| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner explorer.exe?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.06.2014, 12:36
| #1 |
| |  Trojaner explorer.exe? Kurz und Knapp   Dieses Problem habe ich seit 3 Tagen manchmal verschwinden die Task´s von alleine doch ich bin wirklich am verzweifeln. Help me pls . MFG Kastanije |
|
06.06.2014, 12:59
| #2 |
| /// the machine /// TB-Ausbilder    | Trojaner explorer.exe? hi,
__________________screenshot bitte größer und anhängen. Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
06.06.2014, 16:42
| #3 |
| | Trojaner explorer.exe?FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-06-2014
Ran by Benjamin (administrator) on BENJAMIN-PC on 06-06-2014 14:32:24
Running from C:\Users\Benjamin\Downloads
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(AVM Berlin) C:\Program Files\avmwlanstick\FRITZWLANMini.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Spotify Ltd) C:\Users\Benjamin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Benjamin\Downloads\FRST (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [283136 2007-02-02] (AVM Berlin)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [svchost] => regsvr32 /s "C:\Temp:01966E73.dat"
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-06-05] (AVAST Software)
HKU\S-1-5-21-3672730397-3278138862-3631354475-1000\...\Run: [Spotify Web Helper] => C:\Users\Benjamin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-17] (Spotify Ltd)
HKU\S-1-5-21-3672730397-3278138862-3631354475-1000\...\Run: [Spotify] => C:\Users\Benjamin\AppData\Roaming\Spotify\spotify.exe [6170168 2014-05-17] (Spotify Ltd)
HKU\S-1-5-21-3672730397-3278138862-3631354475-1000\...\Run: [svchost] => regsvr32 /s "C:\Temp:01966E73.dat"
HKU\S-1-5-21-3672730397-3278138862-3631354475-1000\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-3672730397-3278138862-3631354475-1000\...\MountPoints2: {3663a4cc-5c25-11e3-90b2-002522c0ba2b} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3672730397-3278138862-3631354475-1000\...\MountPoints2: {4e9bb976-4d69-11e3-925b-da2bbd1e896d} - F:\pushinst.exe
HKU\S-1-5-21-3672730397-3278138862-3631354475-1000\...\MountPoints2: {83f1cd7b-8e73-11e3-9bfd-002522c0ba2b} - F:\LaunchU3.exe -a
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x22E3B5F979E1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1390821886&from=cor&uid=SAMSUNGXHD204UI_S2H7J90B702130
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1390821886&from=cor&uid=SAMSUNGXHD204UI_S2H7J90B702130&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1390821886&from=cor&uid=SAMSUNGXHD204UI_S2H7J90B702130
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1390821886&from=cor&uid=SAMSUNGXHD204UI_S2H7J90B702130
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1390821886&from=cor&uid=SAMSUNGXHD204UI_S2H7J90B702130&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1390821886&from=cor&uid=SAMSUNGXHD204UI_S2H7J90B702130
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1390821886&from=cor&uid=SAMSUNGXHD204UI_S2H7J90B702130&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtB0CtD0B0AtB0B0A0FyCtDtN0D0Tzu0SyCzyzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=914963795&ir=
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1390821886&from=cor&uid=SAMSUNGXHD204UI_S2H7J90B702130&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=318&src=ds&p={searchTerms}
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchinweb.info/?l=1&q={searchTerms}&pid=1565&r=2014/01/27&hid=2488100489113532445&lg=EN&cc=DE&unqvl=47
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1390821886&from=cor&uid=SAMSUNGXHD204UI_S2H7J90B702130&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtB0CtD0B0AtB0B0A0FyCtDtN0D0Tzu0SyCzyzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=914963795&ir=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1390821886&from=cor&uid=SAMSUNGXHD204UI_S2H7J90B702130&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=318&src=ds&p={searchTerms}
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchinweb.info/?l=1&q={searchTerms}&pid=1565&r=2014/01/27&hid=2488100489113532445&lg=EN&cc=DE&unqvl=47
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-27]
CHR Extension: (Google Drive) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-27]
CHR Extension: (Google-Suche) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-27]
CHR Extension: (Google Wallet) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-27]
CHR Extension: (MySearchDial) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2014-05-27]
CHR Extension: (Google Mail) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-05]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Benjamin\AppData\Local\mysearchdial-speeddial.crx [2013-11-29]
CHR HKLM\...\Chrome\Extension: [pkndmigholgfjlniaohblojbhgjbkakn] - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2013-11-29]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Benjamin\AppData\Local\mysearchdial-speeddial.crx [2013-11-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-05] (AVAST Software)
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2014-04-01] ()
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [614416 2014-01-29] ()
R2 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc.)
