Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Sony Vaio UEFI Win 8 GVU Trojaner (https://www.trojaner-board.de/137156-sony-vaio-uefi-win-8-gvu-trojaner.html)

klauskunkler 25.06.2013 12:22
Sony Vaio UEFI Win 8 GVU Trojaner
 
Guten Tag,

habe den GVU Trojaner eingefangen. Sony Vayo mit dem "eigenen" Bootsystem UEFI und Win 8.
Wie bitte kann ich den Laptop wieder zum laufen bekommen ?

Vielen Dank und liebe Grüße

Klaus Kunkler

schrauber 25.06.2013 12:25
Hi,



Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

klauskunkler 25.06.2013 12:53
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2013 01
Ran by SYSTEM on 25-06-2013 15:47:19
Running from E:\
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO  [1214608 2012-09-20] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe" [766080 2012-11-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [127616 2012-11-05] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-11-09] (Synaptics Incorporated)
HKLM\...\Winlogon: [Shell] C:\PROGRA~3\gjiw8.bat [x ] () <=== ATTENTION
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] "c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui [299648 2012-07-24] (McAfee, Inc.)
HKLM-x32\...\Run: [ATLauncher] "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createshortcuts:1 [492728 2012-09-15] (McAfee, Inc.)
HKLM-x32\...\Run: [ATUninstallIcon] "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createuninstallentry:1 [492728 2012-09-15] (McAfee, Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [156000 2012-10-04] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKU\Leonie\...\Run: [ctfmon32.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\8wijg.dat,XFG00 [199680 2013-06-20] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Parental Controls.lnk
ShortcutTarget: McAfee Parental Controls.lnk -> C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe (McAfee, Inc.)
Startup: C:\Users\Leonie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~3\8wijg.dat (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-11-05] (Qualcomm Atheros Commnucations)
S2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [332080 2012-01-26] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-07-24] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-07-24] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McSchedulerSvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-07-24] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfeicfcoreocp; C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe [2769552 2013-05-09] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-10-17] (Sony Corporation)
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1265824 2012-10-23] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-11-05] (Atheros)

==================== Drivers (Whitelisted) ====================

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-05] (Qualcomm Atheros)
S3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-11-05] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
S0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69168 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-11-09] (Synaptics Incorporated)
S3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation)
S3 mfeapfk01; No ImagePath
S3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-25 15:46 - 2013-06-25 15:46 - 00000000 ____D C:\FRST
2013-06-21 10:57 - 2013-06-25 14:36 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-20 19:23 - 2013-06-20 19:23 - 00000000 __ASH C:\DkHyperbootSync
2013-06-20 14:12 - 2013-06-20 14:12 - 00000000 __SHD C:\found.000
2013-06-20 12:39 - 2013-03-06 08:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-06-20 12:39 - 2013-03-06 07:59 - 00069864 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys
2013-06-20 12:39 - 2013-03-06 07:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-06-20 12:39 - 2013-03-06 07:31 - 10116608 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-06-20 12:39 - 2013-03-06 07:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-06-20 12:39 - 2013-03-06 07:29 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-06-20 12:39 - 2013-03-06 07:29 - 02146304 ____A (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2013-06-20 12:39 - 2013-03-06 07:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-06-20 12:39 - 2013-03-06 06:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-06-20 12:39 - 2013-03-06 06:03 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-06-20 12:39 - 2013-03-06 06:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-06-20 12:39 - 2013-03-06 06:02 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-06-20 12:39 - 2013-03-06 06:02 - 00754176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2013-06-20 12:22 - 2013-06-25 14:36 - 95023320 ___AT C:\ProgramData\gjiw8.pad
2013-06-20 12:22 - 2013-06-25 14:15 - 00048640 ____A (Microsoft Corporation) C:\ProgramData\sdaksda.txt
2013-06-20 12:22 - 2013-06-20 12:22 - 00199680 ____A (Microsoft Corporation) C:\ProgramData\8wijg.dat
2013-06-20 12:22 - 2013-06-20 12:22 - 00048640 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-20 12:22 - 2013-06-20 12:22 - 00002655 ____A C:\ProgramData\gjiw8.js
2013-06-20 12:22 - 2013-06-20 12:22 - 00000151 ____A C:\ProgramData\gjiw8.reg
2013-06-20 12:22 - 2013-06-20 12:22 - 00000056 ____A C:\ProgramData\gjiw8.bat
2013-06-16 09:26 - 2013-03-15 01:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-06-15 19:29 - 2013-03-22 04:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-06-15 19:29 - 2013-03-21 23:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2013-06-14 16:49 - 2013-05-04 08:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-14 16:49 - 2013-04-27 06:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-14 16:49 - 2013-04-24 00:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-14 16:49 - 2013-04-24 00:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-14 16:49 - 2013-04-24 00:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-14 16:49 - 2013-04-23 23:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-14 16:49 - 2013-04-23 23:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-14 16:49 - 2013-04-23 23:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-14 16:49 - 2013-04-23 23:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-14 16:49 - 2013-04-03 00:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-14 16:49 - 2013-04-03 00:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-14 16:48 - 2013-05-15 23:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-06-14 16:48 - 2013-05-15 23:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-14 16:48 - 2013-05-15 23:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-14 16:48 - 2013-05-15 23:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-06-14 16:48 - 2013-05-14 14:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-14 16:48 - 2013-05-14 10:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 16:48 - 2013-04-28 23:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-14 16:48 - 2013-04-28 23:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-14 16:48 - 2013-04-28 23:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-14 16:48 - 2013-04-28 23:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-14 16:48 - 2013-04-28 23:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-14 16:48 - 2013-04-28 23:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-14 16:48 - 2013-04-28 23:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-14 16:48 - 2013-04-28 23:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-14 16:48 - 2013-04-28 23:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-14 16:48 - 2013-04-28 23:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-14 16:48 - 2013-04-28 23:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-06-14 16:48 - 2013-04-28 23:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-14 16:48 - 2013-04-28 23:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-14 16:48 - 2013-04-28 23:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-14 16:48 - 2013-04-28 23:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-14 16:48 - 2013-04-28 23:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

