Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Weißer Bildschirm Beim Windows Start (https://www.trojaner-board.de/143321-weisser-bildschirm-beim-windows-start.html)

Tecker 20.10.2013 12:41
Weißer Bildschirm Beim Windows Start
 
Beim Start von Windows Kommt sofort ein Weißes Fenster, Ich Kann den pc nur noch runter fahren

Bitte Um Hilfe

:dankeschoen::dankeschoen:

Gruß Tecker

schrauber 20.10.2013 13:47
hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).


Tecker 20.10.2013 13:53
hABE ICH GEMACHT

Tecker 20.10.2013 13:55

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2013
Ran by DetlefRita (administrator) on DETLEFRITA-PC on 20-10-2013 11:50:57
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [Facebook Update] - "C:\Users\DetlefRita\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\DetlefRita\AppData\Roaming\Other.res <==== ATTENTION
MountPoints2: {a42eff5f-d3dc-11e0-929f-001d72f7bb26} - E:\LaunchU3.exe -a
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
Lsa: [Notification Packages] scecli psqlpwd
Startup: C:\Users\DetlefRita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Other.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=UP93&ocid=UP93DHP&dt=060413
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x325B846FF4D4CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE9HP
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=101&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=101&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101} URL = hxxp://www.bing.com/search?FORM=UP93DF&PC=UP93&dt=060413&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = hxxp://www.searchqu.com/web?src=ieb&q={SearchTerms}
SearchScopes: HKCU - {919DDDB9-5413-4239-9392-8678AD602C5F} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=101&sr=0&q={searchTerms}
SearchScopes: HKCU - {91BF8962-28C7-4CE5-BAA0-BA2B4AC03454} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=de_NL&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=4df86008-7134-4911-b79c-7ebb54b60e02&apn_sauid=4C0C5449-7A1E-4BF8-84D1-2C8DF9067C03
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -  No Name - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} -  No File
Toolbar: HKCU -  No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU -  No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\DetlefRita\AppData\Roaming\Mozilla\Firefox\Profiles\tueior2r.default-1366128953723
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\DetlefRita\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: toolbar_AVIRA-V7 - C:\Users\DetlefRita\AppData\Roaming\Mozilla\Firefox\Profiles\tueior2r.default-1366128953723\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] - C:\Users\DetlefRita\AppData\Roaming\14001.019

Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=UP93&ocid=UP93DHP&dt=060413
CHR RestoreOnStartup: "hxxp://www.msn.com/?pc=UP93&ocid=UP93DHP&dt=060413", "hxxp://www.google.com/"
CHR DefaultSearchURL: (Bing) - hxxp://www.bing.com/search?setmkt=de-DE&q={searchTerms}
CHR DefaultSuggestURL: (Bing) - hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\DetlefRita\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Avira Toolbar) - C:\Users\DETLEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.10.0_0
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\DETLEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\19.52819_0
CHR Extension: (YouTube) - C:\Users\DETLEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\DETLEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\DETLEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\DETLEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\DETLEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\DetlefRita\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.10.0.crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)
S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-06-15] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-01] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-01] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-06-15] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-07-03] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-07-03] ()
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [62424 2008-05-13] (O2Micro )
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S1 ahosqxar; \??\C:\Windows\system32\drivers\ahosqxar.sys [x]
S1 brdsrvtp; \??\C:\Windows\system32\drivers\brdsrvtp.sys [x]
S3 CnxtHdAudService; system32\drivers\CHDRT64.sys [x]
S1 dnktfgrs; \??\C:\Windows\system32\drivers\dnktfgrs.sys [x]
S1 ecoebjfn; \??\C:\Windows\system32\drivers\ecoebjfn.sys [x]
S1 edvkzncg; \??\C:\Windows\system32\drivers\edvkzncg.sys [x]
S1 ghiydwpc; \??\C:\Windows\system32\drivers\ghiydwpc.sys [x]
S1 gjiemiap; \??\C:\Windows\system32\drivers\gjiemiap.sys [x]
S1 kfunemhq; \??\C:\Windows\system32\drivers\kfunemhq.sys [x]
S1 lpasmkji; \??\C:\Windows\system32\drivers\lpasmkji.sys [x]
S1 qkirfgka; \??\C:\Windows\system32\drivers\qkirfgka.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-20 11:50 - 2013-10-20 11:50 - 00000000 ____D C:\FRST
2013-10-10 00:12 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 00:12 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 00:12 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 00:12 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 00:12 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 00:12 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 00:12 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 00:12 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 00:12 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 00:12 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 00:12 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 00:12 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 00:12 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 00:12 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 00:12 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 00:12 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 00:12 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 00:12 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 00:12 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 00:12 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 00:12 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 00:12 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 00:12 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 00:12 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 00:12 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 00:12 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 00:12 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 00:12 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 00:12 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 00:12 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 00:12 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 15:21 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 15:21 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 15:21 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 15:21 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 15:21 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 15:21 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 15:21 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 15:21 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 15:21 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 15:21 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 15:21 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 15:21 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 15:21 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 15:21 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 15:21 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 15:21 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 15:21 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 15:21 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 15:21 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 15:21 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 15:21 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 15:21 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 15:21 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 15:21 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 15:21 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 15:21 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 15:21 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 15:21 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 15:21 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 15:21 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 15:21 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 15:21 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 15:21 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 15:21 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 15:21 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 15:21 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 15:21 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 15:21 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 15:21 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 15:21 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 15:20 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 15:20 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 15:20 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 15:20 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 15:20 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 15:20 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 15:20 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 15:20 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 15:20 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 15:20 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 15:20 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 15:20 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 15:20 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 15:20 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-05 18:06 - 2013-10-05 18:06 - 00131072 _____ C:\Users\DetlefRita\etjswxafswdjqwdmndy.bfg
2013-10-01 18:58 - 2013-10-01 18:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-28 07:46 - 2013-09-28 07:46 - 98372650 _____ C:\Windows\SysWOW64\렧ﺂš
2013-09-25 16:08 - 2013-09-25 16:08 - 97729025 _____ C:\Windows\SysWOW64\뚪肵[