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-06-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-06-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-06-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-06-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-06-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-06-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-06-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-06-05] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin)
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [932744 2014-04-20] (<Turtle Entertainment>)
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files\Settings Manager\systemk\systemkmgrc1.cfg [31120 2014-05-18] (Aztec Media Inc)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
S3 EtronHub3; System32\Drivers\EtronHub3.sys [X]
S3 EtronXHCI; System32\Drivers\EtronXHCI.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-06 14:46 - 2014-06-06 14:46 - 00222976 _____ () C:\Users\Benjamin\Downloads\ClickHeretoDownloadSetup-8BEhc2CI (8).exe
2014-06-06 14:44 - 2014-06-06 14:44 - 00222976 _____ () C:\Users\Benjamin\Downloads\ClickHeretoDownloadSetup-8BEhc2CI (7).exe
2014-06-06 14:37 - 2014-06-06 14:37 - 00222976 _____ () C:\Users\Benjamin\Downloads\ClickHeretoDownloadSetup-8BEhc2CI (6).exe
2014-06-06 14:36 - 2014-06-06 14:36 - 00222976 _____ () C:\Users\Benjamin\Downloads\ClickHeretoDownloadSetup-8BEhc2CI (5).exe
2014-06-06 14:36 - 2014-06-06 14:36 - 00222976 _____ () C:\Users\Benjamin\Downloads\ClickHeretoDownloadSetup-8BEhc2CI (4).exe
2014-06-06 14:31 - 2014-06-06 14:31 - 01063424 _____ (Farbar) C:\Users\Benjamin\Downloads\FRST (1).exe
2014-06-06 14:20 - 2014-06-06 14:32 - 00000799 _____ () C:\Users\Benjamin\Desktop\FRST.txt
2014-06-06 14:19 - 2014-06-06 14:04 - 01063424 _____ (Farbar) C:\Users\Benjamin\Desktop\FRST.exe
2014-06-06 14:05 - 2014-06-06 14:47 - 00013024 _____ () C:\Users\Benjamin\Downloads\FRST.txt
2014-06-06 14:05 - 2014-06-06 14:47 - 00000000 ____D () C:\FRST
2014-06-06 14:04 - 2014-06-06 14:04 - 01063424 _____ (Farbar) C:\Users\Benjamin\Downloads\FRST.exe
2014-06-06 13:40 - 2014-06-06 13:40 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-06 13:40 - 2014-06-06 13:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-06 13:38 - 2014-06-06 13:38 - 03673664 _____ (Piriform Ltd) C:\Users\Benjamin\Downloads\ccsetup414_slim.exe
2014-06-05 16:53 - 2014-06-05 16:54 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\DropboxMaster
2014-06-05 16:53 - 2014-06-05 16:53 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-05 16:47 - 2014-06-05 16:48 - 00222976 _____ () C:\Users\Benjamin\Downloads\ClickHeretoDownloadSetup-8BEhc2CI (3).exe
2014-06-05 16:47 - 2014-06-05 16:47 - 00222976 _____ () C:\Users\Benjamin\Downloads\ClickHeretoDownloadSetup-8BEhc2CI (2).exe
2014-06-05 16:44 - 2014-06-05 16:44 - 00222968 _____ () C:\Users\Benjamin\Downloads\ClickHeretoDownloadSetup-8BEhc2CI (1).exe
2014-06-05 16:42 - 2014-06-05 16:54 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Dropbox
2014-06-05 16:36 - 2014-06-05 16:36 - 00222968 _____ () C:\Users\Benjamin\Downloads\ClickHeretoDownloadSetup-8BEhc2CI.exe
2014-06-05 16:32 - 2014-06-05 16:32 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\AVAST Software
2014-06-05 16:28 - 2014-06-05 16:28 - 00002123 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-05 16:28 - 2014-06-05 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-05 16:25 - 2014-06-05 16:28 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-05 16:25 - 2014-06-05 16:28 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-05 16:25 - 2014-06-05 16:28 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-05 16:25 - 2014-06-05 16:25 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1401978493367
2014-06-05 16:25 - 2014-06-05 16:25 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1401978493367
2014-06-05 16:25 - 2014-06-05 16:25 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-05 16:25 - 2014-06-05 16:25 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-05 16:25 - 2014-06-05 16:25 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-05 16:25 - 2014-06-05 16:25 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-05 16:25 - 2014-06-05 16:25 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-05 16:25 - 2014-06-05 16:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-05 16:25 - 2014-06-05 16:25 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-05 16:25 - 2014-06-05 16:25 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-05 16:23 - 2014-06-05 16:24 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-05 16:16 - 2014-06-05 16:19 - 94714880 _____ (AVAST Software) C:\Users\Benjamin\Downloads\avast_free_antivirus_setup_21514.exe