==================== One Month Modified Files and Folders =======

2013-06-25 15:46 - 2013-06-25 15:46 - 00000000 ____D C:\FRST
2013-06-25 14:40 - 2013-03-27 17:37 - 00909294 ____A C:\Windows\System32\perfh007.dat
2013-06-25 14:40 - 2013-03-27 17:37 - 00201386 ____A C:\Windows\System32\perfc007.dat
2013-06-25 14:40 - 2012-07-26 08:28 - 00005426 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-25 14:36 - 2013-06-21 10:57 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-25 14:36 - 2013-06-20 12:22 - 95023320 ___AT C:\ProgramData\gjiw8.pad
2013-06-25 14:35 - 2012-07-26 08:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-25 14:20 - 2013-03-27 17:59 - 01666018 ____A C:\Windows\WindowsUpdate.log
2013-06-25 14:19 - 2013-04-29 09:28 - 00000000 ____D C:\users\Leonie
2013-06-25 14:15 - 2013-06-20 12:22 - 00048640 ____A (Microsoft Corporation) C:\ProgramData\sdaksda.txt
2013-06-21 17:12 - 2013-03-27 18:27 - 00000000 ____D C:\ProgramData\MOCP
2013-06-20 19:23 - 2013-06-20 19:23 - 00000000 __ASH C:\DkHyperbootSync
2013-06-20 19:19 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-06-20 18:39 - 2012-07-26 06:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
2013-06-20 18:32 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-06-20 15:50 - 2012-07-26 08:21 - 00027207 ____A C:\Windows\setupact.log
2013-06-20 15:42 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\sru
2013-06-20 14:12 - 2013-06-20 14:12 - 00000000 __SHD C:\found.000
2013-06-20 12:56 - 2013-03-27 18:02 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-06-20 12:36 - 2012-07-26 06:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-06-20 12:22 - 2013-06-20 12:22 - 00199680 ____A (Microsoft Corporation) C:\ProgramData\8wijg.dat
2013-06-20 12:22 - 2013-06-20 12:22 - 00048640 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-20 12:22 - 2013-06-20 12:22 - 00002655 ____A C:\ProgramData\gjiw8.js
2013-06-20 12:22 - 2013-06-20 12:22 - 00000151 ____A C:\ProgramData\gjiw8.reg
2013-06-20 12:22 - 2013-06-20 12:22 - 00000056 ____A C:\ProgramData\gjiw8.bat
2013-06-14 17:34 - 2013-04-30 12:15 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-14 17:12 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-06-09 20:21 - 2012-08-03 03:22 - 00007674 ____A C:\Windows\PFRO.log
2013-06-04 23:09 - 2012-07-26 09:14 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-04 23:09 - 2012-07-26 09:14 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\ProgramData\8wijg.dat
C:\ProgramData\gjiw8.bat
C:\ProgramData\gjiw8.pad
C:\ProgramData\gjiw8.reg

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-05-19 13:45:13
Restore point made on: 2013-06-08 17:03:07
Restore point made on: 2013-06-14 17:33:15
Restore point made on: 2013-06-20 13:01:57
Restore point made on: 2013-06-20 13:59:56
Restore point made on: 2013-06-21 10:57:37
Restore point made on: 2013-06-21 10:58:12
Restore point made on: 2013-06-25 14:28:52
Restore point made on: 2013-06-25 14:36:34
Restore point made on: 2013-06-25 14:38:06
Restore point made on: 2013-06-25 14:39:57
Restore point made on: 2013-06-25 14:40:02
Restore point made on: 2013-06-25 14:40:14

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3975.27 MB
Available physical RAM: 3296.05 MB
Total Pagefile: 3975.27 MB
Available Pagefile: 3307.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:437.73 GB) (Free:385.29 GB) NTFS
Drive e: (HITMANPRO) (Removable) (Total:3.77 GB) (Free:3.77 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: DF9868EC)

Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 22 GB) (Disk ID: F45AA24F)

Partition: GPT Partition Type
========================================================
Disk: 2 (Size: 4 GB) (Disk ID: 120996A5)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-06-14 17:34

==================== End Of Log ============================
--- --- ---

--- --- ---


Sorry wenn ich einen Fehler gemacht haben sollte. Im Fenster war diese "Code" Bezeichnung, ich habe nach der Anweisung mit dem # gehandelt. Doch jetzt ists weg :-(

schrauber 25.06.2013 14:21
Alles prima :)



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
HKU\Leonie\...\Run: [ctfmon32.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\8wijg.dat,XFG00 [199680 2013-06-20] (Microsoft Corporation)
C:\ProgramData\rundll32.exe
C:\ProgramData\8wijg.dat
C:\ProgramData\gjiw8.bat
C:\ProgramData\gjiw8.pad
C:\ProgramData\gjiw8.reg
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Neu booten, freuen :)

klauskunkler 25.06.2013 15:25
Vielen Dank schon mal. Habe allerdings leider einen Fehler gemacht. Statt auf Fix habe ich nochmals aus Scan geklickt. Jetzt bei einem erneuten Versuch schreibt er nach dem Klick auf Fix

no fixlist.txt found

Im Eingabefenster kann ich auch mit dir (habe mal DOS gelernt :-) nix finden, keine fixlist.txt

Sorry

schrauber 25.06.2013 15:28
Du musst die Fixlist neu anlegen :)

klauskunkler 25.06.2013 17:55
HKU\Leonie\...\Run: [ctfmon32.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\8wijg.dat,XFG00 [199680 2013-06-20] (Microsoft Corporation)
C:\ProgramData\rundll32.exe
C:\ProgramData\8wijg.dat
C:\ProgramData\gjiw8.bat
C:\ProgramData\gjiw8.pad
C:\ProgramData\gjiw8.reg

Hallo Schrauber,

konnte leider nicht gleich antworten, musste mal was schaffen :-)

Ich schau mal, ob´s nun wieder läuft !

