| |
| |||||||
Log-Analyse und Auswertung: Antivir durch Gruppenrichtlinie blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.06.2014, 14:12
| #1 |
 |  Antivir durch Gruppenrichtlinie blockiert Hallo, vor etwa 2 Wochen habe ich festgestellt, dass mein Antivir sich nicht mehr starten lässt. Wenn ich versuche die .exe auszuführen kommt immer die Meldung "Avira wurde durch eine Gruppenrichtlinie blockiert". Ich habe versucht es zu deinstallieren, was aber nicht funktioniert, es kommt die Meldung, dass ich Admin Rechte brauche um es zu deinstallieren. Ich vermute, dass ich mir im Copyshop einen Trojaner eingefangen habe, da auf meinem usb stick plötzlich alle Dateien durch Verknüpfungen ersetzt worden sind, und ich dummerweise auf einige draufgeklickt habe... Naja ich hoffe ihr könnt mir weiterhelfen, vielen Dank schonmal im Voraus! Anbei die Logfiles. FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014 Ran by loswochos (administrator) on LOSWOCHOS-PC on 19-06-2014 14:39:24 Running from C:\Users\loswochos\Downloads\trojaner board Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe (Dropbox, Inc.) C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe ( ) C:\Users\loswochos\Downloads\Miranda\miranda64.exe () C:\Users\loswochos\Downloads\trojaner board\Defogger.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-07-23] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl) HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Lavasoft <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files (x86)\Lavasoft <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-31] () HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\Run: [java ska] => wscript.exe //B "C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs" <===== ATTENTION HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\Run: [OdjuHlomo] => regsvr32.exe " HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\MountPoints2: {d271fda5-74c5-11e0-8522-665544336040} - G:\Startme.exe Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs () BootExecute: autocheck autochk * sdnclean64.exelsdelete ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x48D946F0E691CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\..\Interfaces\{19902E11-779E-4975-ACCA-397C9EC695E6}: [NameServer]141.30.207.2 FireFox: ======== FF ProfilePath: C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default FF NewTab: chrome://quick_start/content/index.html FF Homepage: about:home FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Xchange\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Xchange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.116.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\loswochos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\searchplugins\ecosia.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Unblock YouTube - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\ich@maltegoetz.de [2013-12-12] FF Extension: Forecastfox - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-10-09] FF Extension: Flashblock - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-05-25] FF Extension: DownloadHelper - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-06] FF Extension: SearchPreview - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2014-05-22] FF Extension: Ghostery - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\firefox@ghostery.com.xpi [2013-08-02] FF Extension: Quick Note - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\jid0-T01UQ5416mmgiAxnF7j8Iwzeffc@jetpack.xpi [2012-08-14] FF Extension: ScrollyFox - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\scrollyfox@shawfiresolutions.com.au.xpi [2013-04-21] FF Extension: Scroll to Top/Bottom - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\scroll_to_top-bottom@developer.bobdawg.org.xpi [2012-08-12] FF Extension: Status-4-Evar - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\status4evar@caligonstudios.com.xpi [2014-06-19] FF Extension: Scientific Calculator - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\ststusscicalc@sunny.xpi [2012-07-18] FF Extension: TinyURL Generator - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2014-01-13] FF Extension: Trafficanzeige - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\traffic@anzeige3.xpi [2013-01-21] FF Extension: YouTube to MP3 - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\youtube2mp3@mondayx.de.xpi [2011-06-30] FF Extension: Stop Autoplay - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}.xpi [2014-05-22] FF Extension: AniWeather - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2011-05-02] FF Extension: Multirow Bookmarks Toolbar Plus - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2012-07-23] FF Extension: SmoothWheel (mozdev.org) - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2011-05-02] FF Extension: Adblock Plus - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-24] FF Extension: Download Statusbar - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-04-24] FF Extension: DownThemAll! - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-04-24] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-08-14] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23] ==================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-07-23] (Advanced Micro Devices, Inc.) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG) R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed] R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION) R2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152720 2014-05-13] (Lavasoft Limited) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-07-13] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) ==================== Drivers (Whitelisted) ==================== S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.) R3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2014-05-13] () R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-10-28] (Lavasoft AB) S3 MAUSBFASTTRACKPRO; C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys [187912 2010-12-07] (Avid Technology, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 VaneFltr; C:\Windows\System32\drivers\Lachesis.sys [29952 2009-10-16] (Razer (Asia-Pacific) Pte Ltd) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-19 14:39 - 2014-06-19 14:39 - 00000000 ____D () C:\FRST 2014-06-19 14:38 - 2014-06-19 14:38 - 00000000 _____ () C:\Users\loswochos\defogger_reenable 2014-06-19 14:33 - 2014-06-19 14:39 - 00000000 ____D () C:\Users\loswochos\Downloads\trojaner board 2014-06-19 13:45 - 2014-06-19 13:45 - 27437354 _____ () C:\Users\loswochos\Downloads\torbrowser-install-3.6.2_de.exe 2014-06-19 10:02 - 2014-06-19 10:02 - 00000022 _____ () C:\Windows\S.dirmngr 2014-06-18 18:14 - 2014-06-18 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-18 09:17 - 2014-06-19 10:02 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) 2014-06-17 20:51 - 2014-06-18 09:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-06-17 20:11 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-17 20:11 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-17 20:11 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-17 20:11 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-17 20:11 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-17 20:11 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-17 20:11 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-17 20:11 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-17 20:11 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-17 20:11 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-17 20:11 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-17 20:11 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-17 20:11 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-17 20:11 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-17 20:11 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-17 20:11 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-17 20:11 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-17 20:11 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-17 20:11 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-17 20:11 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-17 20:11 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-17 20:11 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-17 20:11 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-17 20:11 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-17 20:11 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-17 20:11 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-17 20:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-17 20:11 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-17 20:11 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-17 20:11 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-17 20:11 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-17 20:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-17 20:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-17 20:11 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-17 20:11 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-17 20:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-17 20:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-17 20:10 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-17 20:10 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-17 20:10 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-17 20:10 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-17 20:10 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-17 20:10 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-17 20:10 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-17 20:10 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-17 20:10 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-17 20:10 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-17 20:10 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-17 20:10 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-17 20:10 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-17 20:10 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-17 20:10 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-17 20:10 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-17 20:10 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-17 20:10 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-17 20:10 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-17 20:10 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-17 20:10 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-17 20:10 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-17 20:10 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-17 20:10 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-17 20:10 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-17 20:10 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-17 20:10 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-17 20:10 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-17 20:10 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-10 22:50 - 2014-06-19 14:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-10 22:50 - 2014-06-10 22:50 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-10 22:50 - 2014-06-10 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-10 22:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-10 22:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-10 22:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-10 22:49 - 2014-06-10 22:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-10 22:44 - 2014-06-17 19:43 - 00002612 _____ () C:\Windows\PFRO.log 2014-06-10 22:42 - 2014-06-10 22:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\loswochos\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-10 13:48 - 2014-06-19 10:02 - 00000560 _____ () C:\Windows\setupact.log 2014-06-10 13:48 - 2014-06-10 13:48 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-10 13:28 - 2014-06-19 14:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-10 13:28 - 2014-06-10 13:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-06-10 13:22 - 2014-06-10 13:22 - 01057176 _____ (Adobe) C:\Users\loswochos\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe 2014-06-09 12:50 - 2014-06-09 12:56 - 00000000 ____D () C:\Users\loswochos\Desktop\dresktop 2014-06-07 20:07 - 2014-06-07 20:09 - 21903785 _____ () C:\Users\loswochos\Downloads\The Walking Dead 092.cbz 2014-06-07 20:07 - 2014-06-07 20:09 - 21866326 _____ () C:\Users\loswochos\Downloads\The Walking Dead 091.cbr 2014-06-07 20:06 - 2014-06-07 20:07 - 18796468 _____ () C:\Users\loswochos\Downloads\The Walking Dead 086.cbr 2014-06-07 20:06 - 2014-06-07 20:07 - 17863030 _____ () C:\Users\loswochos\Downloads\The Walking Dead 080.cbr 2014-06-07 20:06 - 2014-06-07 20:07 - 10376899 _____ () C:\Users\loswochos\Downloads\The Walking Dead 061.cbr 2014-06-07 20:05 - 2014-06-07 20:07 - 17669982 _____ () C:\Users\loswochos\Downloads\The Walking Dead 074.cbr 2014-06-07 18:03 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Local\calibre-cache 2014-06-07 18:02 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\calibre 2014-06-07 18:01 - 2014-06-07 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2014-06-07 18:01 - 2014-06-07 18:01 - 00000000 ____D () C:\Program Files\Calibre2 2014-06-07 17:56 - 2014-06-07 17:56 - 61444096 _____ () C:\Users\loswochos\Downloads\calibre-64bit-1.39.0.msi 2014-05-23 16:44 - 2014-05-23 16:44 - 00000000 ____D () C:\Users\loswochos\Documents\ProcAlyzer Dumps 2014-05-23 13:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-23 13:33 - 2014-06-11 04:13 - 00000000 ____D () C:\AdwCleaner 2014-05-22 23:22 - 2014-05-22 23:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\loswochos\Downloads\Stop Autoplay - CHIP-Downloader.exe 2014-05-22 23:22 - 2014-05-22 23:22 - 00041147 _____ () C:\Users\loswochos\Downloads\stop_autoplay-1.2.1-sm_fx.zip 2014-05-22 15:04 - 2014-06-06 18:10 - 00000000 ____D () C:\Users\loswochos\Desktop\Schreiben Jurk ==================== One Month Modified Files and Folders ======= 2014-06-19 14:39 - 2014-06-19 14:39 - 00000000 ____D () C:\FRST 2014-06-19 14:39 - 2014-06-19 14:33 - 00000000 ____D () C:\Users\loswochos\Downloads\trojaner board 2014-06-19 14:38 - 2014-06-19 14:38 - 00000000 _____ () C:\Users\loswochos\defogger_reenable 2014-06-19 14:38 - 2011-04-23 15:43 - 00000000 ____D () C:\Users\loswochos 2014-06-19 14:31 - 2014-06-10 22:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-19 14:23 - 2014-06-10 13:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-19 13:47 - 2012-11-10 13:58 - 00000000 ____D () C:\Users\loswochos\Downloads\Tor Browser 2014-06-19 13:45 - 2014-06-19 13:45 - 27437354 _____ () C:\Users\loswochos\Downloads\torbrowser-install-3.6.2_de.exe 2014-06-19 11:39 - 2011-04-23 15:43 - 01706396 _____ () C:\Windows\WindowsUpdate.log 2014-06-19 10:36 - 2012-12-31 13:06 - 00000000 ____D () C:\Users\loswochos\AppData\Local\PMB Files 2014-06-19 10:10 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-19 10:10 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-19 10:06 - 2014-05-03 11:37 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\DropboxMaster 2014-06-19 10:06 - 2012-08-30 17:27 - 00000000 ___RD () C:\Users\loswochos\Dropbox 2014-06-19 10:06 - 2012-08-30 17:17 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\Dropbox 2014-06-19 10:02 - 2014-06-19 10:02 - 00000022 _____ () C:\Windows\S.dirmngr 2014-06-19 10:02 - 2014-06-18 09:17 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) 2014-06-19 10:02 - 2014-06-10 13:48 - 00000560 _____ () C:\Windows\setupact.log 2014-06-19 10:02 - 2014-05-14 10:42 - 00011158 _____ () C:\aaw7boot.log 2014-06-19 10:02 - 2012-05-14 16:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-19 10:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-18 19:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-06-18 18:14 - 2014-06-18 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-18 09:26 - 2014-06-17 20:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-06-18 00:54 - 2013-08-26 03:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-18 00:51 - 2011-04-23 17:09 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-18 00:50 - 2011-04-23 16:12 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-18 00:48 - 2014-04-23 19:09 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-17 20:05 - 2014-05-16 12:02 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat 2014-06-17 20:05 - 2014-05-16 12:02 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat 2014-06-17 19:43 - 2014-06-10 22:44 - 00002612 _____ () C:\Windows\PFRO.log 2014-06-11 04:15 - 2011-07-30 12:54 - 00000000 ____D () C:\Windows\64F6748976BB4CDDA236F954BE774B35.TMP 2014-06-11 04:13 - 2014-05-23 13:33 - 00000000 ____D () C:\AdwCleaner 2014-06-10 23:10 - 2014-05-13 01:57 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\KeePass 2014-06-10 22:50 - 2014-06-10 22:50 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-10 22:50 - 2014-06-10 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-10 22:50 - 2014-06-10 22:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-10 22:48 - 2014-06-10 22:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\loswochos\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-10 22:16 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2014-06-10 22:16 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2014-06-10 22:16 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-10 16:46 - 2011-04-26 13:01 - 00000000 ___RD () C:\Users\loswochos\Desktop\Programme 2014-06-10 13:48 - 2014-06-10 13:48 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-10 13:43 - 2012-04-21 14:33 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-06-10 13:28 - 2014-06-10 13:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-06-10 13:28 - 2012-05-13 20:18 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-06-10 13:28 - 2011-05-28 11:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-10 13:22 - 2014-06-10 13:22 - 01057176 _____ (Adobe) C:\Users\loswochos\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe 2014-06-09 14:54 - 2013-11-08 02:07 - 00000000 ____D () C:\Users\loswochos\AppData\Local\Arma 3 2014-06-09 12:56 - 2014-06-09 12:50 - 00000000 ____D () C:\Users\loswochos\Desktop\dresktop 2014-06-09 00:02 - 2011-06-07 22:41 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\vlc 2014-06-08 