012-08-23 12:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-06-30 22:12 - 2012-08-23 12:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-06-30 22:12 - 2012-08-23 12:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-06-30 22:12 - 2012-08-23 11:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-06-30 22:12 - 2012-08-23 10:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-06-30 22:12 - 2012-08-23 10:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-06-30 22:09 - 2013-06-30 22:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-06-30 22:08 - 2012-08-24 20:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-06-30 22:08 - 2012-08-24 20:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-06-30 22:08 - 2012-08-24 20:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-06-30 22:08 - 2012-08-24 20:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-06-30 22:08 - 2012-08-24 18:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-06-30 22:08 - 2012-08-24 18:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-06-30 22:08 - 2012-08-24 18:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-06-30 22:08 - 2012-05-04 13:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-06-30 22:08 - 2012-05-04 11:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-06-23 16:59 - 2013-07-02 17:47 - 00001532 ____A C:\Windows\setupact.log
2013-06-23 16:59 - 2013-06-30 16:35 - 00028342 ____A C:\Windows\PFRO.log
2013-06-23 16:59 - 2013-06-23 16:59 - 00000000 ____A C:\Windows\setuperr.log
2013-06-23 11:25 - 2013-06-23 11:25 - 00000005 ____A C:\Users\*****\AppData\Roaming\WBPU-Q2-TTL.DAT
2013-06-22 15:35 - 2013-06-22 15:35 - 00000000 ____A C:\Users\*****\defogger_reenable
2013-06-22 14:37 - 2013-06-29 13:56 - 00000898 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-06-22 14:36 - 2013-06-28 19:01 - 00000000 ____D C:\Program Files (x86)\CoolLyrics
2013-06-22 14:33 - 2013-06-22 14:33 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-06-22 14:02 - 2013-06-22 14:06 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-22 13:58 - 2013-06-22 13:58 - 00000000 ___AD C:\Program Files (x86)\InboxAce_1gEI
2013-06-22 13:23 - 2013-07-01 18:38 - 00000005 ____A C:\Users\*****\AppData\Roaming\WBPU-TTL.DAT
2013-06-22 12:46 - 2013-07-02 18:00 - 00000480 ____A C:\Windows\Tasks\SpeedMaxPc Registration3.job
2013-06-22 12:46 - 2013-06-22 13:02 - 00000438 ____A C:\Windows\Tasks\SpeedMaxPc Update3.job
2013-06-22 12:46 - 2013-06-22 12:46 - 00000692 ____A C:\Users\*****\Desktop\SpeedMaxPc.lnk
2013-06-19 21:23 - 2013-06-19 21:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-19 20:53 - 2013-06-19 20:53 - 00000000 ____D C:\Users\*****\AppData\Roaming\Tific
2013-06-19 20:22 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-19 20:22 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-19 20:22 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-19 20:22 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-19 20:22 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-19 20:22 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-19 20:21 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-19 20:21 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-19 20:21 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-19 20:21 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-19 20:21 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-19 20:21 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-19 20:21 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-19 20:21 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-19 20:21 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-19 20:21 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-19 20:21 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-19 20:21 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-18 20:02 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-18 20:02 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-18 20:02 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-18 20:02 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-18 20:02 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-18 20:02 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-18 20:02 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-18 20:02 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-18 20:02 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-18 20:02 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-18 20:02 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-18 20:02 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-18 20:02 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-18 20:02 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-18 20:02 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-18 20:02 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-18 20:02 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-18 20:02 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-18 20:02 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-06-18 20:02 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-06-18 20:02 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-06-18 20:02 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-18 20:02 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-06-18 20:02 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-06-18 20:02 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-06-18 20:02 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-06-18 20:02 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-06-18 20:02 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-06-18 20:02 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-06-18 20:02 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-06-18 20:02 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-06-18 20:02 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-06-18 20:02 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll

==================== One Month Modified Files and Folders =======

2013-07-02 18:01 - 2013-07-02 18:01 - 00002185 ____A C:\Users\*****\Desktop\RKreport[0]_D_07022013_180042_Di_2.txt
2013-07-02 18:00 - 2013-07-02 18:00 - 00002193 ____A C:\Users\*****\Desktop\RKreport[0]_D_07022013_180042.txt
2013-07-02 18:00 - 2013-07-02 18:00 - 00002057 ____A C:\Users\*****\Desktop\RKreport[0]_S_07022013_175830_Di_1.txt
2013-07-02 18:00 - 2013-06-22 12:46 - 00000480 ____A C:\Windows\Tasks\SpeedMaxPc Registration3.job
2013-07-02 17:58 - 2013-07-02 17:58 - 00002065 ____A C:\Users\*****\Desktop\RKreport[0]_S_07022013_175830.txt
2013-07-02 17:55 - 2009-07-14 06:45 - 00013936 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 17:55 - 2009-07-14 06:45 - 00013936 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 17:49 - 2011-02-06 13:32 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-02 17:47 - 2013-06-23 16:59 - 00001532 ____A C:\Windows\setupact.log
2013-07-02 17:47 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 06:38 - 2010-04-26 10:14 - 01225684 ____A C:\Windows\WindowsUpdate.log
2013-07-02 06:33 - 2011-02-06 13:32 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 21:08 - 2013-07-01 21:08 - 00002863 ____A C:\Users\*****\Desktop\RKreport[0]_D_07012013_210208_3_korr.txt
2013-07-01 21:04 - 2013-07-01 21:04 - 00034835 ____A C:\Users\*****\Desktop\FRST_neu.txt
2013-07-01 21:02 - 2013-07-01 21:02 - 00002887 ____A C:\Users\*****\Desktop\RKreport[0]_D_07012013_210208_3.txt
2013-07-01 21:02 - 2013-07-01 21:02 - 00002887 ____A C:\Users\*****\Desktop\RKreport[0]_D_07012013_210208.txt
2013-07-01 21:02 - 2013-07-01 21:02 - 00002746 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_210144_2.txt
2013-07-01 21:02 - 2013-07-01 20:56 - 00000000 ____D C:\Users\*****\Desktop\RK_Quarantine
2013-07-01 21:01 - 2013-07-01 21:01 - 00002746 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_210144.txt
2013-07-01 20:59 - 2013-07-01 20:59 - 00002689 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_205820_1.txt
2013-07-01 20:58 - 2013-07-01 20:58 - 00002713 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_205820.txt
2013-07-01 20:55 - 2013-07-01 20:55 - 00909312 ____A C:\Users\*****\Downloads\RogueKiller_8.6.1.exe
2013-07-01 20:55 - 2013-07-01 20:55 - 00909312 ____A C:\Users\*****\Desktop\RogueKiller_8.6.1.exe
2013-07-01 20:39 - 2013-07-01 20:39 - 00001057 ____A C:\Users\*****\Desktop\JRT1.txt
2013-07-01 20:38 - 2013-07-01 20:38 - 00001081 ____A C:\Users\*****\Desktop\JRT.txt
2013-07-01 20:34 - 2013-07-01 20:34 - 00000000 ____D C:\Windows\ERUNT
2013-07-01 20:33 - 2013-07-01 20:32 - 00000000 ____D C:\JRT
2013-07-01 20:32 - 2013-07-01 20:32 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\*****\Desktop\JRT.exe
2013-07-01 20:29 - 2013-07-01 20:29 - 00013413 ____A C:\Users\*****\Desktop\AdwCleaner[S1].txt
2013-07-01 20:24 - 2013-07-01 20:24 - 00013493 ____A C:\AdwCleaner[S1].txt
2013-07-01 20:23 - 2013-07-01 20:23 - 00648201 ____A C:\Users\*****\Desktop\adwcleaner.exe
2013-07-01 18:38 - 2013-06-22 13:23 - 00000005 ____A C:\Users\*****\AppData\Roaming\WBPU-TTL.DAT
2013-07-01 18:23 - 2010-05-26 02:01 - 00654346 ____A C:\Windows\System32\perfh007.dat
2013-07-01 18:23 - 2010-05-26 02:01 - 00130186 ____A C:\Windows\System32\perfc007.dat
2013-07-01 18:23 - 2009-07-14 07:13 - 01498510 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-01 18:12 - 2013-07-01 18:11 - 00023557 ____A C:\Users\*****\Desktop\Addition.txt
2013-07-01 18:10 - 2013-07-01 18:10 - 01933758 ____A (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-07-01 18:10 - 2013-07-01 18:10 - 00000000 ____D C:\FRST
2013-06-30 22:20 - 2009-07-14 06:45 - 00353120 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-30 22:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-30 22:09 - 2013-06-30 22:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-06-30 16:35 - 2013-06-23 16:59 - 00028342 ____A C:\Windows\PFRO.log
2013-06-29 17:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-29 13:56 - 2013-06-22 14:37 - 00000898 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-06-28 19:01 - 2013-06-22 14:36 - 00000000 ____D C:\Program Files (x86)\CoolLyrics
2013-06-23 21:04 - 2013-03-23 18:04 - 00000000 ____D C:\Users\*****\AppData\Local\Microsoft Games
2013-06-23 16:59 - 2013-06-23 16:59 - 00000000 ____A C:\Windows\setuperr.log
2013-06-23 11:25 - 2013-06-23 11:25 - 00000005 ____A C:\Users\*****\AppData\Roaming\WBPU-Q2-TTL.DAT
2013-06-22 22:26 - 2011-02-06 13:28 - 00000000 ____D C:\Users\*****\AppData\Local\Google
2013-06-22 16:19 - 2011-07-10 10:17 - 00001425 ____A C:\0
2013-06-22 15:35 - 2013-06-22 15:35 - 00000000 ____A C:\Users\*****\defogger_reenable
2013-06-22 15:35 - 2011-01-31 22:09 - 00000000 ____D C:\users\*****
2013-06-22 14:33 - 2013-06-22 14:33 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-06-22 14:06 - 2013-06-22 14:02 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-22 13:58 - 2013-06-22 13:58 - 00000000 ___AD C:\Program Files (x86)\InboxAce_1gEI
2013-06-22 13:02 - 2013-06-22 12:46 - 00000438 ____A C:\Windows\Tasks\SpeedMaxPc Update3.job
2013-06-22 12:57 - 2011-04-19 21:01 - 00000000 ____D C:\Users\*****\AppData\Local\CrashDumps
2013-06-22 12:57 - 2011-04-19 20:51 - 00000000 ____D C:\Windows\SysWOW64\QuickTime
2013-06-22 12:57 - 2011-04-19 20:51 - 00000000 ____D C:\ProgramData\QuickTime
2013-06-22 12:57 - 2011-02-06 14:37 - 00000000 ____D C:\ProgramData\Norton
2013-06-22 12:57 - 2009-08-02 04:27 - 00000000 ____D C:\Windows\Panther
2013-06-22 12:57 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-06-22 12:46 - 2013-06-22 12:46 - 00000692 ____A C:\Users\*****\Desktop\SpeedMaxPc.lnk
2013-06-19 21:23 - 2013-06-19 21:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-19 20:53 - 2013-06-19 20:53 - 00000000 ____D C:\Users\*****\AppData\Roaming\Tific
2013-06-08 16:08 - 2013-06-19 20:21 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-19 20:21 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-19 20:21 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-19 20:21 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-19 20:21 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-19 20:21 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-19 20:21 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-19 20:21 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-19 20:21 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-19 20:21 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-19 20:21 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-19 20:21 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-02 17:11 - 2013-03-16 18:56 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-29 16:33

