| |
| |||||||
Log-Analyse und Auswertung: Malewarebytes findet: PUP.Optional.OpenCandyWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.09.2013, 18:35
| #4 |
 |  Malewarebytes findet: PUP.Optional.OpenCandy Vielen Dank für die schnelle Antwort! Code:
ATTFilter # AdwCleaner v3.003 - Bericht erstellt am 11/09/2013 um 19:15:14
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : +++++++ +++++++ - ++++++++++++++
# Gestartet von : C:\Users\+++++++ +++++++\Programmdateien\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\+++++++ +++++++\AppData\Roaming\OpenCandy
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16660
*************************
AdwCleaner[R0].txt - [1063 octets] - [11/09/2013 19:13:02]
AdwCleaner[S0].txt - [988 octets] - [11/09/2013 19:15:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1047 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Home Premium x64
Ran by +++++ +++++ on 11.09.2013 at 19:22:54,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\+++++ +++++\appdata\local\{3C16547B-7331-4B8A-A81D-680E7BED18DC}
Successfully deleted: [Empty Folder] C:\Users\+++++ +++++\appdata\local\{3F5ED46A-35AC-47E4-9181-EBFFFC26CB0A}
Successfully deleted: [Empty Folder] C:\Users\+++++ +++++\appdata\local\{4DDC5CD3-94B8-4065-A48D-87320B51198C}
Successfully deleted: [Empty Folder] C:\Users\+++++ +++++\appdata\local\{7A34A44A-1E47-4FE8-916B-B6EDD77F2F04}
Successfully deleted: [Empty Folder] C:\Users\+++++ +++++\appdata\local\{AF222D2C-D7C0-4BD0-B194-DFBA55BD2BA8}
Successfully deleted: [Empty Folder] C:\Users\+++++ +++++\appdata\local\{B7D4743A-69BE-401E-9994-5AFCDBB9CB90}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.09.2013 at 19:30:26,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013
Ran by ++++ ++++ (administrator) on ++++++++ on 11-09-2013 19:32:06
Running from C:\Users\++++ ++++\Programmdateien
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Dropbox, Inc.) C:\Users\++++ ++++\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\windows\system32\hkcmd.exe
(Intel Corporation) C:\windows\system32\igfxtray.exe
(Intel Corporation) C:\windows\system32\igfxpers.exe
(Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\UpdatusUser\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\UpdatusUser\...\Run: [EPSON SX525WD Series] - C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE /FU "C:\windows\TEMP\E_S5734.tmp" /EF "HKCU"
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2011\mshaktuell.exe ()
Startup: C:\Users\++++ ++++\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\++++ ++++\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\++++ ++++\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 129.13.64.5 129.13.96.2
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2879176 2012-12-27] (Samsung Electronics CO., LTD.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-08] (Disc Soft Ltd)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 VSPerfDrv100; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-18] (Microsoft Corporation)
S3 VSPerfDrv100; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-18] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 SBIOSIO; \??\C:\Users\PHILIP~1\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-11 19:12 - 2013-09-11 19:31 - 00000000 ____D C:\AdwCleaner
2013-09-11 16:45 - 2013-09-11 16:45 - 00000000 ____D C:\FRST
2013-09-11 16:43 - 2013-09-11 16:43 - 00000168 _____ C:\Users\++++ ++++\defogger_reenable
2013-09-11 16:21 - 2013-09-11 16:21 - 00055324 _____ C:\Users\++++
2013-09-11 16:00 - 2013-09-11 16:00 - 00000000 ____D C:\Users\++++ ++++\Documents\Steuer
2013-09-11 15:44 - 2013-09-11 15:44 - 00000000 ____D C:\Users\++++ ++++\Documents\M 105
2013-09-08 17:45 - 2013-09-08 17:45 - 00000000 ____D C:\Users\++++ ++++\Documents\Motorrad
2013-09-08 11:44 - 2013-09-08 11:44 - 00001914 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-09-08 11:43 - 2013-09-08 11:43 - 00283064 _____ (Disc Soft Ltd) C:\windows\system32\Drivers\dtsoftbus01.sys
2013-09-08 11:43 - 2013-09-08 11:43 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-09-08 11:39 - 2013-09-08 11:39 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-09-08 11:39 - 2013-09-08 11:39 - 00000000 ____D C:\Users\++++ ++++\AppData\Roaming\TuneUp Software
2013-09-08 11:39 - 2013-09-08 11:39 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-09-06 18:31 - 2007-02-07 12:57 - 602570908 _____ C:\Users\++++ ++++\Desktop\Microsoft Office 2007.nrg
