| |
| |||||||
Log-Analyse und Auswertung: Windows7/64 fährt im abgesicherten Modus sofort wieder runter, Sicherheitscenter bleibt abgehdreht & Netzwerkadapter finden kein NetzwerkWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
21.04.2014, 14:34
| #1 |
| |  Windows7/64 fährt im abgesicherten Modus sofort wieder runter, Sicherheitscenter bleibt abgehdreht & Netzwerkadapter finden kein Netzwerk Hallo und Frohe Ostern! Leider hat sich ein faules Ei in meinem Laptop eingenistet  Zuerst dachte ich, ich wäre vielleicht in einem Funkloch, aber auch in der Nähe des Routers fand mein PC kein Netzwerk. Das machte mich etwas stutzig. Die Mitteilung, daß das Sicherheitscenter wieder eingeschaltet werden muss, war für mich das Indiz dafür, daß da was nicht stimmt und ich wahrscheinlich ein Opfer eines Viruses bin oder vermutlich mehrerer Viren. Ich probierte durch die Wiederherstellung das Problem zu lösen, was leider nichts bewirkte. Der abgesicherte Modus fährt sofort wieder runter - also keine Chance. Nicht einmal der Modus mit Eingabeaufforderung! Ich sitze grad an einem zweiten PC und hoffe so das Problem mit Eurer teuren Hilfe lösen zu können. Ich bin die Checkliste durchgegangen und habe die Logfiles angehängt. Ich verwende ClamWinFree, dessen Report ebenfalls angehängen wollte, aber was sich nicht speichern ließ. Leider hat sich auch nach dem Scan mit ClamWin nichts geändert.Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by doktagc (administrator) on DOKTAGC_LAPTOP on 20-04-2014 17:18:21
Running from C:\Users\doktagc\Desktop\trojaner_board
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
() C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ICT7 S.A. - www.ict7.com) C:\Program Files\CopperLan\CPVNM\CPVNM.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Spotify Ltd) C:\Users\doktagc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\doktagc\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10918504 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2092648 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-08-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2028328 2010-01-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-12-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2014-01-26] (alch)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\wavav0bdtzbtb43b.bat [67 ] () <=== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-981922040-252109876-1569448898-1000\...\Run: [Spotify Web Helper] => C:\Users\doktagc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-03-03] (Spotify Ltd)
HKU\S-1-5-21-981922040-252109876-1569448898-1000\...\MountPoints2: {22f7a763-cbfb-11e0-bf1e-e06995611815} - G:\Launcher\LAUNCHER.EXE
HKU\S-1-5-21-981922040-252109876-1569448898-1000\...\MountPoints2: {c097bd10-9ebd-11e1-9626-e06995611815} - H:\LaunchU3.exe -a
Startup: C:\Users\doktagc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\doktagc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\doktagc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\imq1zjrjg.lnk
ShortcutTarget: imq1zjrjg.lnk -> C:\ProgramData\2992199F9A\gjrjz1qmi.cpp (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default
FF user.js: detected! => C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default\user.js
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: TrackMeNot - C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default\Extensions\trackmenot@mrl.nyu.edu.xpi [2012-03-22]
FF Extension: Foxtab Speed Dial - C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi [2014-03-25]
FF Extension: Adblock Edge - C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-09-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-21]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
==================== Services (Whitelisted) =================
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] ()
R2 CPVNM; C:\Program Files\CopperLan\CPVNM\CPVNM.exe [1177088 2012-12-12] (ICT7 S.A. - www.ict7.com)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [159752 2010-04-24] ()
S2 Winmgmt; C:\ProgramData\2992199F9A\imq1zjrjg.faa [332020 2014-04-17] (Microsoft Corporation)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10)
==================== Drivers (Whitelisted) ====================
S3 ak1avs; C:\Windows\System32\Drivers\ak1avs.sys [358480 2011-04-11] (Native Instruments GmbH)
S3 ak1avs_x64; C:\Windows\System32\Drivers\ak1avs_x64.sys [45136 2009-10-08] (Native Instruments GmbH)
S3 ak1usb_svc; C:\Windows\System32\Drivers\ak1usb.sys [98384 2011-04-11] (Native Instruments GmbH)
S3 ak1usb_x64; C:\Windows\System32\Drivers\ak1usb_x64.sys [300624 2009-10-08] (Native Instruments GmbH)
R3 automap; C:\Windows\System32\DRIVERS\automap.sys [18776 2012-04-19] (Focusrite Audio Engineering Limited)
R2 CPoEthProt; C:\Windows\System32\DRIVERS\CPoEthProt.sys [25368 2012-06-06] (ICT7 S.A.)
R3 CPVMidi; C:\Windows\System32\DRIVERS\CPVMidi.sys [28408 2011-09-21] (ICT7 S.A. - www.ict7.com)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-08-21] (DT Soft Ltd)
S3 gbxavs; C:\Windows\System32\Drivers\gbxavs.sys [357968 2011-07-07] (Native Instruments GmbH)
S3 gbxusb_svc; C:\Windows\System32\Drivers\gbxusb.sys [68688 2011-07-07] (Native Instruments GmbH)
S3 mmxavs; C:\Windows\System32\Drivers\mmxavs.sys [357968 2011-09-15] (Native Instruments GmbH)
S3 mmxusb_svc; C:\Windows\System32\Drivers\mmxusb.sys [45648 2011-09-15] (Native Instruments GmbH)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2013-03-11] ()
S3 NvnUsbAudio; C:\Windows\System32\DRIVERS\nvnusbaudio.sys [53080 2011-10-05] (Novation DMS Ltd.)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2013-05-01] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2013-05-01] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2013-05-01] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2013-05-01] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2013-05-01] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2013-05-01] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2013-05-01] (MCCI Corporation)
S3 SeratoUsb; C:\Windows\System32\Drivers\SeratoUsb.sys [50808 2010-11-22] (Cristalink Ltd)
S3 SL3; C:\Windows\System32\Drivers\Sl3.sys [57448 2010-11-22] (Cristalink Ltd)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-08-21] (Duplex Secure Ltd.)
S3 TTM57SLUsb; C:\Windows\System32\Drivers\TTM57SLUsb.sys [50296 2010-11-22] (Cristalink Ltd)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-12-01] (X10 Wireless Technology, Inc.)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x64\Sandra.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-20 17:18 - 2014-04-20 17:18 - 00000000 ____D () C:\FRST
2014-04-20 17:16 - 2014-04-20 17:16 - 00000188 _____ () C:\Users\doktagc\defogger_reenable
2014-04-20 17:13 - 2014-04-20 17:18 - 00000000 ____D () C:\Users\doktagc\Desktop\trojaner_board
2014-04-17 19:51 - 2014-04-17 19:52 - 00000000 ____D () C:\Users\doktagc\Desktop\GCNU-TestMasterWAVS
2014-04-17 09:30 - 2014-04-17 20:57 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-10 01:10 - 2014-04-10 01:10 - 00884680 _____ (Google Inc.) C:\Users\doktagc\Downloads\ChromeSetup.exe
2014-03-23 15:42 - 2014-03-23 15:44 - 05822512 _____ () C:\Users\doktagc\Desktop\doomdubberzlive.aif.gpk
2014-03-23 15:26 - 2014-03-22 02:33 - 652062414 _____ () C:\Users\doktagc\Desktop\doomdubberzlive.aif
2014-03-21 21:54 - 2014-03-21 22:04 - 00000000 ____D () C:\Users\doktagc\Desktop\Beatport_09_2013
2014-03-21 21:54 - 2014-03-21 22:04 - 00000000 ____D () C:\Users\doktagc\Desktop\Beatport_03_2014
2014-03-21 21:12 - 2014-03-21 21:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-04-20 17:18 - 2014-04-20 17:18 - 00000000 ____D () C:\FRST
2014-04-20 17:18 - 2014-04-20 17:13 - 00000000 ____D () C:\Users\doktagc\Desktop\trojaner_board
2014-04-20 17:17 - 2011-08-20 12:13 - 00000000 ____D () C:\Users\doktagc\AppData\Roaming\Dropbox
2014-04-20 17:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 17:16 - 2014-04-20 17:16 - 00000188 _____ () C:\Users\doktagc\defogger_reenable
2014-04-20 17:16 - 2011-08-19 17:01 - 00000000 ____D () C:\Users\doktagc
2014-04-20 17:16 - 2011-08-19 16:57 - 01714680 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 17:16 - 2009-07-14 06:51 - 00225707 _____ () C:\Windows\setupact.log
2014-04-20 17:16 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 17:16 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 06:55 - 2012-11-15 11:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-18 06:55 - 2012-11-15 11:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-18 06:55 - 2012-08-27 21:19 - 00000000 ____D () C:\Users\Mcx1-DOKTAGC_LAPTOP.doktagc_laptop
2014-04-18 06:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-17 21:39 - 2014-03-17 18:38 - 00000296 _____ () C:\Windows\Tasks\FoxTab.job
2014-04-17 21:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-17 20:58 - 2012-04-05 09:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-17 20:57 - 2014-04-17 09:30 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-17 19:52 - 2014-04-17 19:51 - 00000000 ____D () C:\Users\doktagc\Desktop\GCNU-TestMasterWAVS
2014-04-17 09:30 - 2011-08-19 17:02 - 00000000 ___RD () C:\Users\doktagc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-17 09:27 - 2011-02-10 21:25 - 00696984 _____ () C:\Windows\system32\perfh007.dat
2014-04-17 09:27 - 2011-02-10 21:25 - 00148248 _____ () C:\Windows\system32\perfc007.dat
2014-04-17 09:27 - 2009-07-14 07:13 - 01612924 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-17 09:24 - 2013-02-12 11:02 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F1E38899-A7AC-4545-9BF9-C5109ED06AD8}
2014-04-17 09:21 - 2011-08-20 12:16 - 00000000 ___RD () C:\Users\doktagc\Dropbox
2014-04-13 03:11 - 2011-10-04 15:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-13 03:10 - 2011-08-21 12:37 - 00000000 ____D () C:\Users\doktagc\AppData\Roaming\Skype
2014-04-10 19:50 - 2010-11-21 05:47 - 00021508 _____ () C:\Windows\PFRO.log
2014-04-10 01:14 - 2011-08-19 17:04 - 00000000 ____D () C:\Users\doktagc\AppData\Local\Google
2014-04-10 01:14 - 2011-08-19 16:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-10 01:10 - 2014-04-10 01:10 - 00884680 _____ (Google Inc.) C:\Users\doktagc\Downloads\ChromeSetup.exe
2014-04-01 00:39 - 2014-03-17 18:38 - 00000075 _____ () C:\Users\doktagc\AppData\Roaming\WB.CFG
2014-03-23 15:44 - 2014-03-23 15:42 - 05822512 _____ () C:\Users\doktagc\Desktop\doomdubberzlive.aif.gpk
2014-03-23 15:23 - 2012-05-03 11:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-22 02:33 - 2014-03-23 15:26 - 652062414 _____ () C:\Users\doktagc\Desktop\doomdubberzlive.aif
2014-03-21 22:04 - 2014-03-21 21:54 - 00000000 ____D () C:\Users\doktagc\Desktop\Beatport_09_2013
2014-03-21 22:04 - 2014-03-21 21:54 - 00000000 ____D () C:\Users\doktagc\Desktop\Beatport_03_2014
2014-03-21 21:12 - 2014-03-21 21:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
Files to move or delete:
====================
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\Users\doktagc\AppData\Roaming\skype.dat
Some content of TEMP:
====================
C:\Users\doktagc\AppData\Local\Temp\DivXSetup.exe
C:\Users\doktagc\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\doktagc\AppData\Local\Temp\ICReinstall_FileZilla_3.2.7.1_win32-setup.exe
C:\Users\doktagc\AppData\Local\Temp\vtyx.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-10 20:50
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by doktagc at 2014-04-20 17:19:17
Running from C:\Users\doktagc\Desktop\trojaner_board
Boot Mode: Normal
==========================================================
==================== Security Center ========================
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.4.1217.35202 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.1217.35202 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
Auto Gordian Knot 2.55 (HKLM-x32\...\AutoGK) (Version: 2.55 - len0x)
Automap 4.4 (HKLM\...\Automap Universal_is1) (Version: 4.4 - Focusrite Audio Engineering Ltd.)