==================== End Of Log ============================
         
--- --- ---

--- --- ---




Grüße
Sabine99
__________________


Alt 02.07.2013, 18:24   #48
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich - Standard

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich



Schon besser

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte.
__________________
__________________

Alt 03.07.2013, 19:34   #49
Sabine99
 
GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich - Standard

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich



Hallo Schrauber,

und hier sind die files:

ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=02038412319e3b4cb42310ef9806a2e6
# engine=14241
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-02 08:29:45
# local_time=2013-07-02 10:29:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3589 16777213 100 80 8083362 123459481 0 0
# compatibility_mode=5893 16776574 100 94 9343647 124426835 0 0
# scanned=75652
# found=0
# cleaned=0
# scan_time=2484
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=02038412319e3b4cb42310ef9806a2e6
# engine=14256
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-03 06:22:21
# local_time=2013-07-03 08:22:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3589 16777213 100 80 8162118 123538237 0 0
# compatibility_mode=5893 16776574 100 94 9426003 124505591 0 0
# scanned=137929
# found=0
# cleaned=0
# scan_time=4363
         
Security check:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader 9 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST:


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03
Ran by ***** (administrator) on 03-07-2013 20:29:18
Running from C:\Users\*****\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
() C:\windows\SysWOW64\Rezip.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(AOL LLC) c:\program files (x86)\aol\aol toolbar 4.0\AolTbServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup [16413288 2010-02-10] (NVIDIA Corporation)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-04-26] (Google Inc.)
MountPoints2: {3d82f461-6aa4-11e0-be41-00038a000015} - F:\AutoRun.exe
MountPoints2: {3d82f46f-6aa4-11e0-be41-00038a000015} - F:\AutoRun.exe
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [APLangApp] "C:\Program Files (x86)\AnyPC Client\APLangApp.exe" [13312 2009-11-20] (DoctorSoft)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime [98304 2011-04-19] (Apple Computer, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
URLSearchHook: (No Name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} -  No File
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9737BF33-AC5F-4930-BBC0-1A3182B820F8}: [NameServer]193.189.244.225 193.189.244.206

==================== Services (Whitelisted) =================

R2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R3 CryptOSD; C:\Windows\System32\DRIVERS\CryptOSD.sys [431488 2009-06-25] (Phoenix Technologies)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-03-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-03-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-03-15] (Symantec Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20130629.001\IDSvia64.sys [513184 2013-06-15] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20130629.001\IDSvia64.sys [513184 2013-06-15] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20130702.002\ENG64.SYS [126040 2013-06-23] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20130702.002\ENG64.SYS [126040 2013-06-23] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20130702.002\EX64.SYS [2098776 2013-06-23] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20130702.002\EX64.SYS [2098776 2013-06-23] (Symantec Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-06-24] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-06-24] (Windows (R) 2003 DDK 3790 provider)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2010-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S2 ASCTRM; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-03 20:28 - 2013-07-03 20:28 - 00000698 ____A C:\Users\*****\Desktop\checkup.txt
2013-07-03 20:26 - 2013-07-03 20:26 - 00890988 ____A C:\Users\*****\Desktop\SecurityCheck.exe
2013-07-02 21:44 - 2013-07-02 21:44 - 02347384 ____A (ESET) C:\Users\*****\Desktop\esetsmartinstaller_enu.exe
2013-07-02 19:38 - 2013-07-02 19:38 - 00448512 ____A (OldTimer Tools) C:\Users\*****\Desktop\TFC.exe
2013-07-02 18:03 - 2013-07-02 18:03 - 00036355 ____A C:\Users\*****\Desktop\FRST_Di 1.txt
2013-07-02 18:01 - 2013-07-02 18:01 - 00002185 ____A C:\Users\*****\Desktop\RKreport[0]_D_07022013_180042_Di_2.txt
2013-07-02 18:00 - 2013-07-02 18:00 - 00002193 ____A C:\Users\*****\Desktop\RKreport[0]_D_07022013_180042.txt
2013-07-02 18:00 - 2013-07-02 18:00 - 00002057 ____A C:\Users\*****\Desktop\RKreport[0]_S_07022013_175830_Di_1.txt
2013-07-02 17:58 - 2013-07-02 17:58 - 00002065 ____A C:\Users\*****\Desktop\RKreport[0]_S_07022013_175830.txt
2013-07-01 21:08 - 2013-07-01 21:08 - 00002863 ____A C:\Users\*****\Desktop\RKreport[0]_D_07012013_210208_3_korr.txt
2013-07-01 21:04 - 2013-07-01 21:04 - 00034835 ____A C:\Users\*****\Desktop\FRST_neu.txt
2013-07-01 21:02 - 2013-07-01 21:02 - 00002887 ____A C:\Users\*****\Desktop\RKreport[0]_D_07012013_210208_3.txt
2013-07-01 21:02 - 2013-07-01 21:02 - 00002887 ____A C:\Users\*****\Desktop\RKreport[0]_D_07012013_210208.txt
2013-07-01 21:02 - 2013-07-01 21:02 - 00002746 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_210144_2.txt
2013-07-01 21:01 - 2013-07-01 21:01 - 00002746 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_210144.txt
2013-07-01 20:59 - 2013-07-01 20:59 - 00002689 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_205820_1.txt
2013-07-01 20:58 - 2013-07-01 20:58 - 00002713 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_205820.txt
2013-07-01 20:56 - 2013-07-01 21:02 - 00000000 ____D C:\Users\*****\Desktop\RK_Quarantine
2013-07-01 20:55 - 2013-07-01 20:55 - 00909312 ____A C:\Users\*****\Downloads\RogueKiller_8.6.1.exe
2013-07-01 20:55 - 2013-07-01 20:55 - 00909312 ____A C:\Users\*****\Desktop\RogueKiller_8.6.1.exe
2013-07-01 20:39 - 2013-07-01 20:39 - 00001057 ____A C:\Users\*****\Desktop\JRT1.txt
2013-07-01 20:38 - 2013-07-01 20:38 - 00001081 ____A C:\Users\*****\Desktop\JRT.txt
2013-07-01 20:34 - 2013-07-01 20:34 - 00000000 ____D C:\Windows\ERUNT
2013-07-01 20:32 - 2013-07-01 20:33 - 00000000 ____D C:\JRT
2013-07-01 20:32 - 2013-07-01 20:32 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\*****\Desktop\JRT.exe
2013-07-01 20:29 - 2013-07-01 20:29 - 00013413 ____A C:\Users\*****\Desktop\AdwCleaner[S1].txt
2013-07-01 20:24 - 2013-07-01 20:24 - 00013493 ____A C:\AdwCleaner[S1].txt
2013-07-01 20:23 - 2013-07-01 20:23 - 00648201 ____A C:\Users\*****\Desktop\adwcleaner.exe
2013-07-01 18:11 - 2013-07-01 18:12 - 00023557 ____A C:\Users\*****\Desktop\Addition.txt
2013-07-01 18:10 - 2013-07-01 18:10 - 01933758 ____A (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-07-01 18:10 - 2013-07-01 18:10 - 00000000 ____D C:\FRST
2013-06-30 22:12 - 2012-08-23 16:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-06-30 22:12 - 2012-08-23 16:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-06-30 22:12 - 2012-08-23 16:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-06-30 22:12 - 2012-08-23 15:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-06-30 22:12 - 2012-08-23 15:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-06-30 22:12 - 2012-08-23 15:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-06-30 22:12 - 2012-08-23 15:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-06-30 22:12 - 2012-08-23 15:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-06-30 22:12 - 2012-08-23 15:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-06-30 22:12 - 2012-08-23 15:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-06-30 22:12 - 2012-08-23 15:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-06-30 22:12 - 2012-08-23 15:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-06-30 22:12 - 2012-08-23 14:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-06-30 22:12 - 2012-08-23 13:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-06-30 22:12 - 2012-08-23 13:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-06-30 22:12 - 2012-08-23 13:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-06-30 22:12 - 2012-08-23 13:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-06-30 22:12 - 2012-08-23 12:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-06-30 22:12 - 2012-08-23 12:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-06-30 22:12 - 2012-08-23 12:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-06-30 22:12 - 2012-08-23 12:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-06-30 22:12 - 2012-08-23 11:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-06-30 22:12 - 2012-08-23 10:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-06-30 22:12 - 2012-08-23 10:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-06-30 22:09 - 2013-06-30 22:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-06-30 22:08 - 2012-08-24 20:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-06-30 22:08 - 2012-08-24 20:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-06-30 22:08 - 2012-08-24 20:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-06-30 22:08 - 2012-08-24 20:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-06-30 22:08 - 2012-08-24 18:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-06-30 22:08 - 2012-08-24 18:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-06-30 22:08 - 2012-08-24 18:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-06-30 22:08 - 2012-05-04 13:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-06-30 22:08 - 2012-05-04 11:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-06-23 16:59 - 2013-07-02 21:37 - 00001588 ____A C:\Windows\setupact.log
2013-06-23 16:59 - 2013-06-30 16:35 - 00028342 ____A C:\Windows\PFRO.log
2013-06-23 16:59 - 2013-06-23 16:59 - 00000000 ____A C:\Windows\setuperr.log
2013-06-23 11:25 - 2013-06-23 11:25 - 00000005 ____A C:\Users\*****\AppData\Roaming\WBPU-Q2-TTL.DAT
2013-06-22 15:35 - 2013-06-22 15:35 - 00000000 ____A C:\Users\*****\defogger_reenable
2013-06-22 14:37 - 2013-06-29 13:56 - 00000898 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-06-22 14:36 - 2013-06-28 19:01 - 00000000 ____D C:\Program Files (x86)\CoolLyrics
2013-06-22 14:33 - 2013-06-22 14:33 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-06-22 14:02 - 2013-06-22 14:06 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-22 13:58 - 2013-06-22 13:58 - 00000000 ___AD C:\Program Files (x86)\InboxAce_1gEI
2013-06-22 13:23 - 2013-07-01 18:38 - 00000005 ____A C:\Users\*****\AppData\Roaming\WBPU-TTL.DAT
2013-06-22 12:46 - 2013-07-03 18:21 - 00000480 ____A C:\Windows\Tasks\SpeedMaxPc Registration3.job
2013-06-22 12:46 - 2013-06-22 13:02 - 00000438 ____A C:\Windows\Tasks\SpeedMaxPc Update3.job
2013-06-22 12:46 - 2013-06-22 12:46 - 00000692 ____A C:\Users\*****\Desktop\SpeedMaxPc.lnk
2013-06-19 21:23 - 2013-06-19 21:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-19 20:53 - 2013-06-19 20:53 - 00000000 ____D C:\Users\*****\AppData\Roaming\Tific
2013-06-19 20:22 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-19 20:22 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-19 20:22 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-19 20:22 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-19 20:22 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-19 20:22 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-19 20:22 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-19 20:22 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-19 20:21 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-19 20:21 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-19 20:21 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-19 20:21 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-19 20:21 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-19 20:21 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-19 20:21 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-19 20:21 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-19 20:21 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-19 20:21 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-19 20:21 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-19 20:21 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-18 20:02 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-18 20:02 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-18 20:02 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-18 20:02 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-18 20:02 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-18 20:02 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-18 20:02 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-18 20:02 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-18 20:02 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-18 20:02 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-18 20:02 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-18 20:02 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-18 20:02 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-18 20:02 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-18 20:02 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-18 20:02 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-18 20:02 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-18 20:02 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-18 20:02 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-06-18 20:02 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-06-18 20:02 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-06-18 20:02 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-18 20:02 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-06-18 20:02 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-06-18 20:02 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-06-18 20:02 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-06-18 20:02 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-06-18 20:02 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-06-18 20:02 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-06-18 20:02 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-06-18 20:02 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-06-18 20:02 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-06-18 20:02 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll

==================== One Month Modified Files and Folders =======

2013-07-03 20:28 - 2013-07-03 20:28 - 00000698 ____A C:\Users\*****\Desktop\checkup.txt
2013-07-03 20:26 - 2013-07-03 20:26 - 00890988 ____A C:\Users\*****\Desktop\SecurityCheck.exe
2013-07-03 20:13 - 2010-04-26 10:14 - 01247466 ____A C:\Windows\WindowsUpdate.log
2013-07-03 19:33 - 2011-02-06 13:32 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-03 18:35 - 2011-02-06 13:32 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-03 18:21 - 2013-06-22 12:46 - 00000480 ____A C:\Windows\Tasks\SpeedMaxPc Registration3.job
2013-07-02 21:45 - 2009-07-14 06:45 - 00013936 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 21:45 - 2009-07-14 06:45 - 00013936 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 21:44 - 2013-07-02 21:44 - 02347384 ____A (ESET) C:\Users\*****\Desktop\esetsmartinstaller_enu.exe
2013-07-02 21:44 - 2010-05-26 02:01 - 00654346 ____A C:\Windows\System32\perfh007.dat
2013-07-02 21:44 - 2010-05-26 02:01 - 00130186 ____A C:\Windows\System32\perfc007.dat
2013-07-02 21:44 - 2009-07-14 07:13 - 01498510 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-02 21:37 - 2013-06-23 16:59 - 00001588 ____A C:\Windows\setupact.log
2013-07-02 21:37 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 19:38 - 2013-07-02 19:38 - 00448512 ____A (OldTimer Tools) C:\Users\*****\Desktop\TFC.exe
2013-07-02 18:03 - 2013-07-02 18:03 - 00036355 ____A C:\Users\*****\Desktop\FRST_Di 1.txt
2013-07-02 18:01 - 2013-07-02 18:01 - 00002185 ____A C:\Users\*****\Desktop\RKreport[0]_D_07022013_180042_Di_2.txt
2013-07-02 18:00 - 2013-07-02 18:00 - 00002193 ____A C:\Users\*****\Desktop\RKreport[0]_D_07022013_180042.txt
2013-07-02 18:00 - 2013-07-02 18:00 - 00002057 ____A C:\Users\*****\Desktop\RKreport[0]_S_07022013_175830_Di_1.txt
2013-07-02 17:58 - 2013-07-02 17:58 - 00002065 ____A C:\Users\*****\Desktop\RKreport[0]_S_07022013_175830.txt
2013-07-01 21:08 - 2013-07-01 21:08 - 00002863 ____A C:\Users\*****\Desktop\RKreport[0]_D_07012013_210208_3_korr.txt
2013-07-01 21:04 - 2013-07-01 21:04 - 00034835 ____A C:\Users\*****\Desktop\FRST_neu.txt
2013-07-01 21:02 - 2013-07-01 21:02 - 00002887 ____A C:\Users\*****\Desktop\RKreport[0]_D_07012013_210208_3.txt
2013-07-01 21:02 - 2013-07-01 21:02 - 00002887 ____A C:\Users\*****\Desktop\RKreport[0]_D_07012013_210208.txt
2013-07-01 21:02 - 2013-07-01 21:02 - 00002746 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_210144_2.txt
2013-07-01 21:02 - 2013-07-01 20:56 - 00000000 ____D C:\Users\*****\Desktop\RK_Quarantine
2013-07-01 21:01 - 2013-07-01 21:01 - 00002746 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_210144.txt
2013-07-01 20:59 - 2013-07-01 20:59 - 00002689 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_205820_1.txt
2013-07-01 20:58 - 2013-07-01 20:58 - 00002713 ____A C:\Users\*****\Desktop\RKreport[0]_S_07012013_205820.txt
2013-07-01 20:55 - 2013-07-01 20:55 - 00909312 ____A C:\Users\*****\Downloads\RogueKiller_8.6.1.exe
2013-07-01 20:55 - 2013-07-01 20:55 - 00909312 ____A C:\Users\*****\Desktop\RogueKiller_8.6.1.exe
2013-07-01 20:39 - 2013-07-01 20:39 - 00001057 ____A C:\Users\*****\Desktop\JRT1.txt
2013-07-01 20:38 - 2013-07-01 20:38 - 00001081 ____A C:\Users\*****\Desktop\JRT.txt
2013-07-01 20:34 - 2013-07-01 20:34 - 00000000 ____D C:\Windows\ERUNT
2013-07-01 20:33 - 2013-07-01 20:32 - 00000000 ____D C:\JRT
2013-07-01 20:32 - 2013-07-01 20:32 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\*****\Desktop\JRT.exe
2013-07-01 20:29 - 2013-07-01 20:29 - 00013413 ____A C:\Users\*****\Desktop\AdwCleaner[S1].txt
2013-07-01 20:24 - 2013-07-01 20:24 - 00013493 ____A C:\AdwCleaner[S1].txt
2013-07-01 20:23 - 2013-07-01 20:23 - 00648201 ____A C:\Users\*****\Desktop\adwcleaner.exe
2013-07-01 18:38 - 2013-06-22 13:23 - 00000005 ____A C:\Users\*****\AppData\Roaming\WBPU-TTL.DAT
2013-07-01 18:12 - 2013-07-01 18:11 - 00023557 ____A C:\Users\*****\Desktop\Addition.txt
2013-07-01 18:10 - 2013-07-01 18:10 - 01933758 ____A (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-07-01 18:10 - 2013-07-01 18:10 - 00000000 ____D C:\FRST
2013-06-30 22:20 - 2009-07-14 06:45 - 00353120 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-30 22:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-30 22:09 - 2013-06-30 22:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-06-30 16:35 - 2013-06-23 16:59 - 00028342 ____A C:\Windows\PFRO.log
2013-06-29 17:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-29 13:56 - 2013-06-22 14:37 - 00000898 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-06-28 19:01 - 2013-06-22 14:36 - 00000000 ____D C:\Program Files (x86)\CoolLyrics
2013-06-23 21:04 - 2013-03-23 18:04 - 00000000 ____D C:\Users\*****\AppData\Local\Microsoft Games
2013-06-23 16:59 - 2013-06-23 16:59 - 00000000 ____A C:\Windows\setuperr.log
2013-06-23 11:25 - 2013-06-23 11:25 - 00000005 ____A C:\Users\*****\AppData\Roaming\WBPU-Q2-TTL.DAT
2013-06-22 22:26 - 2011-02-06 13:28 - 00000000 ____D C:\Users\*****\AppData\Local\Google
2013-06-22 16:19 - 2011-07-10 10:17 - 00001425 ____A C:\0
2013-06-22 15:35 - 2013-06-22 15:35 - 00000000 ____A C:\Users\*****\defogger_reenable
2013-06-22 15:35 - 2011-01-31 22:09 - 00000000 ____D C:\users\*****
2013-06-22 14:33 - 2013-06-22 14:33 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-06-22 14:06 - 2013-06-22 14:02 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-22 13:58 - 2013-06-22 13:58 - 00000000 ___AD C:\Program Files (x86)\InboxAce_1gEI
2013-06-22 13:02 - 2013-06-22 12:46 - 00000438 ____A C:\Windows\Tasks\SpeedMaxPc Update3.job
2013-06-22 12:57 - 2011-04-19 21:01 - 00000000 ____D C:\Users\*****\AppData\Local\CrashDumps
2013-06-22 12:57 - 2011-04-19 20:51 - 00000000 ____D C:\Windows\SysWOW64\QuickTime
2013-06-22 12:57 - 2011-04-19 20:51 - 00000000 ____D C:\ProgramData\QuickTime
2013-06-22 12:57 - 2011-02-06 14:37 - 00000000 ____D C:\ProgramData\Norton
2013-06-22 12:57 - 2009-08-02 04:27 - 00000000 ____D C:\Windows\Panther
2013-06-22 12:57 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-06-22 12:46 - 2013-06-22 12:46 - 00000692 ____A C:\Users\*****\Desktop\SpeedMaxPc.lnk
2013-06-19 21:23 - 2013-06-19 21:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-19 20:53 - 2013-06-19 20:53 - 00000000 ____D C:\Users\*****\AppData\Roaming\Tific
2013-06-08 16:08 - 2013-06-19 20:21 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-19 20:21 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-19 20:21 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-19 20:21 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-19 20:21 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-19 20:21 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-19 20:21 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-19 20:21 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-19 20:21 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-19 20:21 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-19 20:21 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-19 20:21 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-29 16:33