11:13 - 2014-06-17 20:10 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-08 11:08 - 2014-06-17 20:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-07 20:09 - 2014-06-07 20:07 - 21903785 _____ () C:\Users\loswochos\Downloads\The Walking Dead 092.cbz 2014-06-07 20:09 - 2014-06-07 20:07 - 21866326 _____ () C:\Users\loswochos\Downloads\The Walking Dead 091.cbr 2014-06-07 20:07 - 2014-06-07 20:06 - 18796468 _____ () C:\Users\loswochos\Downloads\The Walking Dead 086.cbr 2014-06-07 20:07 - 2014-06-07 20:06 - 17863030 _____ () C:\Users\loswochos\Downloads\The Walking Dead 080.cbr 2014-06-07 20:07 - 2014-06-07 20:06 - 10376899 _____ () C:\Users\loswochos\Downloads\The Walking Dead 061.cbr 2014-06-07 20:07 - 2014-06-07 20:05 - 17669982 _____ () C:\Users\loswochos\Downloads\The Walking Dead 074.cbr 2014-06-07 18:03 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Local\calibre-cache 2014-06-07 18:03 - 2014-06-07 18:02 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\calibre 2014-06-07 18:02 - 2014-06-07 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2014-06-07 18:01 - 2014-06-07 18:01 - 00000000 ____D () C:\Program Files\Calibre2 2014-06-07 17:56 - 2014-06-07 17:56 - 61444096 _____ () C:\Users\loswochos\Downloads\calibre-64bit-1.39.0.msi 2014-06-06 18:10 - 2014-05-22 15:04 - 00000000 ____D () C:\Users\loswochos\Desktop\Schreiben Jurk 2014-05-30 16:58 - 2011-09-29 18:30 - 00000000 ____D () C:\ProgramData\Origin 2014-05-30 16:57 - 2011-09-29 18:30 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-05-30 12:21 - 2014-06-17 20:10 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-30 12:02 - 2014-06-17 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-30 12:02 - 2014-06-17 20:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-05-30 11:45 - 2014-06-17 20:10 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-30 11:39 - 2014-06-17 20:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-30 11:39 - 2014-06-17 20:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-05-30 11:38 - 2014-06-17 20:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-05-30 11:28 - 2014-06-17 20:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-30 11:27 - 2014-06-17 20:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-05-30 11:24 - 2014-06-17 20:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-30 11:21 - 2014-06-17 20:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-05-30 11:21 - 2014-06-17 20:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-30 11:20 - 2014-06-17 20:10 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-05-30 11:18 - 2014-06-17 20:11 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-30 11:11 - 2014-06-17 20:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-05-30 11:08 - 2014-06-17 20:10 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-30 11:06 - 2014-06-17 20:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-30 11:02 - 2014-06-17 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-30 10:55 - 2014-06-17 20:11 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-05-30 10:49 - 2014-06-17 20:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-05-30 10:46 - 2014-06-17 20:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-30 10:44 - 2014-06-17 20:10 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-05-30 10:44 - 2014-06-17 20:10 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-30 10:43 - 2014-06-17 20:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-05-30 10:42 - 2014-06-17 20:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-05-30 10:38 - 2014-06-17 20:11 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-05-30 10:35 - 2014-06-17 20:10 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-05-30 10:34 - 2014-06-17 20:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-05-30 10:33 - 2014-06-17 20:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-05-30 10:30 - 2014-06-17 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-05-30 10:29 - 2014-06-17 20:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-30 10:28 - 2014-06-17 20:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-05-30 10:27 - 2014-06-17 20:11 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-05-30 10:24 - 2014-06-17 20:10 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-05-30 10:23 - 2014-06-17 20:10 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-30 10:16 - 2014-06-17 20:11 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-05-30 10:10 - 2014-06-17 20:11 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-05-30 10:06 - 2014-06-17 20:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-05-30 10:04 - 2014-06-17 20:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-30 10:02 - 2014-06-17 20:11 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-05-30 09:56 - 2014-06-17 20:10 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-05-30 09:56 - 2014-06-17 20:10 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-30 09:54 - 2014-06-17 20:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-05-30 09:50 - 2014-06-17 20:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-05-30 09:49 - 2014-06-17 20:11 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-05-30 09:43 - 2014-06-17 20:10 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-30 09:40 - 2014-06-17 20:11 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-05-30 09:30 - 2014-06-17 20:11 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-30 09:21 - 2014-06-17 20:10 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-05-30 09:15 - 2014-06-17 20:11 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-05-30 09:13 - 2014-06-17 20:10 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-05-30 09:13 - 2014-06-17 20:10 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-05-28 12:17 - 2012-08-30 17:22 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-23 16:44 - 2014-05-23 16:44 - 00000000 ____D () C:\Users\loswochos\Documents\ProcAlyzer Dumps 2014-05-23 16:44 - 2014-01-19 23:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-23 14:27 - 2011-04-24 12:07 - 00001021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-23 14:27 - 2011-04-23 15:45 - 00001003 _____ () C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-22 23:22 - 2014-05-22 23:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\loswochos\Downloads\Stop Autoplay - CHIP-Downloader.exe 2014-05-22 23:22 - 2014-05-22 23:22 - 00041147 _____ () C:\Users\loswochos\Downloads\stop_autoplay-1.2.1-sm_fx.zip 2014-05-22 21:11 - 2014-05-13 21:20 - 00004894 _____ () C:\Users\loswochos\Documents\NeueDatenbank.kdbx 2014-05-22 13:12 - 2014-01-20 00:07 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-05-22 13:12 - 2014-01-20 00:07 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys Some content of TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\avgnt.exe C:\Users\loswochos\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1koyzf.dll C:\Users\loswochos\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-18 19:00 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2014
Ran by loswochos at 2014-06-19 14:40:52
Running from C:\Users\loswochos\Downloads\trojaner board
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Lavasoft Ad-Watch Live! Anti-Virus (Enabled - Up to date) {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Lavasoft Ad-Watch Live! (Enabled - Up to date) {24938260-56EE-C1E5-047B-DC2BDD234BAB}
==================== Installed Programs ======================
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Activision(R) (x32 Version: 1.00.0000 - Activision) Hidden
Ad-Aware (HKLM-x32\...\{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}) (Version: 9.6.0 - Lavasoft Limited)
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.63 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Alien Swarm (HKLM-x32\...\Steam App 630) (Version: - Valve)
AMD Accelerated Video Transcoding (Version: 13.20.100.30723 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0723.1944.33607 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{E9897E08-46FA-A07E-B332-1515AAB356F4}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0723.1944.33607 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.80723.2017 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.13 - Advanced Micro Devices, Inc.) Hidden
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
ARMA 2 Operation Arrowhead Uninstall (HKLM-x32\...\ARMA 2 Operation Arrowhead) (Version: - )
ArmA 2 Uninstall (HKLM-x32\...\ArmA 2) (Version: - )
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Assassin's Creed Revelations (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.00 - Ubisoft)
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.672 - Avira)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AxCrypt 1.7.2867.0 (HKLM\...\{C8118019-96B5-42FB-9A45-5D82D1CB62EE}) (Version: 1.7.2867.0 - Axantum Software AB)
Battlefield 3™ (HKLM-x32\...\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}) (Version: 1.5.0.0 - Electronic Arts)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
BattlEye Uninstall (HKLM-x32\...\BattlEye) (Version: - )
BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30265 - BitTorrent Inc.)