BeatportDownloader (HKLM-x32\...\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1) (Version: 1.003 - Beatport LLC)
BeatportDownloader (x32 Version: 1.003 - Beatport LLC) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broken Age (HKLM-x32\...\Steam App 232790) (Version: - Double Fine Productions)
ByteScout BarCode Generator 3.20.590 (FREEWARE) (HKLM-x32\...\ByteScout BarCode Generator_is1) (Version: - Bytescout Software)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2631 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ClamWin Free Antivirus 0.98.1 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version: - alch)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CopperLan uninstall (HKLM-x32\...\CopperLan) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVD43 Plug-in v1.0.0.5 (HKLM-x32\...\DVD43 Plug-in_is1) (Version: - )
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Foxtab (HKLM-x32\...\foxtab) (Version: - FoxTab) <==== ATTENTION
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Intel(R) C++ Redistributables for Windows* on IA-32 (HKLM-x32\...\{1E958728-CFA3-454A-A2D6-42A9FF718480}) (Version: 11.1.048 - Intel Corporation)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{124E908C-C9B3-4AD8-8D1F-728E12A60ACA}) (Version: 11.1.051 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2226 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
Java(TM) 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 7.7.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.7.0 - )
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Logitech Harmony Remote Software (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 1.0.110307 - Logitech)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 12.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 12.0.1 (x86 de)) (Version: 12.0.1 - Mozilla)
Mp3tag v2.51 (HKLM-x32\...\Mp3tag) (Version: v2.51 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments Audio Kontrol 1 Driver (HKLM-x32\...\Native Instruments Audio Kontrol 1 Driver) (Version: - Native Instruments)
Native Instruments Audio Kontrol 1 Driver (Version: 2.0.15.007 - Native Instruments) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.5.4.1182 - Native Instruments)
Native Instruments Controller Editor (Version: 1.5.4.1182 - Native Instruments) Hidden
Native Instruments Maschine (HKLM-x32\...\Native Instruments Maschine) (Version: - Native Instruments)
Native Instruments Maschine (Version: 1.8.2.247 - Native Instruments) Hidden
Native Instruments Maschine Controller (HKLM-x32\...\Native Instruments Maschine Controller) (Version: - Native Instruments)
Native Instruments Maschine Controller Driver (HKLM-x32\...\Native Instruments Maschine Controller Driver) (Version: - Native Instruments)
Native Instruments Maschine Controller Driver (Version: 3.0.1.648 - Native Instruments) Hidden
Native Instruments Maschine Controller MK2 Driver (HKLM-x32\...\Native Instruments Maschine Controller MK2 Driver) (Version: - Native Instruments)
Native Instruments Maschine Controller MK2 Driver (Version: 3.0.4.719 - Native Instruments) Hidden
Native Instruments Maschine Mikro (HKLM-x32\...\Native Instruments Maschine Mikro) (Version: - Native Instruments)
Native Instruments Maschine Mikro Driver (HKLM-x32\...\Native Instruments Maschine Mikro Driver) (Version: - Native Instruments)
Native Instruments Maschine Mikro Driver (Version: 3.0.2.664 - Native Instruments) Hidden
Native Instruments Maschine Mikro MK2 Driver (HKLM-x32\...\Native Instruments Maschine Mikro MK2 Driver) (Version: - Native Instruments)
Native Instruments Maschine Mikro MK2 Driver (Version: 3.0.4.719 - Native Instruments) Hidden
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
Native Instruments Massive (Version: 1.3.1.129 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Native Instruments Service Center (Version: 2.3.2.926 - Native Instruments) Hidden
Novation USB Audio Driver 2.3 (HKLM\...\Novation USB Audio Driver_is1) (Version: 2.3 - Novation DMS Ltd.)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0017 - Pegatron Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
Rebeat (HKLM-x32\...\Rebeat_is1) (Version: 1.340.6 - Rebeat)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
SimCity 3000 (HKLM-x32\...\SimCity 3000) (Version: - )
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.4.0 - Synaptics Incorporated)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe)
Thesys (HKLM-x32\...\Thesys) (Version: 1.0 - Sugar Bytes)
Torchlight 2 (HKLM-x32\...\{049FF5E4-EB02-4c42-8DB0-226E2F7A9E53}) (Version: 1.1.1.1 - )
TT-Dynamic-Range 1.1 (HKLM-x32\...\TT-Dynamic-Range 1.1) (Version: - )
UltraNova Editor 1.1.2 (HKLM\...\{04351EBB-5491-4279-B59A-D96ED9296A85}}_is1) (Version: 1.1.2 - Focusrite Audio Engineering Limited)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.621 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
X10 Hardware(TM) (HKLM-x32\...\X10Hardware) (Version: - )
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version: - )
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0B07F4D5-DC6C-4C53-AD8A-4AE42B6809EC} - System32\Tasks\{64D215F3-00D3-40F1-A185-15DA2B2C9031} => C:\Users\doktagc\Downloads\Sony_EricssonPC_Suite_2_1046.exe [2013-05-01] ()
Task: {122D32F8-2045-45C1-8F5F-F003318F0389} - System32\Tasks\FoxTab => C:\Users\doktagc\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {2F127C2E-E2E3-4E26-94E3-FBE520C0BA28} - System32\Tasks\{D13C65F6-E20E-452D-B8DB-71046073C994} => C:\Program Files (x86)\monome\Monome Serial 0.2.1.3\MonomeSerial.exe
Task: {33156EC2-473E-4D5C-B6EF-A31BE3058B67} - System32\Tasks\{DD3C4AA0-B093-45CA-B726-7BC3542DEC5D} => C:\Program Files\Maxis\SimCity 2000\SIMCITY.EXE [2013-09-19] (Maxis, Inc.)
Task: {496BB81F-DB81-4589-BBBC-DC5E7A3D6CFA} - System32\Tasks\{3CB3FCDD-2897-4730-9D22-9902919A7E77} => C:\Program Files (x86)\monome\Monome Serial 0.2.1.5\MonomeSerial.exe
Task: {4B22F94B-9DF3-4B22-973B-E05FA8222F50} - System32\Tasks\{295455FD-1CE3-49AD-831F-262AA6BC335A} => C:\Program Files\Maxis\SimCity 2000\SIMCITY.EXE [2013-09-19] (Maxis, Inc.)
Task: {54292B79-5862-4BA4-8C79-813A73ABAF73} - System32\Tasks\{D4224549-6B8B-4710-8328-249380D625E1} => E:\LSL3\INSTALL.EXE
Task: {5497A191-249A-4C6D-9446-D41BEFD66CEC} - System32\Tasks\{FDA186E6-F50B-46A2-9711-32E5D92A5AA0} => C:\Users\doktagc\Downloads\Sony_EricssonPC_Suite_2_1046.exe [2013-05-01] ()
Task: {7DB9139A-E62C-47D5-8E64-24B339FC3561} - System32\Tasks\{DF14A9E1-3454-4870-8CC2-AF24A808F5A2} => C:\Windows\system32\msiexec.exe [2010-11-21] (Microsoft Corporation)
Task: {90AEBC30-3E3C-4A34-8BFE-F99EA8B1F750} - System32\Tasks\{F82BC7D4-7061-4E01-B64A-0AA4DB87D1B8} => C:\Program Files (x86)\monome\Monome Serial 0.2.1.5\MonomeSerial.exe
Task: {A737937A-E6D2-41DC-83DA-38B6872882E4} - System32\Tasks\{B54DD49A-B50A-4CD9-B75F-428354B84ED5} => C:\Program Files\Maxis\SimCity 2000\SIMCITY.EXE [2013-09-19] (Maxis, Inc.)