2014-06-04 16:29 - 2014-06-04 16:29 - 00000000 ____D () C:\OETemp
2014-06-02 17:06 - 2014-06-02 17:06 - 06209136 _____ (TeamViewer GmbH) C:\Users\Benjamin\Downloads\TeamViewer_Setup_de-ckc.exe
2014-06-02 17:06 - 2014-06-02 17:06 - 00001136 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\Program Files\TeamViewer
2014-06-02 17:03 - 2014-06-02 17:27 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\TeamViewer
2014-06-02 17:03 - 2014-06-02 17:03 - 06393104 _____ (TeamViewer) C:\Users\Benjamin\Downloads\TeamViewer_Host_Setup-ckc.exe
2014-06-02 17:02 - 2014-06-02 17:02 - 04617648 _____ (TeamViewer) C:\Users\Benjamin\Downloads\TeamViewerQS_de-ckc.exe
2014-06-01 23:24 - 2014-06-01 23:27 - 85661619 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part28.rar
2014-06-01 23:22 - 2014-06-01 23:27 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part27.rar
2014-06-01 23:22 - 2014-06-01 23:27 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part26.rar
2014-06-01 23:16 - 2014-06-01 23:22 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part25.rar
2014-06-01 23:15 - 2014-06-01 23:24 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part23.rar
2014-06-01 23:15 - 2014-06-01 23:22 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part24.rar
2014-06-01 21:12 - 2014-06-01 21:12 - 00000000 ____D () C:\Users\Benjamin\Documents\My Cheat Tables
2014-06-01 21:07 - 2014-06-01 21:07 - 00000000 ____D () C:\Users\Benjamin\Desktop\D
2014-06-01 21:06 - 2014-06-01 21:06 - 03643392 _____ () C:\Users\Benjamin\Downloads\[www.OldSchoolHack.de]_CSS WALLHACK.EXE
2014-06-01 18:48 - 2014-06-01 19:10 - 98747520 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part22.rar.part
2014-06-01 18:48 - 2014-06-01 19:06 - 96255884 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part21.rar.part
2014-06-01 18:48 - 2014-06-01 19:03 - 98567680 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part20.rar.part
2014-06-01 18:43 - 2014-06-01 23:15 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part18.rar
2014-06-01 18:43 - 2014-06-01 18:47 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part19.rar
2014-06-01 18:43 - 2014-06-01 18:47 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part17.rar
2014-06-01 18:38 - 2014-06-01 18:43 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part16.rar
2014-06-01 18:38 - 2014-06-01 18:43 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part15.rar
2014-06-01 18:38 - 2014-06-01 18:43 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part14.rar
2014-06-01 18:35 - 2014-06-01 18:38 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part13.rar
2014-06-01 18:31 - 2014-06-01 18:37 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part12.rar
2014-06-01 18:31 - 2014-06-01 18:37 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part11.rar
2014-06-01 18:27 - 2014-06-01 18:34 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part10.rar
2014-06-01 18:26 - 2014-06-01 18:31 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part09.rar
2014-06-01 18:26 - 2014-06-01 18:31 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part08.rar
2014-06-01 18:18 - 2014-06-01 18:26 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part07.rar
2014-06-01 18:18 - 2014-06-01 18:26 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part06.rar
2014-06-01 18:17 - 2014-06-01 18:35 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part05.rar
2014-06-01 18:14 - 2014-06-01 18:17 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part04.rar
2014-06-01 18:02 - 2014-06-01 18:14 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part03.rar
2014-06-01 18:02 - 2014-06-01 18:13 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part02.rar
2014-06-01 18:02 - 2014-06-01 18:11 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part01.rar
2014-06-01 17:53 - 2014-06-01 17:53 - 00000000 ____D () C:\Users\Benjamin\Desktop\JDownloader
2014-06-01 17:52 - 2014-06-01 17:53 - 31419822 _____ () C:\Users\Benjamin\Downloads\JDownloader.zip
2014-05-30 16:07 - 2013-05-03 13:31 - 00000000 ____D () C:\Users\Benjamin\Desktop\KC_Rebell_-_Banger_Rebellieren_(Ldt._Amazon_Edition)-2CD-DE-2013-RAF
