| |
| |||||||
Log-Analyse und Auswertung: Windows 8: Avast blockiert beim Aufrufen von Internetseiten in Firefox ständig scheinbar schädliche WebseiteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.05.2014, 03:56
| #1 |
| |  Windows 8: Avast blockiert beim Aufrufen von Internetseiten in Firefox ständig scheinbar schädliche Webseite Hallo, seit kurzem erscheint bei mir im Firefox beim Aufrufen diverser Internetadressen folgende Meldung von Avast: "avast! Web-Schutz hat eine schädliche Webseite oder Datei blockiert. Objekt: hxxp://cdneurope.com//componentsLink/popUp.js {gzip} Infekiton: JS:Downloader-ZY [Trj] Prozess: C:\Program Files (x86)\...\firefox.exe" oder: "avast! Web-Schutz hat eine schädliche Webseite oder Datei blockiert. Objekt: hxxp://utils.cdneurope.com/js/mo.js {gzip} Infekiton: JS:Downloader-ZY [Trj] Prozess: C:\Program Files (x86)\...\firefox.exe" Das Komische hierbei ist, dass ich die von Avast angezeigten Adressen gar nicht aufrufe, sondern die Meldungen scheinbar wahllos beim Aufrufen einer x-beliebigen Adresse erscheinen. Das heißt manchmal erscheint die Meldung und manchmal nicht. Auffallend ist dabei, dass es immer exakt dieselben zwei vorher beschriebenen Meldungen sind. Ursache für die Blockierung von Avast war glaube ich zunächst ein Pop-up-Fenster, welches sich beim Surfen im Internet geöffnet hat. Wieso diese Meldungen immer noch ständig erscheinen, ist mir ein Rätsel. Haben diese Aktivitäten vom Virenprogramm nun jetzt tatsächlich mit einer schädlichen Datei zu tun oder ist das eine Falschmeldung von Avast bzw. hat dies etwas mit Firefox selbst zu tun? Ein Scan mit Avast (Vollständige Überprüfung) hat nichts ergeben. Malwarebytes hat jedoch ein paar "potentiell schädliche" Dateien gefunden, wobei ich eher denke, dass diese nichts mit dem vorliegenden Problem zu tun haben. Die Logdatei zum Scan habe ich als Anhang hinzugefügt. Ich würde mich sehr über Hilfe freuen! Logfiles defogger_disable.txt Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 02:52 on 01/05/2014 (Lukas)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-05-2014
Ran by Lukas (administrator) on LUKAS-PC on 01-05-2014 02:56:01
Running from C:\Users\Lukas\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTune\SensorDetector.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(CMedia) C:\Program Files\ASUS Xonar DX Audio\Customapp\AsusAudioCenter.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Users\Lukas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\Syswow64\cmicnfgp.dll [12935168 2012-11-20] (C-Media Corporation)
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-28] (AVAST Software)
HKLM-x32\...\RunOnce: [SensorDetector] - C:\Program Files (x86)\GIGABYTE\EasyTune\PreSensorDetector.exe [9728 2013-04-09] (GIGA-BYTE TECHNOLOGY CO., LTD.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2013-10-27] (Microsoft Corporation)
HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\MountPoints2: {1c47d8e4-4092-11e3-beee-94de806c4337} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\MountPoints2: {39071620-2b9b-11e3-beab-94de806c4337} - "F:\SISetup.exe"
HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\MountPoints2: {516dfacf-34d4-11e3-bec2-94de806c4337} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\MountPoints2: {57e9c178-8b47-11e3-bf86-94de806c4337} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\MountPoints2: {ab0b9922-2ead-11e3-beb2-94de806c4337} - "F:\setup.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lukas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD6C4362857BCCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=
SearchScopes: HKLM-x32 - DefaultScope {1D01C76C-B534-4D77-B89B-6A571B9F69F0} URL =
SearchScopes: HKLM-x32 - {1D01C76C-B534-4D77-B89B-6A571B9F69F0 URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=
SearchScopes: HKLM-x32 - {627BAF9A-17A5-07C4-D7D1-272FBEF1CBDD} URL =
SearchScopes: HKCU - DefaultScope {1D01C76C-B534-4D77-B89B-6A571B9F69F0} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=
SearchScopes: HKCU - {1D01C76C-B534-4D77-B89B-6A571B9F69F0} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=
SearchScopes: HKCU - {29F29746-ABE1-2A50-BA31-2A61476C383C} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282698&CUI=UN18947606798766903&UM=2
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
FireFox:
========
FF ProfilePath: C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default
FF user.js: detected! => C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js
FF SearchEngineOrder.1: Mysearchdial
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Lukas\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweettunes_search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Website Discovery Pro - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\discoverypro@discoverypro.com [2014-04-29]
FF Extension: WOT - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: anonymoX - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\client@anonymox.net.xpi [2014-05-01]
FF Extension: Ghostery - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\firefox@ghostery.com.xpi [2014-04-28]
FF Extension: Session Manager - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-03-26]
FF Extension: Adblock Plus - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-02]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-09-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-09]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-28] (AVAST Software)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-04-11] (Intel Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\RpcAgentSrv.exe [71832 2008-08-29] (SiSoftware)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-28] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-04-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-28] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-05] (Advanced Micro Devices)
R3 cmudaxp; C:\Windows\system32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-10-06] (DT Soft Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d63x64.sys [468752 2013-02-26] (Intel Corporation)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2013-09-27] ()
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] ()
S3 USBTINSP; C:\Windows\System32\drivers\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-01 02:56 - 2014-05-01 02:56 - 00019805 _____ () C:\Users\Lukas\Desktop\FRST.txt
2014-05-01 02:54 - 2014-05-01 02:56 - 00000000 ____D () C:\FRST
2014-05-01 02:54 - 2014-05-01 02:54 - 02061824 _____ (Farbar) C:\Users\Lukas\Desktop\FRST64.exe
2014-05-01 02:54 - 2014-05-01 02:54 - 00000000 ____D () C:\Users\Lukas\Desktop\Trojaner-Board
2014-05-01 02:52 - 2014-05-01 02:52 - 00000168 _____ () C:\Users\Lukas\defogger_reenable
2014-05-01 02:37 - 2014-05-01 02:37 - 00050477 _____ () C:\Users\Lukas\Desktop\Defogger.exe
2014-04-30 20:19 - 2014-04-30 20:19 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\raidcall
2014-04-30 20:17 - 2014-04-30 20:22 - 00000000 ____D () C:\Program Files (x86)\RaidCall
2014-04-30 20:17 - 2014-04-30 20:17 - 00001031 _____ () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2014-04-30 20:17 - 2014-04-30 20:17 - 00001007 _____ () C:\Users\Lukas\Desktop\RaidCall.lnk
2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\rcru
2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-04-28 00:29 - 2014-04-28 00:29 - 00002054 _____ () C:\Users\Lukas\Desktop\JDownloader 2.lnk
2014-04-28 00:29 - 2014-04-28 00:29 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\SimilarSites
2014-04-28 00:29 - 2014-04-28 00:29 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2014-04-28 00:29 - 2014-04-28 00:29 - 00000000 ____D () C:\Program Files (x86)\SiteFinder
2014-04-28 00:28 - 2014-04-29 18:19 - 00000000 ____D () C:\Users\Lukas\AppData\Local\JDownloader v2.0
2014-04-28 00:08 - 2014-03-31 23:18 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 00:08 - 2014-03-31 23:18 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-28 00:06 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-28 00:06 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-28 00:06 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-28 00:06 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-28 00:06 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-28 00:06 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-28 00:06 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-28 00:06 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-28 00:06 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-28 00:06 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-28 00:06 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-28 00:06 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-28 00:06 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-28 00:06 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-28 00:06 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-28 00:06 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-28 00:06 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-28 00:06 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-28 00:06 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-28 00:06 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-28 00:05 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-28 00:05 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-28 00:05 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-28 00:05 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-28 00:05 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-28 00:05 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-28 00:05 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-28 00:05 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-28 00:05 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-28 00:05 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-28 00:05 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-28 00:05 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-28 00:05 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-28 00:05 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-28 00:05 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-28 00:05 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-28 00:05 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-28 00:05 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-28 00:05 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-28 00:05 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-28 00:05 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-28 00:05 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-28 00:05 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-28 00:05 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-28 00:05 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-28 00:05 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-28 00:05 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-28 00:05 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-28 00:05 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-28 00:05 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-28 00:05 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-28 00:05 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-28 00:05 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-28 00:05 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-28 00:05 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-28 00:05 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-28 00:05 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-28 00:04 - 2014-04-28 00:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-28 00:04 - 2014-04-28 00:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-28 00:04 - 2014-04-28 00:04 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-28 00:02 - 2014-04-28 00:02 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\ARecEngine
2014-04-07 23:58 - 2014-04-07 23:58 - 00000741 _____ () C:\Users\Lukas\Desktop\Don't Starve.lnk
2014-04-07 21:32 - 2014-04-07 21:32 - 00000000 ____D () C:\Users\Lukas\Documents\Klei
2014-04-05 23:22 - 2014-04-05 23:22 - 00000000 ____D () C:\ProgramData\Steam
2014-04-05 23:18 - 2014-04-05 23:18 - 00001395 _____ () C:\Users\Public\Desktop\The Walking Dead - Survival Instinct.lnk
2014-04-05 23:18 - 2014-04-05 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2014-04-05 23:13 - 2014-04-05 23:13 - 00000000 ____D () C:\Program Files (x86)\Activision
2014-04-05 16:37 - 2014-04-05 16:37 - 00359752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-04 22:41 - 2014-04-04 22:41 - 00000000 ____D () C:\ProgramData\LumaEmu_SteamCloud
2014-04-04 22:40 - 2014-04-04 22:40 - 00000000 ___SH () C:\Users\Lukas\AppData\Local\LumaEmu
2014-04-04 22:40 - 2014-04-04 22:40 - 00000000 ____D () C:\Users\Lukas\Documents\BIS Core Engine
2014-04-04 22:00 - 2014-04-04 23:06 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Tunngle
2014-04-04 22:00 - 2014-04-04 23:06 - 00000000 ____D () C:\ProgramData\Tunngle
2014-04-04 22:00 - 2014-04-04 22:00 - 00000991 _____ () C:\Users\Public\Desktop\Tunngle beta.lnk
2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Users\Lukas\Documents\Tunngle
2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-04-04 22:00 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2014-04-04 21:19 - 2014-04-04 21:20 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-04-04 20:15 - 2014-04-04 22:40 - 00000000 ____D () C:\Users\Lukas\AppData\Local\DayZ
2014-04-04 20:15 - 2014-04-04 20:15 - 00000000 ____D () C:\Users\Lukas\Documents\DayZ
2014-04-04 20:08 - 2014-04-04 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-04-04 20:08 - 2014-04-04 20:08 - 00000000 ____D () C:\Program Files\7-Zip
2014-04-04 19:50 - 2014-04-05 20:13 - 00000000 ____D () C:\Users\Lukas\Desktop\DayZ
2014-04-04 01:57 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-04 01:57 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-04-04 01:57 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-04-04 01:56 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-04 01:56 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-04 01:56 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-04 01:56 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-04 01:54 - 2014-04-04 01:54 - 00000000 ____D () C:\Users\Lukas\Desktop\ChemWord
==================== One Month Modified Files and Folders =======
2014-05-01 02:56 - 2014-05-01 02:56 - 00019805 _____ () C:\Users\Lukas\Desktop\FRST.txt
2014-05-01 02:56 - 2014-05-01 02:54 - 00000000 ____D () C:\FRST
2014-05-01 02:54 - 2014-05-01 02:54 - 02061824 _____ (Farbar) C:\Users\Lukas\Desktop\FRST64.exe