Task: {B44A66AB-2912-4CA5-9751-12A7618C68AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {D3DB6383-7F0A-478C-BFA2-515B816A4A72} - System32\Tasks\{F375B75B-0913-4BD6-AA5C-CAD05522B394} => C:\Program Files (x86)\monome\Monome Serial 0.2.1.5\MonomeSerial.exe
Task: {E68DC764-E816-46B5-BE6F-AC13BC3691E4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {EECA56C1-01F2-432B-8DCF-53113577699B} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-DOKTAGC_LAPTOP => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\doktagc\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2011-03-11 18:19 - 2009-12-19 01:40 - 00104968 ____R () C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
2011-03-11 18:19 - 2010-04-24 04:13 - 00159752 ____R () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2011-10-28 15:29 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2012-10-11 14:30 - 2012-10-11 14:30 - 00044032 _____ () C:\Program Files\CopperLan\CPVNM\CLP\CLoNet.clp
2012-03-05 10:05 - 2012-03-05 10:05 - 00081408 _____ () C:\Program Files\CopperLan\CPVNM\CLP\CLoUSB.clp
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-12-18 09:58 - 2008-04-19 17:35 - 00080384 _____ () C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll
2011-03-11 18:19 - 2010-01-13 03:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2011-03-11 18:19 - 2010-01-13 03:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-03-11 18:19 - 2009-12-19 01:41 - 00129544 ____R () C:\Program Files (x86)\PHotkey\GFNEX.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\doktagc\AppData\Roaming\Dropbox\bin\libcef.dll
2012-12-18 09:58 - 2005-02-08 18:23 - 00979005 _____ () C:\Program Files (x86)\ClamWin\bin\python23.dll
2012-12-18 09:58 - 2004-11-20 04:27 - 00069632 _____ () C:\Program Files (x86)\ClamWin\lib\win32api.pyd
2012-12-18 09:58 - 2004-10-11 21:21 - 00094208 _____ () C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2012-12-18 09:58 - 2004-05-25 22:18 - 00057401 _____ () C:\Program Files (x86)\ClamWin\lib\_sre.pyd
2012-12-18 09:58 - 2004-11-20 04:27 - 00086016 _____ () C:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2012-12-18 09:58 - 2004-11-20 04:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32event.pyd
2012-12-18 09:58 - 2004-11-20 04:27 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\win32process.pyd
2012-12-18 09:58 - 2004-05-25 22:18 - 00049212 _____ () C:\Program Files (x86)\ClamWin\lib\_socket.pyd
2012-12-18 09:58 - 2004-05-25 22:18 - 00495616 _____ () C:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2012-12-18 09:58 - 2004-05-25 22:20 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2012-12-18 09:58 - 2004-10-11 21:22 - 00315392 _____ () C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2012-12-18 09:58 - 2004-11-20 04:27 - 00106496 _____ () C:\Program Files (x86)\ClamWin\lib\shell.pyd
2012-12-18 09:58 - 2004-11-20 04:27 - 00065536 _____ () C:\Program Files (x86)\ClamWin\lib\win32security.pyd
2012-12-18 09:58 - 2004-01-15 15:45 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2012-12-18 09:58 - 2004-11-20 04:27 - 00077824 _____ () C:\Program Files (x86)\ClamWin\lib\win32file.pyd
2012-12-18 09:58 - 2004-11-20 04:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2012-12-18 09:58 - 2003-10-01 14:40 - 02240512 _____ () C:\Program Files (x86)\ClamWin\lib\wxc.pyd
2012-12-18 09:58 - 2003-10-01 12:43 - 03239936 _____ () C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2012-12-18 09:58 - 2003-08-10 10:14 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2012-12-18 09:58 - 2004-05-25 22:17 - 00622651 _____ () C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2012-12-18 09:58 - 2004-05-25 22:19 - 00045117 _____ () C:\Program Files (x86)\ClamWin\lib\datetime.pyd
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\doktagc:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Microsoft:faeOqa2Tja2OpmtKgDYU
AlternateDataStreams: C:\ProgramData\Microsoft:Mj5t13c78HsvhxA5u3LYECqtQAo
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\doktagc\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\doktagc\Cookies:gs5sys
AlternateDataStreams: C:\Users\doktagc\Lokale Einstellungen:6786XXKc9Jk7X1OewaZndg
AlternateDataStreams: C:\Users\doktagc\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\doktagc\Lokale Einstellungen:pXvPbpFfI7rDkHo0M1lznYMcBa
AlternateDataStreams: C:\Users\doktagc\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\doktagc\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\doktagc\AppData\Local:6786XXKc9Jk7X1OewaZndg
AlternateDataStreams: C:\Users\doktagc\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\doktagc\AppData\Local:pXvPbpFfI7rDkHo0M1lznYMcBa
AlternateDataStreams: C:\Users\doktagc\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\doktagc\AppData\Local\Anwendungsdaten:6786XXKc9Jk7X1OewaZndg
AlternateDataStreams: C:\Users\doktagc\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\doktagc\AppData\Local\Anwendungsdaten:pXvPbpFfI7rDkHo0M1lznYMcBa
AlternateDataStreams: C:\Users\doktagc\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\doktagc\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^Users^doktagc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wavav0bdtzbtb43b.lnk => C:\Windows\pss\wavav0bdtzbtb43b.lnk.Startup
==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/17/2014 09:21:36 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/17/2014 09:21:36 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/17/2014 09:21:36 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/17/2014 09:21:36 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/17/2014 09:21:36 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/17/2014 09:20:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/16/2014 08:32:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/13/2014 03:18:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/13/2014 03:06:12 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/13/2014 03:06:12 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
System errors:
=============
Error: (04/20/2014 05:25:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/20/2014 05:25:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/20/2014 05:24:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/20/2014 05:24:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/20/2014 05:23:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/20/2014 05:23:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/20/2014 05:22:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/20/2014 05:22:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/20/2014 05:21:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/20/2014 05:21:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Microsoft Office Sessions:
=========================
Error: (04/17/2014 09:21:36 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/17/2014 09:21:36 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/17/2014 09:21:36 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/17/2014 09:21:36 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/17/2014 09:21:36 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/17/2014 09:20:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/16/2014 08:32:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/13/2014 03:18:40 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/13/2014 03:06:12 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/13/2014 03:06:12 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
==================== Memory info ===========================
Percentage of memory in use: 32%
Total physical RAM: 3893.14 MB
Available physical RAM: 2633.58 MB
Total Pagefile: 7784.48 MB
Available Pagefile: 6448.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:565.07 GB) (Free:225.36 GB) NTFS
Drive d: (Recover) (Fixed) (Total:30 GB) (Free:11.51 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=565 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-20 17:43:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\doktagc\AppData\Local\Temp\kwlorkog.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 26 00000000732c13c6 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 74 00000000732c13f6 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 257 00000000732c14ad 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 303 00000000732c14db 2 bytes [2C, 73]
.text ... * 2
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 79 00000000732c1577 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 175 00000000732c15d7 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 620 00000000732c1794 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 921 00000000732c18c1 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 322 0000000072c01a22 2 bytes [C0, 72]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 496 0000000072c01ad0 2 bytes [C0, 72]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 552 0000000072c01b08 2 bytes [C0, 72]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 730 0000000072c01bba 2 bytes [C0, 72]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 762 0000000072c01bda 2 bytes [C0, 72]
.text C:\Users\doktagc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000759b1465 2 bytes [9B, 75]
.text C:\Users\doktagc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000759b14bb 2 bytes [9B, 75]
.text ... * 2
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 26 00000000732c13c6 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 74 00000000732c13f6 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 257 00000000732c14ad 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 303 00000000732c14db 2 bytes [2C, 73]
.text ... * 2
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 79 00000000732c1577 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 175 00000000732c15d7 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 620 00000000732c1794 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 921 00000000732c18c1 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 322 0000000072c01a22 2 bytes [C0, 72]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 496 0000000072c01ad0 2 bytes [C0, 72]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 552 0000000072c01b08 2 bytes [C0, 72]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 730 0000000072c01bba 2 bytes [C0, 72]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 762 0000000072c01bda 2 bytes [C0, 72]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759b1465 2 bytes [9B, 75]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759b14bb 2 bytes [9B, 75]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [2504] entry point in ".rdata" section 00000000743671e6
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759b1465 2 bytes [9B, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759b14bb 2 bytes [9B, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [3856:4032] 000007fef27f9688
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3784:2336] 000007fefbdc2ab8
---- Processes - GMER 2.1 ----
Library c:\progra~3\2992199f9a\imq1zjrjg.faa (*** suspicious ***) @ C:\Windows\system32\svchost.exe [128] (Non-COM WMI Event Provision APIs/Microsoft Corporation)(2014-04- 00000000732d0000
Library c:\progra~3\2992199f9a\imq1zjrjg.faa (*** suspicious ***) @ C:\Windows\Explorer.EXE [2632] (Non-COM WMI Event Provision APIs/Microsoft Corporation)(2014-04-17 07:31:07) 00000000732d0000
Library c:\progra~3\299219~1\gjrjz1qmi.cpp (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [2684] (Internet Connection Wizard/Microsoft Corporation)(2014-04-17 07: 0000000000400000
Library C:\Users\doktagc\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\doktagc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460](2014-01-03 00:45:04) 0000000004010000
Library C:\Users\doktagc\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\doktagc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460](2013-10-18 23:55:02) 000000006fa10000
Library C:\Users\doktagc\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\doktagc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 000000006f080000
Library C:\PROGRA~3\299219~1\gjrjz1qmi.cpp (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [2588] (Internet Connection Wizard/Microsoft Corporation)(2014-04-17 07: 0000000000400000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE4 0x2C 0x51 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x59 0x0B 0xC7 0x31 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0xC6 0xFB 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE4 0x2C 0x51 0x72 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x59 0x0B 0xC7 0x31 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0xC6 0xFB 0x66 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
21.04.2014, 14:44
| #2 |
  | Windows7/64 fährt im abgesicherten Modus sofort wieder runter, Sicherheitscenter bleibt abgehdreht & Netzwerkadapter finden kein Netzwerk Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Ich bedanke mich für deine Geduld  |
|
21.04.2014, 19:32
| #3 |
| | Windows7/64 fährt im abgesicherten Modus sofort wieder runter, Sicherheitscenter bleibt abgehdreht & Netzwerkadapter finden kein Netzwerk Hallo redrub und
__________________Ich werde dir bei der Bereinigung des Computers helfen.
Hast schon selber versucht etwas zu entfernen, oder? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter cmd: type C:\ProgramData\wavav0bdtzbtb43b.bat
cmd: type C:\ProgramData\wavav0bdtzbtb43b.reg
HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\wavav0bdtzbtb43b.bat [67 ] () <=== ATTENTION
Startup: C:\Users\doktagc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\imq1zjrjg.lnk
ShortcutTarget: imq1zjrjg.lnk -> C:\ProgramData\2992199F9A\gjrjz1qmi.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\2992199F9A\imq1zjrjg.faa [332020 2014-04-17] (Microsoft Corporation)
2014-04-17 09:30 - 2014-04-17 20:57 - 00000000 ____D () C:\ProgramData\2992199F9A
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\Users\doktagc\AppData\Roaming\skype.dat
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Starte noch einmal FRST.
