| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7 startet ausschließlich im abgesichertem Modus...Virus?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.07.2013, 01:22
| #1 |
 |  Windows 7 startet ausschließlich im abgesichertem Modus...Virus? Hallo Trojaner-Board, ich habe seid Montag Abend c.a 22 Uhr das Problem, dass mein Pc nur noch im abgesichertem Modus startet. Nach einer kleinen Internet Recherche fand ich heraus, dass ich zu ,,Ausführen" gehen soll dann ,,msconfig" eingeben muss und das Häkchen bei ,,Abgesicherter Start" entfernen soll. Bei mir war aber kein Häkchen also fand ich heraus, dass ich wahrscheinlich ein Virus oder ähnliches haben muss. Nachdem ich ein paar Programme gelöscht habe und Avast eine Vollständige Überprüfung durchgeführt hat, kam plötzlich eine Rote Meldung raus, dass ich angeblich einen Trojaner habe der, glaube ich, ,,LyricsMonkey" heißt. Anschließend hat Avast eine ziemlich lange Überprüfung gestartet (schwarzer Bildschirm mit weißer Schrift). Nach einiger Zeit hat er ,,LyricsMoney" gefunden und ich konnte Zahlen von 1-8 eingeben: 1=Löschen 2=Alle Löschen 3=In den Container verschieben 4=Alle in den Container verschieben 5=Reparieren 6=Alle reparieren 7=Ignorieren und 8=Alle ignorieren. Ich habe auf 1 gedrückt und nachdem Avast es gelöscht hat ging die Überprüfung weiter. Nach paar Stunden war er fertig und ich habe gehofft, dass es vorbei ist, aber leider startete Windows immer noch im abgesichertem Modus  . Nun bin ich verzweifelt und habe Angst, dass mein Pc kaputt ist. Da ich erst 14 Jahre bin hoffe ich, dass ihr versucht mir mit möglichst wenigen Fachwörtern zu erklären wie ich meinen Pc wieder zum laufen kriege. Ach ja dieser Beitrag ist mein erster hier auf diesem Forum und ich hoffe ich habe alle Regeln beachtet. LG Artur |
|
23.07.2013, 02:07
| #2 |
| /// TB-Ausbilder   | Windows 7 startet ausschließlich im abgesichertem Modus...Virus? Hallo,
__________________macht bitte im abgesicherten Modus einen FRST-Scan, damit wir mal sehen können, was da los ist: Downloade dir bitte die für dein System passende Version (32-bit/64-bit) von Farbar Recovery Scan Tool (FRST) und speichere es auf den Desktop. (Wenn du nicht sicher bist, welche du benötigst: Start -> Computer (Rechtsklick) -> Eigenschaften)
__________________ |
|
23.07.2013, 09:04
| #3 | |
| | Windows 7 startet ausschließlich im abgesichertem Modus...Virus? Hi Leo danke,dass du mir helfen möchtest.
__________________Hier ist FRST.txt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-07-2013 01
Ran by Arthur (administrator) on 23-07-2013 09:55:37
Running from C:\Users\Arthur\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Valve Corporation) E:\steam\Steam.exe
(SEC) C:\Program Files\MagicTune Premium\MagicTune.exe
() C:\Program Files\MagicTune Premium\GammaTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MagicTuneEngine] - C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe [53760 2010-12-14] ()
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKCU\...\Run: [Steam] - E:\steam\Steam.exe [1672616 2013-07-10] (Valve Corporation)
HKCU\...\Run: [SCheck] - C:\Users\Arthur\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [SSync] - C:\Users\Arthur\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKCU\...\Run: [DataMgr] - C:\Users\Arthur\AppData\Roaming\DataMgr\DataMgr.exe [168848 2013-06-26] (HTTO Group, Ltd.)
HKCU\...\Run: [Intermediate] - C:\Users\Arthur\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {0af69a7e-4464-11e2-b165-0025226e2469} - H:\SETUP.EXE
MountPoints2: {e1fbf440-4ac3-11e2-89d0-806e6f6e6963} - G:\Launcher.exe
MountPoints2: {ea260789-3e5f-11e2-9259-806e6f6e6963} - H:\LaunchU3.exe -a
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKU\Lena\...\Run: [uTorrent] - "C:\Users\Lena\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED [x]
HKU\Lena\...\Run: [Yontoo Desktop] - "C:\Users\Lena\AppData\Roaming\Yontoo\YontooDesktop.exe" [x]
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL [8704 2013-02-07] ()
AppInit_DLLs-x32: c:\progra~3\wincert\win32c~1.dll [7168 2013-02-07] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk
ShortcutTarget: GammaTray.exe.lnk -> C:\Program Files\MagicTune Premium\GammaTray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * bootdeletebootdeletebootdelete
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {C4AEC36F-CC2C-4C2D-B17B-47B8221E9488} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4485148048034755&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=261
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=261
SearchScopes: HKCU - {352FC33D-4B62-40F5-942F-A4E4F3FA10B3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=8A3D1516-7B37-4981-8DE1-AB52718B43E5&apn_sauid=A0939C45-06D8-451D-BAF3-EA877CBEEE78
SearchScopes: HKCU - {C4AEC36F-CC2C-4C2D-B17B-47B8221E9488} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4485148048034755&q={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Video downloader - {77BEC163-D389-42c1-91A4-C758846296A5} - No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Video downloader - {77BEC163-D389-42c1-91A4-C758846296A5} - No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Arthur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF HKLM\...\Firefox\Extensions: [{77BEC163-D389-42c1-91A4-C758846296A5}] C:\Program Files\Video downloader\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{77BEC163-D389-42c1-91A4-C758846296A5}] C:\Program Files\Video downloader\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [lyricsmonkey@mendoni.net] C:\Program Files (x86)\LyricsMonkey\FF\
FF Extension: No Name - C:\Program Files (x86)\LyricsMonkey\FF\
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.de/", ""
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Arthur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (YouTube) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0
CHR Extension: (avast! Online Security) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Gmail) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [khialnikbocfgkohdegnebhmmaifoglp] - C:\Program Files (x86)\LyricsMonkey\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Arthur\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-07-14] (SurfRight B.V.)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-22] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-22] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-22] ()
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
S3 hitmanpro37; C:\Windows\SysWow64\drivers\hitmanpro37.sys [30616 2013-07-22] ()
S0 hitmanpro37duringboot; C:\Windows\SysWow64\drivers\hitmanpro37.sys [30616 2013-07-22] ()
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [x]
S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-23 09:55 - 2013-07-23 09:55 - 00000000 ____D C:\FRST
2013-07-23 09:50 - 2013-07-23 09:50 - 01779447 _____ (Farbar) C:\Users\Arthur\Desktop\FRST64.exe
2013-07-22 22:49 - 2013-07-23 01:39 - 00000000 ____D C:\Windows\pss
2013-07-22 20:16 - 2013-07-22 20:16 - 00000132 _____ C:\Users\Arthur\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-07-22 20:11 - 2013-07-22 20:13 - 10339263 _____ C:\Users\Arthur\Downloads\Rijk van Nijmegen - Rivieren.mp4
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-22 16:03 - 2013-07-23 01:31 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-22 16:03 - 2013-07-22 16:04 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-22 16:03 - 2013-07-22 16:04 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-22 16:03 - 2013-07-22 16:04 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-22 16:03 - 2013-07-22 16:03 - 00001928 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-22 16:03 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-07-22 16:03 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-07-22 16:03 - 2013-05-09 10:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-07-22 16:03 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-07-22 16:03 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-07-22 16:03 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-07-22 15:42 - 2013-07-22 15:45 - 117478104 _____ C:\Users\Arthur\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-22 15:39 - 2013-07-22 20:15 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Adobe
2013-07-21 20:28 - 2013-07-21 20:28 - 00000040 ____H C:\1B50C1B368B1
2013-07-21 20:10 - 2013-07-21 20:19 - 294969288 _____ C:\Users\Arthur\Downloads\AfterEffects.rar
2013-07-21 20:10 - 2013-07-21 20:10 - 00000840 _____ C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-07-21 20:08 - 2013-07-21 20:08 - 01126480 _____ (BitTorrent Inc.) C:\Users\Arthur\Downloads\utorrent_3.3.1b29812.exe
2013-07-21 17:41 - 2013-07-21 17:41 - 00003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ADDIS-PC-Arthur
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\Documents\Adobe
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PDAppFlex
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PACE Anti-Piracy
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Local\PACE Anti-Piracy
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-07-21 17:35 - 2013-07-21 17:35 - 00000000 ____D C:\Program Files (x86)\My Company Name
2013-07-21 17:35 - 2011-11-03 03:01 - 00056208 ____N (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys
2013-07-21 17:35 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys
2013-07-21 17:35 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys
2013-07-21 17:24 - 2013-07-21 17:26 - 00000000 ____D C:\Users\Arthur\Desktop\Adobe Premiere Pro CS6
2013-07-20 11:34 - 2013-07-20 11:34 - 00000000 ____D C:\Users\Arthur\Documents\Rockstar Games
2013-07-20 11:14 - 2013-07-20 11:14 - 00000000 __SHD C:\ProgramData\SecuROM
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\SSync
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\SCheck
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Intermediate
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\DataMgr
2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PiccShare
2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Common
2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Users\Arthur\Documents\Games for Windows - LIVE Demos
2013-07-20 10:56 - 2013-07-20 10:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-07-20 10:35 - 2013-07-20 11:14 - 00000000 ____D C:\Users\Arthur\AppData\Local\Rockstar Games
2013-07-20 10:33 - 2013-07-20 10:33 - 00000600 _____ C:\Users\Arthur\Desktop\Grand Theft Auto IV.lnk
2013-07-17 22:48 - 2013-07-17 22:49 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 08:32 - 2013-07-19 21:57 - 00000214 _____ C:\Users\Arthur\Desktop\rominfo.txt
2013-07-16 18:13 - 2013-07-19 22:22 - 00002048 _____ C:\Users\Arthur\Desktop\Super Mario World.srm
2013-07-16 18:12 - 2013-07-19 22:22 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zst
2013-07-16 18:08 - 2013-07-19 22:22 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zss
2013-07-15 21:49 - 2013-07-15 21:49 - 414046739 _____ C:\Windows\MEMORY.DMP
2013-07-15 21:49 - 2013-07-15 21:49 - 00307440 _____ C:\Windows\Minidump\071513-18018-01.dmp
2013-07-15 21:49 - 2013-07-15 21:49 - 00000000 ____D C:\Windows\Minidump
2013-07-15 15:03 - 2013-07-22 22:33 - 00011370 _____ C:\Windows\SysWOW64\.crusader
2013-07-15 15:03 - 2012-08-31 19:57 - 01687408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\ntfs.sys
2013-07-15 15:03 - 2010-11-20 14:17 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-07-15 15:03 - 2009-07-14 04:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storsvc.dll
2013-07-14 18:20 - 2013-07-22 22:36 - 00030616 _____ C:\Windows\SysWOW64\Drivers\hitmanpro37.sys
2013-07-14 13:17 - 2013-07-14 13:18 - 00000000 ____D C:\Program Files (x86)\Zoom Player
2013-07-11 17:33 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 17:33 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 17:33 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 17:33 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 17:33 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 17:33 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 17:33 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 17:33 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 17:33 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 15:43 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 15:43 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 15:43 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 15:43 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 15:43 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 15:42 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 15:42 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-04 19:18 - 2013-07-04 20:30 - 02419006 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz3.ppsx