Borderlands (HKLM-x32\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
calibre 64bit (HKLM\...\{8CDE6A53-B721-407E-B59B-9E9E9605BF23}) (Version: 1.39.0 - Kovid Goyal)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0723.1944.33607 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0723.1944.33607 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0723.1944.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0723.1944.33607 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2523 - CDBurnerXP)
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version: - )
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version: - Relic Entertainment)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.0.34 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Druckerdeinstallation für EPSON SX235 Series (HKLM\...\EPSON SX235 Series) (Version: - SEIKO EPSON Corporation)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Edna and Harvey - The Breakout (HKLM-x32\...\Edna and Harvey - The Breakout) (Version: 1.0 - Lace Mamba)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly)
Epson Easy Photo Print 2 (HKLM-x32\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.0) (Version: 0.70.0 - ESN Social Software AB)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
FarCry 3 Version 1.01 (HKLM-x32\...\{DBEFF20C-6386-4AF7-A5D4-C0B48C10A9C7}_is1) (Version: 1.01 - Ubisoft)
Free YouTube Download 3 version 3.0.12.804 (HKLM-x32\...\Free YouTube Download 3_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.0.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.3 - Ellora Assets Corporation)
GIGA F-Tasten v6.0 (HKLM-x32\...\GIGA F-Tasten_is1) (Version: - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 1.4.14 - Free Software Foundation)
Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project)
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0002.135 - Rockstar Games Inc.) Hidden
Guitar Pro 5.0 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - )
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.240 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
Kurso de Esperanto 4 (HKLM-x32\...\{021F206C-3243-420E-9F0B-82639583E425}_is1) (Version: 4.0.2 - Esperanto)
Lexicon Lambda Driver (HKCU\...\Lexicon Lambda Driver) (Version: - Lexicon)
Lexicon Lambda Driver (Version: 2.6 - Lexicon) Hidden
Lexicon Pantheon VST Plug-in (remove only) (HKLM-x32\...\LexiconStudio) (Version: - )
Live 8.0.1 (HKLM-x32\...\Live 8.0.1) (Version: - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Max Payne 3 (HKLM-x32\...\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}) (Version: 1.0.0.0 - Rockstar Games)
Men of War Gold Edition (Nur entfernen) (HKLM-x32\...\{3F987BF0-061B-4395-9F6D-0E7C9E4F7107}_is1) (Version: 1.0 - 1C Company)
Men of War: Vietnam (Remove Only) (HKLM-x32\...\{C9935C7E-ED44-427D-B8DF-39E2ACF1AA6A}_is1) (Version: 1.0.0.0 - 1C Company)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MP3-Tag-Editor 3.14.0 (HKLM-x32\...\{DB363BBA-6375-4306-85F9-528CD666FC30}) (Version: 3.14.0 - Gisbert Müller)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
Netzwerkhandbuch EPSON SX235 Series (HKLM-x32\...\EPSON SX235 Series Netg) (Version: - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.3 - Frank Heindörfer, Philip Chinery)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.195.0 - Tracker Software Products Ltd.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Simple Shutdown Timer (HKLM-x32\...\Simple Shutdown Timer1.1.2) (Version: 1.1.2 - PcWinTech.com)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steinberg Cubase LE 5 (HKLM-x32\...\{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}) (Version: 5.1.2 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Essential Set (HKLM-x32\...\{C04D5974-F528-4347-A494-EAF56124CC1A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Stranded II 1.0.0.1 (HKLM-x32\...\{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1) (Version: - Unreal Software)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.11 - TeamSpeak Systems GmbH)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Walking Dead (c) 3 version 1 (HKLM-x32\...\The Walking Dead (c) 3_is1) (Version: 1 - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UltraISO Premium V9.12 (HKLM-x32\...\UltraISO_is1) (Version: - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Universal Document Converter (Demo) (HKLM-x32\...\Universal Document Converter_is1) (Version: 5.6 - fCoder Group, Inc.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
XMedia Recode Version 3.1.2.0 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.2.0 - XMedia Recode)
X-Men Origins - Wolverine(TM) (HKLM-x32\...\InstallShield_{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}) (Version: 1.00.0000 - Activision)
==================== Restore Points =========================
31-05-2014 12:51:17 Geplanter Prüfpunkt
07-06-2014 16:00:38 Installed calibre 64bit
17-06-2014 22:47:00 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {06065DC8-3DD7-41DD-850D-BE3D1DA605C4} - System32\Tasks\{B413FDC4-2F34-4DA4-8F3F-AEB4AC081943} => I:\Games\WWP\wwp.exe
Task: {31A45A06-6897-474E-95E8-4F6E63E17988} - System32\Tasks\{8AAAD577-3110-4550-AE86-D9646726F488} => I:\games\Mechwarrior Vengeance\MW4Mercs.exe
Task: {52376F33-A190-44F4-8C48-54B0DC97210B} - System32\Tasks\{DA438B20-1B6B-4171-86DD-398B4943E532} => I:\games\Revenant\Revenant.exe
Task: {84B36F51-C141-4343-ADD0-BB5B9588DCDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-10] (Adobe Systems Incorporated)
Task: {87EA503F-C81E-48A8-AF42-EBEBC239CB35} - System32\Tasks\{1B27E28A-77C8-4FE9-ADEE-3FEC06528FC2} => G:\Games\OfficialCnCTiberianSun\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\SUN.EXE
Task: {8949A456-63DA-4B1A-991F-37B173F3C1E5} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-28] (Lavasoft Limited )
Task: {8C38B476-60E3-4695-80FA-252C69E70219} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {A0E63F2F-55DA-4E0E-9B1A-C4C04BB090D1} - System32\Tasks\{77159BE7-39FD-469C-B44E-F7EADDAD1A49} => I:\Games\WWP\wwp.exe
Task: {BB405834-E3F3-4926-9B16-ADC1DD73FA30} - System32\Tasks\{64298624-06EB-42DE-A453-C3B6A2286079} => I:\Games\WWP\wwp.exe
Task: {C1BA488A-77B9-4997-84D0-EFF9E8D0C9F1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {DAB1EE6F-C263-4D8C-98CC-35D35B2DB838} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {DCD727BA-3FD9-43DD-8606-773C663B8773} - System32\Tasks\{5AA4A00F-FCEE-41F8-A0B6-81F85A08388A} => I:\games\Mechwarrior Vengeance\MW4Mercs.exe
Task: {E2863477-DC5A-427F-908B-5D79DEDEFD8C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {F2A8B2A8-582A-47B6-BDC0-98B22AC1CE83} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2942367688-666253811-2896108010-1001
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-10-07 16:54 - 2013-10-07 16:54 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2011-07-14 19:04 - 2012-07-13 14:41 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-04-23 19:43 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-07-23 19:47 - 2013-07-23 19:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-22 17:50 - 2012-08-19 06:03 - 00069120 _____ () C:\Users\loswochos\Downloads\Miranda\zlib.dll
2012-08-22 17:50 - 2012-08-19 06:06 - 00033792 _____ () C:\Users\loswochos\Downloads\Miranda\Plugins\dbx_mmap.dll
2012-08-22 17:50 - 2012-08-19 06:08 - 00064512 _____ () C:\Users\loswochos\Downloads\Miranda\Plugins\clist_classic.dll
2012-08-22 17:50 - 2012-08-19 06:07 - 00251904 _____ () C:\Users\loswochos\Downloads\Miranda\Plugins\chat.dll
2012-08-22 17:50 - 2012-08-19 06:07 - 00427008 _____ () C:\Users\loswochos\Downloads\Miranda\Plugins\icq.dll
2012-08-22 17:50 - 2012-08-19 06:03 - 00402944 _____ () C:\Users\loswochos\Downloads\Miranda\Plugins\irc.dll
2012-08-22 17:50 - 2012-08-19 06:08 - 00093184 _____ () C:\Users\loswochos\Downloads\Miranda\Plugins\srmm.dll
2014-06-19 14:33 - 2014-06-19 14:33 - 00050477 _____ () C:\Users\loswochos\Downloads\trojaner board\Defogger.exe
2011-10-28 19:35 - 2011-10-28 19:35 - 00591232 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\RPAPI.dll
2011-10-28 19:35 - 2011-10-28 19:35 - 00430568 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\viprebridge.dll
2011-10-28 19:35 - 2011-10-28 19:35 - 00308560 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\Vipre.dll
2014-05-13 02:07 - 2014-06-03 11:01 - 00190752 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
2014-05-13 02:07 - 2014-06-03 11:01 - 00178464 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
2014-05-13 02:06 - 2014-05-13 02:06 - 00508776 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\thorax.aaw
2013-10-07 16:49 - 2013-10-07 16:49 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-10-07 16:47 - 2013-10-07 16:47 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-10-07 16:44 - 2013-10-07 16:44 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2014-01-19 23:09 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-19 23:09 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-19 23:09 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-19 23:09 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-19 23:09 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-06-19 10:06 - 2014-06-19 10:06 - 00043008 _____ () C:\Users\loswochos\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1koyzf.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\loswochos\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-18 18:14 - 2014-06-18 18:14 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-10 13:28 - 2014-06-10 13:28 - 17024688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EPSON Stylus DX4000 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBEE.EXE /FU "C:\Windows\TEMP\E_SD2CD.tmp" /EF "HKCU"
MSCONFIG\startupreg: EPSON SX235 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /FU "C:\Users\LOSWOC~1\AppData\Local\Temp\E_S78E6.tmp" /EF "HKCU"
MSCONFIG\startupreg: Lachesis => C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
MSCONFIG\startupreg: Sony Ericsson PC Companion => "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\loswochos\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "G:\Games\The Elder Scrolls Skyrim\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
Name: AODDriver4.2
Description: AODDriver4.2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/17/2014 08:05:22 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.
