Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   PC gespeert - Ransom Trojaner eingefangen (https://www.trojaner-board.de/137279-pc-gespeert-ransom-trojaner-eingefangen.html)

mado 27.06.2013 13:35

PC gespeert - Ransom Trojaner eingefangen
 
Hallo,

habe mir den/einen Ransom Trojaner eingefangen.
Habe schon Windowsunlocker ausprobiert - ohne Erfolg.
Was kann ich tun ?

schrauber 27.06.2013 13:43

Hi,

also ist der Rechner gesperrt? Welches Betriebssystem?

mado 27.06.2013 16:12

Hallo,

Betriebssystem ist Windows 7 32 bit.

schrauber 27.06.2013 16:27

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

mado 27.06.2013 16:59

Hallo schrauber,

hier meine Ergebnisse:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2013 02
Ran by SYSTEM on 27-06-2013 19:52:44
Running from F:\
Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [505720 2011-07-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5955072 2011-01-15] (Dell Inc.)
HKLM\...\Run: []  [x]
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [X]
HKU\mado\...\Run: [ctfmon.exe] C:\PROGRA~2\rundll32.exe C:\PROGRA~2\twir3.dat,FG00 [ 2013-06-27] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\mado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> C:\PROGRA~2\twir3.dat (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803584 2010-05-10] (AuthenTec, Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [127488 2010-06-29] (Broadcom Corporation)
S2 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2011-01-20] (Dell Inc.)
S2 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [212944 2011-02-24] (Intel Corporation)
S2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2010-02-11] (O2Micro International)
S2 O2SDIOAssist; c:\Windows\system32\srvany.exe [8192 2003-04-19] ()
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1508232 2011-05-24] (Wave Systems Corp.)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-01-25] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] ()
S2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2605424 2011-05-27] (Wave Systems Corp.)
S2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1131520 2011-07-01] (Wave Systems Corp.)
S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5210112 2011-01-15] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation)
S3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [44144 2011-07-22] (ST Microelectronics)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369456 2013-06-27] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [174664 2013-05-09] ()
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18496 2011-01-15] (Broadcom Corporation)
S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [88064 2010-09-03] (Broadcom Corporation)
S3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [302120 2011-10-14] (Broadcom Corporation.)
S3 BusRMUSB; C:\Windows\System32\DRIVERS\BusRMUSB.sys [49360 2011-07-01] (Windows (R) Win 7 DDK provider)
S2 cpuz135; C:\Windows\system32\drivers\cpuz135_x32.sys [21992 2010-11-09] (CPUID)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
S3 O2MDFRDR; C:\Windows\system32\drivers\O2MDFw7.sys [60904 2011-01-04] (O2Micro )
S3 O2MDRRDR; C:\Windows\System32\DRIVERS\O2MDRw7.sys [62440 2011-01-04] (O2Micro )
S3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [63976 2011-03-23] (O2Micro )
S0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2010-07-21] (Dell Inc)
S0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)
S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
S3 EverestDriver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-27 19:52 - 2013-06-27 19:52 - 00000000 ____D C:\FRST
2013-06-27 18:15 - 2013-06-27 18:15 - 00002609 ____A C:\ProgramData\3riwt.js
2013-06-27 17:19 - 2013-06-27 17:19 - 00000000 __SHD C:\found.001
2013-06-27 12:16 - 2013-06-27 12:15 - 00002609 ____A C:\ProgramData\trzDCB7.tmp
2013-06-27 10:59 - 2013-06-27 10:59 - 00006576 ____N C:\bootsqm.dat
2013-06-27 10:58 - 2013-06-27 10:58 - 00000000 __SHD C:\found.000
2013-06-27 09:24 - 2013-06-27 18:25 - 95023320 ___AT C:\ProgramData\3riwt.pad
2013-06-27 09:24 - 2013-06-27 18:24 - 00000000 ____A C:\ProgramData\as98213.txt
2013-06-27 09:24 - 2013-06-27 09:24 - 00159744 ____A (Microsoft Corporation) C:\ProgramData\twir3.dat
2013-06-27 09:24 - 2013-06-27 09:24 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-27 08:52 - 2013-06-27 08:52 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 08:52 - 2013-06-27 08:52 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-26 10:40 - 2013-06-26 10:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-26 09:54 - 2013-04-17 08:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-26 09:50 - 2013-06-26 09:50 - 00032808 ____A C:\Users\mado\Desktop\Dartfish Error Report 06-26-2013_105030.zip
2013-06-23 08:43 - 2013-06-23 08:43 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-23 08:43 - 2013-06-23 08:43 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-23 08:43 - 2013-06-23 08:43 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-23 08:43 - 2013-06-23 08:43 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-23 08:43 - 2013-06-23 08:43 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-23 08:43 - 2013-06-23 08:43 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-23 08:43 - 2013-06-23 08:43 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-23 08:43 - 2013-06-23 08:43 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-23 08:43 - 2013-06-23 08:43 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-23 08:43 - 2013-06-23 08:43 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-23 08:43 - 2013-06-23 08:43 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-23 08:43 - 2013-06-23 08:43 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-23 08:43 - 2013-06-23 08:43 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-23 08:43 - 2013-06-23 08:43 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-23 08:43 - 2013-06-23 08:43 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-23 08:41 - 2013-06-23 08:46 - 00010332 ____A C:\Windows\IE10_main.log
2013-06-21 11:18 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-21 11:18 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-21 11:18 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-21 11:18 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-21 11:18 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-21 11:18 - 2013-05-10 04:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-21 11:18 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-21 11:18 - 2013-04-26 00:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-21 11:17 - 2013-05-08 06:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-21 11:17 - 2013-05-06 06:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-21 11:17 - 2013-05-06 06:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-18 15:29 - 2013-06-27 18:24 - 00001581 ____A C:\Windows\setupact.log
2013-06-18 15:29 - 2013-06-18 15:29 - 00000000 ____A C:\Windows\setuperr.log
2013-06-18 15:03 - 2013-06-27 14:51 - 00625106 ____A C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders ========