|
|
22.04.2014, 14:23
| #4 |
| | Windows7/64 fährt im abgesicherten Modus sofort wieder runter, Sicherheitscenter bleibt abgehdreht & Netzwerkadapter finden kein Netzwerk Hallo Mort! Danke für die schnelle Hilfe! Leider konnte ich nicht früher zum Zweitcomputer. Ich habe das File an oberster Stelle in der Fixlist mal in der msconfig abgehdreht, weil es mir wegen der Namensgebung seltsam vorkam. Leider weiß ich nicht mehr was ich alles versuchte, um das Problem zu lösen, bis auf die Verwendung von Spybot, einer Kaspersky Recovery Boot Disk, die aber nie startete - vermutlich weil die Bootsequence verstellt ist oder der Start anders verhindert wurde und ich versuchte AviraAntiVir zu installieren, was aber leider auch nicht funktionierte. Ich habe jedenfalls die Fixlist erstellt und FRST nochmal suchen lassen: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014 01
Ran by doktagc at 2014-04-22 14:56:22 Run:1
Running from C:\Users\doktagc\Desktop\trojaner_board
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
cmd: type C:\ProgramData\wavav0bdtzbtb43b.bat
cmd: type C:\ProgramData\wavav0bdtzbtb43b.reg
HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\wavav0bdtzbtb43b.bat [67 ] () <=== ATTENTION
Startup: C:\Users\doktagc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\imq1zjrjg.lnk
ShortcutTarget: imq1zjrjg.lnk -> C:\ProgramData\2992199F9A\gjrjz1qmi.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\2992199F9A\imq1zjrjg.faa [332020 2014-04-17] (Microsoft Corporation)
2014-04-17 09:30 - 2014-04-17 20:57 - 00000000 ____D () C:\ProgramData\2992199F9A
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\Users\doktagc\AppData\Roaming\skype.dat
*****************
========= type C:\ProgramData\wavav0bdtzbtb43b.bat =========
START "ok" rundll32.exe C:\PROGRA~3\b34btbztdb0vavaw.exe,OKL00 /B
========= End of CMD: =========
========= type C:\ProgramData\wavav0bdtzbtb43b.reg =========
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="C:\\PROGRA~3\\wavav0bdtzbtb43b.bat"
========= End of CMD: =========
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
C:\Users\doktagc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\imq1zjrjg.lnk => Moved successfully.
C:\ProgramData\2992199F9A\gjrjz1qmi.cpp => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\2992199F9A => Moved successfully.
C:\ProgramData\wavav0bdtzbtb43b.bat => Moved successfully.
C:\ProgramData\wavav0bdtzbtb43b.reg => Moved successfully.
C:\Users\doktagc\AppData\Roaming\skype.dat => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by doktagc (administrator) on DOKTAGC_LAPTOP on 22-04-2014 15:01:03
Running from C:\Users\doktagc\Desktop\trojaner_board
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
() C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ICT7 S.A. - www.ict7.com) C:\Program Files\CopperLan\CPVNM\CPVNM.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\doktagc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\POSD.exe
(Dropbox, Inc.) C:\Users\doktagc\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10918504 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2092648 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-08-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2028328 2010-01-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-12-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2014-01-26] (alch)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-981922040-252109876-1569448898-1000\...\Run: [Spotify Web Helper] => C:\Users\doktagc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-03-03] (Spotify Ltd)
HKU\S-1-5-21-981922040-252109876-1569448898-1000\...\MountPoints2: {22f7a763-cbfb-11e0-bf1e-e06995611815} - G:\Launcher\LAUNCHER.EXE
HKU\S-1-5-21-981922040-252109876-1569448898-1000\...\MountPoints2: {c097bd10-9ebd-11e1-9626-e06995611815} - H:\LaunchU3.exe -a
Startup: C:\Users\doktagc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\doktagc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default
FF user.js: detected! => C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default\user.js
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: TrackMeNot - C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default\Extensions\trackmenot@mrl.nyu.edu.xpi [2012-03-22]
FF Extension: Foxtab Speed Dial - C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi [2014-03-25]
FF Extension: Adblock Edge - C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-09-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-21]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
==================== Services (Whitelisted) =================
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] ()
R2 CPVNM; C:\Program Files\CopperLan\CPVNM\CPVNM.exe [1177088 2012-12-12] (ICT7 S.A. - www.ict7.com)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [159752 2010-04-24] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10)
==================== Drivers (Whitelisted) ====================
S3 ak1avs; C:\Windows\System32\Drivers\ak1avs.sys [358480 2011-04-11] (Native Instruments GmbH)
S3 ak1avs_x64; C:\Windows\System32\Drivers\ak1avs_x64.sys [45136 2009-10-08] (Native Instruments GmbH)
S3 ak1usb_svc; C:\Windows\System32\Drivers\ak1usb.sys [98384 2011-04-11] (Native Instruments GmbH)
S3 ak1usb_x64; C:\Windows\System32\Drivers\ak1usb_x64.sys [300624 2009-10-08] (Native Instruments GmbH)
R3 automap; C:\Windows\System32\DRIVERS\automap.sys [18776 2012-04-19] (Focusrite Audio Engineering Limited)
R2 CPoEthProt; C:\Windows\System32\DRIVERS\CPoEthProt.sys [25368 2012-06-06] (ICT7 S.A.)
R3 CPVMidi; C:\Windows\System32\DRIVERS\CPVMidi.sys [28408 2011-09-21] (ICT7 S.A. - www.ict7.com)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-08-21] (DT Soft Ltd)
S3 gbxavs; C:\Windows\System32\Drivers\gbxavs.sys [357968 2011-07-07] (Native Instruments GmbH)
S3 gbxusb_svc; C:\Windows\System32\Drivers\gbxusb.sys [68688 2011-07-07] (Native Instruments GmbH)
S3 mmxavs; C:\Windows\System32\Drivers\mmxavs.sys [357968 2011-09-15] (Native Instruments GmbH)
S3 mmxusb_svc; C:\Windows\System32\Drivers\mmxusb.sys [45648 2011-09-15] (Native Instruments GmbH)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2013-03-11] ()
S3 NvnUsbAudio; C:\Windows\System32\DRIVERS\nvnusbaudio.sys [53080 2011-10-05] (Novation DMS Ltd.)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2013-05-01] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2013-05-01] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2013-05-01] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2013-05-01] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2013-05-01] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2013-05-01] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2013-05-01] (MCCI Corporation)
S3 SeratoUsb; C:\Windows\System32\Drivers\SeratoUsb.sys [50808 2010-11-22] (Cristalink Ltd)
S3 SL3; C:\Windows\System32\Drivers\Sl3.sys [57448 2010-11-22] (Cristalink Ltd)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-08-21] (Duplex Secure Ltd.)
S3 TTM57SLUsb; C:\Windows\System32\Drivers\TTM57SLUsb.sys [50296 2010-11-22] (Cristalink Ltd)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-12-01] (X10 Wireless Technology, Inc.)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x64\Sandra.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-21 15:35 - 2014-04-21 15:35 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-21 14:54 - 2014-04-21 15:06 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-21 14:54 - 2014-04-21 14:54 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-21 14:54 - 2014-04-21 14:54 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-21 14:54 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-04-21 14:53 - 2014-04-21 14:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-21 14:38 - 2014-04-21 14:50 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\doktagc\Downloads\spybot-2.2.exe
2014-04-21 14:36 - 2014-04-21 14:36 - 00000000 ____D () C:\ProgramData\Avira
2014-04-21 14:30 - 2014-04-21 14:36 - 04464280 _____ (Avira Operations GmbH & Co. KG) C:\Users\doktagc\Downloads\avira_de_av___ws.exe
2014-04-20 17:18 - 2014-04-22 15:01 - 00000000 ____D () C:\FRST
2014-04-20 17:16 - 2014-04-20 17:16 - 00000188 _____ () C:\Users\doktagc\defogger_reenable
2014-04-20 17:13 - 2014-04-22 15:01 - 00000000 ____D () C:\Users\doktagc\Desktop\trojaner_board
2014-04-17 19:51 - 2014-04-17 19:52 - 00000000 ____D () C:\Users\doktagc\Desktop\GCNU-TestMasterWAVS
2014-04-10 01:10 - 2014-04-10 01:10 - 00884680 _____ (Google Inc.) C:\Users\doktagc\Downloads\ChromeSetup.exe
2014-03-23 15:42 - 2014-03-23 15:44 - 05822512 _____ () C:\Users\doktagc\Desktop\doomdubberzlive.aif.gpk
2014-03-23 15:26 - 2014-03-22 02:33 - 652062414 _____ () C:\Users\doktagc\Desktop\doomdubberzlive.aif
==================== One Month Modified Files and Folders =======
2014-04-22 15:01 - 2014-04-20 17:18 - 00000000 ____D () C:\FRST
2014-04-22 15:01 - 2014-04-20 17:13 - 00000000 ____D () C:\Users\doktagc\Desktop\trojaner_board
2014-04-22 14:59 - 2011-08-20 12:13 - 00000000 ____D () C:\Users\doktagc\AppData\Roaming\Dropbox
2014-04-22 14:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-22 14:58 - 2009-07-14 06:51 - 00226099 _____ () C:\Windows\setupact.log
2014-04-22 14:56 - 2011-08-19 17:02 - 00000000 ___RD () C:\Users\doktagc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-22 14:56 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 14:56 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-21 15:35 - 2014-04-21 15:35 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-21 15:35 - 2011-08-19 16:57 - 01756096 _____ () C:\Windows\WindowsUpdate.log
2014-04-21 15:09 - 2010-11-21 05:47 - 00022080 _____ () C:\Windows\PFRO.log