Nachtrag: Neu gebootet, das GVU Ding kommt wieder :-)

Auf ein Neues, hier jetzt die fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-06-2013 01
Ran by SYSTEM at 2013-06-25 22:10:32 Run:2
Running from E:\
Boot Mode: Recovery
==============================================

HKU\Leonie\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon32.exe => Value deleted successfully.
C:\ProgramData\rundll32.exe => Moved successfully.
C:\ProgramData\8wijg.dat => Moved successfully.
C:\ProgramData\gjiw8.bat => Moved successfully.
C:\ProgramData\gjiw8.pad => Moved successfully.
C:\ProgramData\gjiw8.reg => Moved successfully.

==== End of Fixlog ====

schrauber 25.06.2013 19:20
Immer noch gesperrt?

Wenn ja bitte frisches FRST Log aus der Recovery.

klauskunkler 25.06.2013 19:42
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2013 01
Ran by SYSTEM on 25-06-2013 22:39:32
Running from E:\
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO  [1214608 2012-09-20] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe" [766080 2012-11-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [127616 2012-11-05] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-11-09] (Synaptics Incorporated)
HKLM\...\Winlogon: [Shell] C:\PROGRA~3\gjiw8.bat [x ] () <=== ATTENTION
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] "c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui [299648 2012-07-24] (McAfee, Inc.)
HKLM-x32\...\Run: [ATLauncher] "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createshortcuts:1 [492728 2012-09-15] (McAfee, Inc.)
HKLM-x32\...\Run: [ATUninstallIcon] "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createuninstallentry:1 [492728 2012-09-15] (McAfee, Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [156000 2012-10-04] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Parental Controls.lnk
ShortcutTarget: McAfee Parental Controls.lnk -> C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe (McAfee, Inc.)
Startup: C:\Users\Leonie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~3\8wijg.dat (No File)

==================== Services (Whitelisted) =================

S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-11-05] (Qualcomm Atheros Commnucations)
S2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [332080 2012-01-26] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-07-24] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-07-24] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McSchedulerSvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-07-24] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfeicfcoreocp; C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe [2769552 2013-05-09] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-10-17] (Sony Corporation)
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1265824 2012-10-23] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-11-05] (Atheros)

==================== Drivers (Whitelisted) ====================

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-05] (Qualcomm Atheros)
S3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-11-05] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
S0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69168 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-11-09] (Synaptics Incorporated)
S3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation)
S3 mfeapfk01; No ImagePath
S3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-25 21:25 - 2013-06-25 21:25 - 00000000 ____D C:\Users\Leonie\AppData\Roaming\iolo
2013-06-25 20:51 - 2013-06-25 20:51 - 00000000 ____A C:\fixlist.txt
2013-06-25 15:46 - 2013-06-25 15:46 - 00000000 ____D C:\FRST
2013-06-21 10:57 - 2013-06-25 20:06 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-20 19:23 - 2013-06-20 19:23 - 00000000 __ASH C:\DkHyperbootSync
2013-06-20 14:12 - 2013-06-20 14:12 - 00000000 __SHD C:\found.000
2013-06-20 12:39 - 2013-03-06 08:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-06-20 12:39 - 2013-03-06 07:59 - 00069864 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys
2013-06-20 12:39 - 2013-03-06 07:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-06-20 12:39 - 2013-03-06 07:31 - 10116608 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-06-20 12:39 - 2013-03-06 07:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-06-20 12:39 - 2013-03-06 07:29 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-06-20 12:39 - 2013-03-06 07:29 - 02146304 ____A (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2013-06-20 12:39 - 2013-03-06 07:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-06-20 12:39 - 2013-03-06 06:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-06-20 12:39 - 2013-03-06 06:03 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-06-20 12:39 - 2013-03-06 06:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-06-20 12:39 - 2013-03-06 06:02 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-06-20 12:39 - 2013-03-06 06:02 - 00754176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2013-06-20 12:22 - 2013-06-25 20:06 - 00048640 ____A (Microsoft Corporation) C:\ProgramData\sdaksda.txt
2013-06-20 12:22 - 2013-06-20 12:22 - 00002655 ____A C:\ProgramData\gjiw8.js
2013-06-16 09:26 - 2013-03-15 01:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-06-15 19:29 - 2013-03-22 04:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-06-15 19:29 - 2013-03-21 23:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2013-06-14 16:49 - 2013-05-04 08:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-14 16:49 - 2013-04-27 06:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-14 16:49 - 2013-04-24 00:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-14 16:49 - 2013-04-24 00:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-14 16:49 - 2013-04-24 00:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-14 16:49 - 2013-04-23 23:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-14 16:49 - 2013-04-23 23:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-14 16:49 - 2013-04-23 23:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-14 16:49 - 2013-04-23 23:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-14 16:49 - 2013-04-03 00:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-14 16:49 - 2013-04-03 00:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-14 16:48 - 2013-05-15 23:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-06-14 16:48 - 2013-05-15 23:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-14 16:48 - 2013-05-15 23:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-14 16:48 - 2013-05-15 23:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-06-14 16:48 - 2013-05-14 14:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-14 16:48 - 2013-05-14 10:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 16:48 - 2013-04-28 23:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-14 16:48 - 2013-04-28 23:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-14 16:48 - 2013-04-28 23:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-14 16:48 - 2013-04-28 23:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-14 16:48 - 2013-04-28 23:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-14 16:48 - 2013-04-28 23:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-14 16:48 - 2013-04-28 23:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-14 16:48 - 2013-04-28 23:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-14 16:48 - 2013-04-28 23:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-14 16:48 - 2013-04-28 23:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-14 16:48 - 2013-04-28 23:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-06-14 16:48 - 2013-04-28 23:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-14 16:48 - 2013-04-28 23:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-14 16:48 - 2013-04-28 23:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-14 16:48 - 2013-04-28 23:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-14 16:48 - 2013-04-28 23:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