2014-05-30 15:36 - 2014-05-30 16:02 - 258267967 _____ () C:\Users\Benjamin\Downloads\KCREBARELIAMED_MP.rar
2014-05-30 15:36 - 2014-05-30 15:36 - 00807272 _____ () C:\Users\Benjamin\Downloads\Setup (3).exe
2014-05-29 23:06 - 2014-05-29 23:06 - 00277880 _____ () C:\Users\Benjamin\Downloads\Java.exe
2014-05-28 17:28 - 2014-05-28 17:28 - 00018715 _____ () C:\Users\Benjamin\Downloads\LANGER. Kundeninformation BMW 320d Limousine IIS-Nr.328464.htm
2014-05-27 18:24 - 2014-05-27 18:24 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-27 18:24 - 2014-05-27 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-27 18:19 - 2014-06-05 15:51 - 00000000 ____D () C:\ProgramData\Avira
2014-05-27 18:19 - 2014-06-05 15:51 - 00000000 ____D () C:\Program Files\Avira
2014-05-27 18:14 - 2014-06-06 14:19 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-27 18:14 - 2014-06-06 13:12 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-27 18:11 - 2014-05-27 18:12 - 00918672 _____ (Google Inc.) C:\Users\Benjamin\Downloads\ChromeSetup.exe
2014-05-26 20:25 - 2014-05-26 20:25 - 17825285 _____ () C:\Users\Benjamin\Downloads\likeparty (2).sfw
2014-05-26 19:46 - 2014-05-26 19:47 - 00002234 _____ () C:\Windows\system32\httpsuchen.mobile.deauto-inseratopel-vectra-m%C3%BCnchen192977100.htmllang=de&pageNumber=1&__lp=46&scopeId=C&sortOption.sortBy=price.consumerGrossEuro&makeModelVariant1.searchInFreetext=false&makeModelVar.searchInFreetex.lnk
2014-05-21 18:37 - 2014-05-21 18:37 - 00000000 __SHD () C:\found.001
2014-05-19 20:16 - 2014-05-28 20:24 - 00000000 ____D () C:\ProgramData\systemk
2014-05-17 17:06 - 2014-05-17 17:06 - 17825285 _____ () C:\Users\Benjamin\Downloads\likeparty.sfw
2014-05-17 17:06 - 2014-05-17 17:06 - 17825285 _____ () C:\Users\Benjamin\Downloads\likeparty (1).sfw
2014-05-17 16:56 - 2014-05-17 17:03 - 17929233 _____ () C:\Users\Benjamin\Downloads\L@k_P@rty.rar
2014-05-15 20:19 - 2014-05-15 20:19 - 00994176 _____ () C:\Users\Benjamin\Downloads\setup (2).exe
2014-05-15 20:19 - 2014-05-15 20:19 - 00994176 _____ () C:\Users\Benjamin\Downloads\setup (1).exe
2014-05-15 20:18 - 2014-05-15 20:18 - 01107456 _____ () C:\Users\Benjamin\Downloads\rauchen20_09_2005h.ppt
2014-05-10 08:50 - 2014-05-10 08:50 - 00538404 _____ () C:\Users\Benjamin\Downloads\source_nick_v10.zip
2014-05-08 20:27 - 2014-05-08 20:36 - 141153166 _____ () C:\Users\Benjamin\Downloads\Kollegah-King-DE-2014-VOiCE.rar
==================== One Month Modified Files and Folders =======
2014-06-06 14:47 - 2014-06-06 14:05 - 00013024 _____ () C:\Users\Benjamin\Downloads\FRST.txt
2014-06-06 14:47 - 2014-06-06 14:05 - 00000000 ____D () C:\FRST
2014-06-06 14:47 - 2013-11-14 22:03 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\Temp
2014-06-06 14:46 - 2014-06-06 14:46 - 00222976 _____ () C:\Users\Benjamin\Downloads\ClickHeretoDownloadSetup-8BEhc2CI (8).exe
2014-06-06 14:44 - 2014-06-06 14:44 - 00222976 _____ () C:\Users\Benjamin\Downloads\ClickHeretoDownloadSetup-8BEhc2CI (7).exe
2014-06-06 14:42 - 2013-12-03 21:30 - 00000000 ____D () C:\Temp
2014-06-06 14:37 - 2014-06-06 14:37 - 00222976 _____ () C:\Users\Benjamin\Downloads\ClickHeretoDownloadSetup-8BEhc2CI (6).exe
2014-06-06 14:36 - 2014-06-06 14:36 - 00222976 _____ () C:\Users\Benjamin\Downloads\ClickHeretoDownloadSetup-8BEhc2CI (5).exe
2014-06-06 14:36 - 2014-06-06 14:36 - 00222976 _____ () C:\Users\Benjamin\Downloads\ClickHeretoDownloadSetup-8BEhc2CI (4).exe
2014-06-06 14:32 - 2014-06-06 14:20 - 00000799 _____ () C:\Users\Benjamin\Desktop\FRST.txt
2014-06-06 14:31 - 2014-06-06 14:31 - 01063424 _____ (Farbar) C:\Users\Benjamin\Downloads\FRST (1).exe
2014-06-06 14:19 - 2014-05-27 18:14 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-06 14:04 - 2014-06-06 14:19 - 01063424 _____ (Farbar) C:\Users\Benjamin\Desktop\FRST.exe
2014-06-06 14:04 - 2014-06-06 14:04 - 01063424 _____ (Farbar) C:\Users\Benjamin\Downloads\FRST.exe
2014-06-06 14:02 - 2013-11-19 00:47 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\TS3Client
2014-06-06 13:58 - 2013-11-20 16:02 - 00000000 ____D () C:\Program Files\Steam
2014-06-06 13:57 - 2013-11-14 10:58 - 00000000 ____D () C:\Windows\Panther
2014-06-06 13:40 - 2014-06-06 13:40 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-06 13:40 - 2014-06-06 13:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-06 13:38 - 2014-06-06 13:38 - 03673664 _____ (Piriform Ltd) C:\Users\Benjamin\Downloads\ccsetup414_slim.exe
2014-06-06 13:32 - 2013-11-15 16:16 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Spotify