2013-06-27 19:52 - 2013-06-27 19:52 - 00000000 ____D C:\FRST
2013-06-27 19:09 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-06-27 18:30 - 2009-07-14 05:34 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-27 18:30 - 2009-07-14 05:34 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-27 18:28 - 2010-11-20 22:01 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-27 18:26 - 2013-06-18 15:03 - 00625106 ____A C:\Windows\WindowsUpdate.log
2013-06-27 18:25 - 2013-06-27 09:24 - 95023320 ___AT C:\ProgramData\3riwt.pad
2013-06-27 18:25 - 2011-10-14 19:18 - 00000000 ____D C:\ProgramData\Sonic
2013-06-27 18:24 - 2013-06-27 09:24 - 00000000 ____A C:\ProgramData\as98213.txt
2013-06-27 18:24 - 2013-06-18 15:29 - 00001581 ____A C:\Windows\setupact.log
2013-06-27 18:23 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-27 18:15 - 2013-06-27 18:15 - 00002609 ____A C:\ProgramData\3riwt.js
2013-06-27 17:19 - 2013-06-27 17:19 - 00000000 __SHD C:\found.001
2013-06-27 12:15 - 2013-06-27 12:16 - 00002609 ____A C:\ProgramData\trzDCB7.tmp
2013-06-27 10:59 - 2013-06-27 10:59 - 00006576 ____N C:\bootsqm.dat
2013-06-27 10:58 - 2013-06-27 10:58 - 00000000 __SHD C:\found.000
2013-06-27 09:24 - 2013-06-27 09:24 - 00159744 ____A (Microsoft Corporation) C:\ProgramData\twir3.dat
2013-06-27 09:24 - 2013-06-27 09:24 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-27 08:52 - 2013-06-27 08:52 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 08:52 - 2013-06-27 08:52 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 08:52 - 2011-11-18 14:14 - 00770344 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-27 08:52 - 2011-11-18 14:14 - 00369456 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-27 08:51 - 2013-03-17 20:45 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-26 10:40 - 2013-06-26 10:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-26 09:50 - 2013-06-26 09:50 - 00032808 ____A C:\Users\mado\Desktop\Dartfish Error Report 06-26-2013_105030.zip
2013-06-23 08:56 - 2011-02-12 03:26 - 00000000 ____D C:\Windows\panther
2013-06-23 08:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-TW
2013-06-23 08:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-23 08:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\tr-TR
2013-06-23 08:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sv-SE
2013-06-23 08:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pt-PT
2013-06-23 08:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pt-BR
2013-06-23 08:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pl-PL
2013-06-23 08:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-06-23 08:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-06-23 08:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-06-23 08:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\hu-HU
2013-06-23 08:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-06-23 08:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\fi-FI
2013-06-23 08:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\el-GR
2013-06-23 08:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-23 08:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-06-23 08:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ru-RU
2013-06-23 08:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nb-NO
2013-06-23 08:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-06-23 08:47 - 2011-12-30 19:53 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-23 08:46 - 2013-06-23 08:41 - 00010332 ____A C:\Windows\IE10_main.log
2013-06-23 08:43 - 2013-06-23 08:43 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-23 08:43 - 2013-06-23 08:43 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-23 08:43 - 2013-06-23 08:43 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-23 08:43 - 2013-06-23 08:43 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-23 08:43 - 2013-06-23 08:43 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-23 08:43 - 2013-06-23 08:43 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-23 08:43 - 2013-06-23 08:43 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-23 08:43 - 2013-06-23 08:43 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-23 08:43 - 2013-06-23 08:43 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-23 08:43 - 2013-06-23 08:43 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-23 08:43 - 2013-06-23 08:43 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-23 08:43 - 2013-06-23 08:43 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-23 08:43 - 2013-06-23 08:43 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-23 08:43 - 2013-06-23 08:43 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-23 08:43 - 2013-06-23 08:43 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-23 08:43 - 2013-06-23 08:43 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-18 15:29 - 2013-06-18 15:29 - 00000000 ____A C:\Windows\setuperr.log
2013-06-10 20:53 - 2011-11-16 11:41 - 00000000 ____D C:\Users\mado\AppData\Roaming\vlc
2013-06-10 20:51 - 2009-07-14 03:04 - 00002577 ____A C:\Windows\System32\config.nt