Error: (06/17/2014 07:48:40 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Unhandled Exception
Error: (06/10/2014 01:55:52 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.
Error: (06/09/2014 04:03:12 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.
Error: (06/09/2014 03:59:22 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Assertion failed: (m_state == _SDKState::NotInitialized || m_state == _SDKState::InitializingEngine || m_state == _SDKState::Finished || m_state == _SDKState::NoDefsAvailable || m_state == _SDKState::Idle) in .\SDKController.cpp:1058
Error: (06/08/2014 11:21:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: runonce.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce797ce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x029530d0
ID des fehlerhaften Prozesses: 0xa7c
Startzeit der fehlerhaften Anwendung: 0xrunonce.exe0
Pfad der fehlerhaften Anwendung: runonce.exe1
Pfad des fehlerhaften Moduls: runonce.exe2
Berichtskennung: runonce.exe3
Error: (06/06/2014 00:11:44 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.
Error: (06/03/2014 01:56:28 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.
Error: (05/31/2014 01:39:02 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.
Error: (05/28/2014 00:22:50 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.
System errors:
=============
Error: (06/19/2014 10:02:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/18/2014 04:44:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/18/2014 09:23:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/18/2014 09:21:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/18/2014 09:19:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Diagnosesystemhost" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1115
Error: (06/18/2014 09:19:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet:
%%1747
Error: (06/18/2014 09:19:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/18/2014 09:19:55 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WinHttpAutoProxySvc" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (06/18/2014 09:19:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/18/2014 09:19:55 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WinHttpAutoProxySvc" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Microsoft Office Sessions:
=========================
Error: (06/17/2014 08:05:22 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.
Error: (06/17/2014 07:48:40 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Unhandled Exception
Error: (06/10/2014 01:55:52 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.
Error: (06/09/2014 04:03:12 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.
Error: (06/09/2014 03:59:22 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Assertion failed: (m_state == _SDKState::NotInitialized || m_state == _SDKState::InitializingEngine || m_state == _SDKState::Finished || m_state == _SDKState::NoDefsAvailable || m_state == _SDKState::Idle) in .\SDKController.cpp:1058
Error: (06/08/2014 11:21:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: runonce.exe6.1.7601.175144ce797ceunknown0.0.0.000000000c0000005029530d0a7c01cf835f95a359a0C:\Windows\SysWOW64\runonce.exeunknowne08b2920-ef52-11e3-a49e-665544336040
Error: (06/06/2014 00:11:44 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.
Error: (06/03/2014 01:56:28 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.
Error: (05/31/2014 01:39:02 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.
Error: (05/28/2014 00:22:50 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.
==================== Memory info ===========================
Percentage of memory in use: 55%
Total physical RAM: 4095.24 MB
Available physical RAM: 1826.75 MB
Total Pagefile: 8188.66 MB
Available Pagefile: 5176.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:153.38 GB) (Free:18.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (EMPIRE_DISC2) (CDROM) (Total:5.54 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 153 GB) (Disk ID: CB4ACB4A)
Partition 1: (Active) - (Size=153 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:38 on 19/06/2014 (loswochos)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-06-19 15:02:47 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-6 ExcelStor_Technology_J8160S rev.P22OA50U 153,39GB Running: Gmer-19357.exe; Driver: C:\Users\LOSWOC~1\AppData\Local\Temp\uwtdyuoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033ef000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800033ef02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000763f1465 2 bytes [3F, 76] .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763f14bb 2 bytes [3F, 76] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[1832] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000729b1a22 2 bytes [9B, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1832] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000729b1ad0 2 bytes [9B, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1832] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000729b1b08 2 bytes [9B, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1832] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000729b1bba 2 bytes [9B, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1832] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000729b1bda 2 bytes [9B, 72] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000763f1465 2 bytes [3F, 76] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763f14bb 2 bytes [3F, 76] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [1260] entry point in ".rdata" section 00000000748471e6 .text C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe[4004] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000763f1465 2 bytes [3F, 76] .text C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe[4004] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000763f14bb 2 bytes [3F, 76] .text ... * 2 .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000763f1465 2 bytes [3F, 76] .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763f14bb 2 bytes [3F, 76] .text ... * 2 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3100] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000763f1465 2 bytes [3F, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3100] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000763f14bb 2 bytes [3F, 76] .text ... * 2 ---- Processes - GMER 2.1 ---- Library C:\Users\loswochos\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe [4004](2014-01-03 01:09:26) 00000000040b0000 Library c:\users\loswoc~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1koyzf.dll (*** suspicious ***) @ C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe [4004](2014-06-19 08:06:02) 0000000003240000 Library C:\Users\loswochos\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe [4004](2013-08-23 19:01:44) 0000000069200000 Library C:\Users\loswochos\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe [4004] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 000000006cee0000 ---- EOF - GMER 2.1 ---- Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 18/06/2014 Scan Time: 19:50:54 Logfile: mbmt.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.18.07 Rootkit Database: v2014.06.02.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: loswochos Scan Type: Threat Scan Result: Completed Objects Scanned: 306261 Time Elapsed: 18 min, 22 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) |
|
19.06.2014, 14:20
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Antivir durch Gruppenrichtlinie blockiert Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean  bekommst.Los geht's: Schritt 1   Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
Schritt 2  Panda USB Vaccine Bitte lade Dir von hier Panda USB Vaccine herunter.
Stecke Deinen USB-Stick an und lasse ihn angesteckt. Schritt 3 Scan mit Combofix
__________________ |
|
19.06.2014, 20:21
| #3 |
| | Antivir durch Gruppenrichtlinie blockiert Hallo Jürgen,
__________________erstmal Vielen Dank für die schnelle Antwort und deine Zeit. Also ich hoffe ich habe alles richtig befolgt, soweit hat glaube ich auch alles so geklappt, allerdings als ich den Combofix Scan laufen lassen habe, hat er sich beschwert, dass Avira und Spybot noch laufen würden. Soweit ich das aber überblicken konnte lief Avira nicht,das ist ja eigentlich genau mein Problem. Spybot habe ich vorher noch beendet gehabt. Scan lief trotzdem durch. Ich poste mal die Logfiles: Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2014
Ran by loswochos at 2014-06-19 15:39:28 Run:1
Running from C:\Users\loswochos\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
*****************
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
==== End of Fixlog ====
Code:
ATTFilter ComboFix 14-06-19.01 - loswochos 19/06/2014 15:50:39.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4095.1764 [GMT 2:00]
ausgeführt von:: c:\users\loswochos\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\SysWow64\tmp55F3.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-05-19 bis 2014-06-19 ))))))))))))))))))))))))))))))
.
.