2014-06-06 13:18 - 2009-07-14 06:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-06 13:18 - 2009-07-14 06:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 13:14 - 2013-11-14 11:02 - 01540182 ____N () C:\Windows\WindowsUpdate.log
2014-06-06 13:12 - 2014-05-27 18:14 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-06 13:11 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 20:50 - 2013-11-22 17:35 - 00000000 ____D () C:\Users\Benjamin\Desktop\hacks
2014-06-05 20:04 - 2014-01-09 17:54 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\newnext.me
2014-06-05 20:04 - 2014-01-09 17:54 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\genienext
2014-06-05 20:04 - 2013-11-29 17:55 - 00000000 ____D () C:\Program Files\Mobogenie
2014-06-05 19:56 - 2013-11-20 16:02 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-06-05 16:54 - 2014-06-05 16:53 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\DropboxMaster
2014-06-05 16:54 - 2014-06-05 16:42 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Dropbox
2014-06-05 16:53 - 2014-06-05 16:53 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-05 16:48 - 2014-06-05 16:47 - 00222976 _____ () C:\Users\Benjamin\Downloads\ClickHeretoDownloadSetup-8BEhc2CI (3).exe
2014-06-05 16:47 - 2014-06-05 16:47 - 00222976 _____ () C:\Users\Benjamin\Downloads\ClickHeretoDownloadSetup-8BEhc2CI (2).exe
2014-06-05 16:44 - 2014-06-05 16:44 - 00222968 _____ () C:\Users\Benjamin\Downloads\ClickHeretoDownloadSetup-8BEhc2CI (1).exe
2014-06-05 16:36 - 2014-06-05 16:36 - 00222968 _____ () C:\Users\Benjamin\Downloads\ClickHeretoDownloadSetup-8BEhc2CI.exe
2014-06-05 16:32 - 2014-06-05 16:32 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\AVAST Software
2014-06-05 16:28 - 2014-06-05 16:28 - 00002123 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-05 16:28 - 2014-06-05 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-05 16:28 - 2014-06-05 16:25 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-05 16:28 - 2014-06-05 16:25 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-05 16:28 - 2014-06-05 16:25 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-05 16:25 - 2014-06-05 16:25 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1401978493367
2014-06-05 16:25 - 2014-06-05 16:25 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1401978493367
2014-06-05 16:25 - 2014-06-05 16:25 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-05 16:25 - 2014-06-05 16:25 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-05 16:25 - 2014-06-05 16:25 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-05 16:25 - 2014-06-05 16:25 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-05 16:25 - 2014-06-05 16:25 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-05 16:25 - 2014-06-05 16:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-05 16:25 - 2014-06-05 16:25 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-05 16:25 - 2014-06-05 16:25 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-05 16:24 - 2014-06-05 16:23 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-05 16:19 - 2014-06-05 16:16 - 94714880 _____ (AVAST Software) C:\Users\Benjamin\Downloads\avast_free_antivirus_setup_21514.exe
2014-06-05 15:51 - 2014-05-27 18:19 - 00000000 ____D () C:\ProgramData\Avira
2014-06-05 15:51 - 2014-05-27 18:19 - 00000000 ____D () C:\Program Files\Avira
2014-06-04 16:29 - 2014-06-04 16:29 - 00000000 ____D () C:\OETemp
2014-06-04 16:29 - 2013-11-15 15:57 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-04 15:31 - 2013-11-15 16:17 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\Spotify
2014-06-03 22:12 - 2014-04-27 23:44 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\PokerStars.EU
2014-06-03 22:12 - 2014-04-27 23:43 - 00000000 ____D () C:\Program Files\PokerStars.EU
2014-06-03 13:07 - 2009-07-14 06:33 - 00272512 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-02 20:50 - 2013-11-14 23:06 - 00058592 _____ () C:\Users\Benjamin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-02 17:27 - 2014-06-02 17:03 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\TeamViewer
2014-06-02 17:06 - 2014-06-02 17:06 - 06209136 _____ (TeamViewer GmbH) C:\Users\Benjamin\Downloads\TeamViewer_Setup_de-ckc.exe
2014-06-02 17:06 - 2014-06-02 17:06 - 00001136 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\Program Files\TeamViewer
2014-06-02 17:03 - 2014-06-02 17:03 - 06393104 _____ (TeamViewer) C:\Users\Benjamin\Downloads\TeamViewer_Host_Setup-ckc.exe
