| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.01.2014, 23:33
| #1 |
 |  - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ? Hey Leute, habe mich vor kurzem hier angemeldet weil ich ein Problem mit meinem Pc habe. Das Problem war schnell entdeckt : Ich habe ein Rootkit auf meinem PC !!! Kann ich diesen nicht mit z.B einem Anti-Rootkit entfernen ? Ich habe bis eben "Sophos Anti Rootkit " drüber laufen lassen, der hat auch einiges entdeckt. In über 4-5 Stunden "28 Items". und er war lange noch nicht fertig glaube ich. Ich habe es nur angehalten weil es mir einfach zu lang ging. Da war ein Fund in einem Ordner von "League of Legends" was mich sehr verwundert, da ich, immer wenn ich im Spiel bin, die meißten Probleme habe. (ruckeln,stocken,etc..) oder MUSS ich Win Neu Installieren ? Geändert von weeeezy (28.01.2014 um 23:50 Uhr) |
|
29.01.2014, 08:09
| #2 |
| /// the machine /// TB-Ausbilder    | - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ? Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
29.01.2014, 19:09
| #3 |
| | - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ? Gmer :
__________________Code:
ATTFilter GMER 2.1.19355 - hxxp://www.gmer.net
Rootkit scan 2014-01-27 22:22:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 931,52GB
Running: gmer.exe; Driver: C:\Users\ilkr63\AppData\Local\Temp\awdiqpob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 731 fffff800031a20cb 91 bytes [20, 20, 20, 20, 20, 20, 43, ...]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [896:4540] 000007fef9941ab0
Thread C:\Windows\system32\svchost.exe [1136:1280] 000007fefa8c8274
Thread C:\Windows\system32\svchost.exe [1136:1716] 000007fefa8c8274
Thread C:\Windows\system32\svchost.exe [1204:2472] 000007fef94a5170
Thread C:\Windows\System32\spoolsv.exe [1336:2536] 000007fef97b10c8
Thread C:\Windows\System32\spoolsv.exe [1336:2544] 000007fef9786144
Thread C:\Windows\System32\spoolsv.exe [1336:2548] 000007fef9735fd0
Thread C:\Windows\System32\spoolsv.exe [1336:2552] 000007fef9723438
Thread C:\Windows\System32\spoolsv.exe [1336:2556] 000007fef97363ec
Thread C:\Windows\System32\spoolsv.exe [1336:2564] 000007fef9325e5c
Thread C:\Windows\System32\spoolsv.exe [1336:2568] 000007fef9355074
Thread C:\Windows\system32\taskhost.exe [1968:2204] 000007fef8b21f38
Thread C:\Windows\system32\taskhost.exe [1968:2212] 000007fef8ac2740
Thread C:\Windows\system32\taskhost.exe [1968:2216] 000007feff0a9274
Thread C:\Windows\system32\taskhost.exe [1968:2404] 000007fef8241010
Thread C:\Windows\system32\taskhost.exe [1968:4044] 000007fef94a5170
---- Processes - GMER 2.1 ----
Process C:\Users\ilkr63\AppData\Local\Akamai\netsession_win.exe (*** suspicious ***) @ C:\Users\ilkr63\AppData\Local\Akamai\netsession_win.exe [2420] 0000000000400000
Process C:\Users\ilkr63\AppData\Local\Akamai\netsession_win.exe (*** suspicious ***) @ C:\Users\ilkr63\AppData\Local\Akamai\netsession_win.exe [2528] 0000000000400000
Process C:\Users\ilkr63\AppData\Local\Temp\Rar$EX07.776\gmer.exe (*** suspicious ***) @ C:\Users\ilkr63\AppData\Local\Temp\Rar$EX07.776\gmer.exe [2812](2014-01-27 21:10:58) 0000000000400000
---- EOF - GMER 2.1 ----
FRST : FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014 01
Ran by ilkr63 (administrator) on ILKR63-PC on 27-01-2014 22:28:35
Running from C:\Users\ilkr63\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
( ) C:\Windows\System32\lxddcoms.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
(Akamai Technologies, Inc.) C:\Users\ilkr63\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\ilkr63\AppData\Local\Akamai\netsession_win.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Remote Mouse\miniweb.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [lxddmon.exe] - C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe [291760 2007-06-11] ()
HKLM\...\Run: [lxddamon] - C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe [20480 2007-04-30] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\ilkr63\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Remote Mouse] - C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [1152000 2013-10-31] (RemoteMouse.net)
MountPoints2: {d4f9cecb-192f-11e1-8cce-806e6f6e6963} - SETUP.EXE
MountPoints2: {da2f2a78-a8b0-11e1-a72d-002564edce86} - J:\Setup.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.hemenara.info
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: SenselessTV Video Plugin - {991D97B8-F0D8-4EA1-9100-7A65EA2D3A63} - C:\Users\ilkr63\AppData\Roaming\SenselessTV\bho.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default
FF user.js: detected! => C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\user.js
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Play4Free - C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\Extensions\battlefieldplay4free@ea.com [2013-02-09]
FF Extension: DownloadHelper - C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-26]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-28]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-12-28]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-11]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-01-01]
FF HKLM-x32\...\Firefox\Extensions: [support@Senseless.TV] - C:\Users\ilkr63\AppData\Roaming\SenselessTV\ffextension
FF Extension: SenselessTV Video Plugin - C:\Users\ilkr63\AppData\Roaming\SenselessTV\ffextension [2013-01-10]
FF HKCU\...\Firefox\Extensions: [support@Senseless.TV] - C:\Users\ilkr63\AppData\Roaming\SenselessTV\ffextension
FF Extension: SenselessTV Video Plugin - C:\Users\ilkr63\AppData\Roaming\SenselessTV\ffextension [2013-01-10]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-24]
CHR Extension: (Google Drive) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-24]
CHR Extension: (YouTube) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-24]
CHR Extension: (Google-Suche) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-24]
CHR Extension: (SenselessTV Video Plugin) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlicihemmeabfjhdckhpkmopojohlkab [2013-03-24]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-03-24]
CHR Extension: (Google Wallet) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-03-24]
CHR Extension: (Google Mail) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-24]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\ilkr63\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-08]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-11-08]
CHR HKLM-x32\...\Chrome\Extension: [jlicihemmeabfjhdckhpkmopojohlkab] - C:\Users\ilkr63\AppData\Roaming\SenselessTV\SenselessTV.crx [2012-08-06]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 lxdd_device; C:\Windows\system32\lxddcoms.exe [567216 2007-05-25] ( )
R2 lxdd_device; C:\Windows\SysWOW64\lxddcoms.exe [537520 2007-05-25] ( )
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-02-09] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-28] (DT Soft Ltd)
S3 wolf; \??\C:\AeriaGames\Wolfteam\avital\wolf64.sys [x]
U3 awdiqpob; \??\C:\Users\ilkr63\AppData\Local\Temp\awdiqpob.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-27 22:28 - 2014-01-27 22:28 - 00016520 _____ C:\Users\ilkr63\Downloads\FRST.txt
2014-01-27 22:28 - 2014-01-27 22:28 - 00000000 ____D C:\FRST
2014-01-27 22:26 - 2014-01-27 22:26 - 02079232 _____ (Farbar) C:\Users\ilkr63\Downloads\FRST64.exe
2014-01-27 22:09 - 2014-01-27 22:09 - 00000474 _____ C:\Users\ilkr63\Downloads\defogger_disable.log
2014-01-27 22:09 - 2014-01-27 22:09 - 00000000 _____ C:\Users\ilkr63\defogger_reenable
2014-01-27 22:08 - 2014-01-27 22:08 - 00050477 _____ C:\Users\ilkr63\Downloads\Defogger.exe
2014-01-27 22:05 - 2014-01-27 22:22 - 00000000 ____D C:\Users\ilkr63\Desktop\Trjaner
2014-01-27 22:00 - 2014-01-27 22:00 - 00004882 _____ C:\Users\ilkr63\Desktop\attach.txt
2014-01-27 22:00 - 2014-01-27 21:59 - 00018493 _____ C:\Users\ilkr63\Desktop\dds.txt
2014-01-27 21:58 - 2014-01-27 21:58 - 00688992 ____R (Swearware) C:\Users\ilkr63\Downloads\dds.com
2014-01-27 17:32 - 2014-01-27 17:32 - 00113290 _____ C:\Windows\PFRO.log
2014-01-27 04:48 - 2014-01-27 04:48 - 00000933 _____ C:\Users\ilkr63\Desktop\Open Broadcaster Software.lnk
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D C:\Users\ilkr63\AppData\Roaming\OBS
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D C:\Users\ilkr63\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D C:\Program Files\OBS
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D C:\Program Files (x86)\OBS
2014-01-27 04:47 - 2014-01-27 04:47 - 07660927 _____ C:\Users\ilkr63\Downloads\OBS_0_592b_Installer.exe
2014-01-26 19:49 - 2014-01-26 19:49 - 00000000 ____D C:\ProgramData\ATI
2014-01-26 19:48 - 2014-01-26 19:48 - 00055617 _____ C:\Windows\SysWOW64\CCCInstall_201401261948360409.log
2014-01-26 19:48 - 2014-01-26 19:48 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2014-01-26 19:45 - 2014-01-26 19:45 - 00000000 ____D C:\Program Files\AMD
2014-01-26 19:36 - 2014-01-26 19:43 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-23 20:31 - 2014-01-23 20:31 - 00000000 ____D C:\Users\ilkr63\Desktop\Neuer Ordner (2)
2014-01-23 19:08 - 2014-01-23 19:08 - 00000694 _____ C:\Users\ilkr63\Desktop\oma1tyo ft. xflanone & Ilk.R - Die Abrechnung.lnk
2014-01-20 23:22 - 2014-01-20 23:22 - 00001187 _____ C:\Users\ilkr63\Desktop\Eigene Musik - Verknüpfung.lnk
2014-01-20 23:00 - 2014-01-20 23:00 - 00001781 _____ C:\Users\ilkr63\Desktop\superblunt - Verknüpfung.lnk
2014-01-20 22:20 - 2009-06-10 22:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20140120-222046.backup
2014-01-20 22:15 - 2009-06-10 22:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20140120-221544.backup
2014-01-20 22:09 - 2014-01-20 22:09 - 00000000 ____D C:\Users\ilkr63\Documents\ProcAlyzer Dumps
2014-01-20 22:04 - 2014-01-20 22:04 - 00001377 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-20 22:04 - 2014-01-20 22:04 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2014-01-20 22:03 - 2014-01-20 22:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-20 22:03 - 2014-01-20 22:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-20 22:03 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-01-20 21:57 - 2014-01-20 21:57 - 00614784 _____ (Chip Digital GmbH) C:\Users\ilkr63\Downloads\SpyBot Search Destroy - CHIP-Downloader.exe
2014-01-20 20:16 - 2014-01-27 18:50 - 00181065 _____ C:\Windows\setupact.log
2014-01-20 20:16 - 2014-01-20 20:16 - 00000000 _____ C:\Windows\setuperr.log