2014-06-19 14:04 . 2014-06-19 14:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-19 14:04 . 2014-06-19 14:04 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-06-19 13:41 . 2014-06-19 13:41 -------- d-----w- c:\programdata\Panda Security
2014-06-19 13:41 . 2014-06-19 13:41 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2014-06-19 12:39 . 2014-06-19 13:39 -------- d-----w- C:\FRST
2014-06-17 18:51 . 2014-06-18 07:26 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2014-06-17 18:10 . 2014-05-30 09:39 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-06-10 20:50 . 2014-06-19 13:37 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-10 20:50 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-10 20:50 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-10 20:50 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-10 20:49 . 2014-06-10 20:50 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-06-10 20:49 . 2014-06-10 20:49 -------- d-----w- c:\programdata\Malwarebytes
2014-06-07 16:03 . 2014-06-07 16:03 -------- d-----w- c:\users\loswochos\AppData\Local\calibre-cache
2014-06-07 16:02 . 2014-06-07 16:03 -------- d-----w- c:\users\loswochos\AppData\Roaming\calibre
2014-06-07 16:01 . 2014-06-07 16:01 -------- d-----w- c:\program files\Calibre2
2014-06-06 14:58 . 2013-12-06 18:01 389290 --sha-w- c:\users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs
2014-05-23 11:34 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-23 11:33 . 2014-06-11 02:13 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-17 22:51 . 2011-04-23 15:09 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-06-10 11:28 . 2012-05-13 18:18 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-10 11:28 . 2011-05-28 09:42 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-22 11:12 . 2014-01-19 22:07 130584 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-05-22 11:12 . 2014-01-19 22:07 112080 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-05-13 00:08 . 2014-05-13 00:08 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2014-05-13 00:07 . 2014-05-13 00:15 16432 ----a-w- c:\windows\system32\lsdelete.exe
2014-05-12 22:23 . 2014-05-12 22:23 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2014-04-15 00:34 . 2014-04-15 00:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-04-14 18:13 . 2014-04-17 20:05 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22 . 2014-05-15 09:49 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-15 09:49 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-15 09:49 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-15 09:49 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-15 09:49 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-15 09:49 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-15 09:49 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-15 09:49 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-15 09:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-03-25 02:43 . 2014-05-15 09:50 14175744 ----a-w- c:\windows\system32\shell32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\loswochos\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\loswochos\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\loswochos\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\loswochos\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-31 3093624]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"java ska"="wscript.exe" [2013-10-12 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-07-23 766208]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-05-22 737872]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2014-04-13 2099200]
.
c:\users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
java ska.vbs [2013-12-6 389290]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
3;3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
3;3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
3;4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioFastTrackPro.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys;c:\windows\SYSNATIVE\drivers\Lachesis.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - UWTDYUOC
*Deregistered* - uwtdyuoc
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 11:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\loswochos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\loswochos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\loswochos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\loswochos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\loswochos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\loswochos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{19902E11-779E-4975-ACCA-397C9EC695E6}: NameServer = 141.30.207.2
FF - ProfilePath - c:\users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2013-01-13 23:11; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Wow6432Node-HKCU-Run-OdjuHlomo - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-ArmA 2 - g:\games\Bohemia Interactive\UnInstall.exe
AddRemove-ARMA 2 Operation Arrowhead - g:\games\Bohemia Interactive\UnInstall_OA.exe
AddRemove-BattlEye - i:\games\Bohemia Interactive\ArmA 2 Operation ArrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-BattlEye for OA - g:\games\Bohemia Interactive\Expansion\BattlEye\UnInstallBE.exe
AddRemove-Edna and Harvey - The Breakout - g:\games\Edna and Harvey - The Breakout\uninstall.exe
AddRemove-Live 8.0.1 - g:\ableto~1.1\Install\UNWISE.EXE
AddRemove-The Walking Dead (c) 3_is1 - g:\games\The Walking Dead\unins000.exe
AddRemove-{3F987BF0-061B-4395-9F6D-0E7C9E4F7107}_is1 - g:\games\Men of War Gold Edition\unins000.exe
AddRemove-{C9935C7E-ED44-427D-B8DF-39E2ACF1AA6A}_is1 - g:\games\Men of War Vietnam\unins000.exe
AddRemove-{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1 - g:\games\Stranded II\unins000.exe
AddRemove-{DBEFF20C-6386-4AF7-A5D4-C0B48C10A9C7}_is1 - g:\games\FarCry 3\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2942367688-666253811-2896108010-1001\Software\SecuROM\License information*]
"datasecu"=hex:0f,1a,97,07,69,3e,1d,df,21,5e,4f,fc,05,21,b6,07,62,85,1a,c1,4b,
0e,fa,51,d2,0b,32,6d,82,4e,e6,e8,7f,b2,5b,95,e1,c7,70,45,3e,29,fe,08,41,97,\
"rkeysecu"=hex:d1,4d,ad,08,b8,d2,b6,67,6a,8c,53,6a,0e,da,f9,06
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-19 16:09:31
ComboFix-quarantined-files.txt 2014-06-19 14:09
.
Vor Suchlauf: 12 Verzeichnis(se), 19.319.828.480 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 19.107.631.104 Bytes frei
.
- - End Of File - - CB01860203464DB9AA5D4474DA4154FB
A36C5E4F47E84449FF07ED3517B43A31
|
|
19.06.2014, 20:27
| #4 |
| /// TB-Ausbilder /// Anleitungs-Guru | Antivir durch Gruppenrichtlinie blockiert Ok, mach bitte mal einen frischen Scan mit FRST....
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
19.06.2014, 20:47
| #5 |
| | Antivir durch Gruppenrichtlinie blockiert Alles klar , hab ich gemacht, Hier wieder das Log: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by loswochos (administrator) on LOSWOCHOS-PC on 19-06-2014 21:44:31
Running from C:\Users\loswochos\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(fCoder Group, Inc.) C:\Windows\System32\spool\drivers\x64\3\udceng.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-07-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-31] ()
HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\Run: [java ska] => wscript.exe //B "C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs" <===== ATTENTION
Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs ()
BootExecute: autocheck autochk * sdnclean64.exelsdelete
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x48D946F0E691CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\..\Interfaces\{19902E11-779E-4975-ACCA-397C9EC695E6}: [NameServer]141.30.207.2
FireFox:
========
FF ProfilePath: C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Xchange\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Xchange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.116.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\loswochos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\ich@maltegoetz.de [2013-12-12]
FF Extension: Forecastfox - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-10-09]
FF Extension: Flashblock - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-05-25]
FF Extension: DownloadHelper - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-06]
FF Extension: SearchPreview - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2014-05-22]
FF Extension: Ghostery - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\firefox@ghostery.com.xpi [2013-08-02]
FF Extension: Quick Note - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\jid0-T01UQ5416mmgiAxnF7j8Iwzeffc@jetpack.xpi [2012-08-14]
FF Extension: ScrollyFox - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\scrollyfox@shawfiresolutions.com.au.xpi [2013-04-21]
FF Extension: Scroll to Top/Bottom - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\scroll_to_top-bottom@developer.bobdawg.org.xpi [2012-08-12]
FF Extension: Status-4-Evar - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\status4evar@caligonstudios.com.xpi [2014-06-19]
FF Extension: Scientific Calculator - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\ststusscicalc@sunny.xpi [2012-07-18]
FF Extension: TinyURL Generator - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2014-01-13]
FF Extension: Trafficanzeige - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\traffic@anzeige3.xpi [2013-01-21]
FF Extension: YouTube to MP3 - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\youtube2mp3@mondayx.de.xpi [2011-06-30]
FF Extension: Stop Autoplay - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}.xpi [2014-05-22]
FF Extension: AniWeather - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2011-05-02]
FF Extension: Multirow Bookmarks Toolbar Plus - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2012-07-23]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2011-05-02]
FF Extension: Adblock Plus - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-24]
FF Extension: Download Statusbar - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-04-24]
FF Extension: DownThemAll! - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-04-24]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-08-14]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]
==================== Services (Whitelisted) =================
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-07-23] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
S2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
S2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
S2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152720 2014-05-13] (Lavasoft Limited)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-07-13] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.)