2014-05-01 02:54 - 2014-05-01 02:54 - 00000000 ____D () C:\Users\Lukas\Desktop\Trojaner-Board
2014-05-01 02:52 - 2014-05-01 02:52 - 00000168 _____ () C:\Users\Lukas\defogger_reenable
2014-05-01 02:52 - 2013-09-09 01:00 - 00000000 ____D () C:\Users\Lukas
2014-05-01 02:43 - 2013-09-09 18:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-01 02:37 - 2014-05-01 02:37 - 00050477 _____ () C:\Users\Lukas\Desktop\Defogger.exe
2014-05-01 02:21 - 2013-09-12 00:44 - 00000000 ____D () C:\Users\Lukas\AppData\Local\PMB Files
2014-05-01 02:21 - 2013-09-12 00:44 - 00000000 ____D () C:\ProgramData\PMB Files
2014-05-01 02:17 - 2013-11-09 15:17 - 00000326 _____ () C:\Windows\Tasks\MySearchDial.job
2014-05-01 02:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-01 01:44 - 2012-07-26 12:27 - 00752930 _____ () C:\Windows\system32\perfh007.dat
2014-05-01 01:44 - 2012-07-26 12:27 - 00156156 _____ () C:\Windows\system32\perfc007.dat
2014-05-01 01:44 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-01 01:40 - 2013-11-24 19:07 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Dropbox
2014-05-01 01:40 - 2013-09-28 00:19 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-05-01 01:39 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-01 01:39 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-05-01 00:55 - 2013-11-09 16:14 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\vlc
2014-04-30 20:22 - 2014-04-30 20:17 - 00000000 ____D () C:\Program Files (x86)\RaidCall
2014-04-30 20:22 - 2013-10-08 17:11 - 00000000 ____D () C:\Users\Lukas\AppData\Local\Last.fm
2014-04-30 20:19 - 2014-04-30 20:19 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\raidcall
2014-04-30 20:17 - 2014-04-30 20:17 - 00001031 _____ () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2014-04-30 20:17 - 2014-04-30 20:17 - 00001007 _____ () C:\Users\Lukas\Desktop\RaidCall.lnk
2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\rcru
2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-04-29 18:19 - 2014-04-28 00:28 - 00000000 ____D () C:\Users\Lukas\AppData\Local\JDownloader v2.0
2014-04-29 11:38 - 2013-10-08 23:50 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Skype
2014-04-28 19:43 - 2013-09-09 18:26 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-28 14:06 - 2013-09-09 00:30 - 00171464 _____ () C:\Windows\PFRO.log
2014-04-28 03:23 - 2013-09-09 00:41 - 01909601 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 01:31 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-04-28 01:20 - 2013-09-09 01:05 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3378045386-2888020065-354968016-1002
2014-04-28 00:29 - 2014-04-28 00:29 - 00002054 _____ () C:\Users\Lukas\Desktop\JDownloader 2.lnk
2014-04-28 00:29 - 2014-04-28 00:29 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\SimilarSites
2014-04-28 00:29 - 2014-04-28 00:29 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2014-04-28 00:29 - 2014-04-28 00:29 - 00000000 ____D () C:\Program Files (x86)\SiteFinder
2014-04-28 00:27 - 2013-11-09 15:18 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-04-28 00:09 - 2013-09-09 01:00 - 00000000 ___RD () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-28 00:09 - 2013-09-09 01:00 - 00000000 ___RD () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-28 00:07 - 2013-09-12 17:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-28 00:07 - 2013-09-09 15:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-28 00:07 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-28 00:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-28 00:06 - 2013-09-09 15:35 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-28 00:04 - 2014-04-28 00:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-28 00:04 - 2014-04-28 00:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-28 00:04 - 2014-04-28 00:04 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-28 00:04 - 2014-02-12 22:55 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-28 00:04 - 2013-11-09 15:09 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-04-28 00:04 - 2013-09-09 04:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-28 00:04 - 2013-09-09 04:15 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-28 00:04 - 2013-09-09 04:15 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-28 00:04 - 2013-09-09 04:15 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-28 00:04 - 2013-09-09 04:15 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-28 00:04 - 2013-09-09 04:15 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-28 00:02 - 2014-04-28 00:02 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\ARecEngine
2014-04-28 00:02 - 2013-10-28 18:12 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-04-28 00:02 - 2013-10-28 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-04-28 00:02 - 2013-10-28 18:12 - 00000000 ____D () C:\Program Files\WinRAR
2014-04-28 00:02 - 2013-10-06 20:04 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\OpenCandy
2014-04-07 23:58 - 2014-04-07 23:58 - 00000741 _____ () C:\Users\Lukas\Desktop\Don't Starve.lnk
2014-04-07 21:32 - 2014-04-07 21:32 - 00000000 ____D () C:\Users\Lukas\Documents\Klei
2014-04-05 23:22 - 2014-04-05 23:22 - 00000000 ____D () C:\ProgramData\Steam
2014-04-05 23:19 - 2013-12-14 00:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-05 23:18 - 2014-04-05 23:18 - 00001395 _____ () C:\Users\Public\Desktop\The Walking Dead - Survival Instinct.lnk
2014-04-05 23:18 - 2014-04-05 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2014-04-05 23:13 - 2014-04-05 23:13 - 00000000 ____D () C:\Program Files (x86)\Activision
2014-04-05 20:13 - 2014-04-04 19:50 - 00000000 ____D () C:\Users\Lukas\Desktop\DayZ
2014-04-05 16:37 - 2014-04-05 16:37 - 00359752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-04 23:06 - 2014-04-04 22:00 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Tunngle
2014-04-04 23:06 - 2014-04-04 22:00 - 00000000 ____D () C:\ProgramData\Tunngle
2014-04-04 22:41 - 2014-04-04 22:41 - 00000000 ____D () C:\ProgramData\LumaEmu_SteamCloud
2014-04-04 22:40 - 2014-04-04 22:40 - 00000000 ___SH () C:\Users\Lukas\AppData\Local\LumaEmu
2014-04-04 22:40 - 2014-04-04 22:40 - 00000000 ____D () C:\Users\Lukas\Documents\BIS Core Engine
2014-04-04 22:40 - 2014-04-04 20:15 - 00000000 ____D () C:\Users\Lukas\AppData\Local\DayZ
2014-04-04 22:00 - 2014-04-04 22:00 - 00000991 _____ () C:\Users\Public\Desktop\Tunngle beta.lnk
2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Users\Lukas\Documents\Tunngle
2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-04-04 21:20 - 2014-04-04 21:19 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-04-04 20:15 - 2014-04-04 20:15 - 00000000 ____D () C:\Users\Lukas\Documents\DayZ
2014-04-04 20:08 - 2014-04-04 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-04-04 20:08 - 2014-04-04 20:08 - 00000000 ____D () C:\Program Files\7-Zip
2014-04-04 15:17 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-04 15:17 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-04 15:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-04 15:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-04-04 15:11 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-04 01:58 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-04-04 01:54 - 2014-04-04 01:54 - 00000000 ____D () C:\Users\Lukas\Desktop\ChemWord
Some content of TEMP:
====================
C:\Users\Lukas\AppData\Local\Temp\65116uninstall.exe
C:\Users\Lukas\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Lukas\AppData\Local\Temp\icqsetup.exe
C:\Users\Lukas\AppData\Local\Temp\JDSetup130431112882647168.exe
C:\Users\Lukas\AppData\Local\Temp\proxy_vole7668527934204194340.dll
C:\Users\Lukas\AppData\Local\Temp\Quarantine.exe
C:\Users\Lukas\AppData\Local\Temp\revwlsetup.exe
C:\Users\Lukas\AppData\Local\Temp\Sqlite3.dll
C:\Users\Lukas\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-28 01:20
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-05-2014
Ran by Lukas at 2014-05-01 02:56:15
Running from C:\Users\Lukas\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
@BIOS B13.0402.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 1.00.0000 - GIGABYTE)
@BIOS B13.0402.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{13351E83-6DCD-4E97-2A8C-5D496259A47F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ASUS PMP Lite (x32 Version: 1.00.0000 - Kuroom) Hidden
ASUS Xonar DX Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008788}) (Version: - )
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
BUSB B13.0403.1 (HKLM-x32\...\{0AADC50C-C4F8-49A7-8699-AFE46875CA67}) (Version: 1.00.0000 - GIGABYTE)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CPUID CPU-Z 1.66.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Crysis WARHEAD(R) (HKLM-x32\...\Crysis WARHEAD(R)) (Version: - Electronic Arts)
Crysis WARHEAD(R) (x32 Version: 1.0 - Crytek) Hidden
CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
EasyTune B13.0410.2 (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0000 - GIGABYTE)
EasyTune B13.0410.2 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evernote v. 5.0.2 (HKLM-x32\...\{C2EECB42-2C7F-11E3-8960-00163E98E7D0}) (Version: 5.0.2.1392 - Evernote Corp.)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.17.0 - Futuremark Corporation)
Geeks3D FurMark 1.11.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.30.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.30.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Network Connections 18.3.72.0 (HKLM\...\PROSetDX) (Version: 18.3.72.0 - Intel)
Intel(R) Network Connections 18.3.72.0 (Version: 18.3.72.0 - Intel) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
IPTInstaller (HKLM-x32\...\{6965F2F4-1CD2-4F42-A8EF-9EF433F9AA72}) (Version: 4.0.4 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40825 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40820 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.40820 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
ON_OFF Charge 2 B13.0403.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0403.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge B13.0403.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.2-1.0.11364.74 - raidcall.com)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.2.1 - Samsung Electronics)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SiSoftware Sandra Lite 2013.SP5 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 19.58.2013.9 - SiSoftware)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SSD Fresh (HKLM-x32\...\SSD Fresh_is1) (Version: 2013 - Abelssoft)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Walking Dead - Survival Instinct (HKLM-x32\...\The Walking Dead - Survival Instinct_is1) (Version: - )
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wise Folder Hider 1.38 (HKLM-x32\...\Wise Folder Hider_is1) (Version: 1.38 - WiseCleaner.com, Inc.)
==================== Restore Points =========================
12-04-2014 01:38:24 Geplanter Prüfpunkt
27-04-2014 22:04:27 avast! antivirus system restore point
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0DFD7F60-3607-4697-893A-A84D6CCB1EA5} - System32\Tasks\Abelssoft\CheckDriveBackgroundGuard => C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe
Task: {0ED372CA-3217-40DC-B07A-473B9C6D3B48} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-28] (AVAST Software)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1D02C56C-3885-4761-B878-1E29044CC202} - System32\Tasks\InstallShield Software online update program => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-02-16] (InstallShield Software Corporation)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {598699FE-00B8-42A0-998C-C9C1387525DF} - System32\Tasks\InstallShield Software update service => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16] (InstallShield Software Corporation)
Task: {7A72D411-5A11-4335-BC4C-17D4BF0E2FBF} - System32\Tasks\MySearchDial => C:\Users\Lukas\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B0845619-762C-4FA7-BDFD-5EBF1B4CF599} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {C36954E1-0B65-41C8-8237-3313A8C62D4A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DEDF0228-6EFC-489B-8CED-C8CDEED8F984} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {E20C4694-41DD-463B-8C62-70772D3BD395} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Lukas\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-10-04 16:45 - 2012-08-31 15:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2013-10-04 16:45 - 2012-08-31 15:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2012-10-08 18:04 - 2012-10-08 18:04 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-09-11 21:46 - 2013-03-19 15:25 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-05-01 00:20 - 2014-05-01 00:20 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14043002\algo.dll
2012-11-27 15:03 - 2012-11-27 15:03 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EasyTune\ycc.dll
2013-01-09 17:26 - 2013-01-09 17:26 - 00307200 _____ () C:\Program Files (x86)\GIGABYTE\EasyTune\MFCCPU.dll
2013-11-22 17:05 - 2012-06-06 10:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DX Audio\Customapp\VmixP8.dll
2013-10-18 00:53 - 2013-10-18 00:53 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Lukas\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-28 00:33 - 2013-04-11 15:30 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-03-31 01:15 - 2014-03-31 01:15 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: WAN-Miniport (IP)
Description: WAN-Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: WAN-Miniport (IPv6)
Description: WAN-Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: WAN-Miniport (Netzwerkmonitor)
Description: WAN-Miniport (Netzwerkmonitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (05/01/2014 02:54:46 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FRST64.exe, Version: 3.3.10.2, Zeitstempel: 0x53619648
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fa7d6503a4
ID des fehlerhaften Prozesses: 0x84c
Startzeit der fehlerhaften Anwendung: 0xFRST64.exe0
Pfad der fehlerhaften Anwendung: FRST64.exe1
Pfad des fehlerhaften Moduls: FRST64.exe2
Berichtskennung: FRST64.exe3
Vollständiger Name des fehlerhaften Pakets: FRST64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FRST64.exe5
Error: (04/28/2014 02:11:50 PM) (Source: MsiInstaller) (User: LUKAS-PC)
Description: Product: EasyTune B13.0410.2 -- Error 1706.No valid source could be found for product EasyTune B13.0410.2. The Windows Installer cannot continue.