2014-04-21 15:06 - 2014-04-21 14:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-21 14:58 - 2012-04-05 09:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-21 14:54 - 2014-04-21 14:54 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-21 14:54 - 2014-04-21 14:54 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-21 14:54 - 2014-04-21 14:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-21 14:50 - 2014-04-21 14:38 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\doktagc\Downloads\spybot-2.2.exe
2014-04-21 14:39 - 2014-03-17 18:38 - 00000296 _____ () C:\Windows\Tasks\FoxTab.job
2014-04-21 14:36 - 2014-04-21 14:36 - 00000000 ____D () C:\ProgramData\Avira
2014-04-21 14:36 - 2014-04-21 14:30 - 04464280 _____ (Avira Operations GmbH & Co. KG) C:\Users\doktagc\Downloads\avira_de_av___ws.exe
2014-04-20 17:16 - 2014-04-20 17:16 - 00000188 _____ () C:\Users\doktagc\defogger_reenable
2014-04-20 17:16 - 2011-08-19 17:01 - 00000000 ____D () C:\Users\doktagc
2014-04-18 06:55 - 2012-11-15 11:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-18 06:55 - 2012-11-15 11:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-18 06:55 - 2012-08-27 21:19 - 00000000 ____D () C:\Users\Mcx1-DOKTAGC_LAPTOP.doktagc_laptop
2014-04-18 06:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-17 21:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-17 19:52 - 2014-04-17 19:51 - 00000000 ____D () C:\Users\doktagc\Desktop\GCNU-TestMasterWAVS
2014-04-17 09:27 - 2011-02-10 21:25 - 00696984 _____ () C:\Windows\system32\perfh007.dat
2014-04-17 09:27 - 2011-02-10 21:25 - 00148248 _____ () C:\Windows\system32\perfc007.dat
2014-04-17 09:27 - 2009-07-14 07:13 - 01612924 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-17 09:24 - 2013-02-12 11:02 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F1E38899-A7AC-4545-9BF9-C5109ED06AD8}
2014-04-17 09:21 - 2011-08-20 12:16 - 00000000 ___RD () C:\Users\doktagc\Dropbox
2014-04-13 03:11 - 2011-10-04 15:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-13 03:10 - 2011-08-21 12:37 - 00000000 ____D () C:\Users\doktagc\AppData\Roaming\Skype
2014-04-10 01:14 - 2011-08-19 17:04 - 00000000 ____D () C:\Users\doktagc\AppData\Local\Google
2014-04-10 01:14 - 2011-08-19 16:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-10 01:10 - 2014-04-10 01:10 - 00884680 _____ (Google Inc.) C:\Users\doktagc\Downloads\ChromeSetup.exe
2014-04-01 00:39 - 2014-03-17 18:38 - 00000075 _____ () C:\Users\doktagc\AppData\Roaming\WB.CFG
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-23 15:44 - 2014-03-23 15:42 - 05822512 _____ () C:\Users\doktagc\Desktop\doomdubberzlive.aif.gpk
2014-03-23 15:23 - 2012-05-03 11:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-20 22:43
==================== End Of Log ============================
--- --- --- |
|
22.04.2014, 15:02
| #5 |
| | Windows7/64 fährt im abgesicherten Modus sofort wieder runter, Sicherheitscenter bleibt abgehdreht & Netzwerkadapter finden kein Netzwerk Entschuldigung, ich brauche noch die Additions.txt. Sie liegt unter "C:\Users\doktagc\Desktop\trojaner_board". |
|
22.04.2014, 15:19
| #6 |
| | Windows7/64 fährt im abgesicherten Modus sofort wieder runter, Sicherheitscenter bleibt abgehdreht & Netzwerkadapter finden kein Netzwerk Kein Problem - hatte den optionalen Scan nicht ausgewählt und den Scan nochmal ausgeführt - dürfte aber nichts ausmachen. Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by doktagc at 2014-04-22 16:05:05
Running from C:\Users\doktagc\Desktop\trojaner_board
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.4.1217.35202 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.1217.35202 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
Auto Gordian Knot 2.55 (HKLM-x32\...\AutoGK) (Version: 2.55 - len0x)
Automap 4.4 (HKLM\...\Automap Universal_is1) (Version: 4.4 - Focusrite Audio Engineering Ltd.)
BeatportDownloader (HKLM-x32\...\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1) (Version: 1.003 - Beatport LLC)
BeatportDownloader (x32 Version: 1.003 - Beatport LLC) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broken Age (HKLM-x32\...\Steam App 232790) (Version: - Double Fine Productions)
ByteScout BarCode Generator 3.20.590 (FREEWARE) (HKLM-x32\...\ByteScout BarCode Generator_is1) (Version: - Bytescout Software)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2631 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ClamWin Free Antivirus 0.98.1 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version: - alch)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CopperLan uninstall (HKLM-x32\...\CopperLan) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVD43 Plug-in v1.0.0.5 (HKLM-x32\...\DVD43 Plug-in_is1) (Version: - )
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Foxtab (HKLM-x32\...\foxtab) (Version: - FoxTab) <==== ATTENTION
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Intel(R) C++ Redistributables for Windows* on IA-32 (HKLM-x32\...\{1E958728-CFA3-454A-A2D6-42A9FF718480}) (Version: 11.1.048 - Intel Corporation)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{124E908C-C9B3-4AD8-8D1F-728E12A60ACA}) (Version: 11.1.051 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2226 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
Java(TM) 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 7.7.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.7.0 - )
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Logitech Harmony Remote Software (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 1.0.110307 - Logitech)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 12.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 12.0.1 (x86 de)) (Version: 12.0.1 - Mozilla)
Mp3tag v2.51 (HKLM-x32\...\Mp3tag) (Version: v2.51 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments Audio Kontrol 1 Driver (HKLM-x32\...\Native Instruments Audio Kontrol 1 Driver) (Version: - Native Instruments)
Native Instruments Audio Kontrol 1 Driver (Version: 2.0.15.007 - Native Instruments) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.5.4.1182 - Native Instruments)
Native Instruments Controller Editor (Version: 1.5.4.1182 - Native Instruments) Hidden
Native Instruments Maschine (HKLM-x32\...\Native Instruments Maschine) (Version: - Native Instruments)
Native Instruments Maschine (Version: 1.8.2.247 - Native Instruments) Hidden
Native Instruments Maschine Controller (HKLM-x32\...\Native Instruments Maschine Controller) (Version: - Native Instruments)
Native Instruments Maschine Controller Driver (HKLM-x32\...\Native Instruments Maschine Controller Driver) (Version: - Native Instruments)
Native Instruments Maschine Controller Driver (Version: 3.0.1.648 - Native Instruments) Hidden
Native Instruments Maschine Controller MK2 Driver (HKLM-x32\...\Native Instruments Maschine Controller MK2 Driver) (Version: - Native Instruments)
Native Instruments Maschine Controller MK2 Driver (Version: 3.0.4.719 - Native Instruments) Hidden
Native Instruments Maschine Mikro (HKLM-x32\...\Native Instruments Maschine Mikro) (Version: - Native Instruments)
Native Instruments Maschine Mikro Driver (HKLM-x32\...\Native Instruments Maschine Mikro Driver) (Version: - Native Instruments)
Native Instruments Maschine Mikro Driver (Version: 3.0.2.664 - Native Instruments) Hidden
Native Instruments Maschine Mikro MK2 Driver (HKLM-x32\...\Native Instruments Maschine Mikro MK2 Driver) (Version: - Native Instruments)
Native Instruments Maschine Mikro MK2 Driver (Version: 3.0.4.719 - Native Instruments) Hidden
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
Native Instruments Massive (Version: 1.3.1.129 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Native Instruments Service Center (Version: 2.3.2.926 - Native Instruments) Hidden
Novation USB Audio Driver 2.3 (HKLM\...\Novation USB Audio Driver_is1) (Version: 2.3 - Novation DMS Ltd.)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0017 - Pegatron Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
Rebeat (HKLM-x32\...\Rebeat_is1) (Version: 1.340.6 - Rebeat)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
SimCity 3000 (HKLM-x32\...\SimCity 3000) (Version: - )
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.4.0 - Synaptics Incorporated)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe)
Torchlight 2 (HKLM-x32\...\{049FF5E4-EB02-4c42-8DB0-226E2F7A9E53}) (Version: 1.1.1.1 - )
TT-Dynamic-Range 1.1 (HKLM-x32\...\TT-Dynamic-Range 1.1) (Version: - )
UltraNova Editor 1.1.2 (HKLM\...\{04351EBB-5491-4279-B59A-D96ED9296A85}}_is1) (Version: 1.1.2 - Focusrite Audio Engineering Limited)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.621 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
X10 Hardware(TM) (HKLM-x32\...\X10Hardware) (Version: - )
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version: - )
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
17-04-2014 07:34:39 Windows Update
17-04-2014 18:34:16 Wiederherstellungsvorgang
21-04-2014 12:48:08 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0B07F4D5-DC6C-4C53-AD8A-4AE42B6809EC} - System32\Tasks\{64D215F3-00D3-40F1-A185-15DA2B2C9031} => C:\Users\doktagc\Downloads\Sony_EricssonPC_Suite_2_1046.exe [2013-05-01] ()
Task: {122D32F8-2045-45C1-8F5F-F003318F0389} - System32\Tasks\FoxTab => C:\Users\doktagc\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {2F127C2E-E2E3-4E26-94E3-FBE520C0BA28} - System32\Tasks\{D13C65F6-E20E-452D-B8DB-71046073C994} => C:\Program Files (x86)\monome\Monome Serial 0.2.1.3\MonomeSerial.exe
Task: {33156EC2-473E-4D5C-B6EF-A31BE3058B67} - System32\Tasks\{DD3C4AA0-B093-45CA-B726-7BC3542DEC5D} => C:\Program Files\Maxis\SimCity 2000\SIMCITY.EXE [2013-09-19] (Maxis, Inc.)
Task: {496BB81F-DB81-4589-BBBC-DC5E7A3D6CFA} - System32\Tasks\{3CB3FCDD-2897-4730-9D22-9902919A7E77} => C:\Program Files (x86)\monome\Monome Serial 0.2.1.5\MonomeSerial.exe
Task: {4B22F94B-9DF3-4B22-973B-E05FA8222F50} - System32\Tasks\{295455FD-1CE3-49AD-831F-262AA6BC335A} => C:\Program Files\Maxis\SimCity 2000\SIMCITY.EXE [2013-09-19] (Maxis, Inc.)