2014-01-15 14:12 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 14:12 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 14:12 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 14:12 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 14:12 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 14:12 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 14:12 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 14:11 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 14:11 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-09 23:57 - 2014-01-09 23:58 - 31772694 _____ ( ) C:\Users\ilkr63\Downloads\K-Lite_Codec_Pack_1020_Mega.exe
==================== One Month Modified Files and Folders =======
2014-01-27 22:28 - 2014-01-27 22:28 - 00016520 _____ C:\Users\ilkr63\Downloads\FRST.txt
2014-01-27 22:28 - 2014-01-27 22:28 - 00000000 ____D C:\FRST
2014-01-27 22:26 - 2014-01-27 22:26 - 02079232 _____ (Farbar) C:\Users\ilkr63\Downloads\FRST64.exe
2014-01-27 22:24 - 2011-11-27 21:56 - 01809054 _____ C:\Windows\WindowsUpdate.log
2014-01-27 22:22 - 2014-01-27 22:05 - 00000000 ____D C:\Users\ilkr63\Desktop\Trjaner
2014-01-27 22:15 - 2013-03-24 03:57 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-27 22:09 - 2014-01-27 22:09 - 00000474 _____ C:\Users\ilkr63\Downloads\defogger_disable.log
2014-01-27 22:09 - 2014-01-27 22:09 - 00000000 _____ C:\Users\ilkr63\defogger_reenable
2014-01-27 22:09 - 2011-11-27 21:48 - 00000000 ____D C:\Users\ilkr63
2014-01-27 22:08 - 2014-01-27 22:08 - 00050477 _____ C:\Users\ilkr63\Downloads\Defogger.exe
2014-01-27 22:00 - 2014-01-27 22:00 - 00004882 _____ C:\Users\ilkr63\Desktop\attach.txt
2014-01-27 21:59 - 2014-01-27 22:00 - 00018493 _____ C:\Users\ilkr63\Desktop\dds.txt
2014-01-27 21:58 - 2014-01-27 21:58 - 00688992 ____R (Swearware) C:\Users\ilkr63\Downloads\dds.com
2014-01-27 21:44 - 2012-07-05 14:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-27 20:15 - 2013-03-24 03:57 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-27 19:17 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-27 19:17 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-27 18:53 - 2011-11-28 06:43 - 23642714 _____ C:\Windows\system32\perfh007.dat
2014-01-27 18:53 - 2011-11-28 06:43 - 07397116 _____ C:\Windows\system32\perfc007.dat
2014-01-27 18:53 - 2009-07-14 06:13 - 00006292 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-27 18:50 - 2014-01-20 20:16 - 00181065 _____ C:\Windows\setupact.log
2014-01-27 17:32 - 2014-01-27 17:32 - 00113290 _____ C:\Windows\PFRO.log
2014-01-27 17:32 - 2013-05-26 20:45 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2014-01-27 17:32 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-27 17:32 - 2009-07-14 05:45 - 00015360 _____ C:\Windows\system32\umstartup.etl
2014-01-27 06:25 - 2009-07-14 05:45 - 00024576 _____ C:\Windows\system32\umstartup000.etl
2014-01-27 04:48 - 2014-01-27 04:48 - 00000933 _____ C:\Users\ilkr63\Desktop\Open Broadcaster Software.lnk
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D C:\Users\ilkr63\AppData\Roaming\OBS
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D C:\Users\ilkr63\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D C:\Program Files\OBS
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D C:\Program Files (x86)\OBS
2014-01-27 04:47 - 2014-01-27 04:47 - 07660927 _____ C:\Users\ilkr63\Downloads\OBS_0_592b_Installer.exe
2014-01-26 19:49 - 2014-01-26 19:49 - 00000000 ____D C:\ProgramData\ATI
2014-01-26 19:48 - 2014-01-26 19:48 - 00055617 _____ C:\Windows\SysWOW64\CCCInstall_201401261948360409.log
2014-01-26 19:48 - 2014-01-26 19:48 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2014-01-26 19:48 - 2012-06-03 11:02 - 00000000 ____D C:\ProgramData\AMD
2014-01-26 19:48 - 2011-11-27 22:57 - 00000000 ____D C:\Program Files\ATI Technologies
2014-01-26 19:45 - 2014-01-26 19:45 - 00000000 ____D C:\Program Files\AMD
2014-01-26 19:43 - 2014-01-26 19:36 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-24 07:16 - 2013-10-26 14:15 - 00000129 _____ C:\Users\ilkr63\Desktop\ilker.txt
2014-01-23 20:31 - 2014-01-23 20:31 - 00000000 ____D C:\Users\ilkr63\Desktop\Neuer Ordner (2)
2014-01-23 20:11 - 2013-04-18 12:38 - 00000000 ____D C:\Users\ilkr63\AppData\Roaming\Skype
2014-01-23 19:08 - 2014-01-23 19:08 - 00000694 _____ C:\Users\ilkr63\Desktop\oma1tyo ft. xflanone & Ilk.R - Die Abrechnung.lnk
2014-01-21 22:28 - 2013-02-26 01:19 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2014-01-21 00:24 - 2011-12-02 04:42 - 00007597 _____ C:\Users\ilkr63\AppData\Local\resmon.resmoncfg
2014-01-20 23:22 - 2014-01-20 23:22 - 00001187 _____ C:\Users\ilkr63\Desktop\Eigene Musik - Verknüpfung.lnk
2014-01-20 23:00 - 2014-01-20 23:00 - 00001781 _____ C:\Users\ilkr63\Desktop\superblunt - Verknüpfung.lnk
2014-01-20 22:24 - 2014-01-20 22:03 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-20 22:09 - 2014-01-20 22:09 - 00000000 ____D C:\Users\ilkr63\Documents\ProcAlyzer Dumps
2014-01-20 22:04 - 2014-01-20 22:04 - 00001377 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-20 22:04 - 2014-01-20 22:04 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2014-01-20 22:04 - 2014-01-20 22:03 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-20 21:57 - 2014-01-20 21:57 - 00614784 _____ (Chip Digital GmbH) C:\Users\ilkr63\Downloads\SpyBot Search Destroy - CHIP-Downloader.exe
2014-01-20 20:16 - 2014-01-20 20:16 - 00000000 _____ C:\Windows\setuperr.log
2014-01-20 19:37 - 2012-06-03 18:37 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-20 19:37 - 2011-11-28 06:44 - 00000000 ____D C:\Windows\Panther
2014-01-17 19:17 - 2013-03-24 03:58 - 00002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-15 19:04 - 2009-07-14 05:45 - 00300056 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 18:04 - 2013-08-15 12:58 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 18:01 - 2011-11-30 16:09 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-09 23:58 - 2014-01-09 23:57 - 31772694 _____ ( ) C:\Users\ilkr63\Downloads\K-Lite_Codec_Pack_1020_Mega.exe
2014-01-04 11:35 - 2011-11-28 17:20 - 00000000 ____D C:\Users\ilkr63\AppData\Roaming\TS3Client
2014-01-01 16:37 - 2011-11-28 01:33 - 00000000 ____D C:\Users\ilkr63\AppData\Local\TeamSpeak 3 Client
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-985940326-2788866507-55029295-1000\$23c8f27e2577ed6342ecf29c5cda2c25
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$23c8f27e2577ed6342ecf29c5cda2c25
Some content of TEMP:
====================
C:\Users\ilkr63\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-20 17:13
==================== End Of Log ============================
Additions : Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2014 01
Ran by ilkr63 at 2014-01-27 22:28:59
Running from C:\Users\ilkr63\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1990.41618 - ABBYY Software House)
Ableton Live 8 (x32 Version: 8.0.0.0 - Ableton)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (x32 Version: 10.1.9 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v2.00 (x32 Version: 2.00 - FinalWire Ltd.)
Akamai NetSession Interface (HKCU Version: - Akamai Technologies, Inc)
Akamai NetSession Interface Service (x32 Version: - Akamai Technologies, Inc)
AMCap (x32 Version: 9.20.132.2 - Noël Danjou)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (x32 Version: - )
Broadcom NetXtreme-I Netlink Driver and Management Installer (Version: 12.37.01 - Broadcom Corporation)
Call of Duty: Black Ops II - Multiplayer (x32 Version: - )
Call of Duty: Black Ops II - Zombies (x32 Version: - )
Call of Duty: Black Ops II (x32 Version: - )
Call of Duty: Modern Warfare 3 - Dedicated Server (x32 Version: - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 - Multiplayer (x32 Version: - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (x32 Version: - Infinity Ward - Sledgehammer Games)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 3.27 - Piriform)
DAEMON Tools Lite (x32 Version: 4.45.4.0314 - DT Soft Ltd)
Darksiders II (x32 Version: - )
Dell Resource CD (x32 Version: 1.00.0000 - Ihr Firmenname)
Digital Line Detect (x32 Version: 1.21 - BVRP Software, Inc)
DivX-Setup (x32 Version: 2.6.1.8 - DivX, LLC)
Dota 2 (x32 Version: - Valve )
Free WMA to MP3 Converter 1.16 (x32 Version: - Jodix Technologies Ltd.)
Free YouTube to MP3 Converter version 3.11.35.1031 (x32 Version: 3.11.35.1031 - DVDVideoSoft Ltd.)
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Grand Theft Auto San Andreas (x32 Version: 1.00.00001 - Rockstar Games)
HCW85 Driver Installer (x32 Version: 2.1.27205 - Hauppauge Computer Works) Hidden
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
iTunes (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (x32 Version: 6.0.220 - Oracle)
Java(TM) 6 Update 37 (x32 Version: 6.0.370 - Oracle)
JDownloader 0.9 (x32 Version: 0.9 - AppWork GmbH)
JDownloader Packages (HKCU Version: - ) <==== ATTENTION
League of Legends (x32 Version: 1.3 - Riot Games)
Lexmark 2500 Series (Version: - Lexmark International, Inc.)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
MotioninJoy DS3 driver version 0.6.0005 (Version: 0.6.0005 - www.motioninjoy.com)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MP4 To MP3 Converter V3.0.4 (x32 Version: - hxxp://www.MP4ToMP3Converter.net)
Need For Speed™ World (x32 Version: 1.0.0.659 - Electronic Arts)
NetWaiting (x32 Version: 2.5.54 - BVRP Software, Inc)
NVIDIA PhysX (x32 Version: 9.09.0203 - NVIDIA Corporation)
Open Broadcaster Software (x32 Version: - )
OpenOffice.org 3.3 (x32 Version: 3.3.9567 - OpenOffice.org)
PhotoScape (x32 Version: - )
PunkBuster Services (x32 Version: 0.990 - Even Balance, Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5953 - Realtek Semiconductor Corp.)
Recuva (Version: 1.46 - Piriform)
Remote Mouse version 2.06 (x32 Version: 2.06 - Remote Mouse)
Senseless.TV Video Plugin 1.0 (x32 Version: 1.0 - SenselessTV.com)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (x32 Version: 2.2.25 - Safer-Networking Ltd.)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab CYRI (x32 Version: 5.0.6.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKCU Version: 3.0.13.1 - TeamSpeak Systems GmbH)
Tweaking.com - Windows Repair (All in One) (x32 Version: 1.9.13 - Tweaking.com)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Warframe (x32 Version: - )
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (64-Bit) (Version: 4.01.0 - win.rar GmbH)
==================== Restore Points =========================
20-01-2014 18:31:21 Removed Mobile Mouse Server.
26-01-2014 18:36:10 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
26-01-2014 18:43:06 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {09C0E4BA-143E-42A9-A913-4AE50ADE4B44} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {47856163-798B-44BE-9DAF-E4316B37A522} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {9640DAB0-B234-4105-BC22-7834EC717164} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24] (Google Inc.)