==================== One Month Modified Files and Folders =======

2013-06-25 21:35 - 2013-03-27 17:37 - 00956262 ____A C:\Windows\System32\perfh007.dat
2013-06-25 21:35 - 2013-03-27 17:37 - 00215174 ____A C:\Windows\System32\perfc007.dat
2013-06-25 21:35 - 2012-07-26 08:28 - 00005426 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-25 21:33 - 2013-03-27 18:27 - 00000000 ____D C:\ProgramData\MOCP
2013-06-25 21:31 - 2013-03-27 17:59 - 01718671 ____A C:\Windows\WindowsUpdate.log
2013-06-25 21:31 - 2012-07-26 08:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-25 21:25 - 2013-06-25 21:25 - 00000000 ____D C:\Users\Leonie\AppData\Roaming\iolo
2013-06-25 21:25 - 2013-03-27 19:07 - 00000000 ____D C:\ProgramData\iolo
2013-06-25 21:19 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\sru
2013-06-25 20:51 - 2013-06-25 20:51 - 00000000 ____A C:\fixlist.txt
2013-06-25 20:06 - 2013-06-21 10:57 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-25 20:06 - 2013-06-20 12:22 - 00048640 ____A (Microsoft Corporation) C:\ProgramData\sdaksda.txt
2013-06-25 15:46 - 2013-06-25 15:46 - 00000000 ____D C:\FRST
2013-06-25 14:19 - 2013-04-29 09:28 - 00000000 ____D C:\users\Leonie
2013-06-20 19:23 - 2013-06-20 19:23 - 00000000 __ASH C:\DkHyperbootSync
2013-06-20 19:19 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-06-20 18:39 - 2012-07-26 06:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
2013-06-20 18:32 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-06-20 15:50 - 2012-07-26 08:21 - 00027207 ____A C:\Windows\setupact.log
2013-06-20 14:12 - 2013-06-20 14:12 - 00000000 __SHD C:\found.000
2013-06-20 12:56 - 2013-03-27 18:02 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-06-20 12:36 - 2012-07-26 06:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-06-20 12:22 - 2013-06-20 12:22 - 00002655 ____A C:\ProgramData\gjiw8.js
2013-06-14 17:34 - 2013-04-30 12:15 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-14 17:12 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-06-09 20:21 - 2012-08-03 03:22 - 00007674 ____A C:\Windows\PFRO.log
2013-06-04 23:09 - 2012-07-26 09:14 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-04 23:09 - 2012-07-26 09:14 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-05-19 13:45:13
Restore point made on: 2013-06-08 17:03:07
Restore point made on: 2013-06-14 17:33:15
Restore point made on: 2013-06-20 13:01:57
Restore point made on: 2013-06-20 13:59:56
Restore point made on: 2013-06-21 10:57:37
Restore point made on: 2013-06-21 10:58:12
Restore point made on: 2013-06-25 14:28:52
Restore point made on: 2013-06-25 14:36:34
Restore point made on: 2013-06-25 14:38:06
Restore point made on: 2013-06-25 14:39:57
Restore point made on: 2013-06-25 14:40:02
Restore point made on: 2013-06-25 14:40:14
Restore point made on: 2013-06-25 19:58:41
Restore point made on: 2013-06-25 20:06:55

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3975.27 MB
Available physical RAM: 3294.25 MB
Total Pagefile: 3975.27 MB
Available Pagefile: 3301.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:437.73 GB) (Free:386.12 GB) NTFS
Drive e: (HITMANPRO) (Removable) (Total:3.77 GB) (Free:3.77 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: DF9868EC)

Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 22 GB) (Disk ID: F45AA24F)

Partition: GPT Partition Type
========================================================
Disk: 2 (Size: 4 GB) (Disk ID: 120996A5)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-06-14 17:34

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


das ist jetzt die aktuelle frst.txt

der Rechner fährt hoch, das GUV Ding kommt nicht, ich kann mich bei Win8 abmelden, Screen bleibt schwarz und nach einer Zeit erscheint eine Anzeige 28.04.2013 <3 und wandert wie ein Bildschirmschoner hin und her

muss heißen: bei Win8 anmelden

schrauber 25.06.2013 20:20
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
HKLM\...\Winlogon: [Shell] C:\PROGRA~3\gjiw8.bat [x ] () <=== ATTENTION
2013-06-21 10:57 - 2013-06-25 20:06 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-20 12:22 - 2013-06-25 20:06 - 00048640 ____A (Microsoft Corporation) C:\ProgramData\sdaksda.txt
2013-06-20 12:22 - 2013-06-20 12:22 - 00002655 ____A C:\ProgramData\gjiw8.js
2013-06-25 20:06 - 2013-06-21 10:57 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-25 20:06 - 2013-06-20 12:22 - 00048640 ____A (Microsoft Corporation) C:\ProgramData\sdaksda.txt
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

klauskunkler 26.06.2013 07:52
Code:

HKLM\...\Winlogon: [Shell] C:\PROGRA~3\gjiw8.bat [x ] () <=== ATTENTION
2013-06-21 10:57 - 2013-06-25 20:06 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-20 12:22 - 2013-06-25 20:06 - 00048640 ____A (Microsoft Corporation) C:\ProgramData\sdaksda.txt
2013-06-20 12:22 - 2013-06-20 12:22 - 00002655 ____A C:\ProgramData\gjiw8.js
2013-06-25 20:06 - 2013-06-21 10:57 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-25 20:06 - 2013-06-20 12:22 - 00048640 ____A (Microsoft Corporation) C:\ProgramData\sdaksda.txt
Hallo Schrauber,

ganz herzlichen Dank für Deine Hilfe. Alles geht wieder. Unglaublich, welche Möglichkeiten -auch zum Lernen- hier in diesem Board geboten werden. Einfach genial.

Nochmals vielen Dank !!

Klaus Kunkler

schrauber 26.06.2013 09:02
Büdde, wir sind aber noch nicht fertig :)

ab jetzt alles im normalen modus.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

klauskunkler 26.06.2013 10:49
hier die AdwCleaner(S1).txt

AdwCleaner Logfile:
Code:
# AdwCleaner v2.303 - Datei am 26/06/2013 um 13:32:33 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzer : Leonie - VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Leonie\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [643 octets] - [26/06/2013 13:32:33]

########## EOF - C:\AdwCleaner[S1].txt - [702 octets] ##########
--- --- ---


[/CODE]

nun die JRT.txt

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 x64
Ran by Leonie on 26.06.2013 at 13:38:10,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.06.2013 at 13:40:33,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
die frst.txt


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2013 01
Ran by Leonie (administrator) on 26-06-2013 13:44:11
Running from C:\Users\Leonie\Desktop\Klaus
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(McAfee, Inc.) C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(McAfee, Inc.) C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
() C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Core\mchost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO  [1214608 2012-09-20] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe" [766080 2012-11-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [127616 2012-11-05] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-11-09] (Synaptics Incorporated)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] "c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui [299648 2012-07-24] (McAfee, Inc.)
HKLM-x32\...\Run: [ATLauncher] "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createshortcuts:1 [492728 2012-09-15] (McAfee, Inc.)
HKLM-x32\...\Run: [ATUninstallIcon] "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createuninstallentry:1 [492728 2012-09-15] (McAfee, Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [156000 2012-10-04] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Parental Controls.lnk
ShortcutTarget: McAfee Parental Controls.lnk -> C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe (McAfee, Inc.)
Startup: C:\Users\Leonie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~3\8wijg.dat (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://sony13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
SearchScopes: HKCU - {2D2081E9-834F-4E34-A4B6-BB839EB8495D} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-11-05] (Qualcomm Atheros Commnucations)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-07-24] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-07-24] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McSchedulerSvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-07-24] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfeicfcoreocp; C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe [2769552 2013-05-09] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-10-18] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1265824 2012-10-23] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-11-05] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-05] (Qualcomm Atheros)
R3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-11-05] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69168 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-11-09] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation)
U3 mfeapfk01; No ImagePath
U3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-26 13:41 - 2013-06-26 13:43 - 00000000 ____D C:\Users\Leonie\Desktop\Klaus
2013-06-26 13:38 - 2013-06-26 13:38 - 00000000 ____D C:\Windows\ERUNT
2013-06-26 13:37 - 2013-06-26 13:37 - 00000000 ____D C:\JRT
2013-06-26 13:32 - 2013-06-26 13:32 - 00000770 ____A C:\AdwCleaner[S1].txt
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\Documents\Bluetooth Folder
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Sony Corporation
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Atheros
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Apple Computer
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Local\Packages
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Local\BMExplorer
2013-06-26 13:17 - 2013-06-26 13:18 - 00000000 ____D C:\users\Gast
2013-06-26 13:17 - 2013-06-26 13:17 - 00000020 __ASH C:\Users\Gast\ntuser.ini
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Vorlagen
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Startmenü
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Netzwerkumgebung
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Lokale Einstellungen
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Eigene Dateien
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Druckumgebung
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Documents\Eigene Musik
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Documents\Eigene Bilder
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\AppData\Local\Verlauf
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Anwendungsdaten
2013-06-25 22:25 - 2013-06-25 22:25 - 00000000 ____D C:\Users\Leonie\AppData\Roaming\iolo
2013-06-25 21:51 - 2013-06-25 21:51 - 00000000 ____A C:\fixlist.txt
2013-06-25 16:46 - 2013-06-25 16:46 - 00000000 ____D C:\FRST
2013-06-20 15:12 - 2013-06-20 15:12 - 00000000 __SHD C:\found.000
2013-06-20 13:39 - 2013-03-06 09:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-06-20 13:39 - 2013-03-06 08:59 - 00069864 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys
2013-06-20 13:39 - 2013-03-06 08:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-06-20 13:39 - 2013-03-06 08:31 - 10116608 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-06-20 13:39 - 2013-03-06 08:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-06-20 13:39 - 2013-03-06 08:29 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-06-20 13:39 - 2013-03-06 08:29 - 02146304 ____A (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2013-06-20 13:39 - 2013-03-06 08:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-06-20 13:39 - 2013-03-06 07:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-06-20 13:39 - 2013-03-06 07:03 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-06-20 13:39 - 2013-03-06 07:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-06-20 13:39 - 2013-03-06 07:02 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-06-20 13:39 - 2013-03-06 07:02 - 00754176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2013-06-16 10:26 - 2013-03-15 02:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-06-15 20:29 - 2013-03-22 05:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-06-15 20:29 - 2013-03-22 00:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2013-06-14 17:49 - 2013-05-04 09:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-14 17:49 - 2013-04-27 07:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-14 17:49 - 2013-04-24 01:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-14 17:49 - 2013-04-24 01:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-14 17:49 - 2013-04-24 01:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-14 17:49 - 2013-04-24 00:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-14 17:49 - 2013-04-24 00:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-14 17:49 - 2013-04-24 00:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-14 17:49 - 2013-04-24 00:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-14 17:49 - 2013-04-03 01:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-14 17:49 - 2013-04-03 01:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-14 17:48 - 2013-05-16 00:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-06-14 17:48 - 2013-05-16 00:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-14 17:48 - 2013-05-16 00:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-14 17:48 - 2013-05-16 00:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-06-14 17:48 - 2013-05-14 15:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-14 17:48 - 2013-05-14 11:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 17:48 - 2013-04-29 00:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-14 17:48 - 2013-04-29 00:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-14 17:48 - 2013-04-29 00:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-14 17:48 - 2013-04-29 00:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-14 17:48 - 2013-04-29 00:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-14 17:48 - 2013-04-29 00:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-14 17:48 - 2013-04-29 00:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-14 17:48 - 2013-04-29 00:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-14 17:48 - 2013-04-29 00:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-14 17:48 - 2013-04-29 00:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-14 17:48 - 2013-04-29 00:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-06-14 17:48 - 2013-04-29 00:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-14 17:48 - 2013-04-29 00:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-14 17:48 - 2013-04-29 00:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-14 17:48 - 2013-04-29 00:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-14 17:48 - 2013-04-29 00:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