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\Users\mado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
C:\Users\mado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
C:\ProgramData\3riwt.pad
C:\ProgramData\twir3.dat

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 6%
Total physical RAM: 8088.93 MB
Available physical RAM: 7524.27 MB
Total Pagefile: 8087.22 MB
Available Pagefile: 7527.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.52 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.11 GB) (Free:197.88 GB) NTFS
Drive f: (BOOTSTICK) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: C2C99386)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 015DF4D0)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-06-13 17:19

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---
[/CODE]

schrauber 27.06.2013 19:22

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:

HKLM\...\Run: []  [x]
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [X]
HKU\mado\...\Run: [ctfmon.exe] C:\PROGRA~2\rundll32.exe C:\PROGRA~2\twir3.dat,FG00 [ 2013-06-27] (Microsoft Corporation)
Startup: C:\Users\mado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> C:\PROGRA~2\twir3.dat (Microsoft Corporation)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation)
2013-06-27 18:15 - 2013-06-27 18:15 - 00002609 ____A C:\ProgramData\3riwt.js
2013-06-27 12:16 - 2013-06-27 12:15 - 00002609 ____A C:\ProgramData\trzDCB7.tmp
2013-06-27 09:24 - 2013-06-27 18:24 - 00000000 ____A C:\ProgramData\as98213.txt
2013-06-27 09:24 - 2013-06-27 09:24 - 00159744 ____A (Microsoft Corporation) C:\ProgramData\twir3.dat
2013-06-27 09:24 - 2013-06-27 09:24 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-27 08:52 - 2013-06-27 08:52 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 08:52 - 2013-06-27 08:52 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 18:25 - 2013-06-27 09:24 - 95023320 ___AT C:\ProgramData\3riwt.pad
2013-06-27 18:25 - 2011-10-14 19:18 - 00000000 ____D C:\ProgramData\Sonic
2013-06-27 18:24 - 2013-06-27 09:24 - 00000000 ____A C:\ProgramData\as98213.txt
2013-06-27 18:24 - 2013-06-18 15:29 - 00001581 ____A C:\Windows\setupact.log
2013-06-27 18:23 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-27 18:15 - 2013-06-27 18:15 - 00002609 ____A C:\ProgramData\3riwt.js
2013-06-27 09:24 - 2013-06-27 09:24 - 00159744 ____A (Microsoft Corporation) C:\ProgramData\twir3.dat
2013-06-27 09:24 - 2013-06-27 09:24 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-27 08:52 - 2013-06-27 08:52 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 08:52 - 2013-06-27 08:52 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
C:\ProgramData\rundll32.exe
C:\Users\mado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
C:\Users\mado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
C:\ProgramData\3riwt.pad
C:\ProgramData\twir3.dat
C:\Windows\System32\DRIVERS\61883.sys