Task: {A92F83DF-1022-4678-BE45-2D6D538A5C37} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {C58165BE-3EED-462B-917D-22CEA5194784} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {DD6C0139-B778-430D-BA8F-C3ACD5EB9EA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24] (Google Inc.)
Task: {FAF5DB5B-8567-4D5A-A831-377ED489D359} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-11-28 01:15 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-08-06 04:09 - 2013-08-05 22:53 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-20 22:03 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-20 22:03 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-20 22:03 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-20 22:03 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-20 22:03 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-08-10 10:20 - 2007-05-30 06:12 - 00040960 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Core.dll
2012-08-10 10:20 - 2007-05-30 06:12 - 00028672 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Common.dll
2012-08-10 10:20 - 2007-05-30 06:11 - 00057344 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll
2012-08-10 10:20 - 2007-04-30 09:19 - 00020480 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll
2012-08-10 10:20 - 2007-04-30 09:19 - 00020480 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll
2012-08-10 10:20 - 2007-04-30 09:20 - 00011776 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
2013-12-11 14:11 - 2013-12-11 14:11 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/27/2014 07:21:38 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273
Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014e1a8
ID des fehlerhaften Prozesses: 0x10b8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (01/27/2014 06:53:14 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (01/27/2014 06:53:14 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (01/27/2014 06:53:14 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (01/27/2014 06:08:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11076
Error: (01/27/2014 06:08:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11076
Error: (01/27/2014 06:08:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/27/2014 06:08:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10062
Error: (01/27/2014 06:08:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10062
Error: (01/27/2014 06:08:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (01/27/2014 05:32:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (01/27/2014 05:32:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxddCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/27/2014 05:32:28 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxddCATSCustConnectService erreicht.
Error: (01/26/2014 08:08:13 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (01/26/2014 08:07:57 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxddCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/26/2014 08:07:57 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxddCATSCustConnectService erreicht.
Error: (01/25/2014 03:56:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (01/25/2014 03:56:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxddCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/25/2014 03:56:04 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxddCATSCustConnectService erreicht.
Error: (01/24/2014 11:41:15 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{665943A9-EAD8-4440-88FD-42EAE33ABAE9}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Microsoft Office Sessions:
=========================
Error: (01/27/2014 07:21:38 PM) (Source: Application Error)(User: )
Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a810b801cf1b7da2b59645C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dlldc3bf600-877f-11e3-8aa0-002564edce86
Error: (01/27/2014 06:53:14 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (01/27/2014 06:53:14 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (01/27/2014 06:53:14 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (01/27/2014 06:08:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11076
Error: (01/27/2014 06:08:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11076
Error: (01/27/2014 06:08:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/27/2014 06:08:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10062
Error: (01/27/2014 06:08:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10062
Error: (01/27/2014 06:08:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Percentage of memory in use: 38%
Total physical RAM: 3959.08 MB
Available physical RAM: 2448.83 MB
Total Pagefile: 7916.34 MB
Available Pagefile: 5739.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:921.83 GB) (Free:470.51 GB) NTFS
Drive i: (RECOVERY) (Fixed) (Total:9.61 GB) (Free:4.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E8000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=922 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
30.01.2014, 16:15
| #4 | |
| /// the machine /// TB-Ausbilder | - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ?Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.02.2014, 15:16
| #5 |
| | - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ? Ich hoffe es hat geholfen hier die Logdatei Code:
ATTFilter ComboFix 14-02-01.01 - ilkr63 01.02.2014 12:51:52.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3959.2819 [GMT 1:00]
ausgeführt von:: c:\users\ilkr63\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Internet Explorer\Internet Explorer
c:\program files (x86)\Internet Explorer\Internet Explorer\SystemUltima.InstallState
c:\program files (x86)\lol
c:\program files (x86)\lol\League of Legends\0x0407.ini
c:\program files (x86)\lol\League of Legends\0x0409.ini
c:\program files (x86)\lol\League of Legends\0x040a.ini
c:\program files (x86)\lol\League of Legends\0x040c.ini
c:\program files (x86)\lol\League of Legends\data1.cab
c:\program files (x86)\lol\League of Legends\data1.hdr
c:\program files (x86)\lol\League of Legends\data2.cab
c:\program files (x86)\lol\League of Legends\ISSetup.dll
c:\program files (x86)\lol\League of Legends\layout.bin
c:\program files (x86)\lol\League of Legends\setup.exe
c:\program files (x86)\lol\League of Legends\setup.ini
c:\program files (x86)\lol\League of Legends\setup.inx
c:\program files (x86)\lol\League of Legends\setup.isn
C:\SystemData
c:\windows\wininit.ini
C:\WinLogon
I:\AUTORUN.INF
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-01-01 bis 2014-02-01 ))))))))))))))))))))))))))))))
.
.
2014-02-01 11:58 . 2014-02-01 11:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-01 05:06 . 2014-02-01 05:56 -------- d-----w- c:\programdata\BitRaider
2014-02-01 05:05 . 2014-02-01 05:05 -------- d-----w- c:\users\ilkr63\AppData\Local\SWTORPerf
2014-02-01 05:04 . 2014-02-01 05:04 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2014-02-01 05:04 . 2014-02-01 05:04 -------- d-----w- c:\users\hedev
2014-01-28 07:45 . 2009-06-18 11:54 6144 ------w- c:\windows\system32\B540.tmp
2014-01-28 07:40 . 2009-06-18 11:54 6144 ------w- c:\windows\system32\F931.tmp
2014-01-28 07:40 . 2014-01-28 07:40 -------- d-----w- c:\program files (x86)\Sophos
2014-01-27 21:28 . 2014-01-27 21:28 -------- d-----w- C:\FRST
2014-01-27 03:48 . 2014-01-27 03:48 -------- d-----w- c:\users\ilkr63\AppData\Roaming\OBS
2014-01-27 03:48 . 2014-01-27 03:48 -------- d-----w- c:\program files\OBS
2014-01-27 03:48 . 2014-01-27 03:48 -------- d-----w- c:\program files (x86)\OBS
2014-01-26 18:49 . 2014-01-26 18:49 -------- d-----w- c:\programdata\ATI
2014-01-26 18:48 . 2014-01-26 18:48 -------- d-----w- c:\program files (x86)\AMD AVT
2014-01-26 18:45 . 2014-01-26 18:45 -------- d-----w- c:\program files\AMD
2014-01-26 18:36 . 2014-01-26 18:43 -------- d-----w- c:\programdata\Package Cache
2014-01-20 21:03 . 2013-09-20 09:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-01-20 21:03 . 2014-01-20 21:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-01-20 21:03 . 2014-01-20 21:04 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-01-15 13:12 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 13:12 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 13:12 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 13:12 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 13:12 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 13:12 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 13:12 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 13:11 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 13:11 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-01 06:05 . 2012-07-05 13:29 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-01 06:05 . 2011-11-27 22:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-15 17:01 . 2011-11-30 15:09 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-14 02:02 . 2013-12-14 02:02 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-14 02:02 . 2013-12-14 02:02 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-14 02:02 . 2013-12-14 02:02 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-14 02:02 . 2013-12-14 02:02 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-14 02:02 . 2013-12-14 02:02 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-14 02:02 . 2013-12-14 02:02 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-14 02:02 . 2013-12-14 02:02 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-14 02:02 . 2013-12-14 02:02 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-14 02:02 . 2013-12-14 02:02 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-14 02:02 . 2013-12-14 02:02 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-14 02:02 . 2013-12-14 02:02 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-14 02:02 . 2013-12-14 02:02 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-14 02:02 . 2013-12-14 02:02 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-14 02:02 . 2013-12-14 02:02 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-14 02:02 . 2013-12-14 02:02 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-14 02:02 . 2013-12-14 02:02 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-14 02:02 . 2013-12-14 02:02 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-14 02:02 . 2013-12-14 02:02 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-14 02:02 . 2013-12-14 02:02 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-14 02:02 . 2013-12-14 02:02 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-14 02:02 . 2013-12-14 02:02 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-14 02:02 . 2013-12-14 02:02 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-14 02:02 . 2013-12-14 02:02 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-14 02:02 . 2013-12-14 02:02 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-14 02:02 . 2013-12-14 02:02 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-14 02:02 . 2013-12-14 02:02 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-14 02:02 . 2013-12-14 02:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-14 02:02 . 2013-12-14 02:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-14 02:02 . 2013-12-14 02:02 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-14 02:02 . 2013-12-14 02:02 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-14 02:02 . 2013-12-14 02:02 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-14 02:02 . 2013-12-14 02:02 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-14 02:02 . 2013-12-14 02:02 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-14 02:02 . 2013-12-14 02:02 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-14 02:02 . 2013-12-14 02:02 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-14 02:02 . 2013-12-14 02:02 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-14 02:02 . 2013-12-14 02:02 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-14 02:02 . 2013-12-14 02:02 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-14 02:02 . 2013-12-14 02:02 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-14 02:02 . 2013-12-14 02:02 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-14 02:02 . 2013-12-14 02:02 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-14 02:02 . 2013-12-14 02:02 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-14 02:02 . 2013-12-14 02:02 413696 ----a-w- c:\windows\system32\html.iec
2013-12-14 02:02 . 2013-12-14 02:02 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-14 02:02 . 2013-12-14 02:02 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-14 02:02 . 2013-12-14 02:02 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-14 02:02 . 2013-12-14 02:02 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-14 02:02 . 2013-12-14 02:02 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-14 02:02 . 2013-12-14 02:02 235520 ----a-w- c:\windows\system32\url.dll
2013-12-14 02:02 . 2013-12-14 02:02 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-14 02:02 . 2013-12-14 02:02 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-14 02:02 . 2013-12-14 02:02 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-14 02:02 . 2013-12-14 02:02 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-14 02:02 . 2013-12-14 02:02 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-14 02:02 . 2013-12-14 02:02 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-14 02:02 . 2013-12-14 02:02 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-14 02:02 . 2013-12-14 02:02 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-14 02:02 . 2013-12-14 02:02 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-14 02:02 . 2013-12-14 02:02 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-12 11:26 . 2013-08-06 03:09 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-12-12 11:26 . 2013-08-06 03:09 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-12 11:26 . 2013-08-06 03:09 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-12-06 22:04 . 2011-04-20 01:21 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2013-12-06 22:03 . 2012-09-28 01:11 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-12-06 22:03 . 2013-12-06 22:03 115512 ----a-w- c:\windows\system32\atiu9p64.dll
2013-12-06 22:02 . 2012-09-28 01:10 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-12-06 22:01 . 2013-12-06 22:01 1318552 ----a-w- c:\windows\system32\aticfx64.dll
2013-12-06 22:01 . 2012-09-28 01:43 1100216 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-12-06 22:00 . 2013-12-06 22:00 9753752 ----a-w- c:\windows\system32\atidxx64.dll
2013-12-06 21:59 . 2012-09-28 01:39 8406024 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-12-06 21:59 . 2012-12-19 19:44 8287008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-12-06 21:58 . 2012-12-19 20:50 6630232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-12-06 21:57 . 2013-12-06 21:57 8927704 ----a-w- c:\windows\system32\atiumd6a.dll
2013-12-06 21:56 . 2013-12-06 21:56 7751920 ----a-w- c:\windows\system32\atiumd64.dll
2013-12-06 21:52 . 2013-12-06 21:52 13207552 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-12-06 21:38 . 2013-12-06 21:38 230912 ----a-w- c:\windows\system32\clinfo.exe
2013-12-06 21:38 . 2013-12-06 21:38 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-12-06 21:38 . 2013-12-06 21:38 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-12-06 21:38 . 2013-12-06 21:38 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-12-06 21:38 . 2013-12-06 21:38 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-12-06 21:38 . 2013-12-06 21:38 99840 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-12-06 21:38 . 2013-12-06 21:38 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-12-06 21:38 . 2013-12-06 21:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-12-06 21:38 . 2013-12-06 21:38 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-12-06 21:37 . 2013-12-06 21:37 29382144 ----a-w- c:\windows\system32\amdocl64.dll
2013-12-06 21:35 . 2013-12-06 21:35 24860160 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-12-06 21:33 . 2013-12-06 21:33 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-12-06 21:33 . 2013-12-06 21:33 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-12-06 21:26 . 2013-12-06 21:26 129536 ----a-w- c:\windows\system32\coinst_13.251.dll
2013-12-06 21:16 . 2013-12-06 21:16 26352128 ----a-w- c:\windows\system32\atio6axx.dll
2013-12-06 21:13 . 2013-12-06 21:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-12-06 21:12 . 2013-12-06 21:12 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-12-06 21:12 . 2013-12-06 21:12 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\ilkr63\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2013-10-31 1152000]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-12 684600]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-17 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxddserv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\B540.tmp;c:\windows\SYSNATIVE\B540.tmp [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 wolf;wolf;c:\aeriagames\Wolfteam\avital\wolf64.sys;c:\aeriagames\Wolfteam\avital\wolf64.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe;c:\windows\SYSNATIVE\lxddcoms.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 03:16 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 06:05]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24 02:57]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24 02:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxddmon.exe"="c:\program files (x86)\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files (x86)\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.hemenara.info
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: !HIDDEN! 2013-01-10 04:59; support@Senseless.TV; c:\users\ilkr63\AppData\Roaming\SenselessTV\ffextension
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\B540.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2656356~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Remote Mouse\miniweb.exe
c:\program files (x86)\avira\antivir desktop\ipmGui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-02-01 13:03:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-02-01 12:03
.