2013-07-04 18:35 - 2013-07-04 19:18 - 02418995 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz1.pptx
2013-07-04 18:35 - 2013-07-04 18:35 - 02418812 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz2.ppsx
2013-07-04 15:35 - 2013-07-04 15:35 - 00005363 _____ C:\Users\Arthur\Documents\Alcatraz.wlmp
2013-07-04 14:36 - 2013-07-04 15:18 - 02326429 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz.pptx
2013-07-01 18:43 - 2013-07-01 18:43 - 00002218 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-06-25 16:38 - 2013-06-25 16:38 - 00013214 _____ C:\Users\Arthur\Documents\Mathe S.186 Nr 1.xlsx
2013-06-24 21:38 - 2013-06-24 21:38 - 00001473 _____ C:\Users\Arthur\AppData\Local\RecConfig.xml
2013-06-24 21:18 - 2013-06-24 21:19 - 00003992 _____ C:\AdwCleaner[S2].txt
2013-06-24 21:17 - 2013-06-24 21:17 - 00004439 _____ C:\AdwCleaner[R2].txt
2013-06-24 21:15 - 2013-06-24 21:15 - 00648201 _____ C:\Users\Arthur\Downloads\AdwCleaner.exe
2013-06-24 16:36 - 2013-06-24 21:03 - 00515574 _____ C:\spyhunter.fix
2013-06-24 16:04 - 2013-06-24 21:11 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-06-24 16:04 - 2013-06-24 16:04 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2013-06-24 16:00 - 2013-07-21 21:49 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\uTorrent
==================== One Month Modified Files and Folders =======
2013-07-23 09:55 - 2013-07-23 09:55 - 00000000 ____D C:\FRST
2013-07-23 09:54 - 2013-05-13 15:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-23 09:54 - 2012-12-17 21:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-07-23 09:54 - 2012-12-12 16:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 09:52 - 2009-07-14 06:45 - 00014528 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 09:52 - 2009-07-14 06:45 - 00014528 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 09:51 - 2013-05-13 15:30 - 00000000 ____D C:\Program Files\Microsoft Office
2013-07-23 09:50 - 2013-07-23 09:50 - 01779447 _____ (Farbar) C:\Users\Arthur\Desktop\FRST64.exe
2013-07-23 09:50 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-23 09:47 - 2012-12-06 15:33 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Skype
2013-07-23 09:44 - 2013-05-13 16:13 - 00008545 _____ C:\Windows\setupact.log
2013-07-23 09:44 - 2012-12-06 15:01 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-23 09:44 - 2012-12-05 00:34 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-23 09:44 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 02:28 - 2012-12-05 00:19 - 01926650 _____ C:\Windows\WindowsUpdate.log
2013-07-23 02:21 - 2012-12-06 15:01 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-23 02:00 - 2012-12-28 22:42 - 00000000 ____D C:\Users\Arthur\AppData\Local\Adobe
2013-07-23 01:44 - 2013-03-30 23:46 - 00000000 ____D C:\Program Files\Adobe
2013-07-23 01:44 - 2012-12-13 14:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-23 01:44 - 2012-12-12 16:54 - 00000000 ____D C:\ProgramData\Adobe
2013-07-23 01:43 - 2013-03-30 23:43 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-23 01:39 - 2013-07-22 22:49 - 00000000 ____D C:\Windows\pss
2013-07-23 01:31 - 2013-07-22 16:03 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-22 23:37 - 2013-04-23 20:34 - 00000000 ____D C:\Program Files (x86)\LyricsMonkey
2013-07-22 23:13 - 2013-04-11 17:35 - 00000000 ____D C:\Users\Arthur\AppData\Local\Sony
2013-07-22 23:13 - 2013-04-11 17:35 - 00000000 ____D C:\ProgramData\Sony
2013-07-22 23:10 - 2012-12-19 19:57 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-07-22 23:08 - 2012-12-06 15:01 - 00004116 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-22 23:08 - 2012-12-06 15:01 - 00003864 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-22 23:07 - 2013-02-09 15:44 - 00002952 _____ C:\Windows\System32\Tasks\{23A7EE5B-8126-4140-9EDD-6FB26AA5D81B}
2013-07-22 23:07 - 2012-12-20 18:37 - 00003694 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2013-07-22 23:06 - 2012-12-06 15:01 - 00000000 ____D C:\Users\Arthur\AppData\Local\Google
2013-07-22 23:06 - 2012-12-06 15:01 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-22 22:36 - 2013-07-14 18:20 - 00030616 _____ C:\Windows\SysWOW64\Drivers\hitmanpro37.sys
2013-07-22 22:33 - 2013-07-15 15:03 - 00011370 _____ C:\Windows\SysWOW64\.crusader
2013-07-22 22:33 - 2013-06-02 19:29 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-22 20:16 - 2013-07-22 20:16 - 00000132 _____ C:\Users\Arthur\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-07-22 20:15 - 2013-07-22 15:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Adobe
2013-07-22 20:13 - 2013-07-22 20:11 - 10339263 _____ C:\Users\Arthur\Downloads\Rijk van Nijmegen - Rivieren.mp4
2013-07-22 19:37 - 2012-12-06 15:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-22 19:37 - 2012-12-06 15:27 - 00000000 ____D C:\ProgramData\Skype
2013-07-22 17:41 - 2009-07-14 19:58 - 00696904 _____ C:\Windows\system32\perfh007.dat
2013-07-22 17:41 - 2009-07-14 19:58 - 00148200 _____ C:\Windows\system32\perfc007.dat
2013-07-22 17:41 - 2009-07-14 07:13 - 01613644 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-22 16:04 - 2013-07-22 16:03 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-22 16:04 - 2013-07-22 16:03 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-22 16:04 - 2013-07-22 16:03 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-22 16:03 - 2013-07-22 16:03 - 00001928 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-22 16:03 - 2013-04-01 15:52 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-22 16:03 - 2013-04-01 15:52 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-22 16:03 - 2013-04-01 15:51 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-22 15:47 - 2013-04-27 13:52 - 00082000 _____ C:\Windows\PFRO.log
2013-07-22 15:46 - 2013-01-06 22:28 - 00000000 ____D C:\Users\hedev
2013-07-22 15:45 - 2013-07-22 15:42 - 117478104 _____ C:\Users\Arthur\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-22 15:39 - 2009-07-14 06:45 - 05070528 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-21 21:49 - 2013-06-24 16:00 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\uTorrent
2013-07-21 20:28 - 2013-07-21 20:28 - 00000040 ____H C:\1B50C1B368B1
2013-07-21 20:19 - 2013-07-21 20:10 - 294969288 _____ C:\Users\Arthur\Downloads\AfterEffects.rar
2013-07-21 20:10 - 2013-07-21 20:10 - 00000840 _____ C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-07-21 20:08 - 2013-07-21 20:08 - 01126480 _____ (BitTorrent Inc.) C:\Users\Arthur\Downloads\utorrent_3.3.1b29812.exe
2013-07-21 17:41 - 2013-07-21 17:41 - 00003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ADDIS-PC-Arthur
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\Documents\Adobe
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PDAppFlex
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PACE Anti-Piracy
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Local\PACE Anti-Piracy
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-07-21 17:39 - 2012-12-16 13:34 - 00000000 ___HD C:\Users\Arthur\AppData\Local\Il1yeC94tyS
2013-07-21 17:39 - 2012-12-05 01:01 - 00117664 _____ C:\Users\Arthur\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-21 17:38 - 2013-03-30 14:33 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-21 17:35 - 2013-07-21 17:35 - 00000000 ____D C:\Program Files (x86)\My Company Name
2013-07-21 17:26 - 2013-07-21 17:24 - 00000000 ____D C:\Users\Arthur\Desktop\Adobe Premiere Pro CS6
2013-07-20 11:34 - 2013-07-20 11:34 - 00000000 ____D C:\Users\Arthur\Documents\Rockstar Games
2013-07-20 11:14 - 2013-07-20 11:14 - 00000000 __SHD C:\ProgramData\SecuROM
2013-07-20 11:14 - 2013-07-20 10:35 - 00000000 ____D C:\Users\Arthur\AppData\Local\Rockstar Games
2013-07-20 11:14 - 2012-12-06 17:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\SSync
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\SCheck
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Intermediate
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\DataMgr
2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PiccShare
2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Common
2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Users\Arthur\Documents\Games for Windows - LIVE Demos
2013-07-20 10:57 - 2013-07-20 10:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-07-20 10:33 - 2013-07-20 10:33 - 00000600 _____ C:\Users\Arthur\Desktop\Grand Theft Auto IV.lnk
2013-07-19 22:22 - 2013-07-16 18:13 - 00002048 _____ C:\Users\Arthur\Desktop\Super Mario World.srm
2013-07-19 22:22 - 2013-07-16 18:12 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zst
2013-07-19 22:22 - 2013-07-16 18:08 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zss
2013-07-19 21:57 - 2013-07-17 08:32 - 00000214 _____ C:\Users\Arthur\Desktop\rominfo.txt
2013-07-17 22:49 - 2013-07-17 22:48 - 00000000 ____D C:\Windows\system32\MRT
2013-07-15 21:49 - 2013-07-15 21:49 - 414046739 _____ C:\Windows\MEMORY.DMP
2013-07-15 21:49 - 2013-07-15 21:49 - 00307440 _____ C:\Windows\Minidump\071513-18018-01.dmp
2013-07-15 21:49 - 2013-07-15 21:49 - 00000000 ____D C:\Windows\Minidump
2013-07-14 13:18 - 2013-07-14 13:17 - 00000000 ____D C:\Program Files (x86)\Zoom Player
2013-07-14 13:13 - 2013-05-17 20:20 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\FreeVideoConverter
2013-07-14 13:12 - 2012-12-06 16:00 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\vlc
2013-07-13 21:31 - 2013-05-14 19:18 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-11 18:54 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-11 18:52 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 18:52 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 18:52 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-09 20:59 - 2013-02-15 21:25 - 00017408 ____H C:\Users\Arthur\Downloads\photothumb.db
2013-07-09 20:59 - 2012-12-06 21:48 - 00001037 _____ C:\Users\Arthur\Desktop\PhotoScape.lnk
2013-07-09 20:59 - 2012-12-06 21:48 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2013-07-05 20:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-04 20:51 - 2013-01-01 23:52 - 00272384 ___SH C:\Users\Arthur\Documents\Thumbs.db
2013-07-04 20:30 - 2013-07-04 19:18 - 02419006 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz3.ppsx
2013-07-04 19:18 - 2013-07-04 18:35 - 02418995 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz1.pptx
2013-07-04 18:42 - 2013-05-13 15:30 - 00000000 ____D C:\Users\Arthur\AppData\Local\Microsoft Help
2013-07-04 18:41 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-07-04 18:35 - 2013-07-04 18:35 - 02418812 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz2.ppsx
2013-07-04 15:35 - 2013-07-04 15:35 - 00005363 _____ C:\Users\Arthur\Documents\Alcatraz.wlmp
2013-07-04 15:32 - 2013-01-01 20:50 - 00000000 ____D C:\Users\Arthur\AppData\Local\Windows Live
2013-07-04 15:18 - 2013-07-04 14:36 - 02326429 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz.pptx
2013-07-04 15:13 - 2009-07-14 20:18 - 00000000 ____D C:\Windows\ShellNew
2013-07-01 18:43 - 2013-07-01 18:43 - 00002218 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-06-29 23:57 - 2012-12-06 15:33 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-06-29 22:25 - 2012-12-06 15:27 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 16:38 - 2013-06-25 16:38 - 00013214 _____ C:\Users\Arthur\Documents\Mathe S.186 Nr 1.xlsx
2013-06-24 21:49 - 2013-03-04 21:38 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Audacity
2013-06-24 21:38 - 2013-06-24 21:38 - 00001473 _____ C:\Users\Arthur\AppData\Local\RecConfig.xml
2013-06-24 21:19 - 2013-06-24 21:18 - 00003992 _____ C:\AdwCleaner[S2].txt
2013-06-24 21:17 - 2013-06-24 21:17 - 00004439 _____ C:\AdwCleaner[R2].txt
2013-06-24 21:15 - 2013-06-24 21:15 - 00648201 _____ C:\Users\Arthur\Downloads\AdwCleaner.exe
2013-06-24 21:11 - 2013-06-24 16:04 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-06-24 21:03 - 2013-06-24 16:36 - 00515574 _____ C:\spyhunter.fix
2013-06-24 16:04 - 2013-06-24 16:04 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2013-06-24 00:57 - 2012-12-06 17:46 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Files to move or delete:
====================
C:\ProgramData\ntuser.dat
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 19:57
==================== End Of Log ============================
--- --- --- Und hier ist Addition.txt Zitat:
LG Artur |
|
23.07.2013, 19:41
| #4 |
| /// TB-Ausbilder | Windows 7 startet ausschließlich im abgesichertem Modus...Virus? Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Scan mit Combofix
Schritt 3 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
23.07.2013, 20:52
| #5 | |||
| | Windows 7 startet ausschließlich im abgesichertem Modus...Virus? Nachdem ich Combofix ausgeführt, bzw. nachdem ich die .txt Datei erhalten habe, kann ich nicht mehr Google Chrome und Internet Explorer öffnen.Es direkt nachdem ich doppel klick gemacht habe Zitat:
Zitat:
Oh Entschuldigung ich sehe gerade,dass du gesagt hast das ich den Pc neustarten soll. So also zuerst AdwCleaner.txt Zitat:
Combofix Logfile: Code:
ATTFilter ComboFix 13-07-23.01 - Arthur 23.07.2013 21:16:03.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4095.2477 [GMT 2:00]
ausgeführt von:: c:\users\Arthur\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk
c:\programdata\ntuser.dat
c:\programdata\Wincert\WIN32C~1.DLL
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\frapsvid.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-23 bis 2013-07-23 ))))))))))))))))))))))))))))))
.
.
2013-07-23 19:21 . 2013-07-23 19:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-23 19:21 . 2013-07-23 19:21 -------- d-----w- c:\users\UpdatusUser.ADDIS-PC\AppData\Local\temp
2013-07-23 19:21 . 2013-07-23 19:21 -------- d-----w- c:\users\Lena\AppData\Local\temp
2013-07-23 11:10 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{384C0252-2C98-4B6B-83F9-7C5253C58E42}\mpengine.dll
2013-07-23 07:55 . 2013-07-23 07:55 -------- d-----w- C:\FRST
2013-07-22 14:03 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-07-22 14:03 . 2013-07-22 14:04 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-07-22 14:03 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-07-22 14:03 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-07-22 14:03 . 2013-07-22 14:04 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-07-22 14:03 . 2013-07-22 14:04 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-07-22 14:03 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-07-22 14:03 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-07-22 14:03 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-07-21 15:39 . 2013-07-21 15:39 -------- d-----w- c:\users\Arthur\AppData\Roaming\PACE Anti-Piracy
2013-07-21 15:39 . 2013-07-21 15:39 -------- d-----w- c:\programdata\PACE Anti-Piracy
2013-07-21 15:39 . 2013-07-21 15:39 -------- d-----w- c:\users\Arthur\AppData\Local\PACE Anti-Piracy
2013-07-21 15:39 . 2013-07-21 15:39 -------- d-----w- c:\users\Arthur\AppData\Roaming\PDAppFlex
2013-07-21 15:35 . 2011-11-03 01:01 56208 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2013-07-21 15:35 . 2011-10-17 01:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2013-07-21 15:35 . 2011-10-17 01:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2013-07-21 15:35 . 2013-07-21 15:35 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2013-07-21 15:35 . 2013-07-21 15:35 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2013-07-21 15:35 . 2013-07-21 15:35 -------- d-----w- c:\program files (x86)\My Company Name
2013-07-20 09:14 . 2013-07-20 09:14 -------- d-sh--w- c:\programdata\SecuROM
2013-07-20 09:04 . 2013-07-20 09:04 -------- d-----w- c:\users\Arthur\AppData\Roaming\SSync
2013-07-20 09:04 . 2013-07-20 09:04 -------- d-----w- c:\users\Arthur\AppData\Roaming\SCheck
2013-07-20 09:04 . 2013-07-20 09:04 -------- d-----w- c:\users\Arthur\AppData\Roaming\Intermediate
2013-07-20 09:02 . 2013-07-20 09:02 -------- d-----w- c:\users\Arthur\AppData\Roaming\PiccShare
2013-07-20 09:02 . 2013-07-20 09:02 -------- d-----w- c:\users\Arthur\AppData\Roaming\Common
2013-07-20 08:57 . 2013-07-20 08:57 -------- d-----w- c:\windows\SysWow64\xlive
2013-07-20 08:56 . 2013-07-20 08:57 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2013-07-20 08:35 . 2013-07-20 09:14 -------- d-----w- c:\users\Arthur\AppData\Local\Rockstar Games
2013-07-17 20:48 . 2013-07-17 20:49 -------- d-----w- c:\windows\system32\MRT
2013-07-15 13:03 . 2009-07-14 02:57 23552 ----a-w- c:\windows\SysWow64\storsvc.dll
2013-07-15 13:03 . 2012-08-31 17:57 1687408 ----a-w- c:\windows\SysWow64\drivers\ntfs.sys
2013-07-14 16:20 . 2013-07-22 20:36 30616 ----a-w- c:\windows\SysWow64\drivers\hitmanpro37.sys
2013-07-14 11:17 . 2013-07-14 11:18 -------- d-----w- c:\program files (x86)\Zoom Player
2013-07-11 13:44 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-11 13:44 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-11 13:44 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-11 13:44 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 13:44 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-11 13:44 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-11 13:44 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 13:43 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 13:43 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-11 13:43 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 13:43 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 13:43 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 13:43 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 13:43 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 13:43 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 13:43 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 13:43 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 13:42 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-11 13:42 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-06-24 14:04 . 2013-06-24 14:04 -------- d-----w- c:\program files (x86)\Enigma Software Group
2013-06-24 14:04 . 2013-06-24 19:11 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-06-24 14:00 . 2013-07-21 19:49 -------- d-----w- c:\users\Arthur\AppData\Roaming\uTorrent
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-23 22:57 . 2012-12-06 15:46 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 12:55 . 2012-12-12 14:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 12:55 . 2012-12-12 14:55 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-02 17:17 . 2013-06-02 17:16 234 ----a-w- c:\windows\DeleteOnReboot.bat
2013-05-13 05:51 . 2013-06-12 12:59 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 12:59 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 12:59 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 12:59 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 12:59 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 12:59 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 12:59 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 12:59 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 12:59 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 12:59 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-11 11:03 . 2012-07-17 13:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 05:49 . 2013-06-12 13:00 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 13:00 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-09 08:58 . 2013-04-01 13:52 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-08 06:39 . 2013-06-12 13:00 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 00:06 . 2012-12-06 13:03 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-30 17:46 . 2013-04-30 17:46 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 17:46 . 2013-04-30 17:46 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-30 17:46 . 2013-04-30 17:46 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-30 17:46 . 2013-04-30 17:46 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 17:46 . 2013-04-30 17:46 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-30 17:46 . 2013-04-30 17:46 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-30 17:46 . 2013-04-30 17:46 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-30 17:46 . 2013-04-30 17:46 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-30 17:46 . 2013-04-30 17:46 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-30 17:46 . 2013-04-30 17:46 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-30 17:46 . 2013-04-30 17:46 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 17:46 . 2013-04-30 17:46 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-30 17:46 . 2013-04-30 17:46 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 17:46 . 2013-04-30 17:46 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 17:46 . 2013-04-30 17:46 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-30 17:46 . 2013-04-30 17:46 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-30 17:46 . 2013-04-30 17:46 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-30 17:46 . 2013-04-30 17:46 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 17:46 . 2013-04-30 17:46 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-30 17:46 . 2013-04-30 17:46 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-30 17:46 . 2013-04-30 17:46 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 17:46 . 2013-04-30 17:46 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-30 17:46 . 2013-04-30 17:46 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 17:46 . 2013-04-30 17:46 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-30 17:46 . 2013-04-30 17:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 17:46 . 2013-04-30 17:46 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-30 17:46 . 2013-04-30 17:46 441856 ----a-w- c:\windows\system32\html.iec
2013-04-30 17:46 . 2013-04-30 17:46 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-30 17:46 . 2013-04-30 17:46 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-30 17:46 . 2013-04-30 17:46 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 17:46 . 2013-04-30 17:46 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-30 17:46 . 2013-04-30 17:46 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-30 17:46 . 2013-04-30 17:46 235008 ----a-w- c:\windows\system32\url.dll
2013-04-30 17:46 . 2013-04-30 17:46 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-30 17:46 . 2013-04-30 17:46 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 17:46 . 2013-04-30 17:46 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-30 17:46 . 2013-04-30 17:46 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 17:46 . 2013-04-30 17:46 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 17:46 . 2013-04-30 17:46 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 17:46 . 2013-04-30 17:46 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-30 17:46 . 2013-04-30 17:46 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 17:46 . 2013-04-30 17:46 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-30 17:46 . 2013-04-30 17:46 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-30 17:46 . 2013-04-30 17:46 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 17:46 . 2013-04-30 17:46 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-30 17:46 . 2013-04-30 17:46 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 17:46 . 2013-04-30 17:46 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-30 17:46 . 2013-04-30 17:46 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 17:46 . 2013-04-30 17:46 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-30 17:45 . 2013-04-30 17:45 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-30 17:45 . 2013-04-30 17:45 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-30 17:45 . 2013-04-30 17:45 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-30 17:45 . 2013-04-30 17:45 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-30 17:45 . 2013-04-30 17:45 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-04-30 17:45 . 2013-04-30 17:45 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-04-30 17:45 . 2013-04-30 17:45 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-30 17:45 . 2013-04-30 17:45 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-30 17:45 . 2013-04-30 17:45 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-04-30 17:45 . 2013-04-30 17:45 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-04-30 17:45 . 2013-04-30 17:45 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-04-30 17:45 . 2013-04-30 17:45 363008 ----a-w- c:\windows\system32\dxgi.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\steam\Steam.exe" [2013-07-10 1672616]
"SCheck"="c:\users\Arthur\AppData\Roaming\SCheck\SCheck.exe" [2013-04-09 36864]
"SSync"="c:\users\Arthur\AppData\Roaming\SSync\SSync.exe" [2013-04-09 36864]
"Intermediate"="c:\users\Arthur\AppData\Roaming\Intermediate\Intermediate.exe" [2013-04-09 36864]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE OC_GURU.lnk - c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe [2012-7-23 17432576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete\0bootdelete\0bootdelete
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="E:\QTTask.exe" -atboottime
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe"
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"SweetIM"=c:\program files (x86)\SweetIM\Messenger\SweetIM.exe
"Sweetpacks Communicator"=c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
"BrMfcWnd"=c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" /checkassoc
"QuickTime Task"="E:\QTTask.exe" -atboottime
.