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

mado 27.06.2013 19:36

Hallo schrauber,

hier ist die Fixlog.txt:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-06-2013 02
Ran by SYSTEM at 2013-06-27 22:34:22 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\spba => Key deleted successfully.
HKU\mado\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe => Value deleted successfully.
C:\Users\mado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk => Moved successfully.
C:\PROGRA~2\twir3.dat => Moved successfully.
61883 => Service deleted successfully.
C:\ProgramData\3riwt.js => Moved successfully.
C:\ProgramData\trzDCB7.tmp => Moved successfully.
C:\ProgramData\as98213.txt => Moved successfully.
C:\ProgramData\twir3.dat => File/Directory not found.
C:\ProgramData\rundll32.exe => Moved successfully.
C:\Windows\System32\Drivers\aswSP.sys.sum => Moved successfully.
C:\Windows\System32\Drivers\aswSnx.sys.sum => Moved successfully.
C:\ProgramData\3riwt.pad => Moved successfully.
C:\ProgramData\Sonic => Moved successfully.
C:\ProgramData\as98213.txt => File/Directory not found.
C:\Windows\setupact.log => Moved successfully.
C:\Windows\Tasks\SA.DAT => Moved successfully.
C:\ProgramData\3riwt.js => File/Directory not found.
C:\ProgramData\twir3.dat => File/Directory not found.
C:\ProgramData\rundll32.exe => File/Directory not found.
C:\Windows\System32\Drivers\aswSP.sys.sum => File/Directory not found.
C:\Windows\System32\Drivers\aswSnx.sys.sum => File/Directory not found.
C:\ProgramData\rundll32.exe => File/Directory not found.
C:\Users\mado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk => File/Directory not found.
C:\Users\mado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk => File/Directory not found.
C:\ProgramData\3riwt.pad => File/Directory not found.
C:\ProgramData\twir3.dat => File/Directory not found.
C:\Windows\System32\DRIVERS\61883.sys => Moved successfully.

==== End of Fixlog ====

Besten Gruß

Mado

schrauber 27.06.2013 19:40

Kannst normal booten?

mado 27.06.2013 19:48

Hallo schrauber,

super - vielen Dank !

Das ist klasse .

Mado

schrauber 28.06.2013 06:15

Kontrollscans im normalen Modus:

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

mado 28.06.2013 08:36

Hallo schrauber,

hier sind die gewünschten Dateien:

AdwCleaner:
Code:

# AdwCleaner v2.303 - Datei am 28/06/2013 um 09:24:53 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : mado - MADO-NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\mado\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\mado\AppData\Roaming\Mozilla\Firefox\Profiles\u62de848.default\searchplugins\SweetIm.xml
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\Users\mado\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\mado\AppData\Roaming\Mozilla\Firefox\Profiles\u62de848.default\SweetPacksToolbarData

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16618

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.hiergehtslos.de --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\mado\AppData\Roaming\Mozilla\Firefox\Profiles\u62de848.default\prefs.js

Gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Gelöscht : user_pref("sweetim.toolbar.cargo", "3.1010006.10028");
Gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.returnValue", "disable");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Gelöscht : user_pref("sweetim.toolbar.newtab.created", "false");
Gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{63AC8EB4-54F5-11E2-B7D8-D067E53A0E97}");
Gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0");

*************************

AdwCleaner[S1].txt - [7801 octets] - [28/06/2013 09:24:53]

########## EOF - C:\AdwCleaner[S1].txt - [7861 octets] ##########

JRT:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x86
Ran by mado on 28.06.2013 at  9:29:14,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\mado\AppData\Roaming\mozilla\firefox\profiles\u62de848.default\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.06.2013 at  9:30:19,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:


FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2013 02
Ran by mado (administrator) on 28-06-2013 09:31:02
Running from C:\Users\mado\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\aestsrv.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files\Intel\Services\IPT\jhi_service.exe
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
() c:\Windows\system32\srvany.exe
(O2Micro.) c:\Windows\system32\SDIOAssist.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [505720 2011-07-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5955072 2011-01-15] (Dell Inc.)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: {3a19a2e1-5123-11e2-b70c-d067e53a0e97} - E:\LaunchU3.exe -a
MountPoints2: {bf6f5ddd-92dd-11e1-b6a6-d067e53a0e97} - F:\MI.exe
Lsa: [Authentication Packages] msv1_0 wvauth

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

FireFox:
========
FF ProfilePath: C:\Users\mado\AppData\Roaming\Mozilla\Firefox\Profiles\u62de848.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - C:\Users\mado\AppData\Roaming\Mozilla\Firefox\Profiles\u62de848.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