Task: {54292B79-5862-4BA4-8C79-813A73ABAF73} - System32\Tasks\{D4224549-6B8B-4710-8328-249380D625E1} => E:\LSL3\INSTALL.EXE
Task: {5497A191-249A-4C6D-9446-D41BEFD66CEC} - System32\Tasks\{FDA186E6-F50B-46A2-9711-32E5D92A5AA0} => C:\Users\doktagc\Downloads\Sony_EricssonPC_Suite_2_1046.exe [2013-05-01] ()
Task: {6237E37D-3B64-44B2-9059-FE40F9BFB621} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {7DB9139A-E62C-47D5-8E64-24B339FC3561} - System32\Tasks\{DF14A9E1-3454-4870-8CC2-AF24A808F5A2} => C:\Windows\system32\msiexec.exe [2010-11-21] (Microsoft Corporation)
Task: {90AEBC30-3E3C-4A34-8BFE-F99EA8B1F750} - System32\Tasks\{F82BC7D4-7061-4E01-B64A-0AA4DB87D1B8} => C:\Program Files (x86)\monome\Monome Serial 0.2.1.5\MonomeSerial.exe
Task: {A737937A-E6D2-41DC-83DA-38B6872882E4} - System32\Tasks\{B54DD49A-B50A-4CD9-B75F-428354B84ED5} => C:\Program Files\Maxis\SimCity 2000\SIMCITY.EXE [2013-09-19] (Maxis, Inc.)
Task: {AC1E3A10-4E46-43CC-9894-06FB14CC1701} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {B44A66AB-2912-4CA5-9751-12A7618C68AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {D3DB6383-7F0A-478C-BFA2-515B816A4A72} - System32\Tasks\{F375B75B-0913-4BD6-AA5C-CAD05522B394} => C:\Program Files (x86)\monome\Monome Serial 0.2.1.5\MonomeSerial.exe
Task: {DFFD27F3-BA3E-4262-8271-86B05558D86A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {E68DC764-E816-46B5-BE6F-AC13BC3691E4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {EECA56C1-01F2-432B-8DCF-53113577699B} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-DOKTAGC_LAPTOP => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\doktagc\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2011-03-11 18:19 - 2009-12-19 01:40 - 00104968 ____R () C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
2011-03-11 18:19 - 2010-04-24 04:13 - 00159752 ____R () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2011-10-28 15:29 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2012-10-11 14:30 - 2012-10-11 14:30 - 00044032 _____ () C:\Program Files\CopperLan\CPVNM\CLP\CLoNet.clp
2012-03-05 10:05 - 2012-03-05 10:05 - 00081408 _____ () C:\Program Files\CopperLan\CPVNM\CLP\CLoUSB.clp
2011-03-11 18:19 - 2010-01-13 03:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2011-03-11 18:19 - 2010-01-13 03:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-12-18 09:58 - 2008-04-19 17:35 - 00080384 _____ () C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-03-11 18:19 - 2010-01-16 05:13 - 00589320 ____R () C:\Program Files (x86)\PHotkey\PVDesktop.exe
2011-03-11 18:19 - 2009-12-19 01:20 - 00462856 ____R () C:\Program Files (x86)\PHotkey\PVDAgent.exe
2014-04-21 14:53 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-04-21 14:53 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-04-21 14:53 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-04-21 14:53 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-04-21 14:53 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-03-11 18:19 - 2009-12-19 01:41 - 00129544 ____R () C:\Program Files (x86)\PHotkey\GFNEX.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\doktagc\AppData\Roaming\Dropbox\bin\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\doktagc:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Microsoft:faeOqa2Tja2OpmtKgDYU
AlternateDataStreams: C:\ProgramData\Microsoft:Mj5t13c78HsvhxA5u3LYECqtQAo
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\doktagc\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\doktagc\Cookies:gs5sys
AlternateDataStreams: C:\Users\doktagc\Lokale Einstellungen:6786XXKc9Jk7X1OewaZndg
AlternateDataStreams: C:\Users\doktagc\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\doktagc\Lokale Einstellungen:pXvPbpFfI7rDkHo0M1lznYMcBa
AlternateDataStreams: C:\Users\doktagc\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\doktagc\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\doktagc\AppData\Local:6786XXKc9Jk7X1OewaZndg
AlternateDataStreams: C:\Users\doktagc\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\doktagc\AppData\Local:pXvPbpFfI7rDkHo0M1lznYMcBa
AlternateDataStreams: C:\Users\doktagc\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\doktagc\AppData\Local\Anwendungsdaten:6786XXKc9Jk7X1OewaZndg
AlternateDataStreams: C:\Users\doktagc\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\doktagc\AppData\Local\Anwendungsdaten:pXvPbpFfI7rDkHo0M1lznYMcBa
AlternateDataStreams: C:\Users\doktagc\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\doktagc\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^Users^doktagc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wavav0bdtzbtb43b.lnk => C:\Windows\pss\wavav0bdtzbtb43b.lnk.Startup
==================== Faulty Device Manager Devices =============
Name: USB2.0 UVC 1.3M Webcam
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/22/2014 02:59:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2014 03:08:34 PM) (Source: MsiInstaller) (User: doktagc_laptop)
Description: Product: Avira -- Error 1920. Service 'Avira Service Host' (Avira.OE.ServiceHost) failed to start. Verify that you have sufficient privileges to start system services.
Error: (04/21/2014 03:07:59 PM) (Source: MsiInstaller) (User: doktagc_laptop)
Description: Product: Avira -- Error 1920. Service 'Avira Service Host' (Avira.OE.ServiceHost) failed to start. Verify that you have sufficient privileges to start system services.
Error: (04/21/2014 03:06:02 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/21/2014 03:06:02 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/21/2014 03:06:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/21/2014 03:06:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/21/2014 03:06:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/21/2014 03:02:42 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/21/2014 03:02:42 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
System errors:
=============
Error: (04/22/2014 02:56:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%127
Error: (04/22/2014 02:56:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/22/2014 02:56:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/22/2014 02:56:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/22/2014 02:55:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/22/2014 02:55:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/22/2014 02:55:06 PM) (Source: DCOM) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error: (04/22/2014 02:54:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/22/2014 02:54:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (04/22/2014 02:54:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%127
Microsoft Office Sessions:
=========================
Error: (04/22/2014 02:59:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2014 03:08:34 PM) (Source: MsiInstaller)(User: doktagc_laptop)
Description: Product: Avira -- Error 1920. Service 'Avira Service Host' (Avira.OE.ServiceHost) failed to start. Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/21/2014 03:07:59 PM) (Source: MsiInstaller)(User: doktagc_laptop)
Description: Product: Avira -- Error 1920. Service 'Avira Service Host' (Avira.OE.ServiceHost) failed to start. Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/21/2014 03:06:02 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/21/2014 03:06:02 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/21/2014 03:06:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/21/2014 03:06:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/21/2014 03:06:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/21/2014 03:02:42 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/21/2014 03:02:42 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
==================== Memory info ===========================
Percentage of memory in use: 32%
Total physical RAM: 3893.14 MB
Available physical RAM: 2643.63 MB
Total Pagefile: 7784.48 MB
Available Pagefile: 6408.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:565.07 GB) (Free:224.19 GB) NTFS
Drive d: (Recover) (Fixed) (Total:30 GB) (Free:11.47 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=565 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
|
|
22.04.2014, 15:58
| #7 |
| | Windows7/64 fährt im abgesicherten Modus sofort wieder runter, Sicherheitscenter bleibt abgehdreht & Netzwerkadapter finden kein Netzwerk Entfernen wir die Reste und machen Kontrollscans. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\b34btbztdb0vavaw.exe
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\doktagc:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Microsoft:faeOqa2Tja2OpmtKgDYU
AlternateDataStreams: C:\ProgramData\Microsoft:Mj5t13c78HsvhxA5u3LYECqtQAo
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\doktagc\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\doktagc\Cookies:gs5sys
AlternateDataStreams: C:\Users\doktagc\Lokale Einstellungen:6786XXKc9Jk7X1OewaZndg
AlternateDataStreams: C:\Users\doktagc\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\doktagc\Lokale Einstellungen:pXvPbpFfI7rDkHo0M1lznYMcBa
AlternateDataStreams: C:\Users\doktagc\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\doktagc\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\doktagc\AppData\Local:6786XXKc9Jk7X1OewaZndg
AlternateDataStreams: C:\Users\doktagc\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\doktagc\AppData\Local:pXvPbpFfI7rDkHo0M1lznYMcBa
AlternateDataStreams: C:\Users\doktagc\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\doktagc\AppData\Local\Anwendungsdaten:6786XXKc9Jk7X1OewaZndg
AlternateDataStreams: C:\Users\doktagc\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\doktagc\AppData\Local\Anwendungsdaten:pXvPbpFfI7rDkHo0M1lznYMcBa
AlternateDataStreams: C:\Users\doktagc\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\doktagc\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Klicke bitte auf den Windowsbutton in der Taskleiste und dort auf "Systemsteuerung". Wenn du dort bist, gehe auf "Programme deinstallieren" unter "Programme". Hier kannst du nun folgende Programm deinstallieren.
Schritt 3 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 4 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 5 ESET Online Scanner
Schritt 6 Starte noch einmal FRST.
Läuft der Computer wieder normal? |
|
23.04.2014, 13:56
| #8 |
| | Windows7/64 fährt im abgesicherten Modus sofort wieder runter, Sicherheitscenter bleibt abgehdreht & Netzwerkadapter finden kein Netzwerk Hallo Mort! Hat etwas gedauert, aber hier die Logs der einzelnen Schritte: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014 01
Ran by doktagc at 2014-04-22 17:32:29 Run:2
Running from C:\Users\doktagc\Desktop\trojaner_board
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\ProgramData\b34btbztdb0vavaw.exe
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\doktagc:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Microsoft:faeOqa2Tja2OpmtKgDYU
AlternateDataStreams: C:\ProgramData\Microsoft:Mj5t13c78HsvhxA5u3LYECqtQAo
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\doktagc\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\doktagc\Cookies:gs5sys
AlternateDataStreams: C:\Users\doktagc\Lokale Einstellungen:6786XXKc9Jk7X1OewaZndg
AlternateDataStreams: C:\Users\doktagc\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\doktagc\Lokale Einstellungen:pXvPbpFfI7rDkHo0M1lznYMcBa
AlternateDataStreams: C:\Users\doktagc\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\doktagc\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\doktagc\AppData\Local:6786XXKc9Jk7X1OewaZndg
AlternateDataStreams: C:\Users\doktagc\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\doktagc\AppData\Local:pXvPbpFfI7rDkHo0M1lznYMcBa
AlternateDataStreams: C:\Users\doktagc\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\doktagc\AppData\Local\Anwendungsdaten:6786XXKc9Jk7X1OewaZndg
AlternateDataStreams: C:\Users\doktagc\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\doktagc\AppData\Local\Anwendungsdaten:pXvPbpFfI7rDkHo0M1lznYMcBa
AlternateDataStreams: C:\Users\doktagc\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\doktagc\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
*****************
"C:\ProgramData\b34btbztdb0vavaw.exe" => File/Directory not found.