Vor Suchlauf: 25 Verzeichnis(se), 491.566.055.424 Bytes frei
Nach Suchlauf: 32 Verzeichnis(se), 492.990.636.032 Bytes frei
.
- - End Of File - - 4554E9EBA8C893ECABFC56080EA74EB1
|
|
02.02.2014, 07:01
| #6 |
| /// the machine /// TB-Ausbilder | - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ? |
|
03.02.2014, 12:46
| #7 |
| | - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ? Malwarebytes Anti Maleware : Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.02.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 ilkr63 :: ILKR63-PC [Administrator] 02.02.2014 14:32:40 mbam-log-2014-02-02 (14-32-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 245112 Laufzeit: 1 Stunde(n), 25 Minute(n), 21 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\ilkr63\Downloads\DTLite4454-0314.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\ilkr63\Downloads\PhotoScape_V3.6.5.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 02/02/2014 um 16:03:37
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ilkr63 - ILKR63-PC
# Gestartet von : C:\Users\ilkr63\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\ilkr63\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\ilkr63\AppData\Roaming\dvdvideosoftiehelpers
[x] Nicht Gelöscht : C:\Users\ilkr63\AppData\Roaming\SenselessTV
Ordner Gelöscht : C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\SweetPacksToolbarData
Ordner Gelöscht : C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlicihemmeabfjhdckhpkmopojohlkab
Datei Gelöscht : C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Datei Gelöscht : C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\searchplugins\SweetIm.xml
Datei Gelöscht : C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [support@Senseless.TV]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [support@Senseless.TV]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jlicihemmeabfjhdckhpkmopojohlkab
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{991D97B8-F0D8-4EA1-9100-7A65EA2D3A63}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{991D97B8-F0D8-4EA1-9100-7A65EA2D3A63}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{991D97B8-F0D8-4EA1-9100-7A65EA2D3A63}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{991D97B8-F0D8-4EA1-9100-7A65EA2D3A63}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Senseless.TV Video Plugin
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\prefs.js ]
Zeile gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Zeile gelöscht : user_pref("sweetim.toolbar.cargo", "3.1010000.10025");
Zeile gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.cda.returnValue", "hide");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Zeile gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
Zeile gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Zeile gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Zeile gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.newtab.created", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Zeile gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Zeile gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Zeile gelöscht : user_pref("sweetim.toolbar.search.history", "lol%20profi%20werden");
Zeile gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.simapp_id", "{C5E6F10F-5098-11E2-BF8D-002564EDCE86}");
Zeile gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0");
-\\ Google Chrome v32.0.1700.102
[ Datei : C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [11243 octets] - [02/02/2014 16:02:12]
AdwCleaner[S0].txt - [10907 octets] - [02/02/2014 16:03:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10968 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by ilkr63 on 02.02.2014 at 16:07:58,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Emptied folder: C:\Users\ilkr63\AppData\Roaming\mozilla\firefox\profiles\izpc4kws.default\minidumps [682 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.02.2014 at 16:12:07,80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST: Code:
ATTFilter
LastRegBack: 2014-01-29 19:58
==================== End Of Log ============================
gruß Nico Es hat sich aufjedenfall nichts geändert, mein Pc dreht komplett durch - Die Maus hat sich gerade innerhalb von 2 minuten 5 mal aufgehangen, so das ich sie jedes mal wieder aus,-einstecken musste .. ich weiß einfach nicht weiter D: |
|
04.02.2014, 09:11
| #8 |
| /// the machine /// TB-Ausbilder | - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ? Mich würde intressiern warum du denkst du hättest ein Rootkit auf dem System. FRST bitte nochmal laufen lassen, das Log ist leer.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.02.2014, 15:02
| #9 |
| | - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ? Mir wurde das gesagt; sry wenn ich jetzt ein anderes Thema verlinke aber da wurde es mir gesagt : http://www.trojaner-board.de/148770-...-trojaner.html FRST : FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by ilkr63 (administrator) on ILKR63-PC on 04-02-2014 14:59:03
Running from C:\Users\ilkr63\Desktop\Trjaner
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
( ) C:\Windows\System32\lxddcoms.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
(Akamai Technologies, Inc.) C:\Users\ilkr63\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\ilkr63\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [lxddmon.exe] - C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe [291760 2007-06-11] ()
HKLM\...\Run: [lxddamon] - C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe [20480 2007-04-30] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-985940326-2788866507-55029295-1000\...\Run: [Akamai NetSession Interface] - C:\Users\ilkr63\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-985940326-2788866507-55029295-1000\...\Run: [Remote Mouse] - C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [1152000 2013-10-31] (RemoteMouse.net)
HKU\S-1-5-21-985940326-2788866507-55029295-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
HKU\S-1-5-21-985940326-2788866507-55029295-1000\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4287536 2014-02-01] ()
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.hemenara.info
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Play4Free - C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\Extensions\battlefieldplay4free@ea.com [2013-02-09]
FF Extension: DownloadHelper - C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-26]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-28]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-11]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-01-01]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-24]
CHR Extension: (Google Drive) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-24]
CHR Extension: (YouTube) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-24]
CHR Extension: (Google-Suche) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-24]
CHR Extension: (SenselessTV Video Plugin) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlicihemmeabfjhdckhpkmopojohlkab [2013-03-24]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-03-24]
CHR Extension: (Google Wallet) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-03-24]
CHR Extension: (Google Mail) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-24]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\ilkr63\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-08]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-02-01] (BitRaider, LLC)
R2 lxdd_device; C:\Windows\system32\lxddcoms.exe [567216 2007-05-25] ( )
R2 lxdd_device; C:\Windows\SysWOW64\lxddcoms.exe [537520 2007-05-25] ( )
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-02-09] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-02-01] (BitRaider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-28] (DT Soft Ltd)
S3 MEMSWEEP2; C:\Windows\system32\B540.tmp [6144 2009-06-18] (Sophos Plc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 wolf; \??\C:\AeriaGames\Wolfteam\avital\wolf64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-02 16:12 - 2014-02-02 16:12 - 00000906 _____ () C:\Users\ilkr63\Desktop\JRT.txt
2014-02-02 16:07 - 2014-02-02 16:07 - 00000000 ____D () C:\Windows\ERUNT
2014-02-02 16:00 - 2014-02-02 16:00 - 00000556 _____ () C:\Windows\PFRO.log
2014-02-02 15:24 - 2014-02-02 15:24 - 00080456 _____ (Malwarebytes Corporation) C:\Users\ilkr63\Downloads\mbam-clean-1.60.2.0003.exe
2014-02-02 14:30 - 2014-02-02 16:03 - 00000000 ____D () C:\AdwCleaner
2014-02-02 14:29 - 2014-02-02 14:29 - 00000000 ____D () C:\Users\ilkr63\AppData\Roaming\Malwarebytes
2014-02-02 14:29 - 2014-02-02 14:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-02 14:29 - 2014-02-02 14:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-02 14:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-02 13:55 - 2014-02-02 13:55 - 01166132 _____ () C:\Users\ilkr63\Desktop\adwcleaner.exe
2014-02-02 10:24 - 2014-02-04 14:14 - 00077150 _____ () C:\Windows\setupact.log
2014-02-02 10:24 - 2014-02-02 10:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-01 14:37 - 2014-02-01 14:37 - 00002012 _____ () C:\Users\ilkr63\Desktop\Penumbra.lnk
2014-02-01 14:37 - 2014-02-01 14:37 - 00000000 ____D () C:\Program Files (x86)\Penumbra
2014-02-01 14:17 - 2014-02-01 14:17 - 00001724 _____ () C:\Users\Public\Desktop\League of Legends spielen .lnk
2014-02-01 14:12 - 2014-02-01 14:12 - 00000000 ____D () C:\Riot Games
2014-02-01 13:55 - 2014-02-01 14:12 - 164462080 _____ (Frictional Games ) C:\Users\ilkr63\Downloads\Penumbra_Full_1.1.exe
2014-02-01 13:27 - 2014-02-04 14:58 - 00000000 ____D () C:\Users\ilkr63\AppData\Local\PMB Files
2014-02-01 13:27 - 2014-02-04 14:58 - 00000000 ____D () C:\ProgramData\PMB Files
2014-02-01 13:27 - 2014-02-01 14:11 - 00000000 ____D () C:\Program Files (x86)\League of Legends
2014-02-01 13:20 - 2014-02-01 13:20 - 00000085 _____ () C:\Windows\wininit.ini
2014-02-01 13:13 - 2014-02-01 13:13 - 00027551 _____ () C:\Users\ilkr63\Desktop\combofix.txt
2014-02-01 13:03 - 2014-02-01 13:03 - 00027551 _____ () C:\ComboFix.txt
2014-02-01 12:46 - 2014-02-01 13:25 - 00001434 _____ () C:\Users\ilkr63\Desktop\ComboFix - Verknüpfung.lnk