2014-06-02 17:02 - 2014-06-02 17:02 - 04617648 _____ (TeamViewer) C:\Users\Benjamin\Downloads\TeamViewerQS_de-ckc.exe
2014-06-01 23:27 - 2014-06-01 23:24 - 85661619 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part28.rar
2014-06-01 23:27 - 2014-06-01 23:22 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part27.rar
2014-06-01 23:27 - 2014-06-01 23:22 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part26.rar
2014-06-01 23:24 - 2014-06-01 23:15 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part23.rar
2014-06-01 23:22 - 2014-06-01 23:16 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part25.rar
2014-06-01 23:22 - 2014-06-01 23:15 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part24.rar
2014-06-01 23:15 - 2014-06-01 18:43 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part18.rar
2014-06-01 21:12 - 2014-06-01 21:12 - 00000000 ____D () C:\Users\Benjamin\Documents\My Cheat Tables
2014-06-01 21:07 - 2014-06-01 21:07 - 00000000 ____D () C:\Users\Benjamin\Desktop\D
2014-06-01 21:06 - 2014-06-01 21:06 - 03643392 _____ () C:\Users\Benjamin\Downloads\[www.OldSchoolHack.de]_CSS WALLHACK.EXE
2014-06-01 19:10 - 2014-06-01 18:48 - 98747520 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part22.rar.part
2014-06-01 19:06 - 2014-06-01 18:48 - 96255884 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part21.rar.part
2014-06-01 19:03 - 2014-06-01 18:48 - 98567680 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part20.rar.part
2014-06-01 18:47 - 2014-06-01 18:43 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part19.rar
2014-06-01 18:47 - 2014-06-01 18:43 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part17.rar
2014-06-01 18:43 - 2014-06-01 18:38 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part16.rar
2014-06-01 18:43 - 2014-06-01 18:38 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part15.rar
2014-06-01 18:43 - 2014-06-01 18:38 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part14.rar
2014-06-01 18:38 - 2014-06-01 18:35 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part13.rar
2014-06-01 18:37 - 2014-06-01 18:31 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part12.rar
2014-06-01 18:37 - 2014-06-01 18:31 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part11.rar
2014-06-01 18:35 - 2014-06-01 18:17 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part05.rar
2014-06-01 18:34 - 2014-06-01 18:27 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part10.rar
2014-06-01 18:31 - 2014-06-01 18:26 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part09.rar
2014-06-01 18:31 - 2014-06-01 18:26 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part08.rar
2014-06-01 18:26 - 2014-06-01 18:18 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part07.rar
2014-06-01 18:26 - 2014-06-01 18:18 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part06.rar
2014-06-01 18:17 - 2014-06-01 18:14 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part04.rar
2014-06-01 18:14 - 2014-06-01 18:02 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part03.rar
2014-06-01 18:13 - 2014-06-01 18:02 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part02.rar
2014-06-01 18:11 - 2014-06-01 18:02 - 111111127 _____ () C:\Users\Benjamin\Downloads\W7USP1.7601.x64.Mai.2011-PLZ.part01.rar
2014-06-01 18:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-01 17:53 - 2014-06-01 17:53 - 00000000 ____D () C:\Users\Benjamin\Desktop\JDownloader
2014-06-01 17:53 - 2014-06-01 17:52 - 31419822 _____ () C:\Users\Benjamin\Downloads\JDownloader.zip
2014-05-30 16:10 - 2010-11-20 23:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 16:02 - 2014-05-30 15:36 - 258267967 _____ () C:\Users\Benjamin\Downloads\KCREBARELIAMED_MP.rar
2014-05-30 15:36 - 2014-05-30 15:36 - 00807272 _____ () C:\Users\Benjamin\Downloads\Setup (3).exe
2014-05-29 23:06 - 2014-05-29 23:06 - 00277880 _____ () C:\Users\Benjamin\Downloads\Java.exe
2014-05-28 20:24 - 2014-05-19 20:16 - 00000000 ____D () C:\ProgramData\systemk
2014-05-28 17:43 - 2014-04-15 16:36 - 00000000 ____D () C:\Program Files\Linkey
2014-05-28 17:28 - 2014-05-28 17:28 - 00018715 _____ () C:\Users\Benjamin\Downloads\LANGER. Kundeninformation BMW 320d Limousine IIS-Nr.328464.htm
2014-05-27 21:45 - 2014-04-24 02:23 - 00002203 _____ () C:\Users\Benjamin\Desktop\Google Chrome.lnk
2014-05-27 18:43 - 2014-01-28 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSDCSC
2014-05-27 18:24 - 2014-05-27 18:24 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-27 18:24 - 2014-05-27 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-27 18:24 - 2013-11-15 15:38 - 00000000 ____D () C:\Program Files\Google
2014-05-27 18:12 - 2014-05-27 18:11 - 00918672 _____ (Google Inc.) C:\Users\Benjamin\Downloads\ChromeSetup.exe
2014-05-26 20:25 - 2014-05-26 20:25 - 17825285 _____ () C:\Users\Benjamin\Downloads\likeparty (2).sfw
2014-05-26 19:47 - 2014-05-26 19:46 - 00002234 _____ () C:\Windows\system32\httpsuchen.mobile.deauto-inseratopel-vectra-m%C3%BCnchen192977100.htmllang=de&pageNumber=1&__lp=46&scopeId=C&sortOption.sortBy=price.consumerGrossEuro&makeModelVariant1.searchInFreetext=false&makeModelVar.searchInFreetex.lnk
2014-05-26 19:37 - 2013-11-27 21:54 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\ESL Wire Game Client
2014-05-26 19:36 - 2013-11-28 22:47 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Skype
2014-05-21 18:37 - 2014-05-21 18:37 - 00000000 __SHD () C:\found.001
2014-05-17 17:06 - 2014-05-17 17:06 - 17825285 _____ () C:\Users\Benjamin\Downloads\likeparty.sfw
2014-05-17 17:06 - 2014-05-17 17:06 - 17825285 _____ () C:\Users\Benjamin\Downloads\likeparty (1).sfw
2014-05-17 17:03 - 2014-05-17 16:56 - 17929233 _____ () C:\Users\Benjamin\Downloads\L@k_P@rty.rar
2014-05-15 20:19 - 2014-05-15 20:19 - 00994176 _____ () C:\Users\Benjamin\Downloads\setup (2).exe
2014-05-15 20:19 - 2014-05-15 20:19 - 00994176 _____ () C:\Users\Benjamin\Downloads\setup (1).exe
2014-05-15 20:18 - 2014-05-15 20:18 - 01107456 _____ () C:\Users\Benjamin\Downloads\rauchen20_09_2005h.ppt
2014-05-10 08:50 - 2014-05-10 08:50 - 00538404 _____ () C:\Users\Benjamin\Downloads\source_nick_v10.zip
2014-05-09 16:13 - 2013-11-29 17:55 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\Mobogenie
2014-05-08 20:36 - 2014-05-08 20:27 - 141153166 _____ () C:\Users\Benjamin\Downloads\Kollegah-King-DE-2014-VOiCE.rar
Some content of TEMP:
====================
C:\Users\Benjamin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqn8nte.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-30 16:49
==================== End Of Log ============================
addition FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-06-2014
Ran by Benjamin at 2014-06-06 14:48:07
Running from C:\Users\Benjamin\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (Version: 2013.1008.932.15229 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{7C368470-3D19-24D9-4A81-697C1DEB4710}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CLICK & LEARN DiDi 360° DVD (HKLM\...\{1C27F735-8AC7-4C91-954F-97522611E913}_is1) (Version: CLICK & LEARN DiDi 360° 4.2 DVD - DEGENER)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version: - Valve)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM\...\Steam App 221100) (Version: - Bohemia Interactive)
Dojotech Spotify Recorder (HKLM\...\{D149DB2E-392E-48CC-8036-88BECC09C50A}) (Version: 3.2 - Dojotech Software)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
ESL Wire 1.17.3 (HKLM\...\ESL Wire_is1) (Version: - Turtle Entertainment GmbH)
FINAL FANTASY XIV - A Realm Reborn (HKLM\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access 2003 Runtime (HKLM\...\{901C0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Mobogenie (HKLM\...\Mobogenie) (Version: - Mobogenie.com) <==== ATTENTION
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
PAYDAY: The Heist (HKLM\...\Steam App 24240) (Version: - OVERKILL Software)
Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PokerStars.eu (HKLM\...\PokerStars.eu) (Version: - PokerStars.eu)
Razer Game Booster (HKLM\...\Razer Game Booster_is1) (Version: 4.0.68.0 - Razer Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Rust (HKLM\...\Steam App 252490) (Version: - Facepunch Studios)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
Silent Hill Homecoming (HKLM\...\Silent Hill Homecoming_is1) (Version: - )
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
VirtuallyJenna-025.002 (HKLM\...\VirtuallyJenna-025.002) (Version: - )
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 5.01 beta 1 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.1 - win.rar GmbH)
==================== Restore Points =========================
27-05-2014 16:43:17 Avira Free Antivirus - 27.05.2014 18:43
04-06-2014 14:29:21 Windows Update
05-06-2014 14:25:08 avast! antivirus system restore point
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {51B61448-6C53-45F7-B5C0-29AA8976F25F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-27] (Google Inc.)