C:\ProgramData => ":gs5sys" ADS removed successfully.
"C:\Users\All Users" => ":gs5sys" ADS not found.
C:\Users\doktagc => ":gs5sys" ADS removed successfully.
"C:\ProgramData\Application Data" => ":gs5sys" ADS not found.
C:\ProgramData\Microsoft => ":faeOqa2Tja2OpmtKgDYU" ADS removed successfully.
C:\ProgramData\Microsoft => ":Mj5t13c78HsvhxA5u3LYECqtQAo" ADS removed successfully.
"C:\ProgramData\Templates" => ":gs5sys" ADS not found.
"C:\Users\doktagc\Anwendungsdaten" => ":gs5sys" ADS not found.
"C:\Users\doktagc\Cookies" => ":gs5sys" ADS not found.
"C:\Users\doktagc\Lokale Einstellungen" => ":6786XXKc9Jk7X1OewaZndg" ADS not found.
"C:\Users\doktagc\Lokale Einstellungen" => ":gs5sys" ADS not found.
"C:\Users\doktagc\Lokale Einstellungen" => ":pXvPbpFfI7rDkHo0M1lznYMcBa" ADS not found.
"C:\Users\doktagc\Vorlagen" => ":gs5sys" ADS not found.
C:\Users\doktagc\Desktop\desktop.ini => ":gs5sys" ADS removed successfully.
C:\Users\doktagc\AppData\Local => ":6786XXKc9Jk7X1OewaZndg" ADS removed successfully.
C:\Users\doktagc\AppData\Local => ":gs5sys" ADS removed successfully.
C:\Users\doktagc\AppData\Local => ":pXvPbpFfI7rDkHo0M1lznYMcBa" ADS removed successfully.
C:\Users\doktagc\AppData\Roaming => ":gs5sys" ADS removed successfully.
"C:\Users\doktagc\AppData\Local\Anwendungsdaten" => ":6786XXKc9Jk7X1OewaZndg" ADS not found.
"C:\Users\doktagc\AppData\Local\Anwendungsdaten" => ":gs5sys" ADS not found.
"C:\Users\doktagc\AppData\Local\Anwendungsdaten" => ":pXvPbpFfI7rDkHo0M1lznYMcBa" ADS not found.
"C:\Users\doktagc\AppData\Local\Verlauf" => ":gs5sys" ADS not found.
C:\Users\doktagc\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
C:\Users\Public\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
==== End of Fixlog ====
Code:
ATTFilter # AdwCleaner v3.200 - Bericht erstellt am 22/04/2014 um 17:38:54
# Aktualisiert 22/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : doktagc - DOKTAGC_LAPTOP
# Gestartet von : C:\Users\doktagc\Desktop\trojaner_board\adwcleaner(1).exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\doktagc\AppData\Local\eSupport.com
Ordner Gelöscht : C:\Users\doktagc\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\doktagc\AppData\Roaming\DVDVideoSoft
Ordner Gelöscht : C:\Users\doktagc\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\doktagc\AppData\Roaming\FoxTab
Ordner Gelöscht : C:\Users\doktagc\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\doktagc\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default\user.js
Datei Gelöscht : C:\Windows\Tasks\FoxTab.job
Datei Gelöscht : C:\Windows\System32\Tasks\FoxTab
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dvd-decrypter_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dvd-decrypter_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-download_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-download_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{929801A8-4AEF-4D12-BE31-D85BF666452B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16421
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Zeile gelöscht : user_pref("extensions.facemoods.firstRun", false);
Zeile gelöscht : user_pref("extensions.facemoods.lastActv", "10");
Zeile gelöscht : user_pref("extensions.trackmenot.bingUrl", "hxxp://www.bing.com/search?q=|&pc=conduit&ptag=A32DAE5D6EEA449249AF&form=CONAPP&conlogo=CT3210127&ShowAppsUI=1");
*************************
AdwCleaner[R0].txt - [6837 octets] - [22/04/2014 17:37:42]
AdwCleaner[S0].txt - [6478 octets] - [22/04/2014 17:38:54]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6538 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 22.04.2014 Suchlauf-Zeit: 18:45:28 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.22.04 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: doktagc Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 308999 Verstrichene Zeit: 1 Std, 0 Min, 54 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 3 PUP.Optional.Conduit.A, C:\Users\doktagc\AppData\Local\Temp\ct3288691, In Quarantäne, [8878738dc13fc13fcde68dd32ad86f91], PUP.Optional.Conduit.A, C:\Users\doktagc\AppData\Local\Temp\ct3297265, In Quarantäne, [3bc57d83d42c45bb4c670060fd0552ae], PUP.Optional.Conduit.A, C:\Users\doktagc\AppData\Local\Temp\ct3297861, In Quarantäne, [c838a0608a76bc44763d9fc104fe42be], Dateien: 2 PUP.Optional.OpenCandy, C:\Users\doktagc\Downloads\MyPhoneExplorer_Setup_1.8.4.exe, In Quarantäne, [18e82dd3e51bc33dcbc18cc2758f9b65], PUP.Optional.OpenCandy, C:\Users\doktagc\Downloads\DTLite4461-0327.exe, In Quarantäne, [c53bdc24b7497b854d3f9db107fd1ae6], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=29770f583d202a4584f484781f95aa85
# engine=17979
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-22 06:31:43
# local_time=2014-04-22 08:31:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2817 16777215 100 100 6384512 7458605 0 0
# compatibility_mode=5893 16776573 100 94 106888 149821353 0 0
# scanned=279850
# found=6
# cleaned=0
# scan_time=5352
sh=76F092737EF7A2A8F069537ACBD4C94F8F22C2E0 ft=1 fh=c394ac6397f0a81f vn="Variante von Win32/Kryptik.CABK Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\2992199F9A\gjrjz1qmi.cpp.xBAD"
sh=82B0CBAE293C881DA8F0F2F5891333603B08C9EB ft=1 fh=d4241d61d4c1a390 vn="Win64/Reveton.A Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\2992199F9A\2992199F9A\imq1zjrjg.faa"
sh=4CB5692456D13694F90C947F824EDD0B448CE9C4 ft=1 fh=67e13696d13b0b7a vn="Variante von Win32/Kryptik.BEGM Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\doktagc\AppData\Roaming\skype.dat.xBAD"
sh=CB47C42EB542BB7A05D9E0441D0F81AD9C7A620D ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OEA Trojaner" ac=I fn="C:\Users\doktagc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\71959457-5b7506f9"
sh=99B45B2926302276B1BD24EC07228F98C3563441 ft=1 fh=5086bf6c09911268 vn="Win32/StartPage.OPH Trojaner" ac=I fn="C:\Users\doktagc\Downloads\vlc-2.0.5-win32.exe"
sh=7CC6AFD5678A02BBC2E0FA0D2757B7B9A960A844 ft=1 fh=d1658d117b479bd8 vn="Win32/StartPage.OPH Trojaner" ac=I fn="C:\Users\doktagc\Downloads\vlc-2.0.5-win64.exe"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by doktagc (administrator) on DOKTAGC_LAPTOP on 23-04-2014 14:44:11
Running from C:\Users\doktagc\Desktop\trojaner_board
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
() C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ICT7 S.A. - www.ict7.com) C:\Program Files\CopperLan\CPVNM\CPVNM.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Spotify Ltd) C:\Users\doktagc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\doktagc\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\POSD.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10918504 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2092648 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-08-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2028328 2010-01-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-12-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2014-01-26] (alch)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-981922040-252109876-1569448898-1000\...\Run: [Spotify Web Helper] => C:\Users\doktagc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-03-03] (Spotify Ltd)
HKU\S-1-5-21-981922040-252109876-1569448898-1000\...\MountPoints2: {22f7a763-cbfb-11e0-bf1e-e06995611815} - G:\Launcher\LAUNCHER.EXE
HKU\S-1-5-21-981922040-252109876-1569448898-1000\...\MountPoints2: {c097bd10-9ebd-11e1-9626-e06995611815} - H:\LaunchU3.exe -a
Startup: C:\Users\doktagc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\doktagc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.250
FireFox:
========
FF ProfilePath: C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: TrackMeNot - C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default\Extensions\trackmenot@mrl.nyu.edu.xpi [2012-03-22]
FF Extension: Adblock Edge - C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-09-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-21]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
==================== Services (Whitelisted) =================
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] ()
R2 CPVNM; C:\Program Files\CopperLan\CPVNM\CPVNM.exe [1177088 2012-12-12] (ICT7 S.A. - www.ict7.com)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [159752 2010-04-24] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10)
==================== Drivers (Whitelisted) ====================
S3 ak1avs; C:\Windows\System32\Drivers\ak1avs.sys [358480 2011-04-11] (Native Instruments GmbH)
S3 ak1avs_x64; C:\Windows\System32\Drivers\ak1avs_x64.sys [45136 2009-10-08] (Native Instruments GmbH)
S3 ak1usb_svc; C:\Windows\System32\Drivers\ak1usb.sys [98384 2011-04-11] (Native Instruments GmbH)
S3 ak1usb_x64; C:\Windows\System32\Drivers\ak1usb_x64.sys [300624 2009-10-08] (Native Instruments GmbH)
R3 automap; C:\Windows\System32\DRIVERS\automap.sys [18776 2012-04-19] (Focusrite Audio Engineering Limited)
R2 CPoEthProt; C:\Windows\System32\DRIVERS\CPoEthProt.sys [25368 2012-06-06] (ICT7 S.A.)