2014-02-01 12:46 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-01 12:46 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-01 12:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-01 12:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-01 12:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-01 12:46 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-01 12:46 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-01 12:46 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-01 12:45 - 2014-02-01 13:03 - 00000000 ____D () C:\Qoobox
2014-02-01 12:45 - 2014-02-01 13:02 - 00000000 ____D () C:\Windows\erdnt
2014-02-01 12:44 - 2014-02-01 12:44 - 05179159 ____R (Swearware) C:\Users\ilkr63\Downloads\ComboFix.exe
2014-02-01 06:06 - 2014-02-01 06:56 - 00000000 ____D () C:\ProgramData\BitRaider
2014-02-01 06:06 - 2014-02-01 06:06 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2014-02-01 06:05 - 2014-02-01 06:05 - 00000000 ____D () C:\Users\ilkr63\AppData\Local\SWTORPerf
2014-02-01 06:04 - 2014-02-01 06:04 - 00013986 _____ () C:\Users\ilkr63\Documents\Install STAR WARS The Old Republic.log
2014-02-01 06:04 - 2014-02-01 06:04 - 00000000 ____D () C:\Users\hedev
2014-02-01 06:03 - 2014-02-01 06:04 - 39777624 _____ () C:\Users\ilkr63\Downloads\SWTOR_setup.exe
2014-01-30 07:10 - 2014-01-30 07:10 - 00000000 ____D () C:\Users\ilkr63\Desktop\Neuer Ordner (3)
2014-01-29 05:55 - 2014-01-29 06:06 - 352321536 _____ () C:\Users\ilkr63\Downloads\pmagic_2013_08_01.iso
2014-01-29 05:46 - 2014-01-29 05:46 - 05192704 _____ (Geza Kovacs) C:\Users\ilkr63\Downloads\unetbootin-windows-585.exe
2014-01-28 08:45 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\B540.tmp
2014-01-28 08:40 - 2014-02-01 13:20 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-01-28 08:40 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\F931.tmp
2014-01-28 08:39 - 2014-01-28 08:39 - 01339288 _____ () C:\Users\ilkr63\Downloads\sar_15_sfx(1).exe
2014-01-28 08:38 - 2014-01-28 08:38 - 01339288 _____ () C:\Users\ilkr63\Downloads\sar_15_sfx.exe
2014-01-27 22:28 - 2014-02-04 14:59 - 00000000 ____D () C:\FRST
2014-01-27 22:28 - 2014-01-27 22:29 - 00028839 _____ () C:\Users\ilkr63\Downloads\FRST.txt
2014-01-27 22:28 - 2014-01-27 22:29 - 00022660 _____ () C:\Users\ilkr63\Downloads\Addition.txt
2014-01-27 22:09 - 2014-01-27 22:09 - 00000474 _____ () C:\Users\ilkr63\Downloads\defogger_disable.log
2014-01-27 22:09 - 2014-01-27 22:09 - 00000000 _____ () C:\Users\ilkr63\defogger_reenable
2014-01-27 22:08 - 2014-01-27 22:08 - 00050477 _____ () C:\Users\ilkr63\Downloads\Defogger.exe
2014-01-27 22:05 - 2014-02-04 14:59 - 00000000 ____D () C:\Users\ilkr63\Desktop\Trjaner
2014-01-27 22:00 - 2014-01-27 22:00 - 00004882 _____ () C:\Users\ilkr63\Desktop\attach.txt
2014-01-27 22:00 - 2014-01-27 21:59 - 00018493 _____ () C:\Users\ilkr63\Desktop\dds.txt
2014-01-27 21:58 - 2014-01-27 21:58 - 00688992 ____R (Swearware) C:\Users\ilkr63\Downloads\dds.com
2014-01-27 04:48 - 2014-01-27 04:48 - 00000933 _____ () C:\Users\ilkr63\Desktop\Open Broadcaster Software.lnk
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D () C:\Users\ilkr63\AppData\Roaming\OBS
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D () C:\Users\ilkr63\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D () C:\Program Files\OBS
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-01-27 04:47 - 2014-01-27 04:47 - 07660927 _____ () C:\Users\ilkr63\Downloads\OBS_0_592b_Installer.exe
2014-01-26 19:49 - 2014-01-26 19:49 - 00000000 ____D () C:\ProgramData\ATI
2014-01-26 19:48 - 2014-01-26 19:48 - 00055617 _____ () C:\Windows\SysWOW64\CCCInstall_201401261948360409.log
2014-01-26 19:48 - 2014-01-26 19:48 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-01-26 19:45 - 2014-01-26 19:45 - 00000000 ____D () C:\Program Files\AMD
2014-01-26 19:36 - 2014-01-26 19:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-23 20:31 - 2014-01-23 20:31 - 00000000 ____D () C:\Users\ilkr63\Desktop\Neuer Ordner (2)
2014-01-23 19:08 - 2014-01-23 19:08 - 00000694 _____ () C:\Users\ilkr63\Desktop\oma1tyo ft. xflanone & Ilk.R - Die Abrechnung.lnk
2014-01-20 23:22 - 2014-01-20 23:22 - 00001187 _____ () C:\Users\ilkr63\Desktop\Eigene Musik - Verknüpfung.lnk
2014-01-20 23:00 - 2014-01-30 15:22 - 00001033 _____ () C:\Users\ilkr63\Desktop\superblunt - Verknüpfung.lnk
2014-01-20 22:20 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140120-222046.backup
2014-01-20 22:15 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140120-221544.backup
2014-01-20 22:09 - 2014-01-20 22:09 - 00000000 ____D () C:\Users\ilkr63\Documents\ProcAlyzer Dumps
2014-01-20 22:04 - 2014-01-20 22:04 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-01-20 22:03 - 2014-02-01 22:37 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-20 22:03 - 2014-02-01 13:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-20 21:57 - 2014-01-20 21:57 - 00614784 _____ (Chip Digital GmbH) C:\Users\ilkr63\Downloads\SpyBot Search Destroy - CHIP-Downloader.exe
2014-01-15 14:12 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 14:12 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 14:12 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 14:12 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 14:12 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 14:12 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 14:12 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 14:11 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 14:11 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-09 23:57 - 2014-01-09 23:58 - 31772694 _____ ( ) C:\Users\ilkr63\Downloads\K-Lite_Codec_Pack_1020_Mega.exe
==================== One Month Modified Files and Folders =======
2014-02-04 14:59 - 2014-01-27 22:28 - 00000000 ____D () C:\FRST
2014-02-04 14:59 - 2014-01-27 22:05 - 00000000 ____D () C:\Users\ilkr63\Desktop\Trjaner
2014-02-04 14:58 - 2014-02-01 13:27 - 00000000 ____D () C:\Users\ilkr63\AppData\Local\PMB Files
2014-02-04 14:58 - 2014-02-01 13:27 - 00000000 ____D () C:\ProgramData\PMB Files
2014-02-04 14:44 - 2012-07-05 14:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-04 14:15 - 2013-03-24 03:57 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-04 14:14 - 2014-02-02 10:24 - 00077150 _____ () C:\Windows\setupact.log
2014-02-04 12:17 - 2013-03-24 03:58 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 08:06 - 2011-11-27 21:56 - 01257422 _____ () C:\Windows\WindowsUpdate.log
2014-02-04 06:33 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-04 06:33 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-04 06:31 - 2011-11-28 06:43 - 24084014 _____ () C:\Windows\system32\perfh007.dat
2014-02-04 06:31 - 2011-11-28 06:43 - 07537696 _____ () C:\Windows\system32\perfc007.dat
2014-02-04 06:31 - 2009-07-14 06:13 - 00006292 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-04 06:27 - 2013-03-24 03:57 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-04 06:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-04 06:26 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-04 06:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-02-03 12:19 - 2013-05-26 20:45 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-02-03 12:19 - 2009-07-14 05:45 - 00015360 _____ () C:\Windows\system32\umstartup.etl
2014-02-02 21:36 - 2009-07-14 05:45 - 00015360 _____ () C:\Windows\system32\umstartup000.etl
2014-02-02 16:12 - 2014-02-02 16:12 - 00000906 _____ () C:\Users\ilkr63\Desktop\JRT.txt
2014-02-02 16:07 - 2014-02-02 16:07 - 00000000 ____D () C:\Windows\ERUNT
2014-02-02 16:03 - 2014-02-02 14:30 - 00000000 ____D () C:\AdwCleaner
2014-02-02 16:00 - 2014-02-02 16:00 - 00000556 _____ () C:\Windows\PFRO.log
2014-02-02 15:24 - 2014-02-02 15:24 - 00080456 _____ (Malwarebytes Corporation) C:\Users\ilkr63\Downloads\mbam-clean-1.60.2.0003.exe
2014-02-02 14:29 - 2014-02-02 14:29 - 00000000 ____D () C:\Users\ilkr63\AppData\Roaming\Malwarebytes
2014-02-02 14:29 - 2014-02-02 14:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-02 14:29 - 2014-02-02 14:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-02 14:26 - 2013-09-20 13:22 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2014-02-02 14:25 - 2011-11-27 21:48 - 00000000 ____D () C:\Users\ilkr63
2014-02-02 13:55 - 2014-02-02 13:55 - 01166132 _____ () C:\Users\ilkr63\Desktop\adwcleaner.exe
2014-02-02 10:24 - 2014-02-02 10:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-02 04:00 - 2012-05-28 12:13 - 00000000 ____D () C:\Users\ilkr63\AppData\Roaming\DAEMON Tools Lite
2014-02-01 22:37 - 2014-01-20 22:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-01 14:37 - 2014-02-01 14:37 - 00002012 _____ () C:\Users\ilkr63\Desktop\Penumbra.lnk
2014-02-01 14:37 - 2014-02-01 14:37 - 00000000 ____D () C:\Program Files (x86)\Penumbra
2014-02-01 14:17 - 2014-02-01 14:17 - 00001724 _____ () C:\Users\Public\Desktop\League of Legends spielen .lnk
2014-02-01 14:12 - 2014-02-01 14:12 - 00000000 ____D () C:\Riot Games
2014-02-01 14:12 - 2014-02-01 13:55 - 164462080 _____ (Frictional Games ) C:\Users\ilkr63\Downloads\Penumbra_Full_1.1.exe
2014-02-01 14:12 - 2011-11-27 22:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-01 14:11 - 2014-02-01 13:27 - 00000000 ____D () C:\Program Files (x86)\League of Legends
2014-02-01 13:26 - 2013-02-26 01:19 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-02-01 13:25 - 2014-02-01 12:46 - 00001434 _____ () C:\Users\ilkr63\Desktop\ComboFix - Verknüpfung.lnk
2014-02-01 13:20 - 2014-02-01 13:20 - 00000085 _____ () C:\Windows\wininit.ini
2014-02-01 13:20 - 2014-01-28 08:40 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-02-01 13:20 - 2014-01-20 22:03 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-01 13:13 - 2014-02-01 13:13 - 00027551 _____ () C:\Users\ilkr63\Desktop\combofix.txt
2014-02-01 13:03 - 2014-02-01 13:03 - 00027551 _____ () C:\ComboFix.txt
2014-02-01 13:03 - 2014-02-01 12:45 - 00000000 ____D () C:\Qoobox
2014-02-01 13:03 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-01 13:02 - 2014-02-01 12:45 - 00000000 ____D () C:\Windows\erdnt
2014-02-01 12:59 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-01 12:44 - 2014-02-01 12:44 - 05179159 ____R (Swearware) C:\Users\ilkr63\Downloads\ComboFix.exe
2014-02-01 07:06 - 2012-03-27 15:14 - 00000000 ____D () C:\Users\ilkr63\AppData\Local\Adobe
2014-02-01 07:05 - 2012-07-05 14:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-01 07:05 - 2012-07-05 14:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-01 07:05 - 2011-11-27 23:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-01 06:56 - 2014-02-01 06:06 - 00000000 ____D () C:\ProgramData\BitRaider