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---


Grüße

Sabine99

Alt 03.07.2013, 20:37   #50
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich - Standard

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich



Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
C:\Program Files (x86)\CoolLyrics
C:\ProgramData\FullRemove.exe
         
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Wie läuft der Rechner?

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.07.2013, 20:45   #51
Sabine99
 
GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich - Standard

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich



HI Schrauber,

der Rechner läuft gut und ich finde auch im Netz schneller.

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-06-2013 03
Ran by ***** at 2013-07-03 21:43:53 Run:1
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==============================================

C:\Program Files (x86)\CoolLyrics => Moved successfully.
C:\ProgramData\FullRemove.exe => Moved successfully.

==== End of Fixlog ====
         
Grüße

Sabine99

Alt 03.07.2013, 20:50   #52
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich - Standard

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.07.2013, 20:55   #53
Sabine99
 
GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich - Standard

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich



HI Schrauber,

danke

Grüße

Sabine99

Alt 03.07.2013, 20:56   #54
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich - Standard

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich



Büdde
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.07.2013, 05:29   #55
Sabine99
 
GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich - Standard

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich



Hi Schrauber,
nachdem ich von Norton nicht mehr überzeugt bin, möchte ich es komplett von meinen beiden Rechnern entfernen und eine andere Firewall/Virenscanner aufspielen.
Wie mach ich das, kannst Dir aussuchen welchen zuerst. ;-)

Grüße und Danke

Sabine99

Alt 04.07.2013, 07:37   #56
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich - Standard

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich



Hi,

http://filepony.de/download-norton_uninstaller/

Das sollte alles von Norton entfernen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.07.2013, 11:33   #57
Sabine99
 
GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich - Standard

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich



Hallo Schrauber,

leider hat mein neuer Virenscanner ein paar Funde gemeldet.

1. Beim Installieren Trace.File.Lottso(A) Im Ordner zu einem online Spiel, dass ich früher mal öfter gespielt habe... (das habe ich jetzt auf der Quarantäneliste)

und jetzt bei einem kompletten System scan noch folgende:

2. Trace.file.locker(A); Trace.File.White.Smoke(A) und der Ordner wurde bereits 2010 angelegt. 2 Traces sowie in Windows.old GenPack:Trojan.Bohmini.B(B)

Das war es.

Was ist hiervon kritisch und muß entfernt werden? Es ist nur mein PC betroffen, der Laptop ist jetzt sauber....

Hier noch das file:
Code:
ATTFilter
Emsisoft Anti-Malware - Version 8.0
Letztes Update: 06.07.2013 11:00:35
Benutzerkonto: *****-PC\*****

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	06.07.2013 11:02:52
C:\Users\*****\AppData\Roaming\Microsoft\Windows\Templates\2433f433 	gefunden: Trace.File.Locker (A)
C:\Program Files\WhiteSmoke\ 	gefunden: Trace.File.WhiteSmoke (A)
C:\Users\*****\AppData\Roaming\WhiteSmoke\ 	gefunden: Trace.File.WhiteSmoke (A)
C:\Users\*****\AppData\Roaming\WhiteSmoke\stat.log 	gefunden: Trace.File.WhiteSmoke (A)
C:\Windows.old\Windows\Temp\28HjeErn.exe -> (Embedded EXE g) 	gefunden: GenPack:Trojan.Bohmini.B (B)

Gescannt	634547
Gefunden	5

Scan Ende:	06.07.2013 12:24:27
Scan Zeit:	1:21:35
         
Danke für Deine weitere Hilfe

Sabine99

Alt 06.07.2013, 11:37   #58
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich - Standard

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich



Hoi

poste mal ein frisches FRST log
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.07.2013, 12:02   #59
Sabine99
 
GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich - Standard

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich



Hallo Schrauber,

und hier kommen sie schon ;-)

FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by ***** (administrator) on 06-07-2013 12:57:13
Running from C:\Users\*****\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAcat.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oasrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Buhl Data Service GmbH) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
(COMPANYVERS_NAME) C:\PROGRA~1\UTILIT~2\bar\1.bin\49barsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Cyberlink Corp.) C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
(ODSoft multimedia) C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(VER_COMPANY_NAME) C:\Program Files\UtilityChest_49\bar\1.bin\49brmon.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oaui.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAhlp.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [UpdatePPShortCut] "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\4.0" [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] %programfiles%\windows defender\msascui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [LexwareInfoService] c:\program files\common files\lexware\update manager\lxupdatemanager.exe /autostart [339240 2008-11-03] (Lexware GmbH & Co. KG)
HKLM\...\Run: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\nbkeyscan.exe" [1836328 2007-09-20] (Nero AG)
HKLM\...\Run: [RemoteControl] "c:\program files\homecinema\powerdvd\pdvdserv.exe" [71216 2007-02-09] (Cyberlink Corp.)
HKLM\...\Run: [TVBroadcast] c:\program files\sceneo\absoluttv\services\odsbc\odsbcapp.exe [797696 2007-08-08] (ODSoft multimedia)
HKLM\...\Run: [Ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\monitor.exe [90112 2006-11-29] (Ulead Systems, Inc.)
HKLM\...\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [InboxAce Search Scope Monitor] "C:\PROGRA~1\INBOXA~2\bar\1.bin\1gsrchmn.exe" /m=2 /w /h [x]
HKLM\...\Run: [InboxAce_1g Browser Plugin Loader] C:\PROGRA~1\INBOXA~2\bar\1.bin\1gbrmon.exe [x]
HKLM\...\Run: [Utility Chest Search Scope Monitor] "C:\PROGRA~1\UTILIT~2\bar\1.bin\49srchmn.exe" /m=2 /w /h [44784 2013-06-25] (MindSpark)
HKLM\...\Run: [UtilityChest_49 Browser Plugin Loader] C:\PROGRA~1\UTILIT~2\bar\1.bin\49brmon.exe [30096 2013-06-25] (VER_COMPANY_NAME)
HKLM\...\Run: [NortonSupport] "C:\Program Files\Norton 360\Engine\20.4.0.40\symerr.exe" /supportreboot [x]
HKLM\...\Run: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60 [2928040 2013-07-02] (Emsisoft GmbH)
HKLM\...\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\oaui.exe" [2415104 2012-10-02] (Emsisoft GmbH)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\nmbgmonitor.exe" [202024 2007-10-15] (Nero AG)
HKCU\...\Run: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autorun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [SearchEngineProtection] C:\Program Files\GamesBar\update\SearchEngineProtection.exe [x]
HKCU\...\Run: [AOL Dialer] C:\Program Files\Common Files\AOL\ACS\AOlDial.exe [x]
HKCU\...\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot [423144 2013-04-27] (BillP Studios)
HKCU\...\Policies\system: [disableregistrytools] 0
MountPoints2: {efcd0c81-082c-11df-b5e6-806e6f6e6963} - H:\setup.exe
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