==================== One Month Modified Files and Folders =======

2013-06-26 13:43 - 2013-06-26 13:41 - 00000000 ____D C:\Users\Leonie\Desktop\Klaus
2013-06-26 13:39 - 2013-03-27 18:37 - 01019446 ____A C:\Windows\System32\perfh007.dat
2013-06-26 13:39 - 2013-03-27 18:37 - 00234118 ____A C:\Windows\System32\perfc007.dat
2013-06-26 13:39 - 2012-07-26 09:28 - 00005430 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-26 13:38 - 2013-06-26 13:38 - 00000000 ____D C:\Windows\ERUNT
2013-06-26 13:37 - 2013-06-26 13:37 - 00000000 ____D C:\JRT
2013-06-26 13:36 - 2013-03-27 18:59 - 01781064 ____A C:\Windows\WindowsUpdate.log
2013-06-26 13:35 - 2013-03-27 19:27 - 00000000 ____D C:\ProgramData\MOCP
2013-06-26 13:33 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-26 13:33 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-06-26 13:32 - 2013-06-26 13:32 - 00000770 ____A C:\AdwCleaner[S1].txt
2013-06-26 13:20 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\Documents\Bluetooth Folder
2013-06-26 13:20 - 2013-04-29 10:30 - 00000000 ____D C:\Users\Leonie\Documents\Bluetooth Folder
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Sony Corporation
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Atheros
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Apple Computer
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Local\Packages
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Local\BMExplorer
2013-06-26 13:18 - 2013-06-26 13:17 - 00000000 ____D C:\users\Gast
2013-06-26 13:18 - 2013-04-29 10:30 - 00000000 ____D C:\ProgramData\Atheros
2013-06-26 13:18 - 2012-08-03 04:25 - 00000000 ____D C:\ProgramData\PRICache
2013-06-26 13:17 - 2013-06-26 13:17 - 00000020 __ASH C:\Users\Gast\ntuser.ini
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Vorlagen
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Startmenü
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Netzwerkumgebung
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Lokale Einstellungen
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Eigene Dateien
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Druckumgebung
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Documents\Eigene Musik
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Documents\Eigene Bilder
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\AppData\Local\Verlauf
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Anwendungsdaten
2013-06-25 22:25 - 2013-06-25 22:25 - 00000000 ____D C:\Users\Leonie\AppData\Roaming\iolo
2013-06-25 22:25 - 2013-03-27 20:07 - 00000000 ____D C:\ProgramData\iolo
2013-06-25 22:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru
2013-06-25 21:51 - 2013-06-25 21:51 - 00000000 ____A C:\fixlist.txt
2013-06-25 16:46 - 2013-06-25 16:46 - 00000000 ____D C:\FRST
2013-06-25 15:19 - 2013-04-29 10:28 - 00000000 ____D C:\users\Leonie
2013-06-20 20:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-06-20 19:39 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
2013-06-20 19:32 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-06-20 16:50 - 2012-07-26 09:21 - 00027207 ____A C:\Windows\setupact.log
2013-06-20 15:12 - 2013-06-20 15:12 - 00000000 __SHD C:\found.000
2013-06-20 13:56 - 2013-03-27 19:02 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-06-14 18:34 - 2013-04-30 13:15 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-14 18:12 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-06-09 21:21 - 2012-08-03 04:22 - 00007674 ____A C:\Windows\PFRO.log
2013-06-05 00:09 - 2012-07-26 10:14 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-05 00:09 - 2012-07-26 10:14 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-26 11:14