2013-09-05 16:40 - 2013-09-08 11:13 - 96555248 _____ C:\windows\SysWOW64\٢誑¥
2013-08-16 01:08 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-08-16 01:08 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-08-16 01:08 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-08-16 01:08 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-08-16 01:08 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-08-16 01:08 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-08-16 01:08 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-08-16 01:08 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-08-16 01:08 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-08-16 01:08 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-08-16 01:08 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-08-16 01:08 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-08-16 01:08 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-08-16 01:08 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-08-16 01:08 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-08-16 01:08 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-08-16 01:08 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-08-16 01:08 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-08-16 01:08 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-08-16 01:08 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-08-16 01:08 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-08-16 01:08 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-08-16 01:08 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-08-16 01:08 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-08-16 01:08 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-08-16 01:08 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-08-16 01:08 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-08-16 01:08 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-08-16 01:08 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-08-16 01:08 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-08-16 01:08 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 00:21 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-08-15 00:21 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-08-15 00:21 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-08-15 00:21 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-08-15 00:21 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2013-08-15 00:21 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-08-15 00:21 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2013-08-15 00:21 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2013-08-15 00:20 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-08-15 00:20 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-08-15 00:19 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-08-15 00:19 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-08-15 00:19 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-08-15 00:19 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-08-15 00:19 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-08-15 00:19 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-08-15 00:19 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-08-15 00:19 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-08-15 00:19 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-08-15 00:19 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2013-08-15 00:19 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-08-15 00:19 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-08-15 00:19 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-08-15 00:19 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-08-15 00:19 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-08-15 00:19 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-08-15 00:19 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
==================== One Month Modified Files and Folders =======
2013-09-11 19:32 - 2013-01-03 18:16 - 00000000 ____D C:\Users\++++ ++++\Programmdateien
2013-09-11 19:31 - 2013-09-11 19:12 - 00000000 ____D C:\AdwCleaner
2013-09-11 19:30 - 2013-09-11 19:30 - 00001440 _____ C:\Users\++++ ++++\Desktop\JRT.txt