========================== Services (Whitelisted) =================

R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803584 2010-05-10] (AuthenTec, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [127488 2010-06-29] (Broadcom Corporation)
R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2011-01-20] (Dell Inc.)
R2 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [212944 2011-02-24] (Intel Corporation)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2010-02-11] (O2Micro International)
R2 O2SDIOAssist; c:\Windows\system32\srvany.exe [8192 2003-04-19] ()
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1508232 2011-05-24] (Wave Systems Corp.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-01-25] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] ()
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2605424 2011-05-28] (Wave Systems Corp.)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1131520 2011-07-01] (Wave Systems Corp.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5210112 2011-01-15] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [44144 2011-07-22] (ST Microelectronics)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-27] ()
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18496 2011-01-15] (Broadcom Corporation)
S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [88064 2010-09-03] (Broadcom Corporation)
S3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [302120 2011-10-14] (Broadcom Corporation.)
R3 BusRMUSB; C:\Windows\System32\DRIVERS\BusRMUSB.sys [49360 2011-07-01] (Windows (R) Win 7 DDK provider)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x32.sys [21992 2010-11-09] (CPUID)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
S3 O2MDFRDR; C:\Windows\system32\drivers\O2MDFw7.sys [60904 2011-01-04] (O2Micro )
R3 O2MDRRDR; C:\Windows\System32\DRIVERS\O2MDRw7.sys [62440 2011-01-05] (O2Micro )
R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [63976 2011-03-23] (O2Micro )
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2010-07-21] (Dell Inc)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)
S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
S3 EverestDriver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-28 09:30 - 2013-06-28 09:30 - 00000904 ____A C:\Users\mado\Desktop\JRT.txt
2013-06-28 09:30 - 2013-06-27 17:45 - 01370369 ____A (Farbar) C:\Users\mado\Desktop\FRST.exe
2013-06-28 09:29 - 2013-06-28 09:29 - 00000000 ____D C:\Windows\ERUNT
2013-06-28 09:28 - 2013-06-28 09:29 - 00000000 ____D C:\JRT
2013-06-28 09:28 - 2013-06-28 09:18 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\mado\Desktop\JRT.exe
2013-06-28 09:24 - 2013-06-28 09:25 - 00007930 ____A C:\AdwCleaner[S1].txt
2013-06-28 09:24 - 2013-06-28 09:18 - 00648201 ____A C:\Users\mado\Desktop\adwcleaner.exe
2013-06-27 22:47 - 2013-06-27 22:47 - 00000000 ____D C:\ProgramData\Sonic
2013-06-27 22:44 - 2013-06-28 09:26 - 00000168 ____A C:\Windows\setupact.log
2013-06-27 22:44 - 2013-06-28 09:26 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-27 21:51 - 2013-06-27 21:51 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 21:51 - 2013-06-27 21:51 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 21:51 - 2013-06-27 21:51 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 20:52 - 2013-06-27 20:52 - 00000000 ____D C:\FRST
2013-06-27 18:19 - 2013-06-27 18:19 - 00000000 __SHD C:\found.001
2013-06-27 11:58 - 2013-06-27 11:58 - 00000000 __SHD C:\found.000
2013-06-26 11:40 - 2013-06-26 11:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-26 10:54 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-26 10:50 - 2013-06-26 10:50 - 00032808 ____A C:\Users\mado\Desktop\Dartfish Error Report 06-26-2013_105030.zip
2013-06-23 09:43 - 2013-06-23 09:43 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-23 09:43 - 2013-06-23 09:43 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-23 09:43 - 2013-06-23 09:43 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-23 09:43 - 2013-06-23 09:43 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-23 09:43 - 2013-06-23 09:43 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-23 09:43 - 2013-06-23 09:43 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-23 09:43 - 2013-06-23 09:43 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-23 09:43 - 2013-06-23 09:43 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-23 09:43 - 2013-06-23 09:43 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-23 09:43 - 2013-06-23 09:43 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-23 09:43 - 2013-06-23 09:43 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-23 09:43 - 2013-06-23 09:43 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-23 09:43 - 2013-06-23 09:43 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-23 09:43 - 2013-06-23 09:43 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-23 09:43 - 2013-06-23 09:43 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-23 09:41 - 2013-06-23 09:46 - 00010332 ____A C:\Windows\IE10_main.log
2013-06-21 12:18 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-21 12:18 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-21 12:18 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-21 12:18 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-21 12:18 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-21 12:18 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-21 12:18 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-21 12:18 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-21 12:17 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-21 12:17 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-21 12:17 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-18 16:29 - 2013-06-18 16:29 - 00000000 ____A C:\Windows\setuperr.log
2013-06-18 16:03 - 2013-06-28 09:25 - 00692633 ____A C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders ========