2014-02-01 06:06 - 2014-02-01 06:06 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2014-02-01 06:05 - 2014-02-01 06:05 - 00000000 ____D () C:\Users\ilkr63\AppData\Local\SWTORPerf
2014-02-01 06:04 - 2014-02-01 06:04 - 00013986 _____ () C:\Users\ilkr63\Documents\Install STAR WARS The Old Republic.log
2014-02-01 06:04 - 2014-02-01 06:04 - 00000000 ____D () C:\Users\hedev
2014-02-01 06:04 - 2014-02-01 06:03 - 39777624 _____ () C:\Users\ilkr63\Downloads\SWTOR_setup.exe
2014-02-01 06:04 - 2013-02-07 22:14 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-01-30 15:22 - 2014-01-20 23:00 - 00001033 _____ () C:\Users\ilkr63\Desktop\superblunt - Verknüpfung.lnk
2014-01-30 07:10 - 2014-01-30 07:10 - 00000000 ____D () C:\Users\ilkr63\Desktop\Neuer Ordner (3)
2014-01-29 06:06 - 2014-01-29 05:55 - 352321536 _____ () C:\Users\ilkr63\Downloads\pmagic_2013_08_01.iso
2014-01-29 05:48 - 2013-10-06 00:38 - 00000000 ____D () C:\Users\ilkr63\Desktop\locker
2014-01-29 05:46 - 2014-01-29 05:46 - 05192704 _____ (Geza Kovacs) C:\Users\ilkr63\Downloads\unetbootin-windows-585.exe
2014-01-29 05:39 - 2013-10-26 17:44 - 00000000 ____D () C:\output
2014-01-29 05:35 - 2013-10-04 04:18 - 00195584 ____H () C:\Users\ilkr63\Desktop\photothumb.db
2014-01-28 08:39 - 2014-01-28 08:39 - 01339288 _____ () C:\Users\ilkr63\Downloads\sar_15_sfx(1).exe
2014-01-28 08:38 - 2014-01-28 08:38 - 01339288 _____ () C:\Users\ilkr63\Downloads\sar_15_sfx.exe
2014-01-28 02:23 - 2011-11-28 00:51 - 00000000 ____D () C:\Users\ilkr63\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-27 22:29 - 2014-01-27 22:28 - 00028839 _____ () C:\Users\ilkr63\Downloads\FRST.txt
2014-01-27 22:29 - 2014-01-27 22:28 - 00022660 _____ () C:\Users\ilkr63\Downloads\Addition.txt
2014-01-27 22:09 - 2014-01-27 22:09 - 00000474 _____ () C:\Users\ilkr63\Downloads\defogger_disable.log
2014-01-27 22:09 - 2014-01-27 22:09 - 00000000 _____ () C:\Users\ilkr63\defogger_reenable
2014-01-27 22:08 - 2014-01-27 22:08 - 00050477 _____ () C:\Users\ilkr63\Downloads\Defogger.exe
2014-01-27 22:00 - 2014-01-27 22:00 - 00004882 _____ () C:\Users\ilkr63\Desktop\attach.txt
2014-01-27 21:59 - 2014-01-27 22:00 - 00018493 _____ () C:\Users\ilkr63\Desktop\dds.txt
2014-01-27 21:58 - 2014-01-27 21:58 - 00688992 ____R (Swearware) C:\Users\ilkr63\Downloads\dds.com
2014-01-27 04:48 - 2014-01-27 04:48 - 00000933 _____ () C:\Users\ilkr63\Desktop\Open Broadcaster Software.lnk
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D () C:\Users\ilkr63\AppData\Roaming\OBS
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D () C:\Users\ilkr63\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D () C:\Program Files\OBS
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-01-27 04:47 - 2014-01-27 04:47 - 07660927 _____ () C:\Users\ilkr63\Downloads\OBS_0_592b_Installer.exe
2014-01-26 19:49 - 2014-01-26 19:49 - 00000000 ____D () C:\ProgramData\ATI
2014-01-26 19:48 - 2014-01-26 19:48 - 00055617 _____ () C:\Windows\SysWOW64\CCCInstall_201401261948360409.log
2014-01-26 19:48 - 2014-01-26 19:48 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-01-26 19:48 - 2012-06-03 11:02 - 00000000 ____D () C:\ProgramData\AMD
2014-01-26 19:48 - 2011-11-27 22:57 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-01-26 19:45 - 2014-01-26 19:45 - 00000000 ____D () C:\Program Files\AMD
2014-01-26 19:43 - 2014-01-26 19:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-24 07:16 - 2013-10-26 14:15 - 00000129 _____ () C:\Users\ilkr63\Desktop\ilker.txt
2014-01-23 20:31 - 2014-01-23 20:31 - 00000000 ____D () C:\Users\ilkr63\Desktop\Neuer Ordner (2)
2014-01-23 20:11 - 2013-04-18 12:38 - 00000000 ____D () C:\Users\ilkr63\AppData\Roaming\Skype
2014-01-23 19:08 - 2014-01-23 19:08 - 00000694 _____ () C:\Users\ilkr63\Desktop\oma1tyo ft. xflanone & Ilk.R - Die Abrechnung.lnk
2014-01-21 00:24 - 2011-12-02 04:42 - 00007597 _____ () C:\Users\ilkr63\AppData\Local\resmon.resmoncfg
2014-01-20 23:22 - 2014-01-20 23:22 - 00001187 _____ () C:\Users\ilkr63\Desktop\Eigene Musik - Verknüpfung.lnk
2014-01-20 22:09 - 2014-01-20 22:09 - 00000000 ____D () C:\Users\ilkr63\Documents\ProcAlyzer Dumps
2014-01-20 22:04 - 2014-01-20 22:04 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-01-20 21:57 - 2014-01-20 21:57 - 00614784 _____ (Chip Digital GmbH) C:\Users\ilkr63\Downloads\SpyBot Search Destroy - CHIP-Downloader.exe
2014-01-20 19:37 - 2012-06-03 18:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-01-20 19:37 - 2011-11-28 06:44 - 00000000 ____D () C:\Windows\Panther
2014-01-16 09:59 - 2011-11-28 00:05 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-15 19:04 - 2009-07-14 05:45 - 00300056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 18:04 - 2013-08-15 12:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 18:01 - 2011-11-30 16:09 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-09 23:58 - 2014-01-09 23:57 - 31772694 _____ ( ) C:\Users\ilkr63\Downloads\K-Lite_Codec_Pack_1020_Mega.exe
Some content of TEMP:
====================
C:\Users\ilkr63\AppData\Local\Temp\avgnt.exe
C:\Users\ilkr63\AppData\Local\Temp\Quarantine.exe
C:\Users\ilkr63\AppData\Local\Temp\swt-win32-3740.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-29 19:58
==================== End Of Log ============================
|
|
05.02.2014, 09:26
| #10 |
| /// the machine /// TB-Ausbilder | - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ? Warum fängst du einfach nen neuen Thread an ohne den alten fertig zu machen? Rootkit ist weg. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.02.2014, 09:52
| #11 |
| | - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ? Es tut mir echt leid das ich einen neuen Thread eröffnet habe ABER ich hab in dem anderen Thread ausdrücklich meine meinung zur Neuinstallation gesagt. Und bekomme als Antwort nur sowas wie : Hast du nicht gelesen was ich dir geschrieben habe usw... (leicht fresch). und wie es aussieht hast du mir ja auch ohne Neuinstallation geholfen .. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=04b202bde9d610439bc0b2ec75f96b22
# engine=16973
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-06 10:21:11
# local_time=2014-02-06 11:21:11 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 6896 162392976 0 0
# compatibility_mode=5893 16776573 100 94 155662 143355121 0 0
# scanned=1
# found=0
# cleaned=0
# scan_time=4
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=04b202bde9d610439bc0b2ec75f96b22
# engine=16973
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-06 10:45:54
# local_time=2014-02-06 11:45:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 8379 162394459 1159 0
# compatibility_mode=5893 16776573 100 94 160745 143356604 0 0
# scanned=42323
# found=0
# cleaned=0
# scan_time=1381
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=04b202bde9d610439bc0b2ec75f96b22
# engine=16991
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-08 09:38:50
# local_time=2014-02-08 10:38:50 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 57574 162563235 50354 0
# compatibility_mode=5893 16776573 100 94 130678 143525380 0 0
# scanned=770517
# found=0
# cleaned=0
# scan_time=41234
Code:
ATTFilter Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 22 Java(TM) 6 Update 37 Java 7 Update 51 Adobe Flash Player 12.0.0.43 Flash Player out of Date! Adobe Reader 10.1.9 Adobe Reader out of Date! Mozilla Firefox (27.0) Google Chrome 32.0.1700.102 Google Chrome 32.0.1700.107 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by ilkr63 (administrator) on ILKR63-PC on 09-02-2014 09:47:43
Running from C:\Users\ilkr63\Desktop\Trjaner
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
(Akamai Technologies, Inc.) C:\Users\ilkr63\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Akamai Technologies, Inc.) C:\Users\ilkr63\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [lxddmon.exe] - C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe [291760 2007-06-11] ()
HKLM\...\Run: [lxddamon] - C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe [20480 2007-04-30] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-985940326-2788866507-55029295-1000\...\Run: [Akamai NetSession Interface] - C:\Users\ilkr63\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-985940326-2788866507-55029295-1000\...\Run: [Remote Mouse] - C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [1152000 2013-10-31] (RemoteMouse.net)
HKU\S-1-5-21-985940326-2788866507-55029295-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.hemenara.info
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Play4Free - C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\Extensions\battlefieldplay4free@ea.com [2013-02-09]
FF Extension: DownloadHelper - C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-26]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\ilkr63\AppData\Roaming\Mozilla\Firefox\Profiles\izpc4kws.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-28]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-06]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-02-06]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-01-01]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-24]
CHR Extension: (Google Drive) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-24]
CHR Extension: (YouTube) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-24]
CHR Extension: (Google-Suche) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-24]
CHR Extension: (SenselessTV Video Plugin) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlicihemmeabfjhdckhpkmopojohlkab [2013-03-24]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-03-24]
CHR Extension: (Google Wallet) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-03-24]
CHR Extension: (Google Mail) - C:\Users\ilkr63\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-24]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\ilkr63\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-08]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-02-01] (BitRaider, LLC)
S2 lxdd_device; C:\Windows\system32\lxddcoms.exe [567216 2007-05-25] ( )
S2 lxdd_device; C:\Windows\SysWOW64\lxddcoms.exe [537520 2007-05-25] ( )
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-02-01] (BitRaider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-28] (DT Soft Ltd)