==================== End Of Log ============================
--- --- ---

--- --- ---

[/CODE]

schrauber 26.06.2013 12:17
Supi,


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log. Noch Probleme? :)

klauskunkler 26.06.2013 14:59
Code:

 Results of screen317's Security Check version 0.99.68 
  x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
McAfee  Anti-Virus und Anti-Spyware 
Windows Defender                     
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 9 
 Java version out of Date!
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2013 01
Ran by Leonie (administrator) on 26-06-2013 16:03:06
Running from C:\Users\Leonie\Desktop\Klaus
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(McAfee, Inc.) C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(McAfee, Inc.) C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
() C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(McAfee, Inc.) C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO  [1214608 2012-09-20] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe" [766080 2012-11-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [127616 2012-11-05] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-11-09] (Synaptics Incorporated)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] "c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui [299648 2012-07-24] (McAfee, Inc.)
HKLM-x32\...\Run: [ATLauncher] "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createshortcuts:1 [492728 2012-09-15] (McAfee, Inc.)
HKLM-x32\...\Run: [ATUninstallIcon] "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createuninstallentry:1 [492728 2012-09-15] (McAfee, Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [156000 2012-10-04] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Parental Controls.lnk
ShortcutTarget: McAfee Parental Controls.lnk -> C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe (McAfee, Inc.)
Startup: C:\Users\Leonie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~3\8wijg.dat (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://sony13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
SearchScopes: HKCU - {2D2081E9-834F-4E34-A4B6-BB839EB8495D} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-11-05] (Qualcomm Atheros Commnucations)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-07-24] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-07-24] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McSchedulerSvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-07-24] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfeicfcoreocp; C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe [2769552 2013-05-09] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-10-18] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1265824 2012-10-23] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-11-05] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-05] (Qualcomm Atheros)
R3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-11-05] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69168 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-11-09] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation)
U3 mfeapfk01; No ImagePath
U3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-26 15:55 - 2013-06-26 15:55 - 00890988 ____A C:\Users\Leonie\Downloads\SecurityCheck.exe
2013-06-26 13:59 - 2013-06-26 13:59 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-26 13:51 - 2013-06-26 13:51 - 00000000 __ASH C:\DkHyperbootSync
2013-06-26 13:44 - 2013-06-26 13:44 - 00000000 ____D C:\Users\Gast\AppData\Local\Sony Corporation
2013-06-26 13:41 - 2013-06-26 16:03 - 00000000 ____D C:\Users\Leonie\Desktop\Klaus
2013-06-26 13:39 - 2013-06-26 13:41 - 00000000 ____D C:\Users\Gast\Desktop\Klaus
2013-06-26 13:38 - 2013-06-26 13:38 - 00000000 ____D C:\Windows\ERUNT
2013-06-26 13:37 - 2013-06-26 13:37 - 00000000 ____D C:\JRT
2013-06-26 13:32 - 2013-06-26 13:32 - 00000770 ____A C:\AdwCleaner[S1].txt
2013-06-26 13:18 - 2013-06-26 13:44 - 00000000 ____D C:\Users\Gast\Documents\Bluetooth Folder
2013-06-26 13:18 - 2013-06-26 13:43 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Sony Corporation
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Atheros
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Apple Computer
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Local\Packages
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Local\BMExplorer
2013-06-26 13:17 - 2013-06-26 13:18 - 00000000 ____D C:\users\Gast
2013-06-26 13:17 - 2013-06-26 13:17 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Vorlagen
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Startmenü
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Netzwerkumgebung
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Lokale Einstellungen
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Eigene Dateien
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Druckumgebung
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Documents\Eigene Musik
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Documents\Eigene Bilder
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\AppData\Local\Verlauf
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Anwendungsdaten
2013-06-25 22:25 - 2013-06-25 22:25 - 00000000 ____D C:\Users\Leonie\AppData\Roaming\iolo
2013-06-25 21:51 - 2013-06-25 21:51 - 00000000 ____A C:\fixlist.txt
2013-06-25 16:46 - 2013-06-25 16:46 - 00000000 ____D C:\FRST
2013-06-20 15:12 - 2013-06-20 15:12 - 00000000 __SHD C:\found.000
2013-06-20 13:39 - 2013-03-06 09:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-06-20 13:39 - 2013-03-06 08:59 - 00069864 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys
2013-06-20 13:39 - 2013-03-06 08:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-06-20 13:39 - 2013-03-06 08:31 - 10116608 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-06-20 13:39 - 2013-03-06 08:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-06-20 13:39 - 2013-03-06 08:29 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-06-20 13:39 - 2013-03-06 08:29 - 02146304 ____A (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2013-06-20 13:39 - 2013-03-06 08:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-06-20 13:39 - 2013-03-06 07:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-06-20 13:39 - 2013-03-06 07:03 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-06-20 13:39 - 2013-03-06 07:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-06-20 13:39 - 2013-03-06 07:02 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-06-20 13:39 - 2013-03-06 07:02 - 00754176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2013-06-16 10:26 - 2013-03-15 02:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-06-15 20:29 - 2013-03-22 05:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-06-15 20:29 - 2013-03-22 00:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2013-06-14 17:49 - 2013-05-04 09:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-14 17:49 - 2013-04-27 07:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-14 17:49 - 2013-04-24 01:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-14 17:49 - 2013-04-24 01:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-14 17:49 - 2013-04-24 01:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-14 17:49 - 2013-04-24 00:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-14 17:49 - 2013-04-24 00:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-14 17:49 - 2013-04-24 00:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-14 17:49 - 2013-04-24 00:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-14 17:49 - 2013-04-03 01:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-14 17:49 - 2013-04-03 01:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-14 17:48 - 2013-05-16 00:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-06-14 17:48 - 2013-05-16 00:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-14 17:48 - 2013-05-16 00:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-14 17:48 - 2013-05-16 00:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-06-14 17:48 - 2013-05-14 15:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-14 17:48 - 2013-05-14 11:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 17:48 - 2013-04-29 00:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-14 17:48 - 2013-04-29 00:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-14 17:48 - 2013-04-29 00:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-14 17:48 - 2013-04-29 00:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-14 17:48 - 2013-04-29 00:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-14 17:48 - 2013-04-29 00:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-14 17:48 - 2013-04-29 00:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-14 17:48 - 2013-04-29 00:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-14 17:48 - 2013-04-29 00:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-14 17:48 - 2013-04-29 00:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-14 17:48 - 2013-04-29 00:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-06-14 17:48 - 2013-04-29 00:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-14 17:48 - 2013-04-29 00:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-14 17:48 - 2013-04-29 00:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-14 17:48 - 2013-04-29 00:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-14 17:48 - 2013-04-29 00:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