2013-06-28 09:30 - 2013-06-28 09:30 - 00000904 ____A C:\Users\mado\Desktop\JRT.txt
2013-06-28 09:29 - 2013-06-28 09:29 - 00000000 ____D C:\Windows\ERUNT
2013-06-28 09:29 - 2013-06-28 09:28 - 00000000 ____D C:\JRT
2013-06-28 09:29 - 2013-06-18 16:03 - 00692633 ____A C:\Windows\WindowsUpdate.log
2013-06-28 09:26 - 2013-06-27 22:44 - 00000168 ____A C:\Windows\setupact.log
2013-06-28 09:26 - 2013-06-27 22:44 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-28 09:25 - 2013-06-28 09:24 - 00007930 ____A C:\AdwCleaner[S1].txt
2013-06-28 09:25 - 2010-11-20 23:01 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-28 09:23 - 2009-07-14 06:34 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-28 09:23 - 2009-07-14 06:34 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-28 09:18 - 2013-06-28 09:28 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\mado\Desktop\JRT.exe
2013-06-28 09:18 - 2013-06-28 09:24 - 00648201 ____A C:\Users\mado\Desktop\adwcleaner.exe
2013-06-28 09:16 - 2012-04-12 21:39 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-27 23:30 - 2012-04-12 21:39 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-27 23:30 - 2011-10-14 19:45 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-27 23:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-27 22:47 - 2013-06-27 22:47 - 00000000 ____D C:\ProgramData\Sonic
2013-06-27 22:46 - 2012-04-01 17:18 - 00097792 __ASH C:\Users\mado\Thumbs.db
2013-06-27 21:51 - 2013-06-27 21:51 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 21:51 - 2013-06-27 21:51 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 21:51 - 2013-06-27 21:51 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 21:51 - 2013-03-17 22:11 - 00175176 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-27 21:51 - 2011-11-18 15:14 - 00770344 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-27 21:51 - 2011-11-18 15:14 - 00369584 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-27 20:52 - 2013-06-27 20:52 - 00000000 ____D C:\FRST
2013-06-27 20:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-06-27 18:19 - 2013-06-27 18:19 - 00000000 __SHD C:\found.001
2013-06-27 17:45 - 2013-06-28 09:30 - 01370369 ____A (Farbar) C:\Users\mado\Desktop\FRST.exe
2013-06-27 11:58 - 2013-06-27 11:58 - 00000000 __SHD C:\found.000
2013-06-27 09:51 - 2013-03-17 21:45 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-26 11:40 - 2013-06-26 11:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-26 10:50 - 2013-06-26 10:50 - 00032808 ____A C:\Users\mado\Desktop\Dartfish Error Report 06-26-2013_105030.zip
2013-06-23 09:56 - 2011-02-12 04:26 - 00000000 ____D C:\Windows\panther
2013-06-23 09:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-TW
2013-06-23 09:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-23 09:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\tr-TR
2013-06-23 09:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\sv-SE
2013-06-23 09:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pt-PT
2013-06-23 09:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pt-BR
2013-06-23 09:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\pl-PL
2013-06-23 09:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-06-23 09:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-06-23 09:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-06-23 09:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\hu-HU
2013-06-23 09:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-06-23 09:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\fi-FI
2013-06-23 09:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\el-GR
2013-06-23 09:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-23 09:54 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-06-23 09:54 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ru-RU
2013-06-23 09:54 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\nb-NO
2013-06-23 09:54 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-06-23 09:47 - 2011-12-30 20:53 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-23 09:46 - 2013-06-23 09:41 - 00010332 ____A C:\Windows\IE10_main.log
2013-06-23 09:43 - 2013-06-23 09:43 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-23 09:43 - 2013-06-23 09:43 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-23 09:43 - 2013-06-23 09:43 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-23 09:43 - 2013-06-23 09:43 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-23 09:43 - 2013-06-23 09:43 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-23 09:43 - 2013-06-23 09:43 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-23 09:43 - 2013-06-23 09:43 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-23 09:43 - 2013-06-23 09:43 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-23 09:43 - 2013-06-23 09:43 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-23 09:43 - 2013-06-23 09:43 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-23 09:43 - 2013-06-23 09:43 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-23 09:43 - 2013-06-23 09:43 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-23 09:43 - 2013-06-23 09:43 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-23 09:43 - 2013-06-23 09:43 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-23 09:43 - 2013-06-23 09:43 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-23 09:43 - 2013-06-23 09:43 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-18 16:29 - 2013-06-18 16:29 - 00000000 ____A C:\Windows\setuperr.log
2013-06-10 21:53 - 2011-11-16 12:41 - 00000000 ____D C:\Users\mado\AppData\Roaming\vlc
2013-06-10 21:51 - 2009-07-14 04:04 - 00002577 ____A C:\Windows\System32\config.nt