S3 MEMSWEEP2; C:\Windows\system32\B540.tmp [6144 2009-06-18] (Sophos Plc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 wolf; \??\C:\AeriaGames\Wolfteam\avital\wolf64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-09 09:44 - 2014-02-09 09:44 - 00987425 _____ () C:\Users\ilkr63\Desktop\SecurityCheck.exe
2014-02-07 18:25 - 2014-02-07 18:25 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-07 18:25 - 2014-02-07 18:25 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-07 18:21 - 2014-02-07 18:23 - 41177600 _____ () C:\Users\ilkr63\Downloads\PhysX-9.13.1220-SystemSoftware.msi
2014-02-06 23:18 - 2014-02-06 23:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-06 23:16 - 2014-02-06 23:17 - 02347384 _____ (ESET) C:\Users\ilkr63\Downloads\esetsmartinstaller_enu.exe
2014-02-06 10:59 - 2014-02-06 10:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-05 14:07 - 2014-02-05 14:07 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-05 14:07 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-05 14:07 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-05 14:07 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-05 14:07 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-02 16:12 - 2014-02-02 16:12 - 00000906 _____ () C:\Users\ilkr63\Desktop\JRT.txt
2014-02-02 16:07 - 2014-02-02 16:07 - 00000000 ____D () C:\Windows\ERUNT
2014-02-02 16:00 - 2014-02-02 16:00 - 00000556 _____ () C:\Windows\PFRO.log
2014-02-02 15:24 - 2014-02-02 15:24 - 00080456 _____ (Malwarebytes Corporation) C:\Users\ilkr63\Downloads\mbam-clean-1.60.2.0003.exe
2014-02-02 14:30 - 2014-02-02 16:03 - 00000000 ____D () C:\AdwCleaner
2014-02-02 14:29 - 2014-02-02 14:29 - 00000000 ____D () C:\Users\ilkr63\AppData\Roaming\Malwarebytes
2014-02-02 14:29 - 2014-02-02 14:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-02 14:29 - 2014-02-02 14:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-02 14:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-02 13:55 - 2014-02-02 13:55 - 01166132 _____ () C:\Users\ilkr63\Desktop\adwcleaner.exe
2014-02-02 10:24 - 2014-02-09 09:40 - 00180442 _____ () C:\Windows\setupact.log
2014-02-02 10:24 - 2014-02-02 10:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-01 14:37 - 2014-02-01 14:37 - 00002012 _____ () C:\Users\ilkr63\Desktop\Penumbra.lnk
2014-02-01 14:37 - 2014-02-01 14:37 - 00000000 ____D () C:\Program Files (x86)\Penumbra
2014-02-01 14:12 - 2014-02-01 14:12 - 00000000 ____D () C:\Riot Games
2014-02-01 13:55 - 2014-02-01 14:12 - 164462080 _____ (Frictional Games ) C:\Users\ilkr63\Downloads\Penumbra_Full_1.1.exe
2014-02-01 13:27 - 2014-02-01 14:11 - 00000000 ____D () C:\Program Files (x86)\League of Legends
2014-02-01 13:20 - 2014-02-01 13:20 - 00000085 _____ () C:\Windows\wininit.ini
2014-02-01 13:13 - 2014-02-01 13:13 - 00027551 _____ () C:\Users\ilkr63\Desktop\combofix.txt
2014-02-01 13:03 - 2014-02-01 13:03 - 00027551 _____ () C:\ComboFix.txt
2014-02-01 12:46 - 2014-02-01 13:25 - 00001434 _____ () C:\Users\ilkr63\Desktop\ComboFix - Verknüpfung.lnk
2014-02-01 12:46 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-01 12:46 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-01 12:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-01 12:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-01 12:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-01 12:46 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-01 12:46 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-01 12:46 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-01 12:45 - 2014-02-01 13:03 - 00000000 ____D () C:\Qoobox
2014-02-01 12:45 - 2014-02-01 13:02 - 00000000 ____D () C:\Windows\erdnt
2014-02-01 12:44 - 2014-02-01 12:44 - 05179159 ____R (Swearware) C:\Users\ilkr63\Downloads\ComboFix.exe
2014-02-01 06:06 - 2014-02-01 06:56 - 00000000 ____D () C:\ProgramData\BitRaider
2014-02-01 06:06 - 2014-02-01 06:06 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2014-02-01 06:05 - 2014-02-01 06:05 - 00000000 ____D () C:\Users\ilkr63\AppData\Local\SWTORPerf
2014-02-01 06:04 - 2014-02-01 06:04 - 00013986 _____ () C:\Users\ilkr63\Documents\Install STAR WARS The Old Republic.log
2014-02-01 06:04 - 2014-02-01 06:04 - 00000000 ____D () C:\Users\hedev
2014-02-01 06:03 - 2014-02-01 06:04 - 39777624 _____ () C:\Users\ilkr63\Downloads\SWTOR_setup.exe
2014-01-30 07:10 - 2014-01-30 07:10 - 00000000 ____D () C:\Users\ilkr63\Desktop\Neuer Ordner (3)
2014-01-29 05:55 - 2014-01-29 06:06 - 352321536 _____ () C:\Users\ilkr63\Downloads\pmagic_2013_08_01.iso
2014-01-29 05:46 - 2014-01-29 05:46 - 05192704 _____ (Geza Kovacs) C:\Users\ilkr63\Downloads\unetbootin-windows-585.exe
2014-01-28 08:45 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\B540.tmp
2014-01-28 08:40 - 2014-02-01 13:20 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-01-28 08:40 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\F931.tmp
2014-01-28 08:39 - 2014-01-28 08:39 - 01339288 _____ () C:\Users\ilkr63\Downloads\sar_15_sfx(1).exe
2014-01-28 08:38 - 2014-01-28 08:38 - 01339288 _____ () C:\Users\ilkr63\Downloads\sar_15_sfx.exe
2014-01-27 22:28 - 2014-02-09 09:47 - 00000000 ____D () C:\FRST
2014-01-27 22:28 - 2014-01-27 22:29 - 00028839 _____ () C:\Users\ilkr63\Downloads\FRST.txt
2014-01-27 22:28 - 2014-01-27 22:29 - 00022660 _____ () C:\Users\ilkr63\Downloads\Addition.txt
2014-01-27 22:09 - 2014-01-27 22:09 - 00000474 _____ () C:\Users\ilkr63\Downloads\defogger_disable.log
2014-01-27 22:09 - 2014-01-27 22:09 - 00000000 _____ () C:\Users\ilkr63\defogger_reenable
2014-01-27 22:08 - 2014-01-27 22:08 - 00050477 _____ () C:\Users\ilkr63\Downloads\Defogger.exe
2014-01-27 22:05 - 2014-02-09 09:47 - 00000000 ____D () C:\Users\ilkr63\Desktop\Trjaner
2014-01-27 22:00 - 2014-01-27 22:00 - 00004882 _____ () C:\Users\ilkr63\Desktop\attach.txt
2014-01-27 22:00 - 2014-01-27 21:59 - 00018493 _____ () C:\Users\ilkr63\Desktop\dds.txt
2014-01-27 21:58 - 2014-01-27 21:58 - 00688992 ____R (Swearware) C:\Users\ilkr63\Downloads\dds.com
2014-01-27 04:48 - 2014-01-27 04:48 - 00000933 _____ () C:\Users\ilkr63\Desktop\Open Broadcaster Software.lnk
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D () C:\Users\ilkr63\AppData\Roaming\OBS
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D () C:\Users\ilkr63\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D () C:\Program Files\OBS
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-01-27 04:47 - 2014-01-27 04:47 - 07660927 _____ () C:\Users\ilkr63\Downloads\OBS_0_592b_Installer.exe
2014-01-26 19:49 - 2014-01-26 19:49 - 00000000 ____D () C:\ProgramData\ATI
2014-01-26 19:48 - 2014-01-26 19:48 - 00055617 _____ () C:\Windows\SysWOW64\CCCInstall_201401261948360409.log
2014-01-26 19:48 - 2014-01-26 19:48 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-01-26 19:45 - 2014-01-26 19:45 - 00000000 ____D () C:\Program Files\AMD
2014-01-26 19:36 - 2014-01-26 19:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-23 20:31 - 2014-01-23 20:31 - 00000000 ____D () C:\Users\ilkr63\Desktop\Neuer Ordner (2)
2014-01-23 19:08 - 2014-01-23 19:08 - 00000694 _____ () C:\Users\ilkr63\Desktop\oma1tyo ft. xflanone & Ilk.R - Die Abrechnung.lnk
2014-01-20 23:22 - 2014-01-20 23:22 - 00001187 _____ () C:\Users\ilkr63\Desktop\Eigene Musik - Verknüpfung.lnk
2014-01-20 23:00 - 2014-01-30 15:22 - 00001033 _____ () C:\Users\ilkr63\Desktop\superblunt - Verknüpfung.lnk
2014-01-20 22:20 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140120-222046.backup
2014-01-20 22:15 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140120-221544.backup
2014-01-20 22:09 - 2014-01-20 22:09 - 00000000 ____D () C:\Users\ilkr63\Documents\ProcAlyzer Dumps
2014-01-20 22:04 - 2014-01-20 22:04 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-01-20 22:03 - 2014-02-01 22:37 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-20 22:03 - 2014-02-01 13:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-20 21:57 - 2014-01-20 21:57 - 00614784 _____ (Chip Digital GmbH) C:\Users\ilkr63\Downloads\SpyBot Search Destroy - CHIP-Downloader.exe
2014-01-15 14:12 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 14:12 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 14:12 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 14:12 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 14:12 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 14:12 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 14:12 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 14:11 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 14:11 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
2014-02-09 09:47 - 2014-01-27 22:28 - 00000000 ____D () C:\FRST
2014-02-09 09:47 - 2014-01-27 22:05 - 00000000 ____D () C:\Users\ilkr63\Desktop\Trjaner
2014-02-09 09:44 - 2014-02-09 09:44 - 00987425 _____ () C:\Users\ilkr63\Desktop\SecurityCheck.exe
2014-02-09 09:44 - 2012-07-05 14:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-09 09:40 - 2014-02-02 10:24 - 00180442 _____ () C:\Windows\setupact.log
2014-02-09 09:39 - 2011-11-28 06:43 - 24275244 _____ () C:\Windows\system32\perfh007.dat
2014-02-09 09:39 - 2011-11-28 06:43 - 07598614 _____ () C:\Windows\system32\perfc007.dat
2014-02-09 09:39 - 2009-07-14 06:13 - 00006292 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-09 09:28 - 2011-11-27 21:56 - 01478949 _____ () C:\Windows\WindowsUpdate.log
2014-02-09 09:15 - 2013-03-24 03:57 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-08 21:37 - 2013-03-24 03:57 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-08 21:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-08 21:36 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-08 07:41 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-08 07:41 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-08 07:34 - 2013-05-26 20:45 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-02-08 07:34 - 2013-02-26 01:19 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-02-08 07:34 - 2009-07-14 05:45 - 00012288 _____ () C:\Windows\system32\umstartup.etl
2014-02-07 18:25 - 2014-02-07 18:25 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-07 18:25 - 2014-02-07 18:25 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-07 18:23 - 2014-02-07 18:21 - 41177600 _____ () C:\Users\ilkr63\Downloads\PhysX-9.13.1220-SystemSoftware.msi