U3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2014-05-13] ()
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-10-28] (Lavasoft AB)
S3 MAUSBFASTTRACKPRO; C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys [187912 2010-12-07] (Avid Technology, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
U4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-19] (Malwarebytes Corporation)
U3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 VaneFltr; C:\Windows\System32\drivers\Lachesis.sys [29952 2009-10-16] (Razer (Asia-Pacific) Pte Ltd)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 uwtdyuoc; \??\C:\Users\LOSWOC~1\AppData\Local\Temp\uwtdyuoc.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-19 16:09 - 2014-06-19 16:09 - 00021776 _____ () C:\ComboFix.txt
2014-06-19 15:47 - 2014-06-19 16:09 - 00000000 ____D () C:\ComboFix
2014-06-19 15:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-19 15:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-19 15:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-19 15:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-19 15:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-19 15:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-19 15:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-19 15:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-19 15:45 - 2014-06-19 16:09 - 00000000 ____D () C:\Qoobox
2014-06-19 15:44 - 2014-06-19 16:06 - 00000000 ____D () C:\Windows\erdnt
2014-06-19 15:43 - 2014-06-19 15:43 - 05207168 ____R (Swearware) C:\Users\loswochos\Desktop\ComboFix.exe
2014-06-19 15:41 - 2014-06-19 15:41 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Panda Security
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-06-19 15:40 - 2014-06-19 15:40 - 00848856 _____ (Panda Security ) C:\Users\loswochos\Desktop\USBVaccineSetup.exe
2014-06-19 15:05 - 2014-06-19 15:05 - 00001059 _____ () C:\Users\loswochos\Desktop\mbmt.txt
2014-06-19 15:02 - 2014-06-19 15:02 - 00007426 _____ () C:\Users\loswochos\Desktop\Gmer.txt
2014-06-19 14:40 - 2014-06-19 14:42 - 00045731 _____ () C:\Users\loswochos\Desktop\Addition.txt
2014-06-19 14:39 - 2014-06-19 21:44 - 00019210 _____ () C:\Users\loswochos\Desktop\FRST.txt
2014-06-19 14:39 - 2014-06-19 21:44 - 00000000 ____D () C:\FRST
2014-06-19 14:38 - 2014-06-19 14:38 - 00000480 _____ () C:\Users\loswochos\Desktop\defogger_disable.log
2014-06-19 14:38 - 2014-06-19 14:38 - 00000000 _____ () C:\Users\loswochos\defogger_reenable
2014-06-19 14:33 - 2014-06-19 15:37 - 00000000 ____D () C:\Users\loswochos\Downloads\trojaner board
2014-06-19 14:33 - 2014-06-19 14:33 - 02082304 _____ (Farbar) C:\Users\loswochos\Desktop\FRST64.exe
2014-06-19 14:33 - 2014-06-19 14:33 - 00380416 _____ () C:\Users\loswochos\Desktop\Gmer-19357.exe
2014-06-19 14:33 - 2014-06-19 14:33 - 00050477 _____ () C:\Users\loswochos\Desktop\Defogger.exe
2014-06-19 13:45 - 2014-06-19 13:45 - 27437354 _____ () C:\Users\loswochos\Downloads\torbrowser-install-3.6.2_de.exe
2014-06-19 10:02 - 2014-06-19 10:02 - 00000022 _____ () C:\Windows\S.dirmngr
2014-06-18 18:14 - 2014-06-18 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 09:17 - 2014-06-19 10:02 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-06-17 20:51 - 2014-06-18 09:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-17 20:11 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-17 20:11 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-17 20:11 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-17 20:11 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-17 20:11 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-17 20:11 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-17 20:11 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-17 20:11 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-17 20:11 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-17 20:11 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-17 20:11 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-17 20:11 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-17 20:11 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-17 20:11 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-17 20:11 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-17 20:11 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-17 20:11 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-17 20:11 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-17 20:11 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-17 20:11 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-17 20:11 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-17 20:11 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-17 20:11 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-17 20:11 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-17 20:11 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-17 20:11 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-17 20:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-17 20:11 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-17 20:11 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-17 20:11 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-17 20:11 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-17 20:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-17 20:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-17 20:11 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-17 20:11 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-17 20:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-17 20:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-17 20:10 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-17 20:10 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-17 20:10 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-17 20:10 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-17 20:10 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-17 20:10 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-17 20:10 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-17 20:10 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-17 20:10 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-17 20:10 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-17 20:10 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-17 20:10 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-17 20:10 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-17 20:10 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-17 20:10 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-17 20:10 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-17 20:10 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-17 20:10 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-17 20:10 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-17 20:10 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-17 20:10 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-17 20:10 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-17 20:10 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-17 20:10 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-17 20:10 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-17 20:10 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-17 20:10 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-17 20:10 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-17 20:10 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 22:50 - 2014-06-19 15:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 22:50 - 2014-06-10 22:50 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-10 22:50 - 2014-06-10 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-10 22:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-10 22:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-10 22:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-10 22:49 - 2014-06-10 22:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 22:44 - 2014-06-17 19:43 - 00002612 _____ () C:\Windows\PFRO.log
2014-06-10 22:42 - 2014-06-10 22:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\loswochos\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 13:48 - 2014-06-19 10:02 - 00000560 _____ () C:\Windows\setupact.log
2014-06-10 13:48 - 2014-06-10 13:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-10 13:28 - 2014-06-19 21:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 13:28 - 2014-06-10 13:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-10 13:22 - 2014-06-10 13:22 - 01057176 _____ (Adobe) C:\Users\loswochos\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe
2014-06-09 12:50 - 2014-06-09 12:56 - 00000000 ____D () C:\Users\loswochos\Desktop\dresktop