==================== One Month Modified Files and Folders =======

2013-10-20 11:50 - 2013-10-20 11:50 - 00000000 ____D C:\FRST
2013-10-20 11:43 - 2013-06-12 19:58 - 00023419 _____ C:\Windows\setupact.log
2013-10-20 11:42 - 2011-03-11 13:42 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-20 11:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-20 10:58 - 2012-09-04 13:12 - 02005200 _____ C:\Windows\WindowsUpdate.log
2013-10-20 10:51 - 2013-01-15 23:46 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-100757552-488117400-1688207817-1001UA.job
2013-10-20 10:51 - 2011-03-11 13:42 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-20 10:49 - 2009-07-14 06:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-20 10:49 - 2009-07-14 06:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-20 10:42 - 2012-09-05 23:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-20 10:42 - 2011-02-18 16:49 - 00000322 _____ C:\Windows\Tasks\DMEPeriodicTask.job
2013-10-19 22:27 - 2011-02-18 14:52 - 00000000 ___RD C:\Users\DetlefRita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-19 18:52 - 2011-03-07 23:32 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2C328D56-F738-4759-9D01-9ADCD366AB16}
2013-10-18 22:51 - 2013-01-15 23:46 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-100757552-488117400-1688207817-1001Core.job
2013-10-16 14:55 - 2012-09-05 23:10 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-12 15:57 - 2009-07-14 19:58 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-10-12 15:57 - 2009-07-14 19:58 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-10-12 15:57 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-11 11:46 - 2011-03-11 13:42 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-11 11:46 - 2011-03-11 13:42 - 00003862 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-10 22:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-10 18:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-10 14:56 - 2013-06-12 19:58 - 00422504 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 14:51 - 2013-03-14 00:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 14:51 - 2011-02-18 19:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-10 00:15 - 2011-02-18 15:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 00:02 - 2013-07-28 18:18 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 23:59 - 2011-03-01 19:45 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 23:54 - 2012-06-14 08:25 - 00001912 _____ C:\Windows\epplauncher.mif
2013-10-09 23:54 - 2012-06-14 08:25 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-09 23:54 - 2012-06-14 08:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-09 18:36 - 2012-09-05 23:10 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 18:36 - 2012-06-14 08:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 18:36 - 2011-12-20 11:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 16:41 - 2013-01-29 19:31 - 00001092 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-10-08 15:46 - 2013-06-21 12:17 - 00103038 _____ C:\Windows\PFRO.log
2013-10-08 14:38 - 2012-09-04 10:42 - 00301746 ____N C:\Windows\Minidump\100813-27034-01.dmp
2013-10-08 14:38 - 2011-02-20 13:26 - 00000000 ____D C:\Windows\Minidump
2013-10-05 18:07 - 2013-09-13 09:19 - 00000004 _____ C:\Users\DetlefRita\AppData\Roaming\settings.ini
2013-10-05 18:06 - 2013-10-05 18:06 - 00131072 _____ C:\Users\DetlefRita\etjswxafswdjqwdmndy.bfg
2013-10-05 18:06 - 2011-02-18 14:52 - 00000000 ____D C:\Users\DetlefRita
2013-10-05 14:02 - 2011-12-19 15:40 - 00293376 ___SH C:\Users\DetlefRita\Documents\Thumbs.db
2013-10-02 11:47 - 2012-01-01 17:51 - 00000000 ____D C:\Users\DetlefRita\Documents\Eigene Scans
2013-10-02 07:33 - 2012-06-14 08:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-01 22:16 - 2012-06-14 08:13 - 00000000 ____D C:\Users\DetlefRita\AppData\Local\Mozilla
2013-10-01 18:59 - 2013-10-01 18:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-01 13:47 - 2013-07-04 20:06 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-01 13:47 - 2013-07-04 20:04 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-01 13:47 - 2013-07-04 20:04 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-01 13:47 - 2013-07-04 20:04 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-28 07:46 - 2013-09-28 07:46 - 98372650 _____ C:\Windows\SysWOW64\렧ﺂš
2013-09-25 21:09 - 2012-09-04 10:42 - 00301874 ____N C:\Windows\Minidump\092513-25318-01.dmp
2013-09-25 16:08 - 2013-09-25 16:08 - 97729025 _____ C:\Windows\SysWOW64\뚪肵[
2013-09-23 01:28 - 2013-10-10 00:12 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-10 00:12 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-10 00:12 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-10 00:12 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-10 00:12 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-10 00:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-10 00:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-10 00:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-10 00:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 01:27 - 2013-10-10 00:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 01:27 - 2013-10-10 00:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 01:27 - 2013-10-10 00:12 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 01:27 - 2013-10-10 00:12 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 00:55 - 2013-10-10 00:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-10 00:12 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:55 - 2013-10-10 00:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:54 - 2013-10-10 00:12 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-10 00:12 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-10 00:12 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-10 00:12 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-10 00:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-10 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-10 00:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:54 - 2013-10-10 00:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:54 - 2013-10-10 00:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:54 - 2013-10-10 00:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 00:54 - 2013-10-10 00:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-21 05:38 - 2013-10-10 00:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 05:30 - 2013-10-10 00:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-21 04:48 - 2013-10-10 00:12 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 04:39 - 2013-10-10 00:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