Error: (04/28/2014 02:11:48 PM) (Source: MsiInstaller) (User: LUKAS-PC)
Description: Product: EasyTune B13.0410.2 -- Error 1706.No valid source could be found for product EasyTune B13.0410.2. The Windows Installer cannot continue.
Error: (04/28/2014 00:41:37 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_77.exe, Version: 12.0.0.77, Zeitstempel: 0x5314f5f7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x6a618482
ID des fehlerhaften Prozesses: 0x1528
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_12_0_0_77.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_77.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_77.exe2
Berichtskennung: FlashPlayerPlugin_12_0_0_77.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_12_0_0_77.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_12_0_0_77.exe5
Error: (04/28/2014 00:41:36 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_77.exe, Version: 12.0.0.77, Zeitstempel: 0x5314f5f7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00cd4fa0
ID des fehlerhaften Prozesses: 0x1528
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_12_0_0_77.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_77.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_77.exe2
Berichtskennung: FlashPlayerPlugin_12_0_0_77.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_12_0_0_77.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_12_0_0_77.exe5
Error: (04/28/2014 00:24:42 AM) (Source: Application Hang) (User: )
Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1624
Startzeit: 01cf6267774313ba
Endzeit: 0
Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
Berichts-ID: b86beacd-ce5a-11e3-bfdc-94de806c4337
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (04/27/2014 11:55:00 PM) (Source: MsiInstaller) (User: LUKAS-PC)
Description: Product: EasyTune B13.0410.2 -- Error 1706.No valid source could be found for product EasyTune B13.0410.2. The Windows Installer cannot continue.
Error: (04/27/2014 11:54:58 PM) (Source: MsiInstaller) (User: LUKAS-PC)
Description: Product: EasyTune B13.0410.2 -- Error 1706.No valid source could be found for product EasyTune B13.0410.2. The Windows Installer cannot continue.
Error: (04/27/2014 11:54:01 PM) (Source: MsiInstaller) (User: LUKAS-PC)
Description: Product: EasyTune B13.0410.2 -- Error 1706.No valid source could be found for product EasyTune B13.0410.2. The Windows Installer cannot continue.
Error: (04/27/2014 11:53:59 PM) (Source: MsiInstaller) (User: LUKAS-PC)
Description: Product: EasyTune B13.0410.2 -- Error 1706.No valid source could be found for product EasyTune B13.0410.2. The Windows Installer cannot continue.
System errors:
=============
Error: (05/01/2014 01:39:49 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (05/01/2014 01:22:54 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (04/30/2014 00:18:58 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (04/29/2014 08:41:35 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (04/29/2014 11:37:36 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (04/28/2014 10:39:48 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (04/28/2014 02:11:48 PM) (Source: DCOM) (User: LUKAS-PC)
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -Embedding740{4F5E3A76-F453-4882-AB42-7224F3310DE7}
Error: (04/28/2014 02:11:46 PM) (Source: DCOM) (User: LUKAS-PC)
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -Embedding740{4F5E3A76-F453-4882-AB42-7224F3310DE7}
Error: (04/28/2014 02:06:38 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (04/28/2014 00:08:15 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Microsoft Office Sessions:
=========================
Error: (05/01/2014 02:54:46 AM) (Source: Application Error)(User: )
Description: FRST64.exe3.3.10.253619648unknown0.0.0.000000000c0000005000007fa7d6503a484c01cf64d7f2588f5eC:\Users\Lukas\Desktop\FRST64.exeunknown301ef4e0-d0cb-11e3-bfe3-94de806c4337
Error: (04/28/2014 02:11:50 PM) (Source: MsiInstaller)(User: LUKAS-PC)
Description: Product: EasyTune B13.0410.2 -- Error 1706.No valid source could be found for product EasyTune B13.0410.2. The Windows Installer cannot continue.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/28/2014 02:11:48 PM) (Source: MsiInstaller)(User: LUKAS-PC)
Description: Product: EasyTune B13.0410.2 -- Error 1706.No valid source could be found for product EasyTune B13.0410.2. The Windows Installer cannot continue.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/28/2014 00:41:37 AM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_12_0_0_77.exe12.0.0.775314f5f7unknown0.0.0.000000000c00000056a618482152801cf6269d8e31f73C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exeunknown1754189e-ce5d-11e3-bfdc-94de806c4337
Error: (04/28/2014 00:41:36 AM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_12_0_0_77.exe12.0.0.775314f5f7unknown0.0.0.000000000c00001a500cd4fa0152801cf6269d8e31f73C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exeunknown16af2647-ce5d-11e3-bfdc-94de806c4337
Error: (04/28/2014 00:24:42 AM) (Source: Application Hang)(User: )
Description: rads_user_kernel.exe0.0.0.0162401cf6267774313ba0C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeb86beacd-ce5a-11e3-bfdc-94de806c4337
Error: (04/27/2014 11:55:00 PM) (Source: MsiInstaller)(User: LUKAS-PC)
Description: Product: EasyTune B13.0410.2 -- Error 1706.No valid source could be found for product EasyTune B13.0410.2. The Windows Installer cannot continue.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/27/2014 11:54:58 PM) (Source: MsiInstaller)(User: LUKAS-PC)
Description: Product: EasyTune B13.0410.2 -- Error 1706.No valid source could be found for product EasyTune B13.0410.2. The Windows Installer cannot continue.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/27/2014 11:54:01 PM) (Source: MsiInstaller)(User: LUKAS-PC)
Description: Product: EasyTune B13.0410.2 -- Error 1706.No valid source could be found for product EasyTune B13.0410.2. The Windows Installer cannot continue.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/27/2014 11:53:59 PM) (Source: MsiInstaller)(User: LUKAS-PC)
Description: Product: EasyTune B13.0410.2 -- Error 1706.No valid source could be found for product EasyTune B13.0410.2. The Windows Installer cannot continue.(NULL)(NULL)(NULL)(NULL)(NULL)
CodeIntegrity Errors:
===================================
Date: 2013-09-28 00:19:19.949
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-09-28 00:18:43.361
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-09-16 22:55:48.980
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-09-16 22:54:17.114
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 16274.04 MB
Available physical RAM: 13584.14 MB
Total Pagefile: 18322.04 MB
Available Pagefile: 15325.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:118.9 GB) (Free:59.75 GB) NTFS
Drive d: (Daten) (Fixed) (Total:1862.89 GB) (Free:1680.02 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 52920583)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Gmer.txt Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-01 03:08:04
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003f Samsung_SSD_840_PRO_Series rev.DXM05B0Q 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\Lukas\AppData\Local\Temp\kgloapow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000e8e00 7 bytes [00, 77, 82, 01, 00, 57, F2]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960000e8e08 7 bytes [01, 42, C0, FF, 00, 17, DB]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\system32\services.exe[748] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\system32\lsass.exe[764] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\system32\svchost.exe[948] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[1004] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[1004] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9fdce177a 4 bytes [CE, FD, F9, 07]
.text C:\Windows\system32\atiesrxx.exe[1004] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9fdce1782 4 bytes [CE, FD, F9, 07]
.text C:\Windows\System32\svchost.exe[304] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\system32\dwm.exe[336] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\system32\svchost.exe[352] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\system32\svchost.exe[572] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\System32\svchost.exe[812] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\system32\atieclxx.exe[932] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\system32\atieclxx.exe[932] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9fdce177a 4 bytes [CE, FD, F9, 07]
.text C:\Windows\system32\atieclxx.exe[932] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9fdce1782 4 bytes [CE, FD, F9, 07]
.text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9fdce177a 4 bytes [CE, FD, F9, 07]
.text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9fdce1782 4 bytes [CE, FD, F9, 07]
.text C:\Windows\system32\svchost.exe[1576] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\system32\HPSIsvc.exe[1736] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1772] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\system32\IProsetMonitor.exe[1800] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\system32\svchost.exe[2040] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\system32\taskhostex.exe[1368] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\Explorer.EXE[2872] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\Explorer.EXE[2872] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f9f0991532 4 bytes [99, F0, F9, 07]
.text C:\Windows\Explorer.EXE[2872] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f9f099153a 4 bytes [99, F0, F9, 07]
.text C:\Windows\Explorer.EXE[2872] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f9f099165a 4 bytes [99, F0, F9, 07]
.text C:\Windows\System32\RuntimeBroker.exe[3664] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3976] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3976] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f9f09a1b32 4 bytes [9A, F0, F9, 07]
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3976] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f9f09a1b3a 4 bytes [9A, F0, F9, 07]
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3976] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9fdce177a 4 bytes [CE, FD, F9, 07]
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3976] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9fdce1782 4 bytes [CE, FD, F9, 07]
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3976] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f9f0991532 4 bytes [99, F0, F9, 07]
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3976] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f9f099153a 4 bytes [99, F0, F9, 07]
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3976] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f9f099165a 4 bytes [99, F0, F9, 07]
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4060] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3784] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3784] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9fdce177a 4 bytes [CE, FD, F9, 07]
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3784] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9fdce1782 4 bytes [CE, FD, F9, 07]
.text C:\Windows\system32\igfxsrvc.exe[4136] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[4208] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[4208] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9fdce177a 4 bytes [CE, FD, F9, 07]
.text C:\Windows\System32\igfxpers.exe[4208] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9fdce1782 4 bytes [CE, FD, F9, 07]
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4888] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2812] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[5212] C:\Windows\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f9fe77f81b 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [672:704] fffff960008b35e8
---- Processes - GMER 2.1 ----
Library C:\Users\Lukas\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Lukas\AppData\Roaming\Dropbox\bin\Dropbox.exe [4728](2014-01-03 00:45:04) 0000000003f40000
Library C:\Users\Lukas\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Lukas\AppData\Roaming\Dropbox\bin\Dropbox.exe [4728](2013-10-18 23:55:02) 000000005e910000
Library C:\Users\Lukas\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Lukas\AppData\Roaming\Dropbox\bin\Dropbox.exe [4728] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 000000005df80000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1499029125
---- EOF - GMER 2.1 ----
|
|
01.05.2014, 06:07
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8: Avast blockiert beim Aufrufen von Internetseiten in Firefox ständig scheinbar schädliche Webseite Hi,
__________________MBAM updaten, Scannen, Funde löschen lassen. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
01.05.2014, 14:36
| #3 |
| | Windows 8: Avast blockiert beim Aufrufen von Internetseiten in Firefox ständig scheinbar schädliche Webseite Ich habe nun alle die von Ihnen angeordneten Scans durchgeführt und die Logdateien angefügt.