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-27 23:04

==================== End Of Log ============================

--- --- ---
[/CODE]

Addition:

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-06-2013 02
Ran by mado at 2013-06-28 09:31:25
Running from C:\Users\mado\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

7-Zip 9.20
AccelerometerP11 (Version: 2.00.10.33)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
AuthenTec Fingerprint Software (Version: 8.4.4.20)
avast! Free Antivirus (Version: 8.0.1489.0)
BioAPI Framework (Version: 1.0.2)
Broadcom NetXtreme-I Netlink Driver and Management Installer (Version: 14.4.6.2)
CCleaner (Version: 3.28)
CDBurnerXP (Version: 4.4.2.3442)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
CPUID CPU-Z 1.58
Custom (Version: 01.00.00.000)
CyberLink PowerDVD 9.5 (Version: 9.5.1.3225)
D3DX10 (Version: 15.4.2368.0902)
Dartfish Software 6 (Version: 6.0.13762)
Dell Client System Update (Version: 1.2.2)
Dell Data Protection | Access (Version: 02.01.01.001)
Dell Data Protection | Access (Version: 2.1.00001.001)
Dell Data Protection | Access | Drivers (Version: 2.01.018)
Dell Data Protection | Access | Middleware (Version: 2.01.010)
Dell Edoc Viewer (Version: 1.0.0)
Dell System Manager (Version: 1.6.00000)
Dell Touchpad (Version: 7.1208.101.125)
DellAccess (Version: 01.00.00.108)
Digital Line Detect (Version: 1.21)
DirectX 9 Runtime (Version: 1.00.0000)
DW WLAN Card Utility (Version: 5.100.235.13)
EMBASSY Security Center (Version: 04.02.00.173)
Foxit Reader (Version: 5.4.5.114)
Free YouTube Download version 3.1.42.1212 (Version: 3.1.42.1212)
Free YouTube to MP3 Converter version 3.11.37.1212 (Version: 3.11.37.1212)
Garmin USB Drivers (Version: 2.3.1.0)
Garmin WebUpdater (Version: 2.5.6)
Gemalto (Version: 01.01.01.0000)
Intel(R) Identity Protection Technology 1.1.2.0 (Version: 1.1.2.0)
Intel(R) Management Engine Components (Version: 7.0.0.1144)
Intel(R) Processor Graphics (Version: 8.15.10.2418)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Java(TM) 6 Update 22 (Version: 6.0.220)
Java(TM) 6 Update 38 (Version: 6.0.380)
Junk Mail filter update (Version: 15.4.3502.0922)
Kinovea (Version: 0.8.15)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Modem Diagnostic Tool (Version: 1.0.28.0)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Netwaiting (Version: 2.5.59)
NTRU TCG Software Stack (Version: 2.1.36)
O2Micro Flash Memory Card Windows Driver (Version: 3.0.07.23)
O2Micro OZ776 SCR Driver (Version: 1.1.4.210GS)
OpenOffice.org 3.3 (Version: 3.3.9567)
PC-CCID (Version: 2.0.0)
PhotoShowExpress (Version: 2.0.063)
Preboot Manager (Version: 03.02.00.096)
Private Information Manager (Version: 07.00.00.047)
PS Software (Version: 1.30.000)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Skype Click to Call (Version: 5.8.8855)
Skype™ 5.5 (Version: 5.5.124)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
SPBA 5.9 (Version: 5.9.4.6686)
Trusted Drive Manager (Version: 4.1.1.312)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Upek Touchchip Fingerprint Reader (Version: 1.2.004)
VLC media player 2.0.5 (Version: 2.0.5)
Wave Infrastructure Installer (Version: 07.03.17.0010)
Wave Support Software Installer (Version: 05.12.00.036)
WIDCOMM Bluetooth Software (Version: 6.3.0.7900)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric  (05/13/2009 8.4.2.0) (Version: 05/13/2009 8.4.2.0)
Windows-Treiberpaket - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6)
WinX Free VOB to MP4 Converter 2.0.8