R0 hitmanpro37duringboot;hitmanpro37duringboot;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GPCIDrv;GPCIDrv;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0; [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 19:29 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-12 12:55]
.
2013-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-06 13:01]
.
2013-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-06 13:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MagicTuneEngine"="c:\program files\MagicTune Premium\MagicTuneLauncher.exe" [2010-12-14 53760]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{77BEC163-D389-42c1-91A4-C758846296A5} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{77BEC163-D389-42c1-91A4-C758846296A5} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-950287045-4052571293-3502393058-1000\Software\SecuROM\License information*]
"datasecu"=hex:b0,87,95,82,9f,6f,08,58,ce,32,14,8d,48,66,e5,5a,9c,32,5e,0f,d8,
58,f6,00,b1,0c,d2,b0,62,c8,26,5b,64,34,43,c4,b3,87,22,86,66,09,2d,dc,9e,88,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\brsvc01a.exe
c:\windows\SysWOW64\brss01a.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-23 21:26:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-07-23 19:26
.
Vor Suchlauf: 13 Verzeichnis(se), 74.093.682.688 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 74.959.994.880 Bytes frei
.
- - End Of File - - 372EEF762E3FAF45F8DCE5ABBCE59519
A36C5E4F47E84449FF07ED3517B43A31 [/QUOTE] Und zuletzt FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2013
Ran by Arthur (administrator) on 23-07-2013 21:47:33
Running from C:\Users\Arthur\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Valve Corporation) E:\steam\Steam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(SEC) C:\Program Files\MagicTune Premium\MagicTune.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MagicTuneEngine] - C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe [53760 2010-12-14] ()
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKCU\...\Run: [Steam] - E:\steam\Steam.exe [1672616 2013-07-10] (Valve Corporation)
HKCU\...\Run: [SCheck] - C:\Users\Arthur\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [SSync] - C:\Users\Arthur\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKCU\...\Run: [Intermediate] - C:\Users\Arthur\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKU\Lena\...\Run: [uTorrent] - "C:\Users\Lena\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED [x]
HKU\Lena\...\Run: [Yontoo Desktop] - "C:\Users\Lena\AppData\Roaming\Yontoo\YontooDesktop.exe" [x]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * bootdeletebootdeletebootdelete
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {C4AEC36F-CC2C-4C2D-B17B-47B8221E9488} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4485148048034755&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=261
SearchScopes: HKCU - {352FC33D-4B62-40F5-942F-A4E4F3FA10B3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=8A3D1516-7B37-4981-8DE1-AB52718B43E5&apn_sauid=A0939C45-06D8-451D-BAF3-EA877CBEEE78
SearchScopes: HKCU - {C4AEC36F-CC2C-4C2D-B17B-47B8221E9488} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4485148048034755&q={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Video downloader - {77BEC163-D389-42c1-91A4-C758846296A5} - No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Arthur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF HKLM\...\Firefox\Extensions: [{77BEC163-D389-42c1-91A4-C758846296A5}] C:\Program Files\Video downloader\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{77BEC163-D389-42c1-91A4-C758846296A5}] C:\Program Files\Video downloader\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [lyricsmonkey@mendoni.net] C:\Program Files (x86)\LyricsMonkey\FF\
FF Extension: No Name - C:\Program Files (x86)\LyricsMonkey\FF\
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Arthur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Amazon-Icon) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Arthur\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-07-14] (SurfRight B.V.)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-22] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-22] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-22] ()
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
S3 hitmanpro37; C:\Windows\SysWow64\drivers\hitmanpro37.sys [30616 2013-07-22] ()
S0 hitmanpro37duringboot; C:\Windows\SysWow64\drivers\hitmanpro37.sys [30616 2013-07-22] ()
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [x]
S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-23 21:47 - 2013-07-23 21:47 - 01779757 _____ (Farbar) C:\Users\Arthur\Downloads\FRST64.exe
2013-07-23 21:28 - 2013-07-23 21:28 - 00030221 _____ C:\Users\Arthur\Desktop\combofixtext.txt
2013-07-23 21:26 - 2013-07-23 21:26 - 00030221 _____ C:\ComboFix.txt
2013-07-23 21:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-23 21:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-23 21:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-23 21:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-23 21:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-23 21:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-23 21:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-23 21:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-23 21:12 - 2013-07-23 21:26 - 00000000 ____D C:\Qoobox
2013-07-23 21:12 - 2013-07-23 21:25 - 00000000 ____D C:\Windows\erdnt
2013-07-23 21:09 - 2013-07-23 21:10 - 05092552 ____R (Swearware) C:\Users\Arthur\Desktop\ComboFix.exe
2013-07-23 21:08 - 2013-07-23 21:08 - 00001771 _____ C:\Users\Arthur\Desktop\AdwCleaner[S3].txt
2013-07-23 21:04 - 2013-07-23 21:05 - 00001771 _____ C:\AdwCleaner[S3].txt
2013-07-23 21:03 - 2013-07-23 21:03 - 00666633 _____ C:\Users\Arthur\Desktop\adwcleaner06.exe
2013-07-23 09:56 - 2013-07-23 09:56 - 00032932 _____ C:\Users\Arthur\Desktop\Addition.txt
2013-07-23 09:55 - 2013-07-23 09:55 - 00000000 ____D C:\FRST
2013-07-22 22:49 - 2013-07-23 01:39 - 00000000 ____D C:\Windows\pss
2013-07-22 20:16 - 2013-07-22 20:16 - 00000132 _____ C:\Users\Arthur\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-07-22 20:11 - 2013-07-22 20:13 - 10339263 _____ C:\Users\Arthur\Downloads\Rijk van Nijmegen - Rivieren.mp4
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-22 16:03 - 2013-07-23 17:20 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-22 16:03 - 2013-07-22 16:04 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-22 16:03 - 2013-07-22 16:04 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-22 16:03 - 2013-07-22 16:04 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-22 16:03 - 2013-07-22 16:03 - 00001928 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-22 16:03 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-07-22 16:03 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-07-22 16:03 - 2013-05-09 10:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-07-22 16:03 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-07-22 16:03 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-07-22 16:03 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-07-22 15:42 - 2013-07-22 15:45 - 117478104 _____ C:\Users\Arthur\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-22 15:39 - 2013-07-23 13:01 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Adobe
2013-07-21 20:28 - 2013-07-21 20:28 - 00000040 ____H C:\1B50C1B368B1
2013-07-21 20:10 - 2013-07-21 20:19 - 294969288 _____ C:\Users\Arthur\Downloads\AfterEffects.rar
2013-07-21 20:10 - 2013-07-21 20:10 - 00000840 _____ C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-07-21 20:08 - 2013-07-21 20:08 - 01126480 _____ (BitTorrent Inc.) C:\Users\Arthur\Downloads\utorrent_3.3.1b29812.exe
2013-07-21 17:41 - 2013-07-21 17:41 - 00003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ADDIS-PC-Arthur
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\Documents\Adobe
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PDAppFlex
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PACE Anti-Piracy
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Local\PACE Anti-Piracy
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-07-21 17:35 - 2013-07-21 17:35 - 00000000 ____D C:\Program Files (x86)\My Company Name
2013-07-21 17:35 - 2011-11-03 03:01 - 00056208 ____N (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys
2013-07-21 17:35 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys
2013-07-21 17:35 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys
2013-07-21 17:24 - 2013-07-21 17:26 - 00000000 ____D C:\Users\Arthur\Desktop\Adobe Premiere Pro CS6
2013-07-20 11:34 - 2013-07-20 11:34 - 00000000 ____D C:\Users\Arthur\Documents\Rockstar Games
2013-07-20 11:14 - 2013-07-20 11:14 - 00000000 __SHD C:\ProgramData\SecuROM
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\SSync
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\SCheck
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Intermediate
2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PiccShare
2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Common
2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Users\Arthur\Documents\Games for Windows - LIVE Demos
2013-07-20 10:56 - 2013-07-20 10:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-07-20 10:35 - 2013-07-20 11:14 - 00000000 ____D C:\Users\Arthur\AppData\Local\Rockstar Games
2013-07-20 10:33 - 2013-07-20 10:33 - 00000600 _____ C:\Users\Arthur\Desktop\Grand Theft Auto IV.lnk
2013-07-17 22:48 - 2013-07-17 22:49 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 08:32 - 2013-07-19 21:57 - 00000214 _____ C:\Users\Arthur\Desktop\rominfo.txt
2013-07-16 18:13 - 2013-07-19 22:22 - 00002048 _____ C:\Users\Arthur\Desktop\Super Mario World.srm
2013-07-16 18:12 - 2013-07-19 22:22 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zst
2013-07-16 18:08 - 2013-07-19 22:22 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zss
2013-07-15 21:49 - 2013-07-15 21:49 - 414046739 _____ C:\Windows\MEMORY.DMP
2013-07-15 21:49 - 2013-07-15 21:49 - 00307440 _____ C:\Windows\Minidump\071513-18018-01.dmp
2013-07-15 21:49 - 2013-07-15 21:49 - 00000000 ____D C:\Windows\Minidump
2013-07-15 15:03 - 2013-07-22 22:33 - 00011370 _____ C:\Windows\SysWOW64\.crusader
2013-07-15 15:03 - 2012-08-31 19:57 - 01687408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\ntfs.sys
2013-07-15 15:03 - 2010-11-20 14:17 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-07-15 15:03 - 2009-07-14 04:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storsvc.dll
2013-07-14 18:20 - 2013-07-22 22:36 - 00030616 _____ C:\Windows\SysWOW64\Drivers\hitmanpro37.sys
2013-07-14 13:17 - 2013-07-14 13:18 - 00000000 ____D C:\Program Files (x86)\Zoom Player