==================== One Month Modified Files and Folders =======

2013-06-26 16:03 - 2013-06-26 13:41 - 00000000 ____D C:\Users\Leonie\Desktop\Klaus
2013-06-26 15:55 - 2013-06-26 15:55 - 00890988 ____A C:\Users\Leonie\Downloads\SecurityCheck.exe
2013-06-26 15:52 - 2013-04-29 10:28 - 00000000 ____D C:\Users\Leonie\AppData\Local\VirtualStore
2013-06-26 14:44 - 2013-03-27 19:27 - 00000000 ____D C:\ProgramData\MOCP
2013-06-26 13:59 - 2013-06-26 13:59 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-26 13:51 - 2013-06-26 13:51 - 00000000 __ASH C:\DkHyperbootSync
2013-06-26 13:50 - 2013-03-27 18:59 - 01794834 ____A C:\Windows\WindowsUpdate.log
2013-06-26 13:45 - 2013-04-29 10:30 - 00000000 ____D C:\Users\Leonie\Documents\Bluetooth Folder
2013-06-26 13:44 - 2013-06-26 13:44 - 00000000 ____D C:\Users\Gast\AppData\Local\Sony Corporation
2013-06-26 13:44 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\Documents\Bluetooth Folder
2013-06-26 13:43 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Sony Corporation
2013-06-26 13:41 - 2013-06-26 13:39 - 00000000 ____D C:\Users\Gast\Desktop\Klaus
2013-06-26 13:39 - 2013-03-27 18:37 - 01019446 ____A C:\Windows\System32\perfh007.dat
2013-06-26 13:39 - 2013-03-27 18:37 - 00234118 ____A C:\Windows\System32\perfc007.dat
2013-06-26 13:39 - 2012-07-26 09:28 - 00005430 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-26 13:38 - 2013-06-26 13:38 - 00000000 ____D C:\Windows\ERUNT
2013-06-26 13:37 - 2013-06-26 13:37 - 00000000 ____D C:\JRT
2013-06-26 13:33 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-26 13:33 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-06-26 13:32 - 2013-06-26 13:32 - 00000770 ____A C:\AdwCleaner[S1].txt
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Atheros
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Apple Computer
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Local\Packages
2013-06-26 13:18 - 2013-06-26 13:18 - 00000000 ____D C:\Users\Gast\AppData\Local\BMExplorer
2013-06-26 13:18 - 2013-06-26 13:17 - 00000000 ____D C:\users\Gast
2013-06-26 13:18 - 2013-04-29 10:30 - 00000000 ____D C:\ProgramData\Atheros
2013-06-26 13:18 - 2012-08-03 04:25 - 00000000 ____D C:\ProgramData\PRICache
2013-06-26 13:17 - 2013-06-26 13:17 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Vorlagen
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Startmenü
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Netzwerkumgebung
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Lokale Einstellungen
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Eigene Dateien
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Druckumgebung
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Documents\Eigene Musik
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Documents\Eigene Bilder
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\AppData\Local\Verlauf
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-06-26 13:17 - 2013-06-26 13:17 - 00000000 __SHD C:\Users\Gast\Anwendungsdaten
2013-06-25 22:25 - 2013-06-25 22:25 - 00000000 ____D C:\Users\Leonie\AppData\Roaming\iolo
2013-06-25 22:25 - 2013-03-27 20:07 - 00000000 ____D C:\ProgramData\iolo
2013-06-25 22:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru
2013-06-25 21:51 - 2013-06-25 21:51 - 00000000 ____A C:\fixlist.txt
2013-06-25 16:46 - 2013-06-25 16:46 - 00000000 ____D C:\FRST
2013-06-25 15:19 - 2013-04-29 10:28 - 00000000 ____D C:\users\Leonie
2013-06-20 20:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-06-20 19:39 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
2013-06-20 19:32 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-06-20 16:50 - 2012-07-26 09:21 - 00027207 ____A C:\Windows\setupact.log
2013-06-20 15:12 - 2013-06-20 15:12 - 00000000 __SHD C:\found.000
2013-06-20 13:56 - 2013-03-27 19:02 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-06-14 18:34 - 2013-04-30 13:15 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-14 18:12 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-06-09 21:21 - 2012-08-03 04:22 - 00007674 ____A C:\Windows\PFRO.log
2013-06-05 00:09 - 2012-07-26 10:14 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-05 00:09 - 2012-07-26 10:14 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-26 11:14

==================== End Of Log ============================
--- --- ---

--- --- ---

[/CODE]


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:11 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19