2013-09-11 19:25 - 2009-07-14 06:45 - 00028624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-11 19:25 - 2009-07-14 06:45 - 00028624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-11 19:22 - 2013-05-11 09:30 - 00000000 ____D C:\windows\ERUNT
2013-09-11 19:19 - 2013-02-11 22:24 - 00000000 ____D C:\Users\++++ ++++\AppData\Roaming\Dropbox
2013-09-11 19:18 - 2013-02-11 22:27 - 00000000 ___RD C:\Users\++++ ++++\Dropbox
2013-09-11 19:16 - 2012-05-30 20:07 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-09-11 19:16 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-11 19:16 - 2009-07-14 06:51 - 00077824 _____ C:\windows\setupact.log
2013-09-11 19:15 - 2012-05-31 12:02 - 01102653 _____ C:\windows\WindowsUpdate.log
2013-09-11 18:46 - 2012-05-30 18:37 - 00762182 _____ C:\windows\system32\perfh007.dat
2013-09-11 18:46 - 2012-05-30 18:37 - 00172536 _____ C:\windows\system32\perfc007.dat
2013-09-11 18:46 - 2009-07-14 07:13 - 01795818 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-11 18:44 - 2013-01-03 18:01 - 00118752 _____ C:\Users\PHILIP~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-11 18:41 - 2009-07-14 06:45 - 00451496 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-11 16:45 - 2013-09-11 16:45 - 00000000 ____D C:\FRST
2013-09-11 16:43 - 2013-09-11 16:43 - 00000168 _____ C:\Users\++++ ++++\defogger_reenable
2013-09-11 16:43 - 2013-01-03 17:54 - 00000000 ____D C:\Users\++++ ++++
2013-09-11 16:37 - 2013-01-05 11:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-11 16:36 - 2012-05-30 18:23 - 00000000 ____D C:\windows\ShellNew
2013-09-11 16:36 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-09-11 16:31 - 2009-07-14 04:34 - 00000387 _____ C:\windows\win.ini
2013-09-11 16:29 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-11 16:27 - 2013-05-12 10:33 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-11 16:26 - 2013-05-12 10:34 - 00000000 ____D C:\Users\PHILIP~1\AppData\Local\Google
2013-09-11 16:25 - 2013-03-07 23:53 - 00000000 ____D C:\Users\++++ ++++\Documents\Outlook-Dateien
2013-09-11 16:21 - 2013-09-11 16:21 - 00055324 _____ C:\Users\++++
2013-09-11 16:16 - 2012-05-30 20:07 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-09-11 16:00 - 2013-09-11 16:00 - 00000000 ____D C:\Users\++++ ++++\Documents\Steuer
2013-09-11 15:44 - 2013-09-11 15:44 - 00000000 ____D C:\Users\++++ ++++\Documents\M 105
2013-09-11 15:44 - 2013-01-03 22:23 - 00000000 ____D C:\Users\++++ ++++\Studium
2013-09-11 12:48 - 2013-08-05 21:40 - 00001188 _____ C:\Users\PHILIP~1\AppData\Local\crc32list11.txt
2013-09-09 11:48 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2013-09-08 17:45 - 2013-09-08 17:45 - 00000000 ____D C:\Users\++++ ++++\Documents\Motorrad
2013-09-08 17:35 - 2010-11-21 05:47 - 01382348 _____ C:\windows\PFRO.log
2013-09-08 15:28 - 2013-08-08 21:35 - 00000000 ____D C:\Users\++++ ++++\WG
2013-09-08 11:44 - 2013-09-08 11:44 - 00001914 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-09-08 11:43 - 2013-09-08 11:43 - 00283064 _____ (Disc Soft Ltd) C:\windows\system32\Drivers\dtsoftbus01.sys
2013-09-08 11:43 - 2013-09-08 11:43 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-09-08 11:39 - 2013-09-08 11:39 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-09-08 11:39 - 2013-09-08 11:39 - 00000000 ____D C:\Users\++++ ++++\AppData\Roaming\TuneUp Software
2013-09-08 11:39 - 2013-09-08 11:39 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-09-08 11:13 - 2013-09-05 16:40 - 96555248 _____ C:\windows\SysWOW64\٢誑¥
2013-09-04 11:46 - 2013-01-03 17:54 - 00000000 ____D C:\ProgramData\Skype
2013-09-04 11:23 - 2013-05-08 18:07 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-09-04 11:23 - 2013-03-27 17:12 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-09-04 11:23 - 2013-03-27 17:12 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-08-30 00:23 - 2013-07-29 12:24 - 00000000 ____D C:\Users\++++ ++++\Desktop\Belege_Lohnsteuer12
2013-08-16 01:03 - 2013-07-19 13:34 - 00000000 ____D C:\windows\system32\MRT
2013-08-16 01:01 - 2013-01-13 10:58 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
Files to move or delete:
====================
C:\Users\PHILIP~1\AppData\Local\Temp\DTLite4471-0337.exe
C:\Users\PHILIP~1\AppData\Local\Temp\ose00000.exe
C:\Users\PHILIP~1\AppData\Local\Temp\ose00002.exe
C:\Users\PHILIP~1\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-04 15:28
==================== End Of Log ============================
--- --- --- |
Baum-Darstellung