Files to move or delete:
====================
C:\Users\DetlefRita\AppData\Roaming\settings.ini
ZeroAccess:
C:\Users\DetlefRita\AppData\Local\Google\Desktop\Install
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\Users\DetlefRita\DSETUP.dll
C:\Users\DetlefRita\dsetup32.dll
C:\Users\DetlefRita\DXSETUP.exe
C:\Users\DetlefRita\AppData\Roaming\i.ini


Some content of TEMP:
====================
C:\Users\DetlefRita\AppData\Local\Temp\AskSLib.dll
C:\Users\DetlefRita\AppData\Local\Temp\avgnt.exe
C:\Users\DetlefRita\AppData\Local\Temp\hrsccgwfpgftegakuj.exe
C:\Users\DetlefRita\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\DetlefRita\AppData\Local\Temp\omqlxpopnvigkqhfbgoxdbktrubkr.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 17:45

==================== End Of Log ============================
--- --- ---

schrauber 20.10.2013 17:55
Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\DetlefRita\AppData\Roaming\Other.res <==== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
Startup: C:\Users\DetlefRita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Other.exe ()
S1 ahosqxar; \??\C:\Windows\system32\drivers\ahosqxar.sys [x]
S1 brdsrvtp; \??\C:\Windows\system32\drivers\brdsrvtp.sys [x]
S1 dnktfgrs; \??\C:\Windows\system32\drivers\dnktfgrs.sys [x]
S1 ecoebjfn; \??\C:\Windows\system32\drivers\ecoebjfn.sys [x]
S1 edvkzncg; \??\C:\Windows\system32\drivers\edvkzncg.sys [x]
S1 ghiydwpc; \??\C:\Windows\system32\drivers\ghiydwpc.sys [x]
S1 gjiemiap; \??\C:\Windows\system32\drivers\gjiemiap.sys [x]
S1 kfunemhq; \??\C:\Windows\system32\drivers\kfunemhq.sys [x]
S1 lpasmkji; \??\C:\Windows\system32\drivers\lpasmkji.sys [x]
S1 qkirfgka; \??\C:\Windows\system32\drivers\qkirfgka.sys [x]
C:\Users\DetlefRita\AppData\Roaming\settings.ini
ZeroAccess:
C:\Users\DetlefRita\AppData\Local\Google\Desktop\Install
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\Users\DetlefRita\DSETUP.dll
C:\Users\DetlefRita\dsetup32.dll
C:\Users\DetlefRita\DXSETUP.exe
C:\Users\DetlefRita\AppData\Roaming\i.iniC:\Users\DetlefRita\AppData\Local\Temp\AskSLib.dll
C:\Users\DetlefRita\AppData\Local\Temp\avgnt.exe
C:\Users\DetlefRita\AppData\Local\Temp\hrsccgwfpgftegakuj.exe
C:\Users\DetlefRita\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\DetlefRita\AppData\Local\Temp\omqlxpopnvigkqhfbgoxdbktrubkr.exe
2013-10-05 18:06 - 2013-10-05 18:06 - 00131072 _____ C:\Users\DetlefRita\etjswxafswdjqwdmndy.bfg
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Rechner normal starten.