2014-02-07 18:15 - 2013-02-07 22:16 - 00000000 ____D () C:\Users\ilkr63\AppData\Local\Akamai
2014-02-07 17:18 - 2009-07-14 05:45 - 00015360 _____ () C:\Windows\system32\umstartup000.etl
2014-02-06 23:18 - 2014-02-06 23:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-06 23:17 - 2014-02-06 23:16 - 02347384 _____ (ESET) C:\Users\ilkr63\Downloads\esetsmartinstaller_enu.exe
2014-02-06 22:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-02-06 16:12 - 2012-04-28 10:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-06 10:59 - 2014-02-06 10:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-05 15:01 - 2013-10-22 19:15 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-05 14:44 - 2012-07-05 14:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 14:44 - 2012-07-05 14:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 14:44 - 2011-11-27 23:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 14:07 - 2014-02-05 14:07 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-05 14:07 - 2011-11-29 17:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-04 12:17 - 2013-03-24 03:58 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-02 16:12 - 2014-02-02 16:12 - 00000906 _____ () C:\Users\ilkr63\Desktop\JRT.txt
2014-02-02 16:07 - 2014-02-02 16:07 - 00000000 ____D () C:\Windows\ERUNT
2014-02-02 16:03 - 2014-02-02 14:30 - 00000000 ____D () C:\AdwCleaner
2014-02-02 16:00 - 2014-02-02 16:00 - 00000556 _____ () C:\Windows\PFRO.log
2014-02-02 15:24 - 2014-02-02 15:24 - 00080456 _____ (Malwarebytes Corporation) C:\Users\ilkr63\Downloads\mbam-clean-1.60.2.0003.exe
2014-02-02 14:29 - 2014-02-02 14:29 - 00000000 ____D () C:\Users\ilkr63\AppData\Roaming\Malwarebytes
2014-02-02 14:29 - 2014-02-02 14:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-02 14:29 - 2014-02-02 14:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-02 14:26 - 2013-09-20 13:22 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2014-02-02 14:25 - 2011-11-27 21:48 - 00000000 ____D () C:\Users\ilkr63
2014-02-02 13:55 - 2014-02-02 13:55 - 01166132 _____ () C:\Users\ilkr63\Desktop\adwcleaner.exe
2014-02-02 10:24 - 2014-02-02 10:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-02 04:00 - 2012-05-28 12:13 - 00000000 ____D () C:\Users\ilkr63\AppData\Roaming\DAEMON Tools Lite
2014-02-01 22:37 - 2014-01-20 22:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-01 14:37 - 2014-02-01 14:37 - 00002012 _____ () C:\Users\ilkr63\Desktop\Penumbra.lnk
2014-02-01 14:37 - 2014-02-01 14:37 - 00000000 ____D () C:\Program Files (x86)\Penumbra
2014-02-01 14:12 - 2014-02-01 14:12 - 00000000 ____D () C:\Riot Games
2014-02-01 14:12 - 2014-02-01 13:55 - 164462080 _____ (Frictional Games ) C:\Users\ilkr63\Downloads\Penumbra_Full_1.1.exe
2014-02-01 14:12 - 2011-11-27 22:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-01 14:11 - 2014-02-01 13:27 - 00000000 ____D () C:\Program Files (x86)\League of Legends
2014-02-01 13:25 - 2014-02-01 12:46 - 00001434 _____ () C:\Users\ilkr63\Desktop\ComboFix - Verknüpfung.lnk
2014-02-01 13:20 - 2014-02-01 13:20 - 00000085 _____ () C:\Windows\wininit.ini
2014-02-01 13:20 - 2014-01-28 08:40 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-02-01 13:20 - 2014-01-20 22:03 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-01 13:13 - 2014-02-01 13:13 - 00027551 _____ () C:\Users\ilkr63\Desktop\combofix.txt
2014-02-01 13:03 - 2014-02-01 13:03 - 00027551 _____ () C:\ComboFix.txt
2014-02-01 13:03 - 2014-02-01 12:45 - 00000000 ____D () C:\Qoobox
2014-02-01 13:03 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-01 13:02 - 2014-02-01 12:45 - 00000000 ____D () C:\Windows\erdnt
2014-02-01 12:59 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-01 12:44 - 2014-02-01 12:44 - 05179159 ____R (Swearware) C:\Users\ilkr63\Downloads\ComboFix.exe
2014-02-01 07:06 - 2012-03-27 15:14 - 00000000 ____D () C:\Users\ilkr63\AppData\Local\Adobe
2014-02-01 06:56 - 2014-02-01 06:06 - 00000000 ____D () C:\ProgramData\BitRaider
2014-02-01 06:06 - 2014-02-01 06:06 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2014-02-01 06:05 - 2014-02-01 06:05 - 00000000 ____D () C:\Users\ilkr63\AppData\Local\SWTORPerf
2014-02-01 06:04 - 2014-02-01 06:04 - 00013986 _____ () C:\Users\ilkr63\Documents\Install STAR WARS The Old Republic.log
2014-02-01 06:04 - 2014-02-01 06:04 - 00000000 ____D () C:\Users\hedev
2014-02-01 06:04 - 2014-02-01 06:03 - 39777624 _____ () C:\Users\ilkr63\Downloads\SWTOR_setup.exe
2014-02-01 06:04 - 2013-02-07 22:14 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-01-30 15:22 - 2014-01-20 23:00 - 00001033 _____ () C:\Users\ilkr63\Desktop\superblunt - Verknüpfung.lnk
2014-01-30 07:10 - 2014-01-30 07:10 - 00000000 ____D () C:\Users\ilkr63\Desktop\Neuer Ordner (3)
2014-01-29 06:06 - 2014-01-29 05:55 - 352321536 _____ () C:\Users\ilkr63\Downloads\pmagic_2013_08_01.iso
2014-01-29 05:48 - 2013-10-06 00:38 - 00000000 ____D () C:\Users\ilkr63\Desktop\locker
2014-01-29 05:46 - 2014-01-29 05:46 - 05192704 _____ (Geza Kovacs) C:\Users\ilkr63\Downloads\unetbootin-windows-585.exe
2014-01-29 05:39 - 2013-10-26 17:44 - 00000000 ____D () C:\output
2014-01-29 05:35 - 2013-10-04 04:18 - 00195584 ____H () C:\Users\ilkr63\Desktop\photothumb.db
2014-01-28 08:39 - 2014-01-28 08:39 - 01339288 _____ () C:\Users\ilkr63\Downloads\sar_15_sfx(1).exe
2014-01-28 08:38 - 2014-01-28 08:38 - 01339288 _____ () C:\Users\ilkr63\Downloads\sar_15_sfx.exe
2014-01-28 02:23 - 2011-11-28 00:51 - 00000000 ____D () C:\Users\ilkr63\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-27 22:29 - 2014-01-27 22:28 - 00028839 _____ () C:\Users\ilkr63\Downloads\FRST.txt
2014-01-27 22:29 - 2014-01-27 22:28 - 00022660 _____ () C:\Users\ilkr63\Downloads\Addition.txt
2014-01-27 22:09 - 2014-01-27 22:09 - 00000474 _____ () C:\Users\ilkr63\Downloads\defogger_disable.log
2014-01-27 22:09 - 2014-01-27 22:09 - 00000000 _____ () C:\Users\ilkr63\defogger_reenable
2014-01-27 22:08 - 2014-01-27 22:08 - 00050477 _____ () C:\Users\ilkr63\Downloads\Defogger.exe
2014-01-27 22:00 - 2014-01-27 22:00 - 00004882 _____ () C:\Users\ilkr63\Desktop\attach.txt
2014-01-27 21:59 - 2014-01-27 22:00 - 00018493 _____ () C:\Users\ilkr63\Desktop\dds.txt
2014-01-27 21:58 - 2014-01-27 21:58 - 00688992 ____R (Swearware) C:\Users\ilkr63\Downloads\dds.com
2014-01-27 04:48 - 2014-01-27 04:48 - 00000933 _____ () C:\Users\ilkr63\Desktop\Open Broadcaster Software.lnk
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D () C:\Users\ilkr63\AppData\Roaming\OBS
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D () C:\Users\ilkr63\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D () C:\Program Files\OBS
2014-01-27 04:48 - 2014-01-27 04:48 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-01-27 04:47 - 2014-01-27 04:47 - 07660927 _____ () C:\Users\ilkr63\Downloads\OBS_0_592b_Installer.exe
2014-01-26 19:49 - 2014-01-26 19:49 - 00000000 ____D () C:\ProgramData\ATI
2014-01-26 19:48 - 2014-01-26 19:48 - 00055617 _____ () C:\Windows\SysWOW64\CCCInstall_201401261948360409.log
2014-01-26 19:48 - 2014-01-26 19:48 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-01-26 19:48 - 2012-06-03 11:02 - 00000000 ____D () C:\ProgramData\AMD
2014-01-26 19:48 - 2011-11-27 22:57 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-01-26 19:45 - 2014-01-26 19:45 - 00000000 ____D () C:\Program Files\AMD
2014-01-26 19:43 - 2014-01-26 19:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-24 07:16 - 2013-10-26 14:15 - 00000129 _____ () C:\Users\ilkr63\Desktop\ilker.txt
2014-01-23 20:31 - 2014-01-23 20:31 - 00000000 ____D () C:\Users\ilkr63\Desktop\Neuer Ordner (2)
2014-01-23 20:11 - 2013-04-18 12:38 - 00000000 ____D () C:\Users\ilkr63\AppData\Roaming\Skype
2014-01-23 19:08 - 2014-01-23 19:08 - 00000694 _____ () C:\Users\ilkr63\Desktop\oma1tyo ft. xflanone & Ilk.R - Die Abrechnung.lnk
2014-01-21 00:24 - 2011-12-02 04:42 - 00007597 _____ () C:\Users\ilkr63\AppData\Local\resmon.resmoncfg
2014-01-20 23:22 - 2014-01-20 23:22 - 00001187 _____ () C:\Users\ilkr63\Desktop\Eigene Musik - Verknüpfung.lnk
2014-01-20 22:09 - 2014-01-20 22:09 - 00000000 ____D () C:\Users\ilkr63\Documents\ProcAlyzer Dumps
2014-01-20 22:04 - 2014-01-20 22:04 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-01-20 21:57 - 2014-01-20 21:57 - 00614784 _____ (Chip Digital GmbH) C:\Users\ilkr63\Downloads\SpyBot Search Destroy - CHIP-Downloader.exe
2014-01-20 19:37 - 2012-06-03 18:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-01-20 19:37 - 2011-11-28 06:44 - 00000000 ____D () C:\Windows\Panther
2014-01-16 09:59 - 2011-11-28 00:05 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-15 19:04 - 2009-07-14 05:45 - 00300056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 18:04 - 2013-08-15 12:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 18:01 - 2011-11-30 16:09 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\ilkr63\AppData\Local\Temp\avgnt.exe
C:\Users\ilkr63\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\ilkr63\AppData\Local\Temp\Quarantine.exe
C:\Users\ilkr63\AppData\Local\Temp\swt-win32-3740.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-29 19:58
==================== End Of Log ============================
|
|
09.02.2014, 17:22
| #12 |
| /// the machine /// TB-Ausbilder | - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ? Adobe updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyServer: localhost:8080
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.02.2014, 18:02
| #13 |
| | - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ?Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01
Ran by ilkr63 at 2014-02-14 17:46:07 Run:1
Running from C:\Users\ilkr63\Desktop\Trjaner
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ProxyServer: localhost:8080
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
==== End of Fixlog ====
Ich danke dir echt das du mir bei meinem Problem helfen konntest, es hat sich einiges verbessert. DANKE ! |
|
15.02.2014, 17:47
| #14 |
| /// the machine /// TB-Ausbilder | - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ? Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ? |
| angemeldet, entdeck, entdeckt, entferne, entfernen, gemeldet, hilfe, installiere, installieren, kurzem, laufen, league, leute, neu, neuinstallation, ordner, problem, probleme, rootkit, rootkit entfernen, ruckel, ruckeln, schnell, sophos, spiel, spyware, trojaner, win, win7 |
Linear-Darstellung