ProxyServer: 192.168.1.1:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
URLSearchHook: (No Name) - {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - C:\Program Files\UtilityChest_49\bar\1.bin\49SrcAs.dll (MindSpark)
URLSearchHook: (No Name) - {5fdb0cd8-5760-44d1-8d13-a78bf558c3c7} - C:\Program Files\InboxAce_1g\bar\1.bin\1gSrcAs.dll No File
HKCU SearchScopes: DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
BHO: Search Assistant BHO - {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - C:\Program Files\UtilityChest_49\bar\1.bin\49SrcAs.dll (MindSpark)
BHO: GamesBar (W) - {2e94b700-eafb-4c9e-a696-77200aa3f89b} - C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll ()
BHO: Toolbar BHO - {58f7b5ca-1162-42e8-8bbc-d543b4edd780} - C:\PROGRA~1\UTILIT~2\bar\1.bin\49bar.dll (MindSpark)
BHO: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -  No File
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Search Assistant BHO - {9359da42-06fb-46f2-9e4a-05c05b98a5ef} - C:\Program Files\InboxAce_1g\bar\1.bin\1gSrcAs.dll No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Toolbar BHO - {d5a1d22b-9e17-454f-8ecd-83c578fb3983} - C:\PROGRA~1\INBOXA~2\bar\1.bin\1gbar.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - GamesBar (W) - {2e94b700-eafb-4c9e-a696-77200aa3f89b} - C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll ()
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll No File
Toolbar: HKLM - InboxAce - {3775afd7-5921-4571-968f-85a631203d1c} - C:\Program Files\InboxAce_1g\bar\1.bin\1gbar.dll No File
Toolbar: HKLM - Utility Chest - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -InboxAce - {3775AFD7-5921-4571-968F-85A631203D1C} - C:\Program Files\InboxAce_1g\bar\1.bin\1gbar.dll No File
Toolbar: HKCU -Utility Chest - {CF67755F-9265-449C-87CF-B945519E073B} - C:\Program Files\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\PROGRA~1\ONLINE~1\oaevent.dll [366440 2012-10-02] (Emsisoft GmbH)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\sgcqplk5.default
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @InboxAce_1g.com/Plugin - C:\Program Files\InboxAce_1g\bar\1.bin\NP1gStub.dll No File
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @UtilityChest_49.com/Plugin - C:\Program Files\UtilityChest_49\bar\1.bin\NP49Stub.dll (MindSpark)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF HKLM\...\Firefox\Extensions: [1gffxtbr@InboxAce_1g.com] C:\Program Files\InboxAce_1g\bar\1.bin
FF HKLM\...\Firefox\Extensions: [49ffxtbr@UtilityChest_49.com] C:\Program Files\UtilityChest_49\bar\1.bin
FF Extension: Utility Chest - C:\Program Files\UtilityChest_49\bar\1.bin
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

Chrome: 
=======
CHR HomePage: hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=TJ&userid=dea475c8-3714-4b9c-9dc7-bc9f234f8bb6&searchtype=hp&installDate=22/06/2013
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=TJ&userid=dea475c8-3714-4b9c-9dc7-bc9f234f8bb6&searchtype=hp&installDate=22/06/2013"
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (Norton Identity Protection) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0
CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [2938408 2013-07-02] (Emsisoft GmbH)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [216072 2012-10-02] (Emsisoft GmbH)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe [75040 2008-09-05] (Ralink Technology, Corp.)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia)
R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1681408 2007-08-16] (Buhl Data Service GmbH)
R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4463864 2012-10-02] (Emsisoft GmbH)
R2 UtilityChest_49Service; C:\PROGRA~1\UTILIT~2\bar\1.bin\49barsvc.exe [42504 2013-06-25] (COMPANYVERS_NAME)

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [54072 2012-04-30] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [37856 2012-04-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [14432 2013-03-28] (Emsisoft GmbH)
S3 CH375; C:\Windows\System32\Drivers\CH375WDM.SYS [28403 2011-03-14] (www.winchiphead.com)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50208 2013-07-02] (Emsisoft GmbH)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [645120 2008-08-21] (Ralink Technology Corp.)
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [208320 2012-10-02] ()
R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44992 2012-10-02] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [27648 2012-10-02] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31768 2012-10-02] (Emsisoft)
R3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-04-18] (Secunia)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-30] (America Online, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130704.002\NAVENG.SYS [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130704.002\NAVEX15.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S1 SRTSP; \SystemRoot\system32\drivers\N360\1404000.028\SRTSP.SYS [x]
S1 SymIM; system32\DRIVERS\SymIMv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-06 12:57 - 2013-07-06 12:57 - 00000000 ____D C:\FRST
2013-07-06 12:54 - 2013-07-06 12:55 - 01373373 ____A (Farbar) C:\Users\*****\Desktop\FRST.exe
2013-07-04 21:30 - 2013-07-04 21:42 - 00000000 ____D C:\ProgramData\OnlineArmor
2013-07-04 21:30 - 2013-07-04 21:30 - 00000000 ____D C:\Users\*****\AppData\Roaming\OnlineArmor
2013-07-04 21:28 - 2013-07-06 11:02 - 00000000 ____D C:\Program Files\Online Armor
2013-07-04 21:28 - 2012-10-02 15:03 - 00044992 ____A C:\Windows\System32\Drivers\oahlp32.sys
2013-07-04 21:28 - 2012-10-02 15:02 - 00208320 ____A C:\Windows\System32\Drivers\OADriver.sys
2013-07-04 21:28 - 2012-10-02 15:02 - 00031768 ____A (Emsisoft) C:\Windows\System32\Drivers\OAnet.sys
2013-07-04 21:28 - 2012-10-02 15:02 - 00027648 ____A (Emsisoft) C:\Windows\System32\Drivers\OAmon.sys
2013-07-04 21:27 - 2013-07-06 12:57 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2013-07-04 21:27 - 2013-07-04 21:27 - 00000852 ____A C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2013-07-04 21:27 - 2013-07-04 21:27 - 00000000 ____D C:\Users\*****\Documents\Anti-Malware
2013-07-04 21:26 - 2013-07-04 21:26 - 221077448 ____A (Emsisoft GmbH                                               ) C:\Users\*****\Downloads\EmsisoftInternetSecuritySetup(1).exe
2013-07-04 20:32 - 2013-07-04 20:49 - 221077448 ____A (Emsisoft GmbH                                               ) C:\Users\*****\Downloads\EmsisoftInternetSecuritySetup.exe
2013-07-04 20:31 - 2013-07-04 20:48 - 190580728 ____A (Emsisoft GmbH                                               ) C:\Users\*****\Downloads\EmsisoftAntiMalwareSetup(4).exe
2013-07-04 20:31 - 2013-07-04 20:48 - 190580728 ____A (Emsisoft GmbH                                               ) C:\Users\*****\Downloads\EmsisoftAntiMalwareSetup(3).exe
2013-07-04 20:30 - 2013-07-04 20:48 - 190580728 ____A (Emsisoft GmbH                                               ) C:\Users\*****\Downloads\EmsisoftAntiMalwareSetup(1).exe
2013-07-04 20:30 - 2013-07-04 20:46 - 190580728 ____A (Emsisoft GmbH                                               ) C:\Users\*****\Downloads\EmsisoftAntiMalwareSetup.exe
2013-07-04 20:30 - 2013-07-04 20:45 - 190580728 ____A (Emsisoft GmbH                                               ) C:\Users\*****\Downloads\EmsisoftAntiMalwareSetup(2).exe
2013-07-04 20:02 - 2013-07-04 20:02 - 00867880 ____A C:\Users\*****\Downloads\Norton20_Removal_Tool(1).exe
2013-07-04 19:59 - 2013-07-04 20:01 - 00269952 ____A C:\Windows\msxml4-KB2758694-enu.LOG
2013-07-04 19:58 - 2013-07-04 19:59 - 00867880 ____A C:\Users\*****\Downloads\Norton20_Removal_Tool.exe
2013-07-01 21:20 - 2013-07-01 21:21 - 00000000 ____D C:\Users\*****\Desktop\wot_safe_surfing-20130515-fx
2013-07-01 20:17 - 2013-07-01 20:17 - 00000209 ____A C:\Users\*****\Desktop\AOL.de Kostenlose Email, Nachrichten & Wetter, Finanzen , Sport und Star-News auf AOL.de.URL
2013-07-01 19:58 - 2013-07-01 19:58 - 02434048 ____A C:\Users\*****\Downloads\msxml.msi
2013-07-01 19:58 - 2013-07-01 19:58 - 02434048 ____A C:\Users\*****\Downloads\msxml(1).msi
2013-07-01 19:49 - 2013-07-01 19:49 - 00000000 ____D C:\Users\*****\AppData\Local\Secunia PSI
2013-07-01 19:28 - 2013-07-01 19:28 - 00448512 ____A (OldTimer Tools) C:\Users\*****\Downloads\TFC.exe
2013-07-01 19:22 - 2013-07-03 18:59 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-01 19:22 - 2013-07-01 19:57 - 00000810 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-01 19:22 - 2013-07-01 19:22 - 00000000 ____D C:\Users\*****\AppData\Roaming\Mozilla
2013-07-01 19:22 - 2013-07-01 19:22 - 00000000 ____D C:\Users\*****\AppData\Local\Mozilla
2013-07-01 19:22 - 2013-07-01 19:22 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-01 19:18 - 2013-07-01 19:18 - 00376576 ____A C:\Users\*****\Desktop\wot_safe_surfing-20130515-fx.zip
2013-07-01 19:12 - 2013-07-01 19:12 - 00140125 ____A C:\Users\*****\Desktop\hosts.zip
2013-07-01 18:44 - 2013-07-01 18:44 - 00000000 ____D C:\ProgramData\Licenses
2013-07-01 18:44 - 2013-07-01 18:43 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-07-01 18:44 - 2013-07-01 18:43 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-07-01 18:44 - 2013-07-01 18:43 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-07-01 18:44 - 2013-07-01 18:43 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-07-01 18:44 - 2013-07-01 18:43 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-07-01 18:43 - 2013-07-01 18:49 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-07-01 18:43 - 2013-07-01 18:43 - 04095448 ____A (BrightFort LLC                                              ) C:\Users\*****\Downloads\spywareblastersetup50.exe
2013-07-01 18:43 - 2013-07-01 18:43 - 00000840 ____A C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-07-01 18:41 - 2013-07-01 21:20 - 00000000 ____D C:\ProgramData\InstallMate
2013-07-01 18:41 - 2013-07-01 18:41 - 00000000 ____D C:\Users\*****\AppData\Roaming\WinPatrol
2013-07-01 18:41 - 2013-07-01 18:41 - 00000000 ____D C:\Program Files\BillP Studios
2013-07-01 18:40 - 2013-07-01 18:40 - 00906440 ____A (BillP Studios) C:\Users\*****\Desktop\wpsetup.exe
2013-07-01 18:39 - 2013-07-01 18:39 - 00906440 ____A (BillP Studios) C:\Users\*****\Downloads\wpsetup.exe
2013-07-01 18:35 - 2013-07-01 18:35 - 00000870 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-01 18:35 - 2013-07-01 18:35 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-07-01 18:35 - 2013-07-01 18:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-01 18:35 - 2013-07-01 18:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-01 18:35 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-01 18:34 - 2013-07-01 18:34 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\*****\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-01 18:33 - 2013-07-01 18:33 - 00000000 ____D C:\Program Files\Secunia
2013-07-01 18:20 - 2013-07-01 18:20 - 00000000 ____D C:\Windows\ERUNT
2013-06-28 18:35 - 2013-06-28 18:35 - 00000000 ____D C:\Windows\erdnt
2013-06-25 06:39 - 2013-06-25 06:39 - 00000000 ____D C:\Users\*****\AppData\Local\UtilityChest_49
2013-06-25 06:39 - 2013-06-25 06:39 - 00000000 ____D C:\Program Files\UtilityChest_49
2013-06-23 11:46 - 2013-06-23 11:46 - 00032092 ____A C:\Users\*****\Documents\FRST.txt
2013-06-23 11:46 - 2013-06-23 11:46 - 00019001 ____A C:\Users\*****\Documents\Addition.txt
2013-06-23 11:26 - 2013-06-23 11:26 - 00000000 ____D C:\Users\*****\AppData\Local\InboxAce_1g
2013-06-23 11:26 - 2013-06-23 11:26 - 00000000 ____D C:\Users\*****\AppData\Local\IAC
2013-06-22 20:23 - 2013-06-22 20:23 - 00000000 ____D C:\Program Files\7-Zip
2013-06-22 20:17 - 2013-06-27 18:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-22 20:16 - 2013-06-22 20:16 - 00000000 ____D C:\Users\*****\AppData\Roaming\Opera
2013-06-22 20:08 - 2013-06-22 20:08 - 00006252 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-06-22 19:58 - 2013-07-01 18:19 - 00000680 ____A C:\Users\*****\AppData\Local\d3d9caps.dat
2013-06-17 06:19 - 2013-06-17 06:19 - 00001628 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-17 06:18 - 2012-08-21 13:01 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2013-06-17 06:17 - 2013-06-17 06:18 - 00000000 ____D C:\Program Files\iTunes
2013-06-17 06:17 - 2013-06-17 06:17 - 00000000 ____D C:\Program Files\iPod
2013-06-17 06:13 - 2013-06-17 06:13 - 00000000 ____D C:\Program Files\Bonjour
2013-06-17 06:09 - 2013-06-17 06:17 - 00000000 ____D C:\ProgramData\Apple Computer
2013-06-14 13:38 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-14 13:38 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-14 13:38 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-14 13:38 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-14 13:38 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-14 13:38 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-14 13:38 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-14 13:38 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-14 13:38 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-14 13:38 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-14 13:38 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-14 13:38 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-14 13:38 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-14 13:38 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-14 13:38 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-14 13:38 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-14 13:32 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-14 13:31 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-14 13:31 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-14 13:31 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-14 13:31 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-14 13:31 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-14 13:31 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-14 13:31 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-14 13:31 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-14 13:31 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-14 13:31 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