2013-07-11 17:33 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 17:33 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 17:33 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 17:33 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 17:33 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 17:33 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 17:33 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 17:33 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 17:33 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 17:33 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 17:33 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 17:33 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 15:43 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 15:43 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 15:43 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 15:43 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 15:43 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 15:42 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 15:42 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-04 19:18 - 2013-07-04 20:30 - 02419006 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz3.ppsx
2013-07-04 18:35 - 2013-07-04 19:18 - 02418995 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz1.pptx
2013-07-04 18:35 - 2013-07-04 18:35 - 02418812 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz2.ppsx
2013-07-04 15:35 - 2013-07-04 15:35 - 00005363 _____ C:\Users\Arthur\Documents\Alcatraz.wlmp
2013-07-04 14:36 - 2013-07-04 15:18 - 02326429 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz.pptx
2013-06-25 16:38 - 2013-06-25 16:38 - 00013214 _____ C:\Users\Arthur\Documents\Mathe S.186 Nr 1.xlsx
2013-06-24 21:38 - 2013-06-24 21:38 - 00001473 _____ C:\Users\Arthur\AppData\Local\RecConfig.xml
2013-06-24 21:18 - 2013-06-24 21:19 - 00003992 _____ C:\AdwCleaner[S2].txt
2013-06-24 21:17 - 2013-06-24 21:17 - 00004439 _____ C:\AdwCleaner[R2].txt
2013-06-24 16:36 - 2013-06-24 21:03 - 00515574 _____ C:\spyhunter.fix
2013-06-24 16:04 - 2013-06-24 21:11 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-06-24 16:04 - 2013-06-24 16:04 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2013-06-24 16:00 - 2013-07-21 21:49 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\uTorrent
==================== One Month Modified Files and Folders =======
2013-07-23 21:47 - 2013-07-23 21:47 - 01779757 _____ (Farbar) C:\Users\Arthur\Downloads\FRST64.exe
2013-07-23 21:42 - 2012-12-06 15:33 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Skype
2013-07-23 21:41 - 2013-05-13 16:13 - 00008825 _____ C:\Windows\setupact.log
2013-07-23 21:41 - 2012-12-06 15:01 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-23 21:41 - 2012-12-05 00:34 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-23 21:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 21:40 - 2012-12-05 00:19 - 02004451 _____ C:\Windows\WindowsUpdate.log
2013-07-23 21:30 - 2009-07-14 06:45 - 00014528 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 21:30 - 2009-07-14 06:45 - 00014528 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 21:28 - 2013-07-23 21:28 - 00030221 _____ C:\Users\Arthur\Desktop\combofixtext.txt
2013-07-23 21:26 - 2013-07-23 21:26 - 00030221 _____ C:\ComboFix.txt
2013-07-23 21:26 - 2013-07-23 21:12 - 00000000 ____D C:\Qoobox
2013-07-23 21:26 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-23 21:25 - 2013-07-23 21:12 - 00000000 ____D C:\Windows\erdnt
2013-07-23 21:22 - 2013-04-27 13:52 - 00083004 _____ C:\Windows\PFRO.log
2013-07-23 21:22 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-23 21:21 - 2012-12-06 15:01 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-23 21:20 - 2013-03-19 18:00 - 00000000 ____D C:\ProgramData\Wincert
2013-07-23 21:10 - 2013-07-23 21:09 - 05092552 ____R (Swearware) C:\Users\Arthur\Desktop\ComboFix.exe
2013-07-23 21:08 - 2013-07-23 21:08 - 00001771 _____ C:\Users\Arthur\Desktop\AdwCleaner[S3].txt
2013-07-23 21:05 - 2013-07-23 21:04 - 00001771 _____ C:\AdwCleaner[S3].txt
2013-07-23 21:03 - 2013-07-23 21:03 - 00666633 _____ C:\Users\Arthur\Desktop\adwcleaner06.exe
2013-07-23 20:54 - 2012-12-12 16:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 18:51 - 2009-07-14 19:58 - 00696904 _____ C:\Windows\system32\perfh007.dat
2013-07-23 18:51 - 2009-07-14 19:58 - 00148200 _____ C:\Windows\system32\perfc007.dat
2013-07-23 18:51 - 2009-07-14 07:13 - 01613644 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-23 17:20 - 2013-07-22 16:03 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-23 13:01 - 2013-07-22 15:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Adobe
2013-07-23 13:01 - 2012-12-28 22:42 - 00000000 ____D C:\Users\Arthur\AppData\Local\Adobe
2013-07-23 09:56 - 2013-07-23 09:56 - 00032932 _____ C:\Users\Arthur\Desktop\Addition.txt
2013-07-23 09:55 - 2013-07-23 09:55 - 00000000 ____D C:\FRST
2013-07-23 09:54 - 2013-05-13 15:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-23 09:54 - 2012-12-17 21:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-07-23 09:51 - 2013-05-13 15:30 - 00000000 ____D C:\Program Files\Microsoft Office
2013-07-23 09:50 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-23 01:44 - 2013-03-30 23:46 - 00000000 ____D C:\Program Files\Adobe
2013-07-23 01:44 - 2012-12-13 14:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-23 01:44 - 2012-12-12 16:54 - 00000000 ____D C:\ProgramData\Adobe
2013-07-23 01:43 - 2013-03-30 23:43 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-23 01:39 - 2013-07-22 22:49 - 00000000 ____D C:\Windows\pss
2013-07-22 23:37 - 2013-04-23 20:34 - 00000000 ____D C:\Program Files (x86)\LyricsMonkey
2013-07-22 23:13 - 2013-04-11 17:35 - 00000000 ____D C:\Users\Arthur\AppData\Local\Sony
2013-07-22 23:13 - 2013-04-11 17:35 - 00000000 ____D C:\ProgramData\Sony
2013-07-22 23:10 - 2012-12-19 19:57 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-07-22 23:08 - 2012-12-06 15:01 - 00004116 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-22 23:08 - 2012-12-06 15:01 - 00003864 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-22 23:07 - 2013-02-09 15:44 - 00002952 _____ C:\Windows\System32\Tasks\{23A7EE5B-8126-4140-9EDD-6FB26AA5D81B}
2013-07-22 23:07 - 2012-12-20 18:37 - 00003694 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2013-07-22 23:06 - 2012-12-06 15:01 - 00000000 ____D C:\Users\Arthur\AppData\Local\Google
2013-07-22 23:06 - 2012-12-06 15:01 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-22 22:36 - 2013-07-14 18:20 - 00030616 _____ C:\Windows\SysWOW64\Drivers\hitmanpro37.sys
2013-07-22 22:33 - 2013-07-15 15:03 - 00011370 _____ C:\Windows\SysWOW64\.crusader
2013-07-22 22:33 - 2013-06-02 19:29 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-22 20:16 - 2013-07-22 20:16 - 00000132 _____ C:\Users\Arthur\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-07-22 20:13 - 2013-07-22 20:11 - 10339263 _____ C:\Users\Arthur\Downloads\Rijk van Nijmegen - Rivieren.mp4
2013-07-22 19:37 - 2012-12-06 15:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-22 19:37 - 2012-12-06 15:27 - 00000000 ____D C:\ProgramData\Skype
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-22 16:04 - 2013-07-22 16:03 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-22 16:04 - 2013-07-22 16:03 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-22 16:04 - 2013-07-22 16:03 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-22 16:03 - 2013-07-22 16:03 - 00001928 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-22 16:03 - 2013-04-01 15:52 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-22 16:03 - 2013-04-01 15:52 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-22 16:03 - 2013-04-01 15:51 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-22 15:46 - 2013-01-06 22:28 - 00000000 ____D C:\Users\hedev
2013-07-22 15:45 - 2013-07-22 15:42 - 117478104 _____ C:\Users\Arthur\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-22 15:39 - 2009-07-14 06:45 - 05070528 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-21 21:49 - 2013-06-24 16:00 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\uTorrent
2013-07-21 20:28 - 2013-07-21 20:28 - 00000040 ____H C:\1B50C1B368B1
2013-07-21 20:19 - 2013-07-21 20:10 - 294969288 _____ C:\Users\Arthur\Downloads\AfterEffects.rar
2013-07-21 20:10 - 2013-07-21 20:10 - 00000840 _____ C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-07-21 20:08 - 2013-07-21 20:08 - 01126480 _____ (BitTorrent Inc.) C:\Users\Arthur\Downloads\utorrent_3.3.1b29812.exe
2013-07-21 17:41 - 2013-07-21 17:41 - 00003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ADDIS-PC-Arthur
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\Documents\Adobe
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PDAppFlex
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PACE Anti-Piracy
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Local\PACE Anti-Piracy
2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-07-21 17:39 - 2012-12-16 13:34 - 00000000 ___HD C:\Users\Arthur\AppData\Local\Il1yeC94tyS
2013-07-21 17:39 - 2012-12-05 01:01 - 00117664 _____ C:\Users\Arthur\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-21 17:38 - 2013-03-30 14:33 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-21 17:35 - 2013-07-21 17:35 - 00000000 ____D C:\Program Files (x86)\My Company Name
2013-07-21 17:26 - 2013-07-21 17:24 - 00000000 ____D C:\Users\Arthur\Desktop\Adobe Premiere Pro CS6
2013-07-20 11:34 - 2013-07-20 11:34 - 00000000 ____D C:\Users\Arthur\Documents\Rockstar Games
2013-07-20 11:14 - 2013-07-20 11:14 - 00000000 __SHD C:\ProgramData\SecuROM
2013-07-20 11:14 - 2013-07-20 10:35 - 00000000 ____D C:\Users\Arthur\AppData\Local\Rockstar Games
2013-07-20 11:14 - 2012-12-06 17:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\SSync
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\SCheck
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Intermediate
2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PiccShare
2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Common
2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Users\Arthur\Documents\Games for Windows - LIVE Demos
2013-07-20 10:57 - 2013-07-20 10:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-07-20 10:33 - 2013-07-20 10:33 - 00000600 _____ C:\Users\Arthur\Desktop\Grand Theft Auto IV.lnk
2013-07-19 22:22 - 2013-07-16 18:13 - 00002048 _____ C:\Users\Arthur\Desktop\Super Mario World.srm
2013-07-19 22:22 - 2013-07-16 18:12 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zst
2013-07-19 22:22 - 2013-07-16 18:08 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zss
2013-07-19 21:57 - 2013-07-17 08:32 - 00000214 _____ C:\Users\Arthur\Desktop\rominfo.txt