__________________Bei MBAM habe ich übrigens noch "Scan for rootkits" aktiviert, falls das relevant ist. MBAM hat die Dateien jedoch in die Quarantäne verschoben. Soll ich die Dateien anschließend noch entfernen oder soll ich sie in der Quarantäne lassen? Geändert hat sich nach den Scans/Bereinigungen nichts, d.h. Avast gibt immer noch beim Aufrufen von Websites abwechselnd dieselben zwei bereits beschriebenen Meldungen aus. Beim wiederholten Scan mit AdwCleaner ist mir aufgefallen, dass immer noch eine schädliche Datei im Firefox-Profilordner gefunden wurde. Habe vorerst aber nichts unternommen. Die dazugehörige Logdatei habe ich ebenfalls angefügt. Die Logdatei vom 1. Scan ist "AdwCleaner[S0]", die vom 2. Scan ist "AdwCleaner[R1]". Logfiles MBAM.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 01.05.2014 Scan Time: 14:34:40 Logfile: MBAM.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.05.01.07 Rootkit Database: v2014.03.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 8 CPU: x64 File System: NTFS User: Lukas Scan Type: Threat Scan Result: Completed Objects Scanned: 257701 Time Elapsed: 9 min, 9 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 12 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, Quarantined, [2dd3e7194bb5798790005201bf43c937], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [2dd3e7194bb5798790005201bf43c937], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [2dd3e7194bb5798790005201bf43c937], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [2dd3e7194bb5798790005201bf43c937], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [2dd3e7194bb5798790005201bf43c937], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [2dd3e7194bb5798790005201bf43c937], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [2dd3e7194bb5798790005201bf43c937], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3378045386-2888020065-354968016-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial.com, Quarantined, [3bc5cd335ca4f40cb8e45e43c93aae52], PUP.Optional.PriceGong.A, HKU\S-1-5-21-3378045386-2888020065-354968016-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [42be8b75fd03fa0614a08afa748e4fb1], PUP.Optional.Conduit.A, HKU\S-1-5-21-3378045386-2888020065-354968016-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, Quarantined, [a15fa95751afdc243ce00a9cb053738d], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3378045386-2888020065-354968016-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [6997837d70909070422c0189be4420e0], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3378045386-2888020065-354968016-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [6799f10fa45c87796334841cd2313ac6], Registry Values: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-3378045386-2888020065-354968016-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X1R1U2Z1O1C1N0C1O2Y1T1M2U1R1E2P1V, Quarantined, [6799f10fa45c87796334841cd2313ac6] Registry Data: 4 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=, Good: (hxxp://www.google.com), Bad: (hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=),Replaced,[de2215eb21df09f798628aab5fa56f91] PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=, Good: (www.google.com), Bad: (hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=),Replaced,[d82815eb6f91867a8427fb31749052ae] PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=, Good: (hxxp://www.google.com), Bad: (hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=),Replaced,[06fa7c84ef1118e8a555f243fd07cb35] PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3378045386-2888020065-354968016-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=, Good: (hxxp://www.google.com), Bad: (hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=),Replaced,[d030d12f956b1fe19a5fd85ddb290ef2] Folders: 13 PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\MYSEARCHDIAL, Quarantined, [a8585ea29d632bd5630d73f3867cb14f], PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\MYSEARCHDIAL\icons_2.2.8.1247, Quarantined, [a8585ea29d632bd5630d73f3867cb14f], PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\MYSEARCHDIAL\UpdateProc, Quarantined, [a8585ea29d632bd5630d73f3867cb14f], PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OPENCANDY, Quarantined, [b05090707c84bb45106e491d5ca67d83], PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OPENCANDY\97837D88D1BC4FB4B3174CC79F76AF46, Quarantined, [b05090707c84bb45106e491d5ca67d83], PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OPENCANDY\C0718CC28AA14E7986CD0D912CE4CD9B, Quarantined, [b05090707c84bb45106e491d5ca67d83], PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OPENCANDY\EA339CDF853B41119199CF26217942FD, Quarantined, [b05090707c84bb45106e491d5ca67d83], PUP.Optional.Conduit.A, C:\Users\Lukas\AppData\Local\Temp\CT3282698, Quarantined, [2dd3bb452ad62cd425d1184ebf43b947], PUP.Optional.Conduit.A, C:\Users\Lukas\AppData\Local\Temp\CT3282698\xpi, Quarantined, [2dd3bb452ad62cd425d1184ebf43b947], PUP.Optional.Conduit.A, C:\Users\Lukas\AppData\Local\Temp\CT3282698\xpi\defaults, Quarantined, [2dd3bb452ad62cd425d1184ebf43b947], PUP.Optional.Conduit.A, C:\Users\Lukas\AppData\Local\Temp\CT3282698\xpi\defaults\preferences, Quarantined, [2dd3bb452ad62cd425d1184ebf43b947], PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE, Quarantined, [7f81bd433dc3d729d03aa8bf46bc15eb], PUP.Optional.SimilarSites.A, C:\Users\Lukas\AppData\Roaming\SIMILARSITES, Quarantined, [619f8b7512ee5fa15b62caa4679ba35d], Files: 72 PUP.Optional.Conduit, C:\Users\Lukas\AppData\Roaming\OpenCandy\97837D88D1BC4FB4B3174CC79F76AF46\StubInstaller_SweetTunesInt_v4.exe, Quarantined, [e7197f8155ab8c744f89db493cc4bc44], PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Local\Temp\UpdateTask.exe.1127250, Quarantined, [a55b9a66d729768ae674f62f58a9ec14], PUP.Optional.OptimizerPro.A, C:\Users\Lukas\AppData\Local\Temp\is1070216317\890211_stp.EXE, Quarantined, [986840c00cf4966aed1f4bd3c43dcc34], PUP.Optional.WiseEnhance.A, C:\Users\Lukas\AppData\Local\Temp\is961225091\1197440_stp\setup_wiseenhance.exe, Quarantined, [639d8f71b54b57a9691ce249de26be42], PUP.Optional.SimilarSites.A, C:\Users\Lukas\AppData\Local\Temp\is961225091\1197736_stp\SimilarBundleGenericDl.exe, Quarantined, [97698e728b7504fc093e70cd7987b44c], PUP.Optional.FunMoods.A, C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\CHROME-EXTENSION_PFLPHAOOAPBGPEAKOHLGGBPIDPPPGDFF_0.LOCALSTORAGE, Quarantined, [c739649cfc0400005278842505fe02fe], PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\mysearchdial\icons_2.2.8.1247\62.ico, Quarantined, [a8585ea29d632bd5630d73f3867cb14f], PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\mysearchdial\icons_2.2.8.1247\80.ico, Quarantined, [a8585ea29d632bd5630d73f3867cb14f], PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\C0718CC28AA14E7986CD0D912CE4CD9B\Trial-14.0.1000.89_de-DE_1004726_AT-1.exe, Quarantined, [b05090707c84bb45106e491d5ca67d83], PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\EA339CDF853B41119199CF26217942FD\PokkiInstaller.exe, Quarantined, [b05090707c84bb45106e491d5ca67d83], PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.aflt", "irmsd103");), Replaced,[14ec1ee2926e31cf80a973efa65e43bd] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");), Replaced,[01fff10fbc448f712702c89a64a0e11f] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");), Replaced,[728e42be27d915eb65c40c5639cbde22] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cntry", "AT");), Replaced,[d42ca45c9a66ae52b37664fe8b7924dc] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cr", "217431662");), Replaced,[08f8fb054ab6699793964d150afaa759] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltLng", "");), Replaced,[1fe139c7cd33619fb178b9a9b252867a] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltSrch", true);), Replaced,[c0409b6503fd936d6dbc045ec93bb54b] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dnsErr", true);), Replaced,[7e8206faad537987b673c49eba4a6f91] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,1828564131,3396905322,2787570089,1850357963,3855095921,1516386922,3836221436,2015489896,270173904,3729539987,424611005,965674394,609003582,2041931190,3874294282,2774755777,931959409,398575749,3999997753,1104451911,1233863968,4280856088,1554076246,1949401179,1770772786,3253391265,3778438159,1649478750,2848156272,2476712966,3103989719,475488147,1715867073,3594694113,3774606882,4036647035,1593922001,4110151693,2941033654,3206511613");), Replaced,[f10f20e0c93714ecf435a0c227dd02fe] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.excTlbr", false);), Replaced,[26da9e62d729ee12c267154d6f95f010] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hdrMd5", "C9C768AAE16C6B76540AF974D2E4E7F9");), Replaced,[a55bad5320e052ae4fda2c36af55a65a] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpg", true);), Replaced,[60a0a65ad12f2ed234f5600242c2bb45] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=");), Replaced,[04fc8977946cab55ff2a2d3540c432ce] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.id", "94DE806C4337F83A");), Replaced,[6b956d937f812fd19e8b1d4561a321df] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlDay", "16018");), Replaced,[29d748b8f20ee51b66c381e1729231cf] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlRef", "");), Replaced,[39c78b75837d0ff13bee80e25ea62fd1] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=");), Replaced,[6a9613edfd0369974edbdc86669e01ff] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.014:17:20");), Replaced,[6d93fd035fa1d22ee04976ecd430fa06] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=");), Replaced,[eb1508f87f8103fdd85177ebe420cf31] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"81\",\"lastVrsn\":\"81\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");), Replaced,[ee12b14f3fc1cc346fba055d10f47e82] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prdct", "mysearchdial");), Replaced,[837d768ad42ca8581514adb5f70d8f71] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");), Replaced,[05fb26dadd23847cfe2bb2b0c73d916f] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.sg", "none");), Replaced,[a9571be5ec14eb150c1d66fced172bd5] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");), Replaced,[26da1ee27e8267993dec4220aa5af20e] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrId", "base");), Replaced,[ed135ea27d83c13f33f6db87897bcd33] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=&q=");), Replaced,[08f851af90706a9626030062798b57a9] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");), Replaced,[659b7a863ec2857b4edb4a1846bef907] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");), Replaced,[6c9447b9da26b64aaa7f6ef450b415eb] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.hmpg", true);), Replaced,[da26bc441ee229d79f8adb8736ce8779] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.newTab", false);), Replaced,[fa06ec1409f76a96a6832b378a7aa55b] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.smplGrp", "none");), Replaced,[55ab966a639d14ecc8610062927223dd] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.014:17:20");), Replaced,[33cd39c7b14f59a7a08993cff21209f7] PUP.Optional.Conduit.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282698&CUI=UN24910470396943083&UM=2&SearchSource=3&q={searchTerms}");), Replaced,[38c8eb1552aeec14f6a1055d5ca835cb] PUP.Optional.MySearch.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.aflt", "irmsd103");), Replaced,[f907d030a45c3dc31a07075bf41024dc] PUP.Optional.MySearch.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.instlRef", "");), Replaced,[17e9a25e2dd39c64ac75461c27ddb24e] PUP.Optional.MySearch.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.cr", "217431662");), Replaced,[45bb847c7f8148b88a9773ef3cc856aa] PUP.Optional.MySearch.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");), Replaced,[ef11a858f0108878c958fb67af55768a] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpg", true);), Replaced,[fa06dc24936d38c824066cf6897b7d83] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=");), Replaced,[e31dbc444bb5ff0122088cd63acad12f] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltSrch", true);), Replaced,[05fbe51b32ce14ec5ecc82e0f90b669a] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");), Replaced,[26da936d31cfce3241e9fb67b153f50b] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dnsErr", true);), Replaced,[cf3139c72fd1f0105fcb1b47cf35669a] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.newTab", false);), Replaced,[04fcf60a15eb56aa9496372b10f41be5] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=");), Replaced,[946cd828f0109f619c8eb8aa19eb53ad] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=&q=");), Replaced,[659b7e8232ce9f6173b7550dae56b749] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.id", "94DE806C4337F83A");), Replaced,[03fd28d858a8b050e54590d215ef34cc] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlDay", "16018");), Replaced,[d62ad12f659b23dd37f3273b44c0db25] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");), Replaced,[f01039c7c23edd2367c32b37986cb54b] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");), Replaced,[eb15dd2302fedd2383a7ec762ada43bd] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.014:17:20");), Replaced,[fa063fc1778934ccbc6ebfa3e321d42c] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");), Replaced,[e21e50b07b85ba46002a8ad80004b24e] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prdct", "mysearchdial");), Replaced,[04fc14ec4cb459a7bf6b99c956ae4db3] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.aflt", "irmsd103");), Replaced,[c43ca55b9a66629e7baf0a5852b29868] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.smplGrp", "none");), Replaced,[e61a7f81c9379a661c0ebda5976d639d] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrId", "base");), Replaced,[639dde226b95ec14002a243e4cb841bf] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlRef", "");), Replaced,[c63a0ef258a83bc5a68499c92fd5ec14] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltLng", "");), Replaced,[7d8378880ef28a764dddf56df21239c7] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");), Replaced,[29d79e62fe02926e9793451d956fdc24] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.excTlbr", false);), Replaced,[de220ff1e71938c8909ab1b1f2125da3] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.hmpg", true);), Replaced,[1ce4db256f91e21e4ae0c79b6c98857b] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cr", "217431662");), Replaced,[01ff000009f7758b0b1fcb97ac5851af] PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");), Replaced,[ea167e82af5142bed4569fc39f65956b] Physical Sectors: 0 (No malicious items detected) (end) AdwCleaner[S0].txt Code:
ATTFilter # AdwCleaner v3.205 - Bericht erstellt am 01/05/2014 um 14:42:32