==================== One Month Modified Files and Folders ========

2013-07-06 12:57 - 2013-07-06 12:57 - 00000000 ____D C:\FRST
2013-07-06 12:57 - 2013-07-04 21:27 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2013-07-06 12:55 - 2013-07-06 12:54 - 01373373 ____A (Farbar) C:\Users\*****\Desktop\FRST.exe
2013-07-06 12:55 - 2006-11-02 14:47 - 00003264 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-06 12:55 - 2006-11-02 14:47 - 00003264 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-06 12:51 - 2011-11-22 19:11 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-06 12:50 - 2012-08-22 20:11 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-06 11:02 - 2013-07-04 21:28 - 00000000 ____D C:\Program Files\Online Armor
2013-07-06 11:01 - 2010-10-10 13:04 - 00000000 ____D C:\Users\*****\AppData\Roaming\WhiteSmoke
2013-07-06 11:01 - 2010-01-23 16:48 - 01988564 ____A C:\Windows\WindowsUpdate.log
2013-07-06 10:56 - 2011-11-22 19:11 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-06 10:56 - 2010-01-24 10:55 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-06 10:56 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-04 22:23 - 2006-11-02 15:01 - 00032534 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-04 21:42 - 2013-07-04 21:30 - 00000000 ____D C:\ProgramData\OnlineArmor
2013-07-04 21:30 - 2013-07-04 21:30 - 00000000 ____D C:\Users\*****\AppData\Roaming\OnlineArmor
2013-07-04 21:29 - 2010-01-23 17:06 - 00000000 ___AD C:\users\*****
2013-07-04 21:27 - 2013-07-04 21:27 - 00000852 ____A C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2013-07-04 21:27 - 2013-07-04 21:27 - 00000000 ____D C:\Users\*****\Documents\Anti-Malware
2013-07-04 21:26 - 2013-07-04 21:26 - 221077448 ____A (Emsisoft GmbH                                               ) C:\Users\*****\Downloads\EmsisoftInternetSecuritySetup(1).exe
2013-07-04 20:49 - 2013-07-04 20:32 - 221077448 ____A (Emsisoft GmbH                                               ) C:\Users\*****\Downloads\EmsisoftInternetSecuritySetup.exe
2013-07-04 20:48 - 2013-07-04 20:31 - 190580728 ____A (Emsisoft GmbH                                               ) C:\Users\*****\Downloads\EmsisoftAntiMalwareSetup(4).exe
2013-07-04 20:48 - 2013-07-04 20:31 - 190580728 ____A (Emsisoft GmbH                                               ) C:\Users\*****\Downloads\EmsisoftAntiMalwareSetup(3).exe
2013-07-04 20:48 - 2013-07-04 20:30 - 190580728 ____A (Emsisoft GmbH                                               ) C:\Users\*****\Downloads\EmsisoftAntiMalwareSetup(1).exe
2013-07-04 20:46 - 2013-07-04 20:30 - 190580728 ____A (Emsisoft GmbH                                               ) C:\Users\*****\Downloads\EmsisoftAntiMalwareSetup.exe
2013-07-04 20:45 - 2013-07-04 20:30 - 190580728 ____A (Emsisoft GmbH                                               ) C:\Users\*****\Downloads\EmsisoftAntiMalwareSetup(2).exe
2013-07-04 20:19 - 2010-01-23 17:02 - 01324818 ____A C:\Windows\PFRO.log
2013-07-04 20:17 - 2010-01-24 11:16 - 00000000 ____D C:\ProgramData\Symantec
2013-07-04 20:17 - 2010-01-24 11:15 - 00000000 ____D C:\ProgramData\Norton
2013-07-04 20:02 - 2013-07-04 20:02 - 00867880 ____A C:\Users\*****\Downloads\Norton20_Removal_Tool(1).exe
2013-07-04 20:01 - 2013-07-04 19:59 - 00269952 ____A C:\Windows\msxml4-KB2758694-enu.LOG
2013-07-04 19:59 - 2013-07-04 19:58 - 00867880 ____A C:\Users\*****\Downloads\Norton20_Removal_Tool.exe
2013-07-03 19:16 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-07-03 18:59 - 2013-07-01 19:22 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-01 21:58 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-01 21:21 - 2013-07-01 21:20 - 00000000 ____D C:\Users\*****\Desktop\wot_safe_surfing-20130515-fx
2013-07-01 21:20 - 2013-07-01 18:41 - 00000000 ____D C:\ProgramData\InstallMate
2013-07-01 20:17 - 2013-07-01 20:17 - 00000209 ____A C:\Users\*****\Desktop\AOL.de Kostenlose Email, Nachrichten & Wetter, Finanzen , Sport und Star-News auf AOL.de.URL
2013-07-01 20:14 - 2010-01-26 15:52 - 00002633 ____A C:\Users\*****\Desktop\Microsoft Office PowerPoint 2007.lnk
2013-07-01 20:12 - 2012-08-07 19:40 - 00000000 ____D C:\Program Files\EcrSystem
2013-07-01 19:59 - 2007-09-26 14:08 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-07-01 19:58 - 2013-07-01 19:58 - 02434048 ____A C:\Users\*****\Downloads\msxml.msi
2013-07-01 19:58 - 2013-07-01 19:58 - 02434048 ____A C:\Users\*****\Downloads\msxml(1).msi
2013-07-01 19:57 - 2013-07-01 19:22 - 00000810 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-01 19:57 - 2011-10-21 13:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-01 19:51 - 2010-12-28 12:53 - 00000000 ____D C:\Users\*****\AppData\Local\CrashDumps
2013-07-01 19:49 - 2013-07-01 19:49 - 00000000 ____D C:\Users\*****\AppData\Local\Secunia PSI
2013-07-01 19:28 - 2013-07-01 19:28 - 00448512 ____A (OldTimer Tools) C:\Users\*****\Downloads\TFC.exe
2013-07-01 19:22 - 2013-07-01 19:22 - 00000000 ____D C:\Users\*****\AppData\Roaming\Mozilla
2013-07-01 19:22 - 2013-07-01 19:22 - 00000000 ____D C:\Users\*****\AppData\Local\Mozilla
2013-07-01 19:22 - 2013-07-01 19:22 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-01 19:18 - 2013-07-01 19:18 - 00376576 ____A C:\Users\*****\Desktop\wot_safe_surfing-20130515-fx.zip
2013-07-01 19:12 - 2013-07-01 19:12 - 00140125 ____A C:\Users\*****\Desktop\hosts.zip
2013-07-01 18:49 - 2013-07-01 18:43 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-07-01 18:44 - 2013-07-01 18:44 - 00000000 ____D C:\ProgramData\Licenses
2013-07-01 18:43 - 2013-07-01 18:44 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-07-01 18:43 - 2013-07-01 18:44 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-07-01 18:43 - 2013-07-01 18:44 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-07-01 18:43 - 2013-07-01 18:44 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-07-01 18:43 - 2013-07-01 18:44 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-07-01 18:43 - 2013-07-01 18:43 - 04095448 ____A (BrightFort LLC                                              ) C:\Users\*****\Downloads\spywareblastersetup50.exe
2013-07-01 18:43 - 2013-07-01 18:43 - 00000840 ____A C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-07-01 18:43 - 2010-06-23 08:47 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-07-01 18:43 - 2010-01-23 18:54 - 00000000 ____D C:\Program Files\Java
2013-07-01 18:41 - 2013-07-01 18:41 - 00000000 ____D C:\Users\*****\AppData\Roaming\WinPatrol
2013-07-01 18:41 - 2013-07-01 18:41 - 00000000 ____D C:\Program Files\BillP Studios
2013-07-01 18:40 - 2013-07-01 18:40 - 00906440 ____A (BillP Studios) C:\Users\*****\Desktop\wpsetup.exe
2013-07-01 18:39 - 2013-07-01 18:39 - 00906440 ____A (BillP Studios) C:\Users\*****\Downloads\wpsetup.exe
2013-07-01 18:35 - 2013-07-01 18:35 - 00000870 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-01 18:35 - 2013-07-01 18:35 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-07-01 18:35 - 2013-07-01 18:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-01 18:35 - 2013-07-01 18:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-01 18:34 - 2013-07-01 18:34 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\*****\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-01 18:33 - 2013-07-01 18:33 - 00000000 ____D C:\Program Files\Secunia
2013-07-01 18:20 - 2013-07-01 18:20 - 00000000 ____D C:\Windows\ERUNT
2013-07-01 18:19 - 2013-06-22 19:58 - 00000680 ____A C:\Users\*****\AppData\Local\d3d9caps.dat
2013-06-30 21:49 - 2012-05-21 20:02 - 00000000 ____D C:\Users\*****\AppData\Roaming\Apple Computer
2013-06-28 18:35 - 2013-06-28 18:35 - 00000000 ____D C:\Windows\erdnt
2013-06-27 18:59 - 2010-01-26 15:57 - 00002591 ____A C:\Users\*****\Desktop\Microsoft Office Word 2007.lnk
2013-06-27 18:44 - 2013-06-22 20:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-25 06:39 - 2013-06-25 06:39 - 00000000 ____D C:\Users\*****\AppData\Local\UtilityChest_49
2013-06-25 06:39 - 2013-06-25 06:39 - 00000000 ____D C:\Program Files\UtilityChest_49
2013-06-23 11:46 - 2013-06-23 11:46 - 00032092 ____A C:\Users\*****\Documents\FRST.txt
2013-06-23 11:46 - 2013-06-23 11:46 - 00019001 ____A C:\Users\*****\Documents\Addition.txt
2013-06-23 11:26 - 2013-06-23 11:26 - 00000000 ____D C:\Users\*****\AppData\Local\InboxAce_1g
2013-06-23 11:26 - 2013-06-23 11:26 - 00000000 ____D C:\Users\*****\AppData\Local\IAC
2013-06-22 20:23 - 2013-06-22 20:23 - 00000000 ____D C:\Program Files\7-Zip
2013-06-22 20:16 - 2013-06-22 20:16 - 00000000 ____D C:\Users\*****\AppData\Roaming\Opera
2013-06-22 20:08 - 2013-06-22 20:08 - 00006252 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-06-22 20:04 - 2011-04-17 19:29 - 00000000 ____D C:\Windows\System32\Drivers\N360
2013-06-22 19:54 - 2013-01-09 21:21 - 00001935 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-17 06:19 - 2013-06-17 06:19 - 00001628 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-17 06:19 - 2010-01-26 10:43 - 00000000 ____D C:\Users\*****\AppData\Local\Apple Computer
2013-06-17 06:18 - 2013-06-17 06:17 - 00000000 ____D C:\Program Files\iTunes
2013-06-17 06:17 - 2013-06-17 06:17 - 00000000 ____D C:\Program Files\iPod
2013-06-17 06:17 - 2013-06-17 06:09 - 00000000 ____D C:\ProgramData\Apple Computer
2013-06-17 06:17 - 2010-02-13 14:59 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-17 06:17 - 2010-02-13 14:54 - 00000000 ____D C:\ProgramData\Apple
2013-06-17 06:13 - 2013-06-17 06:13 - 00000000 ____D C:\Program Files\Bonjour
2013-06-17 06:09 - 2012-05-21 06:11 - 00001690 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-06-17 06:09 - 2008-01-23 14:46 - 00000000 ____D C:\Program Files\QuickTime
2013-06-14 16:48 - 2012-08-22 20:11 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-14 16:48 - 2011-09-04 07:42 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-14 16:43 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-14 13:36 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-06 12:13