2013-07-17 22:49 - 2013-07-17 22:48 - 00000000 ____D C:\Windows\system32\MRT
2013-07-15 21:49 - 2013-07-15 21:49 - 414046739 _____ C:\Windows\MEMORY.DMP
2013-07-15 21:49 - 2013-07-15 21:49 - 00307440 _____ C:\Windows\Minidump\071513-18018-01.dmp
2013-07-15 21:49 - 2013-07-15 21:49 - 00000000 ____D C:\Windows\Minidump
2013-07-14 13:18 - 2013-07-14 13:17 - 00000000 ____D C:\Program Files (x86)\Zoom Player
2013-07-14 13:13 - 2013-05-17 20:20 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\FreeVideoConverter
2013-07-14 13:12 - 2012-12-06 16:00 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\vlc
2013-07-13 21:31 - 2013-05-14 19:18 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-11 18:54 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-11 18:52 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 18:52 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 18:52 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-09 20:59 - 2013-02-15 21:25 - 00017408 ____H C:\Users\Arthur\Downloads\photothumb.db
2013-07-09 20:59 - 2012-12-06 21:48 - 00001037 _____ C:\Users\Arthur\Desktop\PhotoScape.lnk
2013-07-09 20:59 - 2012-12-06 21:48 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2013-07-05 20:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-04 20:51 - 2013-01-01 23:52 - 00272384 ___SH C:\Users\Arthur\Documents\Thumbs.db
2013-07-04 20:30 - 2013-07-04 19:18 - 02419006 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz3.ppsx
2013-07-04 19:18 - 2013-07-04 18:35 - 02418995 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz1.pptx
2013-07-04 18:42 - 2013-05-13 15:30 - 00000000 ____D C:\Users\Arthur\AppData\Local\Microsoft Help
2013-07-04 18:41 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-07-04 18:35 - 2013-07-04 18:35 - 02418812 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz2.ppsx
2013-07-04 15:35 - 2013-07-04 15:35 - 00005363 _____ C:\Users\Arthur\Documents\Alcatraz.wlmp
2013-07-04 15:32 - 2013-01-01 20:50 - 00000000 ____D C:\Users\Arthur\AppData\Local\Windows Live
2013-07-04 15:18 - 2013-07-04 14:36 - 02326429 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz.pptx
2013-07-04 15:13 - 2009-07-14 20:18 - 00000000 ____D C:\Windows\ShellNew
2013-06-29 23:57 - 2012-12-06 15:33 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-06-29 22:25 - 2012-12-06 15:27 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 16:38 - 2013-06-25 16:38 - 00013214 _____ C:\Users\Arthur\Documents\Mathe S.186 Nr 1.xlsx
2013-06-24 21:49 - 2013-03-04 21:38 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Audacity
2013-06-24 21:38 - 2013-06-24 21:38 - 00001473 _____ C:\Users\Arthur\AppData\Local\RecConfig.xml
2013-06-24 21:19 - 2013-06-24 21:18 - 00003992 _____ C:\AdwCleaner[S2].txt
2013-06-24 21:17 - 2013-06-24 21:17 - 00004439 _____ C:\AdwCleaner[R2].txt
2013-06-24 21:11 - 2013-06-24 16:04 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-06-24 21:03 - 2013-06-24 16:36 - 00515574 _____ C:\spyhunter.fix
2013-06-24 16:04 - 2013-06-24 16:04 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2013-06-24 00:57 - 2012-12-06 17:46 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 19:57
==================== End Of Log ============================
--- --- --- So ich glaube das war alles. Ich hoffe du schreibst mir bald zurück  LG Artur |
|
23.07.2013, 21:19
| #6 |
| /// TB-Ausbilder | Windows 7 startet ausschließlich im abgesichertem Modus...Virus? Hi, wie läuft denn der Rechner jetzt? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Run: [SCheck] - C:\Users\Arthur\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [SSync] - C:\Users\Arthur\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKCU\...\Run: [Intermediate] - C:\Users\Arthur\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\SSync
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\SCheck
2013-07-20 11:04 - 2013-07-20 11:04 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Intermediate
2013-07-22 23:37 - 2013-04-23 20:34 - 00000000 ____D C:\Program Files (x86)\LyricsMonkey
FF HKCU\...\Firefox\Extensions: [lyricsmonkey@mendoni.net] C:\Program Files (x86)\LyricsMonkey\FF\
SearchScopes: HKLM-x32 - {C4AEC36F-CC2C-4C2D-B17B-47B8221E9488} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4485148048034755&q={searchTerms}
SearchScopes: HKCU - {352FC33D-4B62-40F5-942F-A4E4F3FA10B3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=8A3D1516-7B37-4981-8DE1-AB52718B43E5&apn_sauid=A0939C45-06D8-451D-BAF3-EA877CBEEE78
SearchScopes: HKCU - {C4AEC36F-CC2C-4C2D-B17B-47B8221E9488} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4485148048034755&q={searchTerms}
HKU\Lena\...\Run: [Yontoo Desktop] - "C:\Users\Lena\AppData\Roaming\Yontoo\YontooDesktop.exe" [x]
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ --> Windows 7 startet ausschließlich im abgesichertem Modus...Virus? |
|
23.07.2013, 21:45
| #7 | ||
| | Windows 7 startet ausschließlich im abgesichertem Modus...Virus? Ok hier ist erstmal Fixlog.txt Zitat:
Zitat:
|
|
23.07.2013, 23:24
| #8 |
| /// TB-Ausbilder | Windows 7 startet ausschließlich im abgesichertem Modus...Virus? Ok, der ESET-Scan könnte etwas länger dauern.
__________________ cheers, Leo |
|
23.07.2013, 23:39
| #9 | |
| | Windows 7 startet ausschließlich im abgesichertem Modus...Virus? Puhhh nach einer etwas längeren Wartezeit ist das Ergebnis gekommen: Zitat:
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2013 Ran by Arthur (administrator) on 24-07-2013 00:37:27 Running from C:\Users\Arthur\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) C:\Windows\vVX1000.exe (Valve Corporation) E:\steam\Steam.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (SEC) C:\Program Files\MagicTune Premium\MagicTune.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MagicTuneEngine] - C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe [53760 2010-12-14] () HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKCU\...\Run: [Steam] - E:\steam\Steam.exe [1672616 2013-07-10] (Valve Corporation) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation) HKU\Lena\...\Run: [uTorrent] - "C:\Users\Lena\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED [x] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.) Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () BootExecute: autocheck autochk * bootdeletebootdeletebootdelete ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=261 BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Video downloader - {77BEC163-D389-42c1-91A4-C758846296A5} - No File BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: msdaipp - No CLSID Value - Handler-x32: msdaipp - No CLSID Value - Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Arthur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF HKLM\...\Firefox\Extensions: [{77BEC163-D389-42c1-91A4-C758846296A5}] C:\Program Files\Video downloader\Firefox FF HKLM-x32\...\Firefox\Extensions: [{77BEC163-D389-42c1-91A4-C758846296A5}] C:\Program Files\Video downloader\Firefox FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Unity Player) - C:\Users\Arthur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Amazon-Icon) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0 CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Arthur\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-07-14] (SurfRight B.V.) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-22] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-22] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-22] () S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] () S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] () S3 hitmanpro37; C:\Windows\SysWow64\drivers\hitmanpro37.sys [30616 2013-07-22] () S0 hitmanpro37duringboot; C:\Windows\SysWow64\drivers\hitmanpro37.sys [30616 2013-07-22] () R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x] S3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [x] S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-23 22:47 - 2013-07-23 22:47 - 00000000 ____D C:\Program Files (x86)\ESET 2013-07-23 22:40 - 2013-07-23 22:40 - 02347384 _____ (ESET) C:\Users\Arthur\Downloads\esetsmartinstaller_enu.exe 2013-07-23 22:39 - 2013-07-23 22:39 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-23 22:39 - 2013-07-23 22:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-23 22:39 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-07-23 22:37 - 2013-07-23 22:38 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Arthur\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-23 22:35 - 2013-07-23 22:35 - 01779757 _____ (Farbar) C:\Users\Arthur\Downloads\FRST64 (1).exe 2013-07-23 21:48 - 2013-07-23 21:48 - 00042488 _____ C:\Users\Arthur\Downloads\FRST.txt 2013-07-23 21:47 - 2013-07-23 21:47 - 01779757 _____ (Farbar) C:\Users\Arthur\Desktop\FRST64.exe 2013-07-23 21:28 - 2013-07-23 21:28 - 00030221 _____ C:\Users\Arthur\Desktop\combofixtext.txt 2013-07-23 21:26 - 2013-07-23 21:26 - 00030221 _____ C:\ComboFix.txt 2013-07-23 21:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-07-23 21:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-07-23 21:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-07-23 21:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-07-23 21:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-07-23 21:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-07-23 21:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-07-23 21:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-07-23 21:12 - 2013-07-23 21:26 - 00000000 ____D C:\Qoobox 2013-07-23 21:12 - 2013-07-23 21:25 - 00000000 ____D C:\Windows\erdnt 2013-07-23 21:09 - 2013-07-23 21:10 - 05092552 ____R (Swearware) C:\Users\Arthur\Desktop\ComboFix.exe 2013-07-23 21:08 - 2013-07-23 21:08 - 00001771 _____ C:\Users\Arthur\Desktop\AdwCleaner[S3].txt 2013-07-23 21:04 - 2013-07-23 21:05 - 00001771 _____ C:\AdwCleaner[S3].txt 2013-07-23 21:03 - 2013-07-23 21:03 - 00666633 _____ C:\Users\Arthur\Desktop\adwcleaner06.exe 2013-07-23 09:55 - 2013-07-23 09:55 - 00000000 ____D C:\FRST 2013-07-22 22:49 - 2013-07-23 01:39 - 00000000 ____D C:\Windows\pss 2013-07-22 20:16 - 2013-07-22 20:16 - 00000132 _____ C:\Users\Arthur\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen 2013-07-22 20:11 - 2013-07-22 20:13 - 10339263 _____ C:\Users\Arthur\Downloads\Rijk van Nijmegen - Rivieren.mp4 2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum 2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-07-22 16:03 - 2013-07-23 17:20 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-07-22 16:03 - 2013-07-22 16:04 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-07-22 16:03 - 2013-07-22 16:04 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-07-22 16:03 - 2013-07-22 16:04 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-07-22 