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : Lukas - LUKAS-PC
# Gestartet von : C:\Users\Lukas\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Windows\SysWOW64\AI_RecycleBin
Ordner Gelöscht : C:\Program Files\SoftwareUpdater
Ordner Gelöscht : C:\Users\Lukas\.android
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\Temp\Conduit
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\Temp\WiseEnhance
Ordner Gelöscht : C:\Users\Lukas\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Lukas\AppData\LocalLow\PriceGong
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml
Datei Gelöscht : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js
Datei Gelöscht : C:\Windows\Tasks\MySearchDial.job
Datei Gelöscht : C:\Windows\System32\Tasks\MySearchDial
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\Conduit
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js ]
Zeile gelöscht : user_pref("CT3282698.FF19Solved", "true");
Zeile gelöscht : user_pref("CT3282698.UserID", "UN24910470396943083");
Zeile gelöscht : user_pref("CT3282698.browser.search.defaultthis.engineName", "true");
Zeile gelöscht : user_pref("CT3282698.fullUserID", "UN24910470396943083.IN.20131006202210");
Zeile gelöscht : user_pref("CT3282698.installDate", "06/10/2013 20:22:12");
Zeile gelöscht : user_pref("CT3282698.installSessionId", "{AA4E5C44-1F9C-49C3-A48C-875B0858149E}");
Zeile gelöscht : user_pref("CT3282698.installSp", "TRUE");
Zeile gelöscht : user_pref("CT3282698.installerVersion", "1.7.101.1");
Zeile gelöscht : user_pref("CT3282698.keyword", "true");
Zeile gelöscht : user_pref("CT3282698.originalHomepage", "about:home");
Zeile gelöscht : user_pref("CT3282698.originalSearchAddressUrl", "");
Zeile gelöscht : user_pref("CT3282698.originalSearchEngine", "");
Zeile gelöscht : user_pref("CT3282698.originalSearchEngineName", "");
Zeile gelöscht : user_pref("CT3282698.searchRevert", "false");
Zeile gelöscht : user_pref("CT3282698.searchUserMode", "2");
Zeile gelöscht : user_pref("CT3282698.smartbar.homepage", "true");
Zeile gelöscht : user_pref("CT3282698.versionFromInstaller", "10.20.103.6");
Zeile gelöscht : user_pref("CT3282698.xpeMode", "0");
Zeile gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "SweetTunes1 Customized Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT3282698");
Zeile gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3282698&CUI=UN24910470396943083&UM=2&SearchSource=13");
Zeile gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282698&SearchSource=2&CUI=UN24910470396943083&UM=2&q=");
Zeile gelöscht : user_pref("smartbar.defaultSearchOwnerCTID", "CT3282698");
Zeile gelöscht : user_pref("smartbar.homePageOwnerCTID", "CT3282698");
Zeile gelöscht : user_pref("smartbar.machineId", "XTMK8GE5I5YCJAOPXDSH3ZW3XIGZCFVEWLEKMXDZNW3LCCLLA6H5YN3XRTM5IQ4JVHSLYPKOVNC4H+BICMXXUW");
Zeile gelöscht : user_pref("smartbar.pciMachineID", "PCI\\VEN_8086&DEV_153B&SUBSYS_E0001458&REV_04\\3&11583659&0&C8");
Zeile gelöscht : user_pref("smartbar.plainMachineId", "94:DE:80:6C:43:37BFEBFBFF000306C3");
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [5559 octets] - [01/05/2014 14:42:02]
AdwCleaner[S0].txt - [5422 octets] - [01/05/2014 14:42:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5482 octets] ##########
AdwCleaner[R1].txt Code:
ATTFilter # AdwCleaner v3.205 - Bericht erstellt am 01/05/2014 um 15:07:12
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : Lukas - LUKAS-PC
# Gestartet von : C:\Users\Lukas\Desktop\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js ]
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [5559 octets] - [01/05/2014 14:42:02]
AdwCleaner[R1].txt - [721 octets] - [01/05/2014 15:07:12]
AdwCleaner[S0].txt - [5570 octets] - [01/05/2014 14:42:34]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [840 octets] ##########
JRT.txt Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 8 x64
Ran by Lukas on 01.05.2014 at 14:59:33,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1D01C76C-B534-4D77-B89B-6A571B9F69F0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{29F29746-ABE1-2A50-BA31-2A61476C383C}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\sitefinder"
~~~ FireFox
Emptied folder: C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\kpzno0li.default\minidumps [6 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.05.2014 at 15:02:21,46
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-05-2014 Ran by Lukas (administrator) on LUKAS-PC on 01-05-2014 15:05:55 Running from C:\Users\Lukas\Desktop Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (HP) C:\Windows\System32\HPSIsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTune\SensorDetector.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (CMedia) C:\Program Files\ASUS Xonar DX Audio\Customapp\AsusAudioCenter.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Dropbox, Inc.) C:\Users\Lukas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.) HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project) HKLM\...\Run: [Cmaudio8788] => C:\Windows\Syswow64\cmicnfgp.dll [12935168 2012-11-20] (C-Media Corporation) HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] () HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] () HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-28] (AVAST Software) HKLM-x32\...\RunOnce: [SensorDetector] - C:\Program Files (x86)\GIGABYTE\EasyTune\PreSensorDetector.exe [9728 2013-04-09] (GIGA-BYTE TECHNOLOGY CO., LTD.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation) HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2013-10-27] (Microsoft Corporation) HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\MountPoints2: {1c47d8e4-4092-11e3-beee-94de806c4337} - "F:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\MountPoints2: {39071620-2b9b-11e3-beab-94de806c4337} - "F:\SISetup.exe" HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\MountPoints2: {516dfacf-34d4-11e3-bec2-94de806c4337} - "F:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\MountPoints2: {57e9c178-8b47-11e3-bf86-94de806c4337} - "E:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\MountPoints2: {ab0b9922-2ead-11e3-beb2-94de806c4337} - "F:\setup.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.) Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Lukas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Samsung Electronics.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD6C4362857BCCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKLM-x32 - {1D01C76C-B534-4D77-B89B-6A571B9F69F0 URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir= SearchScopes: HKLM-x32 - {627BAF9A-17A5-07C4-D7D1-272FBEF1CBDD} URL = BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21 FireFox: ======== FF ProfilePath: C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Lukas\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Website Discovery Pro - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\discoverypro@discoverypro.com [2014-04-29] FF Extension: WOT - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27] FF Extension: anonymoX - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\client@anonymox.net.xpi [2014-05-01] FF Extension: Ghostery - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\firefox@ghostery.com.xpi [2014-04-28] FF Extension: Session Manager - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-03-26] FF Extension: Adblock Plus - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-02] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-09-09] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-09] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION ==================== Services (Whitelisted) ================= S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-28] (AVAST Software) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-04-11] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] () S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\RpcAgentSrv.exe [71832 2008-08-29] (SiSoftware) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] () R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-28] () R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-28] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-28] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-28] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-28] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-28] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-04-28] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-28] () R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-05] (Advanced Micro Devices) R3 cmudaxp; C:\Windows\system32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-10-06] (DT Soft Ltd) R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d63x64.sys [468752 2013-02-26] (Intel Corporation) S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] () R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-01] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.) S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware) S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2013-09-27] () R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) R1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] () S3 USBTINSP; C:\Windows\System32\drivers\tinspusb.sys [142848 2010-03-29] (Texas Instruments) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-01 15:05 - 2014-05-01 15:05 - 00018322 _____ () C:\Users\Lukas\Desktop\FRST.txt 2014-05-01 14:49 - 2014-05-01 14:49 - 00000000 ____D () C:\Windows\ERUNT 2014-05-01 14:47 - 2014-05-01 14:47 - 01016261 _____ (Thisisu) C:\Users\Lukas\Desktop\JRT.exe 2014-05-01 14:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-01 14:41 - 2014-05-01 14:42 - 00000000 ____D () C:\AdwCleaner 2014-05-01 14:40 - 2014-05-01 14:40 - 01310621 _____ () C:\Users\Lukas\Desktop\adwcleaner.exe 2014-05-01 03:16 - 2014-05-01 14:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-01 03:16 - 2014-05-01 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-01 03:16 - 2014-05-01 03:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-01 03:16 - 2014-05-01 03:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-01 03:16 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-01 03:16 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-01 03:16 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-01 03:14 - 2014-05-01 03:14 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Lukas\Desktop\mbam-setup-2.0.1.1004.exe 2014-05-01 02:57 - 2014-05-01 02:57 - 00380416 _____ () C:\Users\Lukas\Desktop\Gmer-19357.exe 2014-05-01 02:54 - 2014-05-01 15:05 - 00000000 ____D () C:\FRST 2014-05-01 02:54 - 2014-05-01 14:32 - 00000000 ____D () C:\Users\Lukas\Desktop\Trojaner-Board 2014-05-01 02:54 - 2014-05-01 02:54 - 02061824 _____ (Farbar) C:\Users\Lukas\Desktop\FRST64.exe 2014-05-01 02:52 - 2014-05-01 02:52 - 00000168 _____ () C:\Users\Lukas\defogger_reenable 2014-05-01 02:37 - 2014-05-01 02:37 - 00050477 _____ () C:\Users\Lukas\Desktop\Defogger.exe 2014-04-30 20:19 - 2014-04-30 20:19 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\raidcall 2014-04-30 20:17 - 2014-04-30 20:22 - 00000000 ____D () C:\Program Files (x86)\RaidCall 2014-04-30 20:17 - 2014-04-30 20:17 - 00001031 _____ () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk 2014-04-30 20:17 - 2014-04-30 20:17 - 00001007 _____ () C:\Users\Lukas\Desktop\RaidCall.lnk 2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\rcru 2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall 2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall 2014-04-28 00:29 - 2014-04-28 00:29 - 00002054 _____ () C:\Users\Lukas\Desktop\JDownloader 2.lnk 2014-04-28 00:29 - 2014-04-28 00:29 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2014-04-28 00:28 - 2014-04-29 18:19 - 00000000 ____D () C:\Users\Lukas\AppData\Local\JDownloader v2.0 2014-04-28 00:08 - 2014-03-31 23:18 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-28 00:08 - 2014-03-31 23:18 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-28 00:06 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-28 00:06 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-28 00:06 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe 2014-04-28 00:06 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-04-28 00:06 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll 2014-04-28 00:06 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll 2014-04-28 00:06 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-28 00:06 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-04-28 00:06 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll 2014-04-28 00:06 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-28 00:06 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-04-28 00:06 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-28 00:06 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-04-28 00:06 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-04-28 00:06 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml 2014-04-28 00:06 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2014-04-28 00:06 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-04-28 00:06 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-04-28 00:06 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-04-28 00:06 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-04-28 00:05 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-28 00:05 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-28 00:05 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-28 00:05 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-28 00:05 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-28 00:05 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-28 00:05 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-04-28 00:05 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-28 00:05 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-28 00:05 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-28 00:05 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-28 00:05 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-28 00:05 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-28 00:05 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-28 00:05 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-28 00:05 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-04-28 00:05 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-28 00:05 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-28 00:05 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-28 00:05 