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-07-2013
Ran by ***** at 2013-07-06 12:58:20
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 3.1.1)
6500_E709_eDocs (Version: 1.00.0000)
6500_E709_Help (Version: 1.00.0000)
6500_E709a (Version: 50.0.165.000)
7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 120.0.194.000)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CVE-2012-4969
Destination Component (Version: 110.0.0.0)
DeviceDiscovery (Version: 120.0.194.000)
DocMgr (Version: 120.0.000.000)
DocProc (Version: 12.0.0.0)
ElsterFormular-Upgrade (Version: 13.3.0.9066)
Emsisoft Anti-Malware (Version: 8.0)
Fax (Version: 120.0.194.000)
FreePDF (Remove only)
GamesBar (W) (Version: 3.2.0.36)
Google Chrome (Version: 27.0.1453.116)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.145)
GPBaseService2 (Version: 130.0.371.000)
GPL Ghostscript (Version: 9.02)
HP Customer Participation Program 12.0 (Version: 12.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 12.0 (Version: 12.0)
HP Officejet 6500 E709 Series (Version: 12.0)
HP Smart Web Printing (Version: 4.05)
HP Solution Center 13.0 (Version: 13.0)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 120.0.194.000)
iCloud (Version: 2.1.2.8)
InboxAce Toolbar
Intel(R) PRO Network Connections 12.2.41.0 (Version: 12.2.41.0)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (Version: 7.0.250)
Jewel Quest Deluxe (HKCU Version: 1.0.0)
Jewel Quest Solitaire Deluxe (HKCU Version: 1.0.0)
Lexware buchhalter 2008 (Version: 13.00.00.0090)
Lexware buchhalter 2010 (Version: 15.10.00.0010)
Lexware buchhalter Aktualisierung Februar 2008, Version 13.10 (Version: 13.10.00.0015)
Lexware Elster (Version: 10.10.00.0110)
Lexware Info Service (Version: 2.61.00.0033)
MakeDisc (Version: 3.0.2516)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 120.0.226.000)
MCE Software Encoder 1.1 (Version: 1.1.0.1918)
MediaShow (Version: 3.0.4325)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero 8 Essentials (Version: 8.10.284)
neroxml (Version: 1.0.0)
Network (Version: 120.0.194.000)
NVIDIA 3D Vision Controller Driver (Version: 280.10)
NVIDIA 3D Vision Controller-Treiber 280.10 (Version: 280.10)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OCR Software by I.R.I.S. 12.0 (Version: 12.0)
Online Armor 6.0 (Version: 6.0)
PhotoNow! (Version: 1.0.4310)
PowerDirector (Version: 6.5.2209a)
PowerDVD (Version: 7.0.3118.0)
PowerProducer (Version: 4.2.2504)
ProductContext (Version: 50.0.165.000)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.74.80.86)
Ralink RT2870 Wireless LAN Card (Version: 1.0.4.0)
RedMon - Redirection Port Monitor
RENESIS® Player Browser Plugins (Version: 1.1.1)
RTC Client API v1.2 (Version: 1.2.0000)
Scan (Version: 12.0.0.0)
Sceneo AbsolutTV
Secunia PSI (3.0.0.7009) (Version: 3.0.0.7009)
Servicepack Datumsaktualisierung (Version: 1.00.00.0005)
Shop for HP Supplies (Version: 12)
SmartWebPrinting (Version: 120.0.194.000)
Snap.Do (Version: 1.28.1.10797)
Snap.Do Engine (HKCU Version: 1.28.1.10797)
SolutionCenter (Version: 130.0.373.000)
SpywareBlaster 5.0 (Version: 5.0.0)
Status (Version: 120.0.194.000)
Toolbox (Version: 120.0.194.000)
TrayApp (Version: 120.0.194.000)
Ulead PhotoImpact 12 (Version: 12.0)
UnloadSupport (Version: 11.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Utility Chest Toolbar
VCRedistSetup (Version: 1.0.0)
WebReg (Version: 120.0.194.000)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
WinPatrol (Version: 28.1.2013.0)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