16:03 - 2013-07-22 16:03 - 00001928 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-07-22 16:03 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2013-07-22 16:03 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2013-07-22 16:03 - 2013-05-09 10:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2013-07-22 16:03 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2013-07-22 16:03 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys 2013-07-22 16:03 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr 2013-07-22 15:42 - 2013-07-22 15:45 - 117478104 _____ C:\Users\Arthur\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe 2013-07-22 15:39 - 2013-07-23 13:01 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Adobe 2013-07-21 20:28 - 2013-07-21 20:28 - 00000040 ____H C:\1B50C1B368B1 2013-07-21 20:10 - 2013-07-21 20:19 - 294969288 _____ C:\Users\Arthur\Downloads\AfterEffects.rar 2013-07-21 20:10 - 2013-07-21 20:10 - 00000840 _____ C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2013-07-21 20:08 - 2013-07-21 20:08 - 01126480 _____ (BitTorrent Inc.) C:\Users\Arthur\Downloads\utorrent_3.3.1b29812.exe 2013-07-21 17:41 - 2013-07-21 17:41 - 00003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ADDIS-PC-Arthur 2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\Documents\Adobe 2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PDAppFlex 2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PACE Anti-Piracy 2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Local\PACE Anti-Piracy 2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy 2013-07-21 17:35 - 2013-07-21 17:35 - 00000000 ____D C:\Program Files (x86)\My Company Name 2013-07-21 17:35 - 2011-11-03 03:01 - 00056208 ____N (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys 2013-07-21 17:35 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys 2013-07-21 17:35 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys 2013-07-21 17:24 - 2013-07-21 17:26 - 00000000 ____D C:\Users\Arthur\Desktop\Adobe Premiere Pro CS6 2013-07-20 11:34 - 2013-07-20 11:34 - 00000000 ____D C:\Users\Arthur\Documents\Rockstar Games 2013-07-20 11:14 - 2013-07-20 11:14 - 00000000 __SHD C:\ProgramData\SecuROM 2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PiccShare 2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Common 2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Windows\SysWOW64\xlive 2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Users\Arthur\Documents\Games for Windows - LIVE Demos 2013-07-20 10:56 - 2013-07-20 10:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2013-07-20 10:35 - 2013-07-20 11:14 - 00000000 ____D C:\Users\Arthur\AppData\Local\Rockstar Games 2013-07-20 10:33 - 2013-07-20 10:33 - 00000600 _____ C:\Users\Arthur\Desktop\Grand Theft Auto IV.lnk 2013-07-17 22:48 - 2013-07-17 22:49 - 00000000 ____D C:\Windows\system32\MRT 2013-07-17 08:32 - 2013-07-19 21:57 - 00000214 _____ C:\Users\Arthur\Desktop\rominfo.txt 2013-07-16 18:13 - 2013-07-19 22:22 - 00002048 _____ C:\Users\Arthur\Desktop\Super Mario World.srm 2013-07-16 18:12 - 2013-07-19 22:22 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zst 2013-07-16 18:08 - 2013-07-19 22:22 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zss 2013-07-15 21:49 - 2013-07-15 21:49 - 414046739 _____ C:\Windows\MEMORY.DMP 2013-07-15 21:49 - 2013-07-15 21:49 - 00307440 _____ C:\Windows\Minidump\071513-18018-01.dmp 2013-07-15 21:49 - 2013-07-15 21:49 - 00000000 ____D C:\Windows\Minidump 2013-07-15 15:03 - 2013-07-22 22:33 - 00011370 _____ C:\Windows\SysWOW64\.crusader 2013-07-15 15:03 - 2012-08-31 19:57 - 01687408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\ntfs.sys 2013-07-15 15:03 - 2010-11-20 14:17 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe 2013-07-15 15:03 - 2009-07-14 04:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storsvc.dll 2013-07-14 18:20 - 2013-07-22 22:36 - 00030616 _____ C:\Windows\SysWOW64\Drivers\hitmanpro37.sys 2013-07-14 13:17 - 2013-07-14 13:18 - 00000000 ____D C:\Program Files (x86)\Zoom Player 2013-07-11 17:33 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-11 17:33 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-11 17:33 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-11 17:33 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-11 17:33 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-11 17:33 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-11 17:33 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-11 17:33 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-11 17:33 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-11 17:33 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-11 17:33 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-11 17:33 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-11 17:33 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-11 17:33 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-11 17:33 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-11 17:33 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-11 17:33 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-11 17:33 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-11 17:33 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-11 17:33 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-11 17:33 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-11 17:33 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-11 17:33 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-11 17:33 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-11 17:33 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-11 17:33 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-11 17:33 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-11 17:33 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-11 17:33 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-11 17:33 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-11 17:33 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-11 15:43 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-11 15:43 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-11 15:43 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-11 15:43 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-11 15:43 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-11 15:42 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-11 15:42 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-04 19:18 - 2013-07-04 20:30 - 02419006 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz3.ppsx 2013-07-04 18:35 - 2013-07-04 19:18 - 02418995 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz1.pptx 2013-07-04 18:35 - 2013-07-04 18:35 - 02418812 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz2.ppsx 2013-07-04 15:35 - 2013-07-04 15:35 - 00005363 _____ C:\Users\Arthur\Documents\Alcatraz.wlmp 2013-07-04 14:36 - 2013-07-04 15:18 - 02326429 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz.pptx 2013-06-25 16:38 - 2013-06-25 16:38 - 00013214 _____ C:\Users\Arthur\Documents\Mathe S.186 Nr 1.xlsx 2013-06-24 21:38 - 2013-06-24 21:38 - 00001473 _____ C:\Users\Arthur\AppData\Local\RecConfig.xml 2013-06-24 21:18 - 2013-06-24 21:19 - 00003992 _____ C:\AdwCleaner[S2].txt 2013-06-24 21:17 - 2013-06-24 21:17 - 00004439 _____ C:\AdwCleaner[R2].txt 2013-06-24 16:36 - 2013-06-24 21:03 - 00515574 _____ C:\spyhunter.fix 2013-06-24 16:04 - 2013-06-24 21:11 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP 2013-06-24 16:04 - 2013-06-24 16:04 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group 2013-06-24 16:00 - 2013-07-21 21:49 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\uTorrent ==================== One Month Modified Files and Folders ======= 2013-07-24 00:21 - 2012-12-06 15:01 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-23 23:54 - 2012-12-12 16:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-23 22:47 - 2013-07-23 22:47 - 00000000 ____D C:\Program Files (x86)\ESET 2013-07-23 22:40 - 2013-07-23 22:40 - 02347384 _____ (ESET) C:\Users\Arthur\Downloads\esetsmartinstaller_enu.exe 2013-07-23 22:39 - 2013-07-23 22:39 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-23 22:39 - 2013-07-23 22:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-23 22:38 - 2013-07-23 22:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Arthur\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-23 22:35 - 2013-07-23 22:35 - 01779757 _____ (Farbar) C:\Users\Arthur\Downloads\FRST64 (1).exe 2013-07-23 21:49 - 2012-12-06 15:33 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Skype 2013-07-23 21:49 - 2009-07-14 06:45 - 00014528 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-23 21:49 - 2009-07-14 06:45 - 00014528 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-23 21:48 - 2013-07-23 21:48 - 00042488 _____ C:\Users\Arthur\Downloads\FRST.txt 2013-07-23 21:47 - 2013-07-23 21:47 - 01779757 _____ (Farbar) C:\Users\Arthur\Desktop\FRST64.exe 2013-07-23 21:45 - 2012-12-05 00:19 - 02004451 _____ C:\Windows\WindowsUpdate.log 2013-07-23 21:41 - 2013-05-13 16:13 - 00008825 _____ C:\Windows\setupact.log 2013-07-23 21:41 - 2012-12-06 15:01 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-23 21:41 - 2012-12-05 00:34 - 00000000 ____D C:\ProgramData\NVIDIA 2013-07-23 21:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-23 21:28 - 2013-07-23 21:28 - 00030221 _____ C:\Users\Arthur\Desktop\combofixtext.txt 2013-07-23 21:26 - 2013-07-23 21:26 - 00030221 _____ C:\ComboFix.txt 2013-07-23 21:26 - 2013-07-23 21:12 - 00000000 ____D C:\Qoobox 2013-07-23 21:26 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2013-07-23 21:25 - 2013-07-23 21:12 - 00000000 ____D C:\Windows\erdnt 2013-07-23 21:22 - 2013-04-27 13:52 - 00083004 _____ C:\Windows\PFRO.log 2013-07-23 21:22 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2013-07-23 21:20 - 2013-03-19 18:00 - 00000000 ____D C:\ProgramData\Wincert 2013-07-23 21:10 - 2013-07-23 21:09 - 05092552 ____R (Swearware) C:\Users\Arthur\Desktop\ComboFix.exe 2013-07-23 21:08 - 2013-07-23 21:08 - 00001771 _____ C:\Users\Arthur\Desktop\AdwCleaner[S3].txt 2013-07-23 21:05 - 2013-07-23 21:04 - 00001771 _____ C:\AdwCleaner[S3].txt 2013-07-23 21:03 - 2013-07-23 21:03 - 00666633 _____ C:\Users\Arthur\Desktop\adwcleaner06.exe 2013-07-23 18:51 - 2009-07-14 19:58 - 00696904 _____ C:\Windows\system32\perfh007.dat 2013-07-23 18:51 - 2009-07-14 19:58 - 00148200 _____ C:\Windows\system32\perfc007.dat 2013-07-23 18:51 - 2009-07-14 07:13 - 01613644 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-23 17:20 - 2013-07-22 16:03 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-07-23 13:01 - 2013-07-22 15:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Adobe 2013-07-23 13:01 - 2012-12-28 22:42 - 00000000 ____D