==================== Restore Points  =========================

27-06-2013 21:11:57 Geplanter Prüfpunkt
27-06-2013 21:37:56 nach Trojaner 27 6 2013

==================== Scheduled Tasks (whitelisted) =============

Task: {3005D16F-A228-4514-84F2-2410B7565FFB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {38177525-AF46-4D2D-BFFE-51ACDC0C8288} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {762060C8-42EC-4723-A934-7CB47F3FD25C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {9965B4DF-2D0F-460C-A1BA-CE154006FC23} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-27] (Adobe Systems Incorporated)
Task: {A480362E-14FA-4640-99FB-4F093E5B5A59} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {D0BAE89D-2B5A-401A-802A-AB2BAFC71058} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {FA9DFEE6-78C8-4CC8-AF17-202202F731BE} - System32\Tasks\Dell\Client System Update => C:\Program Files\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe [2011-05-26] (Dell Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 3240.93 MB
Available physical RAM: 2280.66 MB
Total Pagefile: 6480.16 MB
Available Pagefile: 5445 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.11 GB) (Free:197.29 GB) NTFS
Drive e: (USBDISK) (Removable) (Total:0.12 GB) (Free:0.1 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: C2C99386)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 127 MB) (Disk ID: 67306B9E)
Partition 1: (Not Active) - (Size=127 MB) - (Type=04)

==================== End Of Log ============================

Beste Grüße

Mado

schrauber 28.06.2013 09:03


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log bitte. Noch Probleme? :)

mado 28.06.2013 09:32

Hallo schrauber,

der ESET online Scanner rennt noch. Vier Bedrohungen hat er schon gefunden.
-Win32/Kryptik.BEFM
-JS/Agent.NID
-Win32/Reveton.M
-JS/Agent.NID

Aber er sucht noch und den Securitycehck habe ich ja auch noch nicht gemacht.

Also bis später.

Gruß

Mado

schrauber 28.06.2013 09:36

Ok :)

mado 28.06.2013 10:21

Hallo schrauber,

insgesamt 7 Bedrohungen wurden gefunden.

Securitycheck bricht ab: unsuported operating system.
Was soll ich da machen ?

Hier der logfile von ESET:

Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8443e98bdebd4d4dbf9987ef920718b3
# engine=14182
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-28 09:12:59
# local_time=2013-06-28 11:12:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 93 48083 149117051 0 0
# compatibility_mode=5893 16776573 100 94 5773 124041970 0 0
# scanned=136596
# found=7
# cleaned=0
# scan_time=3427
sh=CFD0D302C40F952A6DEC8D08E0DA8583654E8C2D ft=0 fh=0000000000000000 vn="JS/Agent.NID Trojaner" ac=I fn="C:\FRST\Quarantine\3riwt.js"
sh=1C21D302B26ED3616383A230B398ABB8981DCF6E ft=0 fh=0000000000000000 vn="Win32/Reveton.M Trojaner" ac=I fn="C:\FRST\Quarantine\msconfig.lnk"
sh=CFD0D302C40F952A6DEC8D08E0DA8583654E8C2D ft=0 fh=0000000000000000 vn="JS/Agent.NID Trojaner" ac=I fn="C:\FRST\Quarantine\trzDCB7.tmp"
sh=EDB8CC4167720AF383ACFDB27A8126C30479142C ft=1 fh=1923bf69ba3f305b vn="Variante von Win32/Kryptik.BEMF Trojaner" ac=I fn="C:\FRST\Quarantine\twir3.dat"
sh=EDB8CC4167720AF383ACFDB27A8126C30479142C ft=1 fh=1923bf69ba3f305b vn="Variante von Win32/Kryptik.BEMF Trojaner" ac=I fn="C:\Users\mado\AppData\Local\Temp\exrypnhvdivitanpnmh.bfg"
sh=7CB9706C8405C5AC9E91E0CFEBA53B75B861C5D7 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OTD Trojaner" ac=I fn="C:\Users\mado\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e1dbeb-7648d160"
sh=EDB8CC4167720AF383ACFDB27A8126C30479142C ft=1 fh=1923bf69ba3f305b vn="Variante von Win32/Kryptik.BEMF Trojaner" ac=I fn="C:\Users\mado\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\99ae0f9-6afb7af4"

Gruß

Mado


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:28 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55