Tecker 21.10.2013 08:39
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2013
Ran by DetlefRita at 2013-10-21 09:36:14 Run:1
Running from F:\
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\DetlefRita\AppData\Roaming\Other.res <==== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
Startup: C:\Users\DetlefRita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Other.exe ()
S1 ahosqxar; \??\C:\Windows\system32\drivers\ahosqxar.sys [x]
S1 brdsrvtp; \??\C:\Windows\system32\drivers\brdsrvtp.sys [x]
S1 dnktfgrs; \??\C:\Windows\system32\drivers\dnktfgrs.sys [x]
S1 ecoebjfn; \??\C:\Windows\system32\drivers\ecoebjfn.sys [x]
S1 edvkzncg; \??\C:\Windows\system32\drivers\edvkzncg.sys [x]
S1 ghiydwpc; \??\C:\Windows\system32\drivers\ghiydwpc.sys [x]
S1 gjiemiap; \??\C:\Windows\system32\drivers\gjiemiap.sys [x]
S1 kfunemhq; \??\C:\Windows\system32\drivers\kfunemhq.sys [x]
S1 lpasmkji; \??\C:\Windows\system32\drivers\lpasmkji.sys [x]
S1 qkirfgka; \??\C:\Windows\system32\drivers\qkirfgka.sys [x]
C:\Users\DetlefRita\AppData\Roaming\settings.ini
ZeroAccess:
C:\Users\DetlefRita\AppData\Local\Google\Desktop\Install
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\Users\DetlefRita\DSETUP.dll
C:\Users\DetlefRita\dsetup32.dll
C:\Users\DetlefRita\DXSETUP.exe
C:\Users\DetlefRita\AppData\Roaming\i.iniC:\Users\DetlefRita\AppData\Local\Temp\AskSLib.dll
C:\Users\DetlefRita\AppData\Local\Temp\avgnt.exe
C:\Users\DetlefRita\AppData\Local\Temp\hrsccgwfpgftegakuj.exe
C:\Users\DetlefRita\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\DetlefRita\AppData\Local\Temp\omqlxpopnvigkqhfbgoxdbktrubkr.exe
2013-10-05 18:06 - 2013-10-05 18:06 - 00131072 _____ C:\Users\DetlefRita\etjswxafswdjqwdmndy.bfg

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
C:\Users\DetlefRita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Other.exe => Moved successfully.
ahosqxar => Service deleted successfully.
brdsrvtp => Service deleted successfully.
dnktfgrs => Service deleted successfully.
ecoebjfn => Service deleted successfully.
edvkzncg => Service deleted successfully.
ghiydwpc => Service deleted successfully.
gjiemiap => Service deleted successfully.
kfunemhq => Service deleted successfully.
lpasmkji => Service deleted successfully.
qkirfgka => Service deleted successfully.
C:\Users\DetlefRita\AppData\Roaming\settings.ini => Moved successfully.
C:\Users\DetlefRita\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\ProgramData\wavav0bdtzbtb43b.bat => Moved successfully.
C:\ProgramData\wavav0bdtzbtb43b.reg => Moved successfully.
C:\Users\DetlefRita\DSETUP.dll => Moved successfully.
C:\Users\DetlefRita\dsetup32.dll => Moved successfully.
C:\Users\DetlefRita\DXSETUP.exe => Moved successfully.
"C:\Users\DetlefRita\AppData\Roaming\i.iniC:\Users\DetlefRita\AppData\Local\Temp\AskSLib.dll" => File/Directory not found.
C:\Users\DetlefRita\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\DetlefRita\AppData\Local\Temp\hrsccgwfpgftegakuj.exe => Moved successfully.
C:\Users\DetlefRita\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\DetlefRita\AppData\Local\Temp\omqlxpopnvigkqhfbgoxdbktrubkr.exe => Moved successfully.
C:\Users\DetlefRita\etjswxafswdjqwdmndy.bfg => Moved successfully.

==== End of Fixlog ====

schrauber 21.10.2013 15:56
Startet der Rechner normal?


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:40 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55