==================== Restore Points  =========================

04-07-2013 19:29:40 Gerätetreiber-Paketinstallation: TLEM Netzwerkdienst

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {18998898-BEE2-40C0-B357-9ACD9D09D1BE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-14] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {447514A3-9452-4789-B411-E5C65175D705} - System32\Tasks\Start Registry Reviver => C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe No File
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {47BBF07F-2C14-478D-B834-588812EC701A} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe No File
Task: {511E17BB-0D4E-43E2-894B-6B425BA47C5E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {62A78C06-6A05-4F07-B631-0693ED935194} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {6C23F747-DA4B-492C-9E9D-F32949CE0893} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\20.4.0.40\WSCStub.exe No File
Task: {95E2B338-1161-4814-9680-A7C997C5AF55} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2006-11-02] (Microsoft Corporation)
Task: {9B38F5FE-9F6E-4FE0-A34A-3F013E6C755D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-22] (Google Inc.)
Task: {9CADA731-EECC-44E1-B935-EC53FA3E530F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - ***** => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {A3C560AA-B9A0-450B-9167-A98E5E35A8E4} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe No File
Task: {A4944DD7-4B0D-403F-A359-0CE4E495459C} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe No File
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {BFCCF36D-4D87-4DE7-8EE1-97209975D68F} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {C2D128C7-930F-4E34-BD90-D8EB71A4ADAD} - System32\Tasks\EPUpdater => C:\Users\HEGGEN~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File
Task: {DF89FF18-14C6-47BA-A108-E5BBA33E9277} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-22] (Google Inc.)
Task: {E040D26E-843B-4749-9F2E-F9E2EBAE488B} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Flash HS-CF
Description: Flash HS-CF
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic 
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Flash HS-MS/SD
Description: Flash HS-MS/SD
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic 
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Flash HS-SM
Description: Flash HS-SM
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic 
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2013 08:03:02 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\*****\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\SGCQPLK5.DEFAULT\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/04/2013 08:03:02 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\*****\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\SGCQPLK5.DEFAULT\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/04/2013 08:01:18 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen einer Routine auf einem Volumeschattenkopieanbieter "{b5946137-7b9f-4925-af80-51abd60b20d5}" ist ein Fehler aufgetreten. Routinedetails PostFinalCommitSnapshots({64f5b06e-afed-4f35-8a62-8488d5dd72fb}, 1) [hr = 0x80042308].


Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (07/04/2013 08:01:18 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Volume bzw. Datenträger ist nicht richtig angeschlossen oder wurde nicht gefunden.
Fehlerkontext: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 00000148,0x0053c198,0019C948,0,0019B940,4096,[0]).


Vorgang:
   PostFinalCommitSnapshots wird verarbeitet

Kontext:
   Ausführungskontext: System Provider

Error: (07/04/2013 07:59:17 PM) (Source: Application Hang) (User: )
Description: Programm psi.exe, Version 3.0.0.7009 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 153c
Anfangszeit: 01ce78dfe74e5650
Zeitpunkt der Beendigung: 812

Error: (07/04/2013 07:59:12 PM) (Source: Application Hang) (User: )
Description: Programm psi.exe, Version 3.0.0.7009 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: d20
Anfangszeit: 01ce78dfe6a5d1b0
Zeitpunkt der Beendigung: 0

Error: (07/01/2013 07:51:46 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung fpassist.exe, Version 3.20.0.81, Zeitstempel 0x4cbc9a6f, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x761f9d1f,
Prozess-ID 0xc58, Anwendungsstartzeit fpassist.exe0.

Error: (07/01/2013 07:50:02 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung PSIA.exe, Version 3.0.0.7009, Zeitstempel 0x516fefa1, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000005, Fehleroffset 0x00067410,
Prozess-ID 0x590, Anwendungsstartzeit PSIA.exe0.

Error: (07/01/2013 07:49:42 PM) (Source: Application Hang) (User: )
Description: Programm psi.exe, Version 3.0.0.7009 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: db4
Anfangszeit: 01ce76834ecc99e0
Zeitpunkt der Beendigung: 78

Error: (07/01/2013 06:20:53 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {432ea787-100c-47e3-81fa-316c703fcd58}


System errors:
=============
Error: (07/06/2013 10:59:04 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (07/06/2013 10:59:04 AM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (07/06/2013 10:57:32 AM) (Source: Service Control Manager) (User: )
Description: SRTSP
SymIM

Error: (07/04/2013 10:19:11 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (07/04/2013 10:19:11 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (07/04/2013 10:18:59 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ROSEN15",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{00474469-B692-4865-B66F-D807289F19-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/04/2013 10:17:50 PM) (Source: Service Control Manager) (User: )
Description: SRTSP
SymIM

Error: (07/04/2013 09:43:00 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (07/04/2013 09:43:00 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (07/04/2013 09:41:35 PM) (Source: Service Control Manager) (User: )
Description: SRTSP
SymIM


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 56%
Total physical RAM: 3069.45 MB
Available physical RAM: 1344 MB
Total Pagefile: 6367.94 MB
Available Pagefile: 4271.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1883.97 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:445.76 GB) (Free:357.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVER) (Fixed) (Total:19.99 GB) (Free:5.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=446 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
Jetzt bin ich aber gespannt

Viele Grüße

Sabine99

Alt 06.07.2013, 14:55   #60
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich - Standard

GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich



Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
C:\Users\*****\AppData\Roaming\Microsoft\Windows\Templates\2433f433
C:\Program Files\WhiteSmoke
C:\Users\*****\AppData\Roaming\WhiteSmoke
C:\Windows.old
HKCU\...\Run: [SearchEngineProtection] C:\Program Files\GamesBar\update\SearchEngineProtection.exe [x]
HKCU\...\Run: [AOL Dialer] C:\Program Files\Common Files\AOL\ACS\AOlDial.exe [x]
ProxyServer: 192.168.1.1:80
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll No File
Toolbar: HKLM - InboxAce - {3775afd7-5921-4571-968f-85a631203d1c} - C:\Program Files\InboxAce_1g\bar\1.bin\1gbar.dll No File
CHR HomePage: hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=TJ&userid=dea475c8-3714-4b9c-9dc7-bc9f234f8bb6&searchtype=hp&installDate=22/06/2013
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=TJ&userid=dea475c8-3714-4b9c-9dc7-bc9f234f8bb6&searchtype=hp&installDate=22/06/2013"
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130704.002\NAVENG.SYS [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130704.002\NAVEX15.SYS [x]
2013-07-04 20:17 - 2010-01-24 11:15 - 00000000 ____D C:\ProgramData\Norton
         
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich
abgesicherten, anmeldung, automatisch, befindet, dateien, erstellt, gesucht, interne, internet, laptop, löschen, meldung, nicht möglich, norton, runter, scanner, trojaner, version, virenscan, virenscanner, virus, win32/adware.speedingupmypc.c, win32/bho.ogc, win32/moure.d



Ähnliche Themen: GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich


  1. Ausus 2in1 Book Windows 8 Nach Anmeldung Schwarzer Bildschirm abgesicherter Modus nicht möglich
    Log-Analyse und Auswertung - 02.02.2015 (3)
  2. Gvu /BKA /Interpol –Virus, starten im abgesicherten Modus nicht möglich (Windows XP 32bit)
    Log-Analyse und Auswertung - 13.11.2014 (19)
  3. BKA-Trojaner und Eingabe im abgesicherten Modus NICHT möglich
    Log-Analyse und Auswertung - 27.06.2014 (16)
  4. Gvu /BKA /Interpol –Virus, starten im abgesicherten Modus nicht möglich (Windows XP 32bit)
    Log-Analyse und Auswertung - 16.03.2014 (5)
  5. Windows XP: Anmeldung im abgesicherten Modus funktioniert nicht, da mein Kennwort nicht akzeptiert wird.
    Log-Analyse und Auswertung - 31.12.2013 (10)
  6. WinXP: BKA-Trojaner und Eingabe im abgesicherten Modus NICHT möglich
    Log-Analyse und Auswertung - 14.11.2013 (3)
  7. Win 7: GVU Trojaner mit Sperrbildschirm - starten im abgesicherten Modus nicht möglich!
    Log-Analyse und Auswertung - 31.10.2013 (13)
  8. Trojaner blockiert Anmeldung im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 16.10.2013 (9)
  9. GVU-Trojaner, Windows-XP, Nur noch Aufruf des Administratorenkontos im abgesicherten Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (19)
  10. Neue Art von Polizeivirus - Neustarten im Abgesicherten Modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 22.07.2013 (17)
  11. GVU-Trojaner und Booten im "abgesicherten Modus" nicht möglich!
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (12)
  12. Tojaner - Start im abgesicherten Modus nicht möglich
    Log-Analyse und Auswertung - 28.05.2013 (34)
  13. GVU Trojaner - Start im Abgesicherten Modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 20.05.2013 (18)
  14. GVU-Trojaner (Start des abgesicherten Modus nicht möglich)
    Plagegeister aller Art und deren Bekämpfung - 06.02.2013 (15)
  15. gvu trojaner aktiv, ein neustart im abgesicherten modus ist nicht möglich!
    Plagegeister aller Art und deren Bekämpfung - 16.01.2013 (3)
  16. BKA-Virus: Offenbar relativ neue Version, Start im Abgesicherten Modus nicht möglich.
    Plagegeister aller Art und deren Bekämpfung - 20.06.2012 (14)
  17. Bundespolizei Trojaner - auch im abgesicherten Modus nicht mehr Start möglich
    Log-Analyse und Auswertung - 05.12.2011 (8)

Zum Thema GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich - Hast Du RogueKiller löschen lassen? Ich glabe nicht Also nochmal Pre-Scan, Scan und dann löschen lassen, Logfile posten und frisches FRST Log bitte - GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich...
Archiv
Du betrachtest: GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.