R3 CPVMidi; C:\Windows\System32\DRIVERS\CPVMidi.sys [28408 2011-09-21] (ICT7 S.A. - www.ict7.com)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-08-21] (DT Soft Ltd)
S3 gbxavs; C:\Windows\System32\Drivers\gbxavs.sys [357968 2011-07-07] (Native Instruments GmbH)
S3 gbxusb_svc; C:\Windows\System32\Drivers\gbxusb.sys [68688 2011-07-07] (Native Instruments GmbH)
S3 mmxavs; C:\Windows\System32\Drivers\mmxavs.sys [357968 2011-09-15] (Native Instruments GmbH)
S3 mmxusb_svc; C:\Windows\System32\Drivers\mmxusb.sys [45648 2011-09-15] (Native Instruments GmbH)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2013-03-11] ()
S3 NvnUsbAudio; C:\Windows\System32\DRIVERS\nvnusbaudio.sys [53080 2011-10-05] (Novation DMS Ltd.)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2013-05-01] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2013-05-01] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2013-05-01] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2013-05-01] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2013-05-01] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2013-05-01] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2013-05-01] (MCCI Corporation)
S3 SeratoUsb; C:\Windows\System32\Drivers\SeratoUsb.sys [50808 2010-11-22] (Cristalink Ltd)
S3 SL3; C:\Windows\System32\Drivers\Sl3.sys [57448 2010-11-22] (Cristalink Ltd)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-08-21] (Duplex Secure Ltd.)
S3 TTM57SLUsb; C:\Windows\System32\Drivers\TTM57SLUsb.sys [50296 2010-11-22] (Cristalink Ltd)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-12-01] (X10 Wireless Technology, Inc.)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x64\Sandra.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-22 18:58 - 2014-04-22 18:58 - 02347384 _____ (ESET) C:\Users\doktagc\Downloads\esetsmartinstaller_deu.exe
2014-04-22 17:42 - 2014-04-22 18:50 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 17:42 - 2014-04-22 17:42 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-22 17:42 - 2014-04-22 17:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-22 17:42 - 2014-04-22 17:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-22 17:42 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-22 17:42 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-22 17:42 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-22 17:37 - 2014-04-22 17:38 - 00000000 ____D () C:\AdwCleaner
2014-04-21 15:35 - 2014-04-21 15:35 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-21 14:54 - 2014-04-21 15:06 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-21 14:54 - 2014-04-21 14:54 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-21 14:54 - 2014-04-21 14:54 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-21 14:54 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-04-21 14:53 - 2014-04-21 14:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-21 14:38 - 2014-04-21 14:50 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\doktagc\Downloads\spybot-2.2.exe
2014-04-21 14:36 - 2014-04-21 14:36 - 00000000 ____D () C:\ProgramData\Avira
2014-04-21 14:30 - 2014-04-21 14:36 - 04464280 _____ (Avira Operations GmbH & Co. KG) C:\Users\doktagc\Downloads\avira_de_av___ws.exe
2014-04-20 17:18 - 2014-04-23 14:44 - 00000000 ____D () C:\FRST
2014-04-20 17:16 - 2014-04-20 17:16 - 00000188 _____ () C:\Users\doktagc\defogger_reenable
2014-04-20 17:13 - 2014-04-23 14:44 - 00000000 ____D () C:\Users\doktagc\Desktop\trojaner_board
2014-04-17 19:51 - 2014-04-17 19:52 - 00000000 ____D () C:\Users\doktagc\Desktop\GCNU-TestMasterWAVS
2014-04-10 01:10 - 2014-04-10 01:10 - 00884680 _____ (Google Inc.) C:\Users\doktagc\Downloads\ChromeSetup.exe
==================== One Month Modified Files and Folders =======
2014-04-23 14:44 - 2014-04-20 17:18 - 00000000 ____D () C:\FRST
2014-04-23 14:44 - 2014-04-20 17:13 - 00000000 ____D () C:\Users\doktagc\Desktop\trojaner_board
2014-04-23 14:37 - 2011-08-20 12:13 - 00000000 ____D () C:\Users\doktagc\AppData\Roaming\Dropbox
2014-04-23 14:35 - 2012-04-05 09:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-22 18:58 - 2014-04-22 18:58 - 02347384 _____ (ESET) C:\Users\doktagc\Downloads\esetsmartinstaller_deu.exe
2014-04-22 18:54 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 18:54 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-22 18:50 - 2014-04-22 17:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 18:49 - 2011-08-19 16:57 - 01766098 _____ () C:\Windows\WindowsUpdate.log
2014-04-22 18:48 - 2011-08-20 12:16 - 00000000 ___RD () C:\Users\doktagc\Dropbox
2014-04-22 18:46 - 2010-11-21 05:47 - 00023862 _____ () C:\Windows\PFRO.log
2014-04-22 18:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-22 18:46 - 2009-07-14 06:51 - 00226211 _____ () C:\Windows\setupact.log
2014-04-22 17:46 - 2011-02-10 21:25 - 00696984 _____ () C:\Windows\system32\perfh007.dat
2014-04-22 17:46 - 2011-02-10 21:25 - 00148248 _____ () C:\Windows\system32\perfc007.dat
2014-04-22 17:46 - 2009-07-14 07:13 - 01612924 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-22 17:42 - 2014-04-22 17:42 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-22 17:42 - 2014-04-22 17:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-22 17:42 - 2014-04-22 17:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-22 17:38 - 2014-04-22 17:37 - 00000000 ____D () C:\AdwCleaner
2014-04-22 14:56 - 2011-08-19 17:02 - 00000000 ___RD () C:\Users\doktagc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-21 15:35 - 2014-04-21 15:35 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-21 15:06 - 2014-04-21 14:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-21 14:54 - 2014-04-21 14:54 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-21 14:54 - 2014-04-21 14:54 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-21 14:54 - 2014-04-21 14:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-21 14:50 - 2014-04-21 14:38 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\doktagc\Downloads\spybot-2.2.exe
2014-04-21 14:36 - 2014-04-21 14:36 - 00000000 ____D () C:\ProgramData\Avira
2014-04-21 14:36 - 2014-04-21 14:30 - 04464280 _____ (Avira Operations GmbH & Co. KG) C:\Users\doktagc\Downloads\avira_de_av___ws.exe
2014-04-20 17:16 - 2014-04-20 17:16 - 00000188 _____ () C:\Users\doktagc\defogger_reenable
2014-04-20 17:16 - 2011-08-19 17:01 - 00000000 ____D () C:\Users\doktagc
2014-04-18 06:55 - 2012-11-15 11:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-18 06:55 - 2012-11-15 11:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-18 06:55 - 2012-08-27 21:19 - 00000000 ____D () C:\Users\Mcx1-DOKTAGC_LAPTOP.doktagc_laptop
2014-04-18 06:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-17 21:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-17 19:52 - 2014-04-17 19:51 - 00000000 ____D () C:\Users\doktagc\Desktop\GCNU-TestMasterWAVS
2014-04-17 09:24 - 2013-02-12 11:02 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F1E38899-A7AC-4545-9BF9-C5109ED06AD8}
2014-04-13 03:11 - 2011-10-04 15:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-13 03:10 - 2011-08-21 12:37 - 00000000 ____D () C:\Users\doktagc\AppData\Roaming\Skype
2014-04-10 01:14 - 2011-08-19 17:04 - 00000000 ____D () C:\Users\doktagc\AppData\Local\Google
2014-04-10 01:14 - 2011-08-19 16:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-10 01:10 - 2014-04-10 01:10 - 00884680 _____ (Google Inc.) C:\Users\doktagc\Downloads\ChromeSetup.exe
2014-04-03 09:51 - 2014-04-22 17:42 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-22 17:42 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-22 17:42 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 00:39 - 2014-03-17 18:38 - 00000075 _____ () C:\Users\doktagc\AppData\Roaming\WB.CFG
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\doktagc\AppData\Local\Temp\94252uninstall.exe
C:\Users\doktagc\AppData\Local\Temp\Quarantine.exe
C:\Users\doktagc\AppData\Local\Temp\Sqlite3.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-20 22:43
==================== End Of Log ============================
--- --- --- Der Computer läuft wieder einwandfrei Ich danke sehr für Deine Hilfe - die war echt Gold wert! Beste Grüße redrub |
|
23.04.2014, 21:04
| #9 |
| | Windows7/64 fährt im abgesicherten Modus sofort wieder runter, Sicherheitscenter bleibt abgehdreht & Netzwerkadapter finden kein Netzwerk Ja, wir haben es. Updates Bitte lade dir von Microsoft die neuste Version des Internet Explorers runter: Laden Sie Internet Explorer herunter Klicke nun auf den Windowsbutton in der Taskleiste und dort auf "Systemsteuerung". Wenn du dort bist, gehe auf "Programme deinstallieren" unter "Programme". Deinstalliere hier alle alten Java-Versionen. Falls du Java brauchst kannst du es wieder herunter laden:
Wenn du zufrieden bist, kannst du mir hier gerne danken. Ich sehe in deinen Logs nichts gefährliches mehr. Cleanup Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Die Reihenfolge ist hier entscheidend.
Tipps  Welches Antiviren-Programm soll ich nehmen?Es gibt kein Antiviren-Programm, dass alle Schädlinge findet und du kannst dich nicht 100%-ig auf das Programm verlassen. Es hängt immer noch von deinem Verhalten ab. Mit dem richtigen Verhalten schützt du dich am besten davor, dass du überhaupt infiziert wirst.
Nutze immer nur ein Antiviren Programm, da mehrere sich gegenseitig blockieren werden und es somit mehr schadet, als es nutzt. Falls du mehr als einen installiert hast, entscheide dich für einen von denen und deinstalliere die anderen. Halte außerdem dein Antiviren-Programm immer aktuell, denn durch eine veraltete Datenbank kann das Programm die neuen Infektionen nicht finden.
Zusätzlich zu deinem Antiviren-Programm kannst du kannst auch regelmäßig einen On-Demand Scanner laufen lassen um dir eine zweite Meinung zu holen. Ein On-Demand Scanner läuft im Gegensatz zu einem normalem Antiviren-Programm nicht ständig mit sondern nur wenn du ihm sagst, dass er das System scannen soll.
Was sollte ich vor dem Runterladen beachten?
Sonstige Tipps
Wenn du das Trojaner-Board unterstützten willst, kannst du gerne Spenden. Ich wünsche dir noch eine schöne Zeit. |
|
| Themen zu Windows7/64 fährt im abgesicherten Modus sofort wieder runter, Sicherheitscenter bleibt abgehdreht & Netzwerkadapter finden kein Netzwerk |
| browser, checkliste, desktop, device driver, downloader, error, ftp, icreinstall, iexplore.exe, java/exploit.agent.oea, kein netzwerk, msiexec.exe, pup.optional.conduit.a, pup.optional.opencandy, realtek, scan, security, software, spotify web helper, svchost.exe, system, trojaner, usb, win32/kryptik.begm, win32/kryptik.cabk, win32/startpage.oph, win64/reveton.a, windows |
Hybrid-Darstellung