Task: {54E179BD-2E0D-4E0B-BEE4-11DBF2DCE5FA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-05] (AVAST Software)
Task: {561AFCBC-AB37-4BA2-8330-548BBCFCA006} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {88D7275B-5922-44BA-AA62-5B8166A665C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-27] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-06-05 16:38 - 2014-06-05 16:38 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14060500\algo.dll
2014-06-06 13:11 - 2014-06-06 13:11 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14060600\algo.dll
2013-11-27 21:54 - 2014-01-29 19:13 - 00614416 _____ () C:\Program Files\EslWire\service\WireHelperSvc.exe
2013-11-27 21:54 - 2014-02-06 16:08 - 00165888 _____ () C:\Program Files\EslWire\service\NocIPC32.dll
2014-06-05 16:25 - 2014-06-05 16:25 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-20 19:33 - 2014-05-20 19:33 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-05-27 18:24 - 2014-05-14 01:40 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-27 18:24 - 2014-05-14 01:40 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Temp:01966E73.dat
AlternateDataStreams: C:\Temp:pid1
AlternateDataStreams: C:\Temp:pid2
AlternateDataStreams: C:\Temp:rnd.dat
AlternateDataStreams: C:\Temp:srv
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA => 1
MSCONFIG\startupreg: ESL Wire => "C:\Program Files\EslWire\wire.exe" --tray
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NextLive => C:\Windows\system32\rundll32.exe "C:\Users\Benjamin\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: Overwolf => C:\Program Files\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
==================== Faulty Device Manager Devices =============
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/06/2014 01:33:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Steam.exe, Version 2.25.32.45 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: bac
Startzeit: 01cf817859581b41
Endzeit: 3845
Anwendungspfad: C:\Program Files\Steam\Steam.exe
Berichts-ID: 45a50f73-ed6e-11e3-ae06-001f3f076653
Error: (06/06/2014 01:12:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2014 10:08:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2014 09:46:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x5387b8a0
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5387b784
Ausnahmecode: 0x40000015
Fehleroffset: 0x0001f25e
ID des fehlerhaften Prozesses: 0x271c
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3
Error: (06/05/2014 06:31:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x5387b8a0
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5387b784
Ausnahmecode: 0x40000015
Fehleroffset: 0x0001f25e
ID des fehlerhaften Prozesses: 0x4b04
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3
Error: (06/05/2014 04:25:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary fdclfaym.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (06/05/2014 04:25:08 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {53ba0a14-63c5-4e97-8363-28ae2f5f5f7d}
Error: (06/05/2014 04:14:07 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x80070008) festgestellt.
Error: (06/05/2014 03:53:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/04/2014 10:43:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002181e
ID des fehlerhaften Prozesses: 0xa4
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3
System errors:
=============
Error: (06/05/2014 10:06:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 05.06.2014 um 21:54:38 unerwartet heruntergefahren.
Error: (06/03/2014 10:06:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 03.06.2014 um 22:05:18 unerwartet heruntergefahren.
Error: (06/02/2014 06:37:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TeamViewer 9" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (06/02/2014 06:36:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "TeamViewer 9" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/02/2014 06:35:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "TeamViewer 9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/01/2014 09:13:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (06/01/2014 09:13:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (06/01/2014 06:06:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (05/31/2014 06:20:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (05/31/2014 06:19:57 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 31.05.2014 um 18:18:31 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (06/06/2014 01:33:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Steam.exe2.25.32.45bac01cf817859581b413845C:\Program Files\Steam\Steam.exe45a50f73-ed6e-11e3-ae06-001f3f076653
Error: (06/06/2014 01:12:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2014 10:08:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2014 09:46:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.05387b8a0tier0.dll0.0.0.05387b784400000150001f25e271c01cf80dbe17b5055C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeC:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll1be2671a-ecea-11e3-bdda-002522c0ba2b
Error: (06/05/2014 06:31:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.05387b8a0tier0.dll0.0.0.05387b784400000150001f25e4b0401cf80cfaa64c96dC:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeC:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dlld0cbdf04-ecce-11e3-bdda-002522c0ba2b
Error: (06/05/2014 04:25:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary fdclfaym.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (06/05/2014 04:25:08 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {53ba0a14-63c5-4e97-8363-28ae2f5f5f7d}
Error: (06/05/2014 04:14:07 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x80070008
Error: (06/05/2014 03:53:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/04/2014 10:43:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181ea401cf802b4575f3d9C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeC:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dlld86e45a1-ec28-11e3-ab97-001f3f076653
==================== Memory info ===========================
Percentage of memory in use: 73%
Total physical RAM: 3062.68 MB
Available physical RAM: 823.04 MB
Total Pagefile: 6591.84 MB
Available Pagefile: 1426.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.38 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:946.47 GB) (Free:819.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:916.45 GB) (Free:891.65 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 6D4FF8C5)
Partition 1: (Active) - (Size=946 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=916 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
07.06.2014, 11:14
| #4 |
| /// the machine /// TB-Ausbilder | Trojaner explorer.exe? Screnshot? größer? anhängen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Trojaner explorer.exe? |
| explorer.exe, knapp, problem, tagen, troja, trojaner, trojaner ? explorer.exe hilfe bitte, verschwinden, verzweifel, wirklich |
Linear-Darstellung