C:\Users\Arthur\AppData\Local\Adobe 2013-07-23 09:55 - 2013-07-23 09:55 - 00000000 ____D C:\FRST 2013-07-23 09:54 - 2013-05-13 15:30 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-23 09:54 - 2012-12-17 21:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-07-23 09:51 - 2013-05-13 15:30 - 00000000 ____D C:\Program Files\Microsoft Office 2013-07-23 09:50 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-07-23 01:44 - 2013-03-30 23:46 - 00000000 ____D C:\Program Files\Adobe 2013-07-23 01:44 - 2012-12-13 14:54 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-07-23 01:44 - 2012-12-12 16:54 - 00000000 ____D C:\ProgramData\Adobe 2013-07-23 01:43 - 2013-03-30 23:43 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-07-23 01:39 - 2013-07-22 22:49 - 00000000 ____D C:\Windows\pss 2013-07-22 23:13 - 2013-04-11 17:35 - 00000000 ____D C:\Users\Arthur\AppData\Local\Sony 2013-07-22 23:13 - 2013-04-11 17:35 - 00000000 ____D C:\ProgramData\Sony 2013-07-22 23:10 - 2012-12-19 19:57 - 00000000 ____D C:\ProgramData\TuneUp Software 2013-07-22 23:08 - 2012-12-06 15:01 - 00004116 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-22 23:08 - 2012-12-06 15:01 - 00003864 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-22 23:07 - 2013-02-09 15:44 - 00002952 _____ C:\Windows\System32\Tasks\{23A7EE5B-8126-4140-9EDD-6FB26AA5D81B} 2013-07-22 23:07 - 2012-12-20 18:37 - 00003694 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm 2013-07-22 23:06 - 2012-12-06 15:01 - 00000000 ____D C:\Users\Arthur\AppData\Local\Google 2013-07-22 23:06 - 2012-12-06 15:01 - 00000000 ____D C:\Program Files (x86)\Google 2013-07-22 22:36 - 2013-07-14 18:20 - 00030616 _____ C:\Windows\SysWOW64\Drivers\hitmanpro37.sys 2013-07-22 22:33 - 2013-07-15 15:03 - 00011370 _____ C:\Windows\SysWOW64\.crusader 2013-07-22 22:33 - 2013-06-02 19:29 - 00000000 ____D C:\Program Files\HitmanPro 2013-07-22 20:16 - 2013-07-22 20:16 - 00000132 _____ C:\Users\Arthur\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen 2013-07-22 20:13 - 2013-07-22 20:11 - 10339263 _____ C:\Users\Arthur\Downloads\Rijk van Nijmegen - Rivieren.mp4 2013-07-22 19:37 - 2012-12-06 15:33 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-07-22 19:37 - 2012-12-06 15:27 - 00000000 ____D C:\ProgramData\Skype 2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum 2013-07-22 16:04 - 2013-07-22 16:04 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-07-22 16:04 - 2013-07-22 16:03 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-07-22 16:04 - 2013-07-22 16:03 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-07-22 16:04 - 2013-07-22 16:03 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-07-22 16:03 - 2013-07-22 16:03 - 00001928 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-07-22 16:03 - 2013-04-01 15:52 - 00000000 ____D C:\Program Files\AVAST Software 2013-07-22 16:03 - 2013-04-01 15:52 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-07-22 16:03 - 2013-04-01 15:51 - 00000000 ____D C:\ProgramData\AVAST Software 2013-07-22 15:46 - 2013-01-06 22:28 - 00000000 ____D C:\Users\hedev 2013-07-22 15:45 - 2013-07-22 15:42 - 117478104 _____ C:\Users\Arthur\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe 2013-07-22 15:39 - 2009-07-14 06:45 - 05070528 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-21 21:49 - 2013-06-24 16:00 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\uTorrent 2013-07-21 20:28 - 2013-07-21 20:28 - 00000040 ____H C:\1B50C1B368B1 2013-07-21 20:19 - 2013-07-21 20:10 - 294969288 _____ C:\Users\Arthur\Downloads\AfterEffects.rar 2013-07-21 20:10 - 2013-07-21 20:10 - 00000840 _____ C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2013-07-21 20:08 - 2013-07-21 20:08 - 01126480 _____ (BitTorrent Inc.) C:\Users\Arthur\Downloads\utorrent_3.3.1b29812.exe 2013-07-21 17:41 - 2013-07-21 17:41 - 00003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ADDIS-PC-Arthur 2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\Documents\Adobe 2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PDAppFlex 2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PACE Anti-Piracy 2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\Users\Arthur\AppData\Local\PACE Anti-Piracy 2013-07-21 17:39 - 2013-07-21 17:39 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy 2013-07-21 17:39 - 2012-12-16 13:34 - 00000000 ___HD C:\Users\Arthur\AppData\Local\Il1yeC94tyS 2013-07-21 17:39 - 2012-12-05 01:01 - 00117664 _____ C:\Users\Arthur\AppData\Local\GDIPFONTCACHEV1.DAT 2013-07-21 17:38 - 2013-03-30 14:33 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2013-07-21 17:35 - 2013-07-21 17:35 - 00000000 ____D C:\Program Files (x86)\My Company Name 2013-07-21 17:26 - 2013-07-21 17:24 - 00000000 ____D C:\Users\Arthur\Desktop\Adobe Premiere Pro CS6 2013-07-20 11:34 - 2013-07-20 11:34 - 00000000 ____D C:\Users\Arthur\Documents\Rockstar Games 2013-07-20 11:14 - 2013-07-20 11:14 - 00000000 __SHD C:\ProgramData\SecuROM 2013-07-20 11:14 - 2013-07-20 10:35 - 00000000 ____D C:\Users\Arthur\AppData\Local\Rockstar Games 2013-07-20 11:14 - 2012-12-06 17:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\PiccShare 2013-07-20 11:02 - 2013-07-20 11:02 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Common 2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Windows\SysWOW64\xlive 2013-07-20 10:57 - 2013-07-20 10:57 - 00000000 ____D C:\Users\Arthur\Documents\Games for Windows - LIVE Demos 2013-07-20 10:57 - 2013-07-20 10:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2013-07-20 10:33 - 2013-07-20 10:33 - 00000600 _____ C:\Users\Arthur\Desktop\Grand Theft Auto IV.lnk 2013-07-19 22:22 - 2013-07-16 18:13 - 00002048 _____ C:\Users\Arthur\Desktop\Super Mario World.srm 2013-07-19 22:22 - 2013-07-16 18:12 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zst 2013-07-19 22:22 - 2013-07-16 18:08 - 00274047 _____ C:\Users\Arthur\Desktop\Super Mario World.zss 2013-07-19 21:57 - 2013-07-17 08:32 - 00000214 _____ C:\Users\Arthur\Desktop\rominfo.txt 2013-07-17 22:49 - 2013-07-17 22:48 - 00000000 ____D C:\Windows\system32\MRT 2013-07-15 21:49 - 2013-07-15 21:49 - 414046739 _____ C:\Windows\MEMORY.DMP 2013-07-15 21:49 - 2013-07-15 21:49 - 00307440 _____ C:\Windows\Minidump\071513-18018-01.dmp 2013-07-15 21:49 - 2013-07-15 21:49 - 00000000 ____D C:\Windows\Minidump 2013-07-14 13:18 - 2013-07-14 13:17 - 00000000 ____D C:\Program Files (x86)\Zoom Player 2013-07-14 13:13 - 2013-05-17 20:20 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\FreeVideoConverter 2013-07-14 13:12 - 2012-12-06 16:00 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\vlc 2013-07-13 21:31 - 2013-05-14 19:18 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-07-11 18:54 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-11 18:52 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-11 18:52 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-11 18:52 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-09 20:59 - 2013-02-15 21:25 - 00017408 ____H C:\Users\Arthur\Downloads\photothumb.db 2013-07-09 20:59 - 2012-12-06 21:48 - 00001037 _____ C:\Users\Arthur\Desktop\PhotoScape.lnk 2013-07-09 20:59 - 2012-12-06 21:48 - 00000000 ____D C:\Program Files (x86)\PhotoScape 2013-07-05 20:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-07-04 20:51 - 2013-01-01 23:52 - 00272384 ___SH C:\Users\Arthur\Documents\Thumbs.db 2013-07-04 20:30 - 2013-07-04 19:18 - 02419006 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz3.ppsx 2013-07-04 19:18 - 2013-07-04 18:35 - 02418995 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz1.pptx 2013-07-04 18:42 - 2013-05-13 15:30 - 00000000 ____D C:\Users\Arthur\AppData\Local\Microsoft Help 2013-07-04 18:41 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini 2013-07-04 18:35 - 2013-07-04 18:35 - 02418812 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz2.ppsx 2013-07-04 15:35 - 2013-07-04 15:35 - 00005363 _____ C:\Users\Arthur\Documents\Alcatraz.wlmp 2013-07-04 15:32 - 2013-01-01 20:50 - 00000000 ____D C:\Users\Arthur\AppData\Local\Windows Live 2013-07-04 15:18 - 2013-07-04 14:36 - 02326429 _____ C:\Users\Arthur\Documents\The Escape from Alcatraz.pptx 2013-07-04 15:13 - 2009-07-14 20:18 - 00000000 ____D C:\Windows\ShellNew 2013-06-29 23:57 - 2012-12-06 15:33 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk 2013-06-29 22:25 - 2012-12-06 15:27 - 00000000 ____D C:\ProgramData\Avira 2013-06-25 16:38 - 2013-06-25 16:38 - 00013214 _____ C:\Users\Arthur\Documents\Mathe S.186 Nr 1.xlsx 2013-06-24 21:49 - 2013-03-04 21:38 - 00000000 ____D C:\Users\Arthur\AppData\Roaming\Audacity 2013-06-24 21:38 - 2013-06-24 21:38 - 00001473 _____ C:\Users\Arthur\AppData\Local\RecConfig.xml 2013-06-24 21:19 - 2013-06-24 21:18 - 00003992 _____ C:\AdwCleaner[S2].txt 2013-06-24 21:17 - 2013-06-24 21:17 - 00004439 _____ C:\AdwCleaner[R2].txt 2013-06-24 21:11 - 2013-06-24 16:04 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP 2013-06-24 21:03 - 2013-06-24 16:36 - 00515574 _____ C:\spyhunter.fix 2013-06-24 16:04 - 2013-06-24 16:04 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group 2013-06-24 00:57 - 2012-12-06 17:46 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-13 19:57 ==================== End Of Log ============================ --- --- --- |
|
23.07.2013, 23:43
| #10 |
| /// TB-Ausbilder | Windows 7 startet ausschließlich im abgesichertem Modus...Virus? Und wie läuft der Rechner jetzt? Alles in Ordnung oder gibt es noch Probleme?
__________________ cheers, Leo |
|
23.07.2013, 23:44
| #11 |
| | Windows 7 startet ausschließlich im abgesichertem Modus...Virus? Inwiefern Probleme? Meinst du wegen dem Abgesichertem Modus der sich automatisch einschaltet? |
|
23.07.2013, 23:46
| #12 |
| /// TB-Ausbilder | Windows 7 startet ausschließlich im abgesichertem Modus...Virus? Ja.
__________________ cheers, Leo |
|
23.07.2013, 23:47
| #13 |
| | Windows 7 startet ausschließlich im abgesichertem Modus...Virus? Aso ich gucke gleich nach  |
|
23.07.2013, 23:48
| #14 |
| /// TB-Ausbilder | Windows 7 startet ausschließlich im abgesichertem Modus...Virus? Ok.
__________________ cheers, Leo |
|
23.07.2013, 23:57
| #15 |
| | Windows 7 startet ausschließlich im abgesichertem Modus...Virus? Leider habe ich das Problem immer noch  .Kann es vielleicht sein, dass ich einen Trojaner habe? Oder würden die Programme die ich benutzt habe diesen Trojaner auch erkennen? Das scheint eine echt harte Nuss zu sein. |
|
| Themen zu Windows 7 startet ausschließlich im abgesichertem Modus...Virus? |
| entfernen, internet, meldung, pc kaputt, problem, programme, reparieren, schwarzer bildschirm, spyhunter, spyhunter entfernen, verschieben, virus, win32/adware.1clickdownload.am, win32/adware.addlyrics.f, win32/adware.yontoo, windows, windows 7, zahlen |
WARNUNG an die MITLESER: 
Linear-Darstellung