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-28 00:05 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-04-28 00:05 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-04-28 00:05 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-28 00:05 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-04-28 00:05 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-04-28 00:05 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-28 00:05 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-28 00:05 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-04-28 00:05 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-28 00:05 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-28 00:05 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-28 00:05 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-28 00:05 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-28 00:05 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-04-28 00:05 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-28 00:05 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-28 00:05 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-28 00:04 - 2014-04-28 00:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-28 00:04 - 2014-04-28 00:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-04-28 00:04 - 2014-04-28 00:04 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-28 00:02 - 2014-04-28 00:02 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\ARecEngine 2014-04-07 23:58 - 2014-04-07 23:58 - 00000741 _____ () C:\Users\Lukas\Desktop\Don't Starve.lnk 2014-04-07 21:32 - 2014-04-07 21:32 - 00000000 ____D () C:\Users\Lukas\Documents\Klei 2014-04-05 23:22 - 2014-04-05 23:22 - 00000000 ____D () C:\ProgramData\Steam 2014-04-05 23:18 - 2014-04-05 23:18 - 00001395 _____ () C:\Users\Public\Desktop\The Walking Dead - Survival Instinct.lnk 2014-04-05 23:18 - 2014-04-05 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision 2014-04-05 23:13 - 2014-04-05 23:13 - 00000000 ____D () C:\Program Files (x86)\Activision 2014-04-05 16:37 - 2014-04-05 16:37 - 00359752 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-04 22:41 - 2014-04-04 22:41 - 00000000 ____D () C:\ProgramData\LumaEmu_SteamCloud 2014-04-04 22:40 - 2014-04-04 22:40 - 00000000 ___SH () C:\Users\Lukas\AppData\Local\LumaEmu 2014-04-04 22:40 - 2014-04-04 22:40 - 00000000 ____D () C:\Users\Lukas\Documents\BIS Core Engine 2014-04-04 22:00 - 2014-04-04 23:06 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Tunngle 2014-04-04 22:00 - 2014-04-04 23:06 - 00000000 ____D () C:\ProgramData\Tunngle 2014-04-04 22:00 - 2014-04-04 22:00 - 00000991 _____ () C:\Users\Public\Desktop\Tunngle beta.lnk 2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Users\Public\Documents\Tunngle 2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Users\Lukas\Documents\Tunngle 2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle 2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Program Files (x86)\Tunngle 2014-04-04 22:00 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys 2014-04-04 21:19 - 2014-04-04 21:20 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-04-04 20:15 - 2014-04-04 22:40 - 00000000 ____D () C:\Users\Lukas\AppData\Local\DayZ 2014-04-04 20:15 - 2014-04-04 20:15 - 00000000 ____D () C:\Users\Lukas\Documents\DayZ 2014-04-04 20:08 - 2014-04-04 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-04-04 20:08 - 2014-04-04 20:08 - 00000000 ____D () C:\Program Files\7-Zip 2014-04-04 19:50 - 2014-04-05 20:13 - 00000000 ____D () C:\Users\Lukas\Desktop\DayZ 2014-04-04 01:57 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-04-04 01:57 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-04-04 01:57 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-04-04 01:56 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-04-04 01:56 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-04-04 01:56 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-04-04 01:56 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-04-04 01:54 - 2014-04-04 01:54 - 00000000 ____D () C:\Users\Lukas\Desktop\ChemWord ==================== One Month Modified Files and Folders ======= 2014-05-01 15:06 - 2014-05-01 15:05 - 00018322 _____ () C:\Users\Lukas\Desktop\FRST.txt 2014-05-01 15:05 - 2014-05-01 02:54 - 00000000 ____D () C:\FRST 2014-05-01 15:03 - 2012-07-26 12:27 - 00752930 _____ () C:\Windows\system32\perfh007.dat 2014-05-01 15:03 - 2012-07-26 12:27 - 00156156 _____ () C:\Windows\system32\perfc007.dat 2014-05-01 15:03 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-01 15:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-05-01 14:59 - 2014-05-01 03:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-01 14:59 - 2013-11-24 19:07 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Dropbox 2014-05-01 14:59 - 2013-09-28 00:19 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys 2014-05-01 14:59 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-01 14:49 - 2014-05-01 14:49 - 00000000 ____D () C:\Windows\ERUNT 2014-05-01 14:47 - 2014-05-01 14:47 - 01016261 _____ (Thisisu) C:\Users\Lukas\Desktop\JRT.exe 2014-05-01 14:44 - 2013-09-09 00:30 - 00178230 _____ () C:\Windows\PFRO.log 2014-05-01 14:43 - 2013-09-09 18:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-01 14:42 - 2014-05-01 14:41 - 00000000 ____D () C:\AdwCleaner 2014-05-01 14:42 - 2013-09-09 01:00 - 00000000 ____D () C:\Users\Lukas 2014-05-01 14:40 - 2014-05-01 14:40 - 01310621 _____ () C:\Users\Lukas\Desktop\adwcleaner.exe 2014-05-01 14:35 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-05-01 14:32 - 2014-05-01 02:54 - 00000000 ____D () C:\Users\Lukas\Desktop\Trojaner-Board 2014-05-01 14:13 - 2013-10-08 23:50 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Skype 2014-05-01 05:03 - 2013-09-12 00:44 - 00000000 ____D () C:\Users\Lukas\AppData\Local\PMB Files 2014-05-01 05:03 - 2013-09-12 00:44 - 00000000 ____D () C:\ProgramData\PMB Files 2014-05-01 04:48 - 2014-03-20 03:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-05-01 03:16 - 2014-05-01 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-01 03:16 - 2014-05-01 03:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-01 03:16 - 2014-05-01 03:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-01 03:14 - 2014-05-01 03:14 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Lukas\Desktop\mbam-setup-2.0.1.1004.exe 2014-05-01 03:12 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-05-01 02:57 - 2014-05-01 02:57 - 00380416 _____ () C:\Users\Lukas\Desktop\Gmer-19357.exe 2014-05-01 02:54 - 2014-05-01 02:54 - 02061824 _____ (Farbar) C:\Users\Lukas\Desktop\FRST64.exe 2014-05-01 02:52 - 2014-05-01 02:52 - 00000168 _____ () C:\Users\Lukas\defogger_reenable 2014-05-01 02:37 - 2014-05-01 02:37 - 00050477 _____ () C:\Users\Lukas\Desktop\Defogger.exe 2014-05-01 00:55 - 2013-11-09 16:14 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\vlc 2014-04-30 20:22 - 2014-04-30 20:17 - 00000000 ____D () C:\Program Files (x86)\RaidCall 2014-04-30 20:22 - 2013-10-08 17:11 - 00000000 ____D () C:\Users\Lukas\AppData\Local\Last.fm 2014-04-30 20:19 - 2014-04-30 20:19 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\raidcall 2014-04-30 20:17 - 2014-04-30 20:17 - 00001031 _____ () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk 2014-04-30 20:17 - 2014-04-30 20:17 - 00001007 _____ () C:\Users\Lukas\Desktop\RaidCall.lnk 2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\rcru 2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall 2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall 2014-04-29 18:19 - 2014-04-28 00:28 - 00000000 ____D () C:\Users\Lukas\AppData\Local\JDownloader v2.0 2014-04-28 19:43 - 2013-09-09 18:26 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-28 03:23 - 2013-09-09 00:41 - 01909601 _____ () C:\Windows\WindowsUpdate.log 2014-04-28 01:31 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache 2014-04-28 01:20 - 2013-09-09 01:05 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3378045386-2888020065-354968016-1002 2014-04-28 00:29 - 2014-04-28 00:29 - 00002054 _____ () C:\Users\Lukas\Desktop\JDownloader 2.lnk 2014-04-28 00:29 - 2014-04-28 00:29 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2014-04-28 00:27 - 2013-11-09 15:18 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2014-04-28 00:09 - 2013-09-09 01:00 - 00000000 ___RD () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-28 00:09 - 2013-09-09 01:00 - 00000000 ___RD () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-28 00:07 - 2013-09-12 17:27 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-28 00:07 - 2013-09-09 15:35 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-28 00:07 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData 2014-04-28 00:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore 2014-04-28 00:06 - 2013-09-09 15:35 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-28 00:04 - 2014-04-28 00:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-28 00:04 - 2014-04-28 00:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-04-28 00:04 - 2014-04-28 00:04 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-28 00:04 - 2014-02-12 22:55 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-28 00:04 - 2013-11-09 15:09 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-04-28 00:04 - 2013-09-09 04:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-28 00:04 - 2013-09-09 04:15 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-28 00:04 - 2013-09-09 04:15 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-28 00:04 - 2013-09-09 04:15 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-28 00:04 - 2013-09-09 04:15 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-28 00:04 - 2013-09-09 04:15 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-28 00:02 - 2014-04-28 00:02 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\ARecEngine 2014-04-28 00:02 - 2013-10-28 18:12 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-04-28 00:02 - 2013-10-28 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-04-28 00:02 - 2013-10-28 18:12 - 00000000 ____D () C:\Program Files\WinRAR 2014-04-07 23:58 - 2014-04-07 23:58 - 00000741 _____ () C:\Users\Lukas\Desktop\Don't Starve.lnk 2014-04-07 21:32 - 2014-04-07 21:32 - 00000000 ____D () C:\Users\Lukas\Documents\Klei 2014-04-05 23:22 - 2014-04-05 23:22 - 00000000 ____D () C:\ProgramData\Steam 2014-04-05 23:19 - 2013-12-14 00:51 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-05 23:18 - 2014-04-05 23:18 - 00001395 _____ () C:\Users\Public\Desktop\The Walking Dead - Survival Instinct.lnk 2014-04-05 23:18 - 2014-04-05 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision 2014-04-05 23:13 - 2014-04-05 23:13 - 00000000 ____D () C:\Program Files (x86)\Activision 2014-04-05 20:13 - 2014-04-04 19:50 - 00000000 ____D () C:\Users\Lukas\Desktop\DayZ 2014-04-05 16:37 - 2014-04-05 16:37 - 00359752 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-04 23:06 - 2014-04-04 22:00 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Tunngle 2014-04-04 23:06 - 2014-04-04 22:00 - 00000000 ____D () C:\ProgramData\Tunngle 2014-04-04 22:41 - 2014-04-04 22:41 - 00000000 ____D () C:\ProgramData\LumaEmu_SteamCloud 2014-04-04 22:40 - 2014-04-04 22:40 - 00000000 ___SH () C:\Users\Lukas\AppData\Local\LumaEmu 2014-04-04 22:40 - 2014-04-04 22:40 - 00000000 ____D () C:\Users\Lukas\Documents\BIS Core Engine 2014-04-04 22:40 - 2014-04-04 20:15 - 00000000 ____D () C:\Users\Lukas\AppData\Local\DayZ 2014-04-04 22:00 - 2014-04-04 22:00 - 00000991 _____ () C:\Users\Public\Desktop\Tunngle beta.lnk 2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Users\Public\Documents\Tunngle 2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Users\Lukas\Documents\Tunngle 2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle 2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Program Files (x86)\Tunngle 2014-04-04 21:20 - 2014-04-04 21:19 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-04-04 20:15 - 2014-04-04 20:15 - 00000000 ____D () C:\Users\Lukas\Documents\DayZ 2014-04-04 20:08 - 2014-04-04 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-04-04 20:08 - 2014-04-04 20:08 - 00000000 ____D () C:\Program Files\7-Zip 2014-04-04 15:17 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-04 15:17 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-04 15:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-04-04 15:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-04-04 15:11 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-04-04 01:58 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-04-04 01:54 - 2014-04-04 01:54 - 00000000 ____D () C:\Users\Lukas\Desktop\ChemWord 2014-04-03 09:51 - 2014-05-01 03:16 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-05-01 03:16 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-05-01 03:16 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys Some content of TEMP: ==================== C:\Users\Lukas\AppData\Local\Temp\65116uninstall.exe C:\Users\Lukas\AppData\Local\Temp\drm_dyndata_7370014.dll C:\Users\Lukas\AppData\Local\Temp\icqsetup.exe C:\Users\Lukas\AppData\Local\Temp\JDSetup130431112882647168.exe C:\Users\Lukas\AppData\Local\Temp\proxy_vole7668527934204194340.dll C:\Users\Lukas\AppData\Local\Temp\Quarantine.exe C:\Users\Lukas\AppData\Local\Temp\revwlsetup.exe C:\Users\Lukas\AppData\Local\Temp\Sqlite3.dll C:\Users\Lukas\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-28 01:20 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- |
|
02.05.2014, 07:38
| #4 |
| /// the machine /// TB-Ausbilder | Windows 8: Avast blockiert beim Aufrufen von Internetseiten in Firefox ständig scheinbar schädliche WebseiteESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.05.2014, 13:30
| #5 |
| | Windows 8: Avast blockiert beim Aufrufen von Internetseiten in Firefox ständig scheinbar schädliche Webseite Ich glaube, dass ich mittlerweile die Ursache für das Problem gefunden habe. Bei den Addons in Firefox habe ich eine Anwendung namens "Website Discovery Pro 1.0.1" gefunden. Nachdem ich diese deaktiviert habe, kammen beim Aufruf von Webadressen keine Meldungen von Avast mehr. Wie diese Anwendung in Firefox installiert wurde, ist mir nicht klar. Ich vermute, dass dieses Addon im Hintergrund versucht, gewisse Webadressen automatisch aufzurufen, wodurch ein Virus auf den PC gelangen würde. Da aber Avast diesen Virus "JS:Downloader-ZY [Trj]" immer blockiert hat, konnte keine Infektion stattfinden. Liege ich hier richtig mit der Annahme? Sicherheitshalber habe ich dennoch die angeordneten Scans mit ESET Online Scanner und Security Check durchgeführt. Beim ESET Online Scanner wurden ein paar (potentielle) Bedrohungen gefunden. Soll ich diese Schaddateien/unerwünschten Anwendungen löschen? Übrigens stand in der Logdatei von ESET nur "all ok", obwohl trotzdem wie gesagt nach dem Scan einige Bedrohungen aufgeführt wurden. Ich habe hierzu einfach eine Textdatei exportieren lassen: ESET.txt Code:
ATTFilter C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung
C:\Users\Lukas\AppData\Local\Temp\2jXC17M5.exe.part Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung
C:\Users\Lukas\AppData\Local\Temp\JDSetup130431112882647168.exe Variante von Win32/Injected.F Trojaner
C:\Users\Lukas\AppData\Local\Temp\is-JAMEV.tmp\OptProCrash.dll Variante von Win32/SProtector.E evtl. unerwünschte Anwendung
Zudem noch 2 Fragen: 1. Kann ich nun die Dateien in der MBAM-Quarantäne löschen? 2. Beim AdwCleaner habe ich den Scan/Löschvorgang ein zweites Mal durchgeführt. Anschließend habe ich den PC nocheinmal scannen lassen und festgestellt, dass sich folgende Datei im Profilordner von Firefox scheinbar nicht löschen ließ: "C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js" Was soll ich damit tun? Logdateien checkup.txt Code:
ATTFilter Results of screen317's Security Check version 0.99.82 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Defender avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 13.0.0.206 Adobe Reader XI Mozilla Firefox (28.0) Mozilla Thunderbird (24.5.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Intel iCLS Client AvastSvc.exe -?- AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014 Ran by Lukas (administrator) on LUKAS-PC on 02-05-2014 13:46:31 Running from C:\Users\Lukas\Desktop Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (HP) C:\Windows\System32\HPSIsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTune\SensorDetector.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (CMedia) C:\Program Files\ASUS Xonar DX Audio\Customapp\AsusAudioCenter.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Dropbox, Inc.) C:\Users\Lukas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.) HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project) HKLM\...\Run: [Cmaudio8788] => C:\Windows\Syswow64\cmicnfgp.dll [12935168 2012-11-20] (C-Media Corporation) HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] () HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] () HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-28] (AVAST Software) HKLM-x32\...\RunOnce: [SensorDetector] - C:\Program Files (x86)\GIGABYTE\EasyTune\PreSensorDetector.exe [9728 2013-04-09] (GIGA-BYTE TECHNOLOGY CO., LTD.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation) HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2013-10-27] (Microsoft Corporation) HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\MountPoints2: {1c47d8e4-4092-11e3-beee-94de806c4337} - "F:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\MountPoints2: {39071620-2b9b-11e3-beab-94de806c4337} - "F:\SISetup.exe" HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\MountPoints2: {516dfacf-34d4-11e3-bec2-94de806c4337} - "F:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\MountPoints2: {57e9c178-8b47-11e3-bf86-94de806c4337} - "E:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\MountPoints2: {ab0b9922-2ead-11e3-beb2-94de806c4337} - "F:\setup.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.) Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Lukas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Samsung Electronics.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD6C4362857BCCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKLM-x32 - {1D01C76C-B534-4D77-B89B-6A571B9F69F0 URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir= SearchScopes: HKLM-x32 - {627BAF9A-17A5-07C4-D7D1-272FBEF1CBDD} URL = BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21 FireFox: ======== FF ProfilePath: C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Lukas\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Website Discovery Pro - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\discoverypro@discoverypro.com [2014-04-29] FF Extension: WOT - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27] FF Extension: anonymoX - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\client@anonymox.net.xpi [2014-05-01] FF Extension: Ghostery - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\firefox@ghostery.com.xpi [2014-04-28] FF Extension: Session Manager - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-03-26] FF Extension: Adblock Plus - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-02] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-09-09] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-09] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION ==================== Services (Whitelisted) ================= S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-28] (AVAST Software) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-04-11] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] () S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\RpcAgentSrv.exe [71832 2008-08-29] (SiSoftware) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] () R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-28] () R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-28] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-28] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-28] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-28] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-28] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-04-28] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-28] () R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-05] (Advanced Micro Devices) R3 cmudaxp; C:\Windows\system32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-10-06] (DT Soft Ltd) R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d63x64.sys [468752 2013-02-26] (Intel Corporation) S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] () R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.) S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware) S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2013-09-27] () R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) R1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] () S3 USBTINSP; C:\Windows\System32\drivers\tinspusb.sys [142848 2010-03-29] (Texas Instruments) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-02 13:46 - 2014-05-02 13:46 - 00018314 _____ () C:\Users\Lukas\Desktop\FRST.txt 2014-05-02 13:45 - 2014-05-02 13:46 - 02062336 _____ (Farbar) C:\Users\Lukas\Desktop\FRST64.exe 2014-05-02 12:04 - 2014-05-02 12:04 - 02347384 _____ (ESET) C:\Users\Lukas\Desktop\esetsmartinstaller_deu.exe 2014-05-02 12:04 - 2014-05-02 12:04 - 00855379 _____ () C:\Users\Lukas\Desktop\SecurityCheck.exe 2014-05-01 14:49 - 2014-05-01 14:49 - 00000000 ____D () C:\Windows\ERUNT 2014-05-01 14:47 - 2014-05-01 14:47 - 01016261 _____ (Thisisu) C:\Users\Lukas\Desktop\JRT.exe 2014-05-01 14:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-01 14:41 - 2014-05-02 03:07 - 00000000 ____D () C:\AdwCleaner 2014-05-01 14:40 - 2014-05-01 14:40 - 01310621 _____ () C:\Users\Lukas\Desktop\adwcleaner.exe 2014-05-01 04:48 - 2014-05-01 20:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-05-01 03:16 - 2014-05-02 13:08 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-01 03:16 - 2014-05-01 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-01 03:16 - 2014-05-01 03:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-01 03:16 - 2014-05-01 03:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-01 03:16 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-01 03:16 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-01 03:16 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-01 02:57 - 2014-05-01 02:57 - 00380416 _____ () C:\Users\Lukas\Desktop\Gmer-19357.exe 2014-05-01 02:54 - 2014-05-02 13:46 - 00000000 ____D () C:\FRST 2014-05-01 02:54 - 2014-05-02 13:45 - 00000000 ____D () C:\Users\Lukas\Desktop\Trojaner-Board 2014-05-01 02:52 - 2014-05-01 02:52 - 00000168 _____ () C:\Users\Lukas\defogger_reenable 2014-05-01 02:37 - 2014-05-01 02:37 - 00050477 _____ () C:\Users\Lukas\Desktop\Defogger.exe 2014-04-30 20:19 - 2014-04-30 20:19 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\raidcall 2014-04-30 20:17 - 2014-04-30 20:22 - 00000000 ____D () C:\Program Files (x86)\RaidCall 2014-04-30 20:17 - 2014-04-30 20:17 - 00001031 _____ () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk 2014-04-30 20:17 - 2014-04-30 20:17 - 00001007 _____ () C:\Users\Lukas\Desktop\RaidCall.lnk 2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\rcru 2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall 2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall 2014-04-28 00:29 - 2014-04-28 00:29 - 00002054 _____ () C:\Users\Lukas\Desktop\JDownloader 2.lnk 2014-04-28 00:29 - 2014-04-28 00:29 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2014-04-28 00:28 - 2014-04-29 18:19 - 00000000 ____D () C:\Users\Lukas\AppData\Local\JDownloader v2.0 2014-04-28 00:08 - 2014-03-31 23:18 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-28 00:08 - 2014-03-31 23:18 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-28 00:06 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-28 00:06 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-28 00:06 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe 2014-04-28 00:06 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-04-28 00:06 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll 2014-04-28 00:06 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll 2014-04-28 00:06 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-28 00:06 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-04-28 00:06 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll 2014-04-28 00:06 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-28 00:06 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-04-28 00:06 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-28 00:06 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-04-28 00:06 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-04-28 00:06 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml 2014-04-28 00:06 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2014-04-28 00:06 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-04-28 00:06 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-04-28 00:06 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-04-28 00:06 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-04-28 00:05 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-28 00:05 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-28 00:05 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-28 00:05 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-28 00:05 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-28 00:05 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-28 00:05 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-04-28 00:05 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-28 00:05 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-28 00:05 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-28 00:05 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-28 00:05 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-28 00:05 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-28 00:05 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-28 00:05 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-28 00:05 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-04-28 00:05 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-28 00:05 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-28 00:05 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-28 00:05 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-28 00:05 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-04-28 00:05 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-04-28 00:05 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-28 00:05 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-04-28 00:05 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-04-28 00:05 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-28 00:05 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-28 00:05 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-04-28 00:05 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-28 00:05 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-28 00:05 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-28 00:05 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-28 00:05 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-28 00:05 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-04-28 00:05 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-28 00:05 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-28 00:05 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-28 00:04 - 2014-04-28 00:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-28 00:04 - 2014-04-28 00:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-04-28 00:04 - 2014-04-28 00:04 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-28 00:02 - 2014-04-28 00:02 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\ARecEngine 2014-04-07 23:58 - 2014-04-07 23:58 - 00000741 _____ () C:\Users\Lukas\Desktop\Don't Starve.lnk 2014-04-07 21:32 - 2014-04-07 21:32 - 00000000 ____D () C:\Users\Lukas\Documents\Klei 2014-04-05 23:22 - 2014-04-05 23:22 - 00000000 ____D () C:\ProgramData\Steam 2014-04-05 23:18 - 2014-04-05 23:18 - 00001395 _____ () C:\Users\Public\Desktop\The Walking Dead - Survival Instinct.lnk 2014-04-05 23:18 - 2014-04-05 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision 2014-04-05 23:13 - 2014-04-05 23:13 - 00000000 ____D () C:\Program Files (x86)\Activision 2014-04-05 16:37 - 2014-04-05 16:37 - 00359752 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-04 22:41 - 2014-04-04 22:41 - 00000000 ____D () C:\ProgramData\LumaEmu_SteamCloud 2014-04-04 22:40 - 2014-04-04 22:40 - 00000000 ___SH () C:\Users\Lukas\AppData\Local\LumaEmu 2014-04-04 22:40 - 2014-04-04 22:40 - 00000000 ____D () C:\Users\Lukas\Documents\BIS Core Engine 2014-04-04 22:00 - 2014-04-04 23:06 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Tunngle 2014-04-04 22:00 - 2014-04-04 23:06 - 00000000 ____D () C:\ProgramData\Tunngle 2014-04-04 22:00 - 2014-04-04 22:00 - 00000991 _____ () C:\Users\Public\Desktop\Tunngle beta.lnk 2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Users\Public\Documents\Tunngle 2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Users\Lukas\Documents\Tunngle 2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle 2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Program Files (x86)\Tunngle 2014-04-04 22:00 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys 2014-04-04 21:19 - 2014-04-04 21:20 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-04-04 20:15 - 2014-04-04 22:40 - 00000000 ____D () C:\Users\Lukas\AppData\Local\DayZ 2014-04-04 20:15 - 2014-04-04 20:15 - 00000000 ____D () C:\Users\Lukas\Documents\DayZ 2014-04-04 20:08 - 2014-04-04 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-04-04 20:08 - 2014-04-04 20:08 - 00000000 ____D () C:\Program Files\7-Zip 2014-04-04 19:50 - 2014-04-05 20:13 - 00000000 ____D () C:\Users\Lukas\Desktop\DayZ 2014-04-04 01:57 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-04-04 01:57 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-04-04 01:57 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-04-04 01:56 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-04-04 01:56 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-04-04 01:56 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-04-04 01:56 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-04-04 01:54 - 2014-04-04 01:54 - 00000000 ____D () C:\Users\Lukas\Desktop\ChemWord ==================== One Month Modified Files and Folders ======= 2014-05-02 13:46 - 2014-05-02 13:46 - 00018314 _____ () C:\Users\Lukas\Desktop\FRST.txt 2014-05-02 13:46 - 2014-05-02 13:45 - 02062336 _____ (Farbar) C:\Users\Lukas\Desktop\FRST64.exe 2014-05-02 13:46 - 2014-05-01 02:54 - 00000000 ____D () C:\FRST 2014-05-02 13:45 - 2014-05-01 02:54 - 00000000 ____D () C:\Users\Lukas\Desktop\Trojaner-Board 2014-05-02 13:44 - 2013-11-25 14:45 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Notepad++ 2014-05-02 13:44 - 2013-11-25 14:45 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-05-02 13:43 - 2013-09-09 18:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-02 13:08 - 2014-05-01 03:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-02 13:07 - 2013-09-09 01:00 - 00000000 ____D () C:\Users\Lukas\AppData\Local\VirtualStore 2014-05-02 13:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-05-02 12:06 - 2013-10-08 17:11 - 00000000 ____D () C:\Users\Lukas\AppData\Local\Last.fm 2014-05-02 12:04 - 2014-05-02 12:04 - 02347384 _____ (ESET) C:\Users\Lukas\Desktop\esetsmartinstaller_deu.exe 2014-05-02 12:04 - 2014-05-02 12:04 - 00855379 _____ () C:\Users\Lukas\Desktop\SecurityCheck.exe 2014-05-02 12:00 - 2012-07-26 12:27 - 00752930 _____ () C:\Windows\system32\perfh007.dat 2014-05-02 12:00 - 2012-07-26 12:27 - 00156156 _____ () C:\Windows\system32\perfc007.dat 2014-05-02 12:00 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-02 11:55 - 2013-11-24 19:07 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Dropbox 2014-05-02 11:54 - 2013-09-28 00:19 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys 2014-05-02 11:54 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-02 03:22 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-05-02 03:07 - 2014-05-01 14:41 - 00000000 ____D () C:\AdwCleaner 2014-05-02 03:06 - 2013-09-09 00:30 - 00178532 _____ () C:\Windows\PFRO.log 2014-05-02 02:59 - 2013-09-28 16:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-02 02:34 - 2013-10-08 23:50 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Skype 2014-05-02 02:12 - 2013-09-12 00:44 - 00000000 ____D () C:\Users\Lukas\AppData\Local\PMB Files 2014-05-01 20:36 - 2014-05-01 04:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-05-01 14:49 - 2014-05-01 14:49 - 00000000 ____D () C:\Windows\ERUNT 2014-05-01 14:47 - 2014-05-01 14:47 - 01016261 _____ (Thisisu) C:\Users\Lukas\Desktop\JRT.exe 2014-05-01 14:42 - 2013-09-09 01:00 - 00000000 ____D () C:\Users\Lukas 2014-05-01 14:40 - 2014-05-01 14:40 - 01310621 _____ () C:\Users\Lukas\Desktop\adwcleaner.exe 2014-05-01 14:35 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-05-01 05:03 - 2013-09-12 00:44 - 00000000 ____D () C:\ProgramData\PMB Files 2014-05-01 03:16 - 2014-05-01 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-01 03:16 - 2014-05-01 03:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-01 03:16 - 2014-05-01 03:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-01 02:57 - 2014-05-01 02:57 - 00380416 _____ () C:\Users\Lukas\Desktop\Gmer-19357.exe 2014-05-01 02:52 - 2014-05-01 02:52 - 00000168 _____ () C:\Users\Lukas\defogger_reenable 2014-05-01 02:37 - 2014-05-01 02:37 - 00050477 _____ () C:\Users\Lukas\Desktop\Defogger.exe 2014-05-01 00:55 - 2013-11-09 16:14 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\vlc 2014-04-30 20:22 - 2014-04-30 20:17 - 00000000 ____D () C:\Program Files (x86)\RaidCall 2014-04-30 20:19 - 2014-04-30 20:19 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\raidcall 2014-04-30 20:17 - 2014-04-30 20:17 - 00001031 _____ () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk 2014-04-30 20:17 - 2014-04-30 20:17 - 00001007 _____ () C:\Users\Lukas\Desktop\RaidCall.lnk 2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\rcru 2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall 2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall 2014-04-29 18:19 - 2014-04-28 00:28 - 00000000 ____D () C:\Users\Lukas\AppData\Local\JDownloader v2.0 2014-04-28 19:43 - 2013-09-09 18:26 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-28 03:23 - 2013-09-09 00:41 - 01909601 _____ () C:\Windows\WindowsUpdate.log 2014-04-28 01:31 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache 2014-04-28 01:20 - 2013-09-09 01:05 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3378045386-2888020065-354968016-1002 2014-04-28 00:29 - 2014-04-28 00:29 - 00002054 _____ () C:\Users\Lukas\Desktop\JDownloader 2.lnk 2014-04-28 00:29 - 2014-04-28 00:29 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2014-04-28 00:27 - 2013-11-09 15:18 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2014-04-28 00:09 - 2013-09-09 01:00 - 00000000 ___RD () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-28 00:09 - 2013-09-09 01:00 - 00000000 ___RD () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-28 00:07 - 2013-09-12 17:27 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-28 00:07 - 2013-09-09 15:35 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-28 00:07 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData 2014-04-28 00:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore 2014-04-28 00:06 - 2013-09-09 15:35 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-28 00:04 - 2014-04-28 00:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-28 00:04 - 2014-04-28 00:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-04-28 00:04 - 2014-04-28 00:04 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-28 00:04 - 2014-02-12 22:55 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-28 00:04 - 2013-11-09 15:09 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-04-28 00:04 - 2013-09-09 04:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-28 00:04 - 2013-09-09 04:15 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-28 00:04 - 2013-09-09 04:15 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-28 00:04 - 2013-09-09 04:15 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-28 00:04 - 2013-09-09 04:15 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-28 00:04 - 2013-09-09 04:15 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-28 00:02 - 2014-04-28 00:02 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\ARecEngine 2014-04-28 00:02 - 2013-10-28 18:12 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-04-28 00:02 - 2013-10-28 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-04-28 00:02 - 2013-10-28 18:12 - 00000000 ____D () C:\Program Files\WinRAR 2014-04-07 23:58 - 2014-04-07 23:58 - 00000741 _____ () C:\Users\Lukas\Desktop\Don't Starve.lnk 2014-04-07 21:32 - 2014-04-07 21:32 - 00000000 ____D () C:\Users\Lukas\Documents\Klei 2014-04-05 23:22 - 2014-04-05 23:22 - 00000000 ____D () C:\ProgramData\Steam 2014-04-05 23:19 - 2013-12-14 00:51 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-05 23:18 - 2014-04-05 23:18 - 00001395 _____ () C:\Users\Public\Desktop\The Walking Dead - Survival Instinct.lnk 2014-04-05 23:18 - 2014-04-05 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision 2014-04-05 23:13 - 2014-04-05 23:13 - 00000000 ____D () C:\Program Files (x86)\Activision 2014-04-05 20:13 - 2014-04-04 19:50 - 00000000 ____D () C:\Users\Lukas\Desktop\DayZ 2014-04-05 16:37 - 2014-04-05 16:37 - 00359752 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-04 23:06 - 2014-04-04 22:00 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Tunngle 2014-04-04 23:06 - 2014-04-04 22:00 - 00000000 ____D () C:\ProgramData\Tunngle 2014-04-04 22:41 - 2014-04-04 22:41 - 00000000 ____D () C:\ProgramData\LumaEmu_SteamCloud 2014-04-04 22:40 - 2014-04-04 22:40 - 00000000 ___SH () C:\Users\Lukas\AppData\Local\LumaEmu 2014-04-04 22:40 - 2014-04-04 22:40 - 00000000 ____D () C:\Users\Lukas\Documents\BIS Core Engine 2014-04-04 22:40 - 2014-04-04 20:15 - 00000000 ____D () C:\Users\Lukas\AppData\Local\DayZ 2014-04-04 22:00 - 2014-04-04 22:00 - 00000991 _____ () C:\Users\Public\Desktop\Tunngle beta.lnk 2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Users\Public\Documents\Tunngle 2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Users\Lukas\Documents\Tunngle 2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle 2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Program Files (x86)\Tunngle 2014-04-04 21:20 - 2014-04-04 21:19 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-04-04 20:15 - 2014-04-04 20:15 - 00000000 ____D () C:\Users\Lukas\Documents\DayZ 2014-04-04 20:08 - 2014-04-04 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-04-04 20:08 - 2014-04-04 20:08 - 00000000 ____D () C:\Program Files\7-Zip 2014-04-04 15:17 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-04 15:17 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-04 15:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-04-04 15:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-04-04 15:11 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-04-04 01:58 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-04-04 01:54 - 2014-04-04 01:54 - 00000000 ____D () C:\Users\Lukas\Desktop\ChemWord 2014-04-03 09:51 - 2014-05-01 03:16 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-05-01 03:16 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-05-01 03:16 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys Some content of TEMP: ==================== C:\Users\Lukas\AppData\Local\Temp\65116uninstall.exe C:\Users\Lukas\AppData\Local\Temp\drm_dyndata_7370014.dll C:\Users\Lukas\AppData\Local\Temp\icqsetup.exe C:\Users\Lukas\AppData\Local\Temp\JDSetup130431112882647168.exe C:\Users\Lukas\AppData\Local\Temp\npp.6.5.5.Installer.exe C:\Users\Lukas\AppData\Local\Temp\proxy_vole7668527934204194340.dll C:\Users\Lukas\AppData\Local\Temp\revwlsetup.exe C:\Users\Lukas\AppData\Local\Temp\Sqlite3.dll C:\Users\Lukas\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-28 01:20 ==================== End Of Log ============================ --- --- --- |
|
04.05.2014, 06:55
| #6 | ||
| /// the machine /// TB-Ausbilder | Windows 8: Avast blockiert beim Aufrufen von Internetseiten in Firefox ständig scheinbar schädliche Webseite All ok heisst der der Scan lief ohne interne Fehler. Funde sind in Quarantäne oder in den Temps. MAchen wir jetzt: Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Zitat:
Zitat:
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Windows 8: Avast blockiert beim Aufrufen von Internetseiten in Firefox ständig scheinbar schädliche Webseite |
|
05.05.2014, 13:34
| #7 |
| | Windows 8: Avast blockiert beim Aufrufen von Internetseiten in Firefox ständig scheinbar schädliche Webseite Ich habe nun TFC und DelFix wie beschrieben ausgeführt. Es dürfte alles einwandfrei funktioniert haben. Ein paar Dinge sind mir noch unklar: 1. Ich habe bei DelFix auch den Haken "Wiederherstellung der Systemeinstellungen" ausgewählt. Was genau wurde hier wiederhergestellt? Nach dem Ausführen von DelFix und einem Neustart habe ich nämlich festgestellt, dass versteckte Dateien angezeigt wurden und die Endungen von Dateien standardmäßig im Dateinamen ersichtlich wurden. Wurde hier noch etwas verändert? 2. Hat nun also gar keine Infektion mit dem eigentlichen Virus stattgefunden? War es in diesem Fall nur die Malware (das Addon in Firefox), welche entfernt werden musste? Ansonsten bedanke ich mich für die hilfreichen Anleitungen und die Sicherheitstipps! |
|
06.05.2014, 09:05
| #8 | ||
| /// the machine /// TB-Ausbilder | Windows 8: Avast blockiert beim Aufrufen von Internetseiten in Firefox ständig scheinbar schädliche WebseiteZitat:
Zitat:
Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.05.2014, 15:01
| #9 |
| | Windows 8: Avast blockiert beim Aufrufen von Internetseiten in Firefox ständig scheinbar schädliche Webseite Die ganze Adware habe ich schon gesehen, welche entfernt wurde. Mit der Infektion meinte ich aber den Trojaner, welchen Avast während des Aufrufens von Webseiten ständig blockiert hatte: "avast! Web-Schutz hat eine schädliche Webseite oder Datei blockiert. Objekt: hxxp://utils.cdneurope.com/js/mo.js {gzip} Infektion: JS:Downloader-ZY [Trj] Prozess: C:\Program Files (x86)\...\firefox.exe" |
|
11.05.2014, 12:23
| #10 | |
| /// the machine /// TB-Ausbilder | Windows 8: Avast blockiert beim Aufrufen von Internetseiten in Firefox ständig scheinbar schädliche WebseiteZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.05.2014, 12:12
| #11 |
| | Windows 8: Avast blockiert beim Aufrufen von Internetseiten in Firefox ständig scheinbar schädliche Webseite Okay. Dann wäre jetzt alles klar. Der Thread kann geschlossen werden. Danke nochmals! |
|
13.05.2014, 09:42
| #12 |
| /// the machine /// TB-Ausbilder | Windows 8: Avast blockiert beim Aufrufen von Internetseiten in Firefox ständig scheinbar schädliche Webseite Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 8: Avast blockiert beim Aufrufen von Internetseiten in Firefox ständig scheinbar schädliche Webseite |
| 4d36e972-e325-11ce-bfc1-08002be10318, abelssoft, branding, browser, cpu-z, flash player, launch, programm, pup.optional.conduit, pup.optional.conduit.a, pup.optional.funmoods.a, pup.optional.installcore.a, pup.optional.mysearch.a, pup.optional.mysearchdial.a, pup.optional.opencandy, pup.optional.optimizerpro.a, pup.optional.pricegong.a, pup.optional.similarsites.a, pup.optional.wiseenhance.a, required, services.exe, software, svchost.exe, system, web-schutz, win32/bundled.toolbar.google.d, win32/injected.f, win32/sprotector.e, win32/toolbar.conduit.y, windowsapps |
ownloader-ZY [Trj]
Linear-Darstellung