2014-06-07 20:07 - 2014-06-07 20:09 - 21903785 _____ () C:\Users\loswochos\Downloads\The Walking Dead 092.cbz
2014-06-07 20:07 - 2014-06-07 20:09 - 21866326 _____ () C:\Users\loswochos\Downloads\The Walking Dead 091.cbr
2014-06-07 20:06 - 2014-06-07 20:07 - 18796468 _____ () C:\Users\loswochos\Downloads\The Walking Dead 086.cbr
2014-06-07 20:06 - 2014-06-07 20:07 - 17863030 _____ () C:\Users\loswochos\Downloads\The Walking Dead 080.cbr
2014-06-07 20:06 - 2014-06-07 20:07 - 10376899 _____ () C:\Users\loswochos\Downloads\The Walking Dead 061.cbr
2014-06-07 20:05 - 2014-06-07 20:07 - 17669982 _____ () C:\Users\loswochos\Downloads\The Walking Dead 074.cbr
2014-06-07 18:03 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Local\calibre-cache
2014-06-07 18:02 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\calibre
2014-06-07 18:01 - 2014-06-07 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-06-07 18:01 - 2014-06-07 18:01 - 00000000 ____D () C:\Program Files\Calibre2
2014-06-07 17:56 - 2014-06-07 17:56 - 61444096 _____ () C:\Users\loswochos\Downloads\calibre-64bit-1.39.0.msi
2014-05-23 16:44 - 2014-05-23 16:44 - 00000000 ____D () C:\Users\loswochos\Documents\ProcAlyzer Dumps
2014-05-23 13:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-23 13:33 - 2014-06-11 04:13 - 00000000 ____D () C:\AdwCleaner
2014-05-22 23:22 - 2014-05-22 23:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\loswochos\Downloads\Stop Autoplay - CHIP-Downloader.exe
2014-05-22 23:22 - 2014-05-22 23:22 - 00041147 _____ () C:\Users\loswochos\Downloads\stop_autoplay-1.2.1-sm_fx.zip
2014-05-22 15:04 - 2014-06-06 18:10 - 00000000 ____D () C:\Users\loswochos\Desktop\Schreiben Jurk
==================== One Month Modified Files and Folders =======
2014-06-19 21:44 - 2014-06-19 14:39 - 00019210 _____ () C:\Users\loswochos\Desktop\FRST.txt
2014-06-19 21:44 - 2014-06-19 14:39 - 00000000 ____D () C:\FRST
2014-06-19 21:23 - 2014-06-10 13:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-19 16:09 - 2014-06-19 16:09 - 00021776 _____ () C:\ComboFix.txt
2014-06-19 16:09 - 2014-06-19 15:47 - 00000000 ____D () C:\ComboFix
2014-06-19 16:09 - 2014-06-19 15:45 - 00000000 ____D () C:\Qoobox
2014-06-19 16:09 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-19 16:06 - 2014-06-19 15:44 - 00000000 ____D () C:\Windows\erdnt
2014-06-19 16:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-19 15:49 - 2011-04-23 15:43 - 01706950 _____ () C:\Windows\WindowsUpdate.log
2014-06-19 15:43 - 2014-06-19 15:43 - 05207168 ____R (Swearware) C:\Users\loswochos\Desktop\ComboFix.exe
2014-06-19 15:41 - 2014-06-19 15:41 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Panda Security
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-06-19 15:40 - 2014-06-19 15:40 - 00848856 _____ (Panda Security ) C:\Users\loswochos\Desktop\USBVaccineSetup.exe
2014-06-19 15:37 - 2014-06-19 14:33 - 00000000 ____D () C:\Users\loswochos\Downloads\trojaner board
2014-06-19 15:37 - 2014-06-10 22:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 15:05 - 2014-06-19 15:05 - 00001059 _____ () C:\Users\loswochos\Desktop\mbmt.txt
2014-06-19 15:02 - 2014-06-19 15:02 - 00007426 _____ () C:\Users\loswochos\Desktop\Gmer.txt
2014-06-19 14:42 - 2014-06-19 14:40 - 00045731 _____ () C:\Users\loswochos\Desktop\Addition.txt
2014-06-19 14:38 - 2014-06-19 14:38 - 00000480 _____ () C:\Users\loswochos\Desktop\defogger_disable.log
2014-06-19 14:38 - 2014-06-19 14:38 - 00000000 _____ () C:\Users\loswochos\defogger_reenable
2014-06-19 14:38 - 2011-04-23 15:43 - 00000000 ____D () C:\Users\loswochos
2014-06-19 14:33 - 2014-06-19 14:33 - 02082304 _____ (Farbar) C:\Users\loswochos\Desktop\FRST64.exe
2014-06-19 14:33 - 2014-06-19 14:33 - 00380416 _____ () C:\Users\loswochos\Desktop\Gmer-19357.exe
2014-06-19 14:33 - 2014-06-19 14:33 - 00050477 _____ () C:\Users\loswochos\Desktop\Defogger.exe
2014-06-19 13:47 - 2012-11-10 13:58 - 00000000 ____D () C:\Users\loswochos\Downloads\Tor Browser
2014-06-19 13:45 - 2014-06-19 13:45 - 27437354 _____ () C:\Users\loswochos\Downloads\torbrowser-install-3.6.2_de.exe
2014-06-19 10:36 - 2012-12-31 13:06 - 00000000 ____D () C:\Users\loswochos\AppData\Local\PMB Files
2014-06-19 10:10 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-19 10:10 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-19 10:06 - 2014-05-03 11:37 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\DropboxMaster
2014-06-19 10:06 - 2012-08-30 17:27 - 00000000 ___RD () C:\Users\loswochos\Dropbox
2014-06-19 10:06 - 2012-08-30 17:17 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\Dropbox
2014-06-19 10:02 - 2014-06-19 10:02 - 00000022 _____ () C:\Windows\S.dirmngr
2014-06-19 10:02 - 2014-06-18 09:17 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-06-19 10:02 - 2014-06-10 13:48 - 00000560 _____ () C:\Windows\setupact.log
2014-06-19 10:02 - 2014-05-14 10:42 - 00011158 _____ () C:\aaw7boot.log
2014-06-19 10:02 - 2012-05-14 16:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 10:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 19:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-18 18:14 - 2014-06-18 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 09:26 - 2014-06-17 20:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-18 00:54 - 2013-08-26 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-18 00:51 - 2011-04-23 17:09 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-18 00:50 - 2011-04-23 16:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-18 00:48 - 2014-04-23 19:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-17 20:05 - 2014-05-16 12:02 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat
2014-06-17 20:05 - 2014-05-16 12:02 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat
2014-06-17 19:43 - 2014-06-10 22:44 - 00002612 _____ () C:\Windows\PFRO.log
2014-06-11 04:15 - 2011-07-30 12:54 - 00000000 ____D () C:\Windows\64F6748976BB4CDDA236F954BE774B35.TMP
2014-06-11 04:13 - 2014-05-23 13:33 - 00000000 ____D () C:\AdwCleaner
2014-06-10 23:10 - 2014-05-13 01:57 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\KeePass
2014-06-10 22:50 - 2014-06-10 22:50 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-10 22:50 - 2014-06-10 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-10 22:50 - 2014-06-10 22:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 22:48 - 2014-06-10 22:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\loswochos\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 22:16 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-06-10 22:16 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-06-10 22:16 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-10 16:46 - 2011-04-26 13:01 - 00000000 ___RD () C:\Users\loswochos\Desktop\Programme
2014-06-10 13:48 - 2014-06-10 13:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-10 13:43 - 2012-04-21 14:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-10 13:28 - 2014-06-10 13:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-10 13:28 - 2012-05-13 20:18 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-10 13:28 - 2011-05-28 11:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-10 13:22 - 2014-06-10 13:22 - 01057176 _____ (Adobe) C:\Users\loswochos\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe
2014-06-09 14:54 - 2013-11-08 02:07 - 00000000 ____D () C:\Users\loswochos\AppData\Local\Arma 3
2014-06-09 12:56 - 2014-06-09 12:50 - 00000000 ____D () C:\Users\loswochos\Desktop\dresktop
2014-06-09 00:02 - 2011-06-07 22:41 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\vlc
2014-06-08 11:13 - 2014-06-17 20:10 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-17 20:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 20:09 - 2014-06-07 20:07 - 21903785 _____ () C:\Users\loswochos\Downloads\The Walking Dead 092.cbz
2014-06-07 20:09 - 2014-06-07 20:07 - 21866326 _____ () C:\Users\loswochos\Downloads\The Walking Dead 091.cbr
2014-06-07 20:07 - 2014-06-07 20:06 - 18796468 _____ () C:\Users\loswochos\Downloads\The Walking Dead 086.cbr
2014-06-07 20:07 - 2014-06-07 20:06 - 17863030 _____ () C:\Users\loswochos\Downloads\The Walking Dead 080.cbr
2014-06-07 20:07 - 2014-06-07 20:06 - 10376899 _____ () C:\Users\loswochos\Downloads\The Walking Dead 061.cbr
2014-06-07 20:07 - 2014-06-07 20:05 - 17669982 _____ () C:\Users\loswochos\Downloads\The Walking Dead 074.cbr
2014-06-07 18:03 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Local\calibre-cache
2014-06-07 18:03 - 2014-06-07 18:02 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\calibre
2014-06-07 18:02 - 2014-06-07 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-06-07 18:01 - 2014-06-07 18:01 - 00000000 ____D () C:\Program Files\Calibre2
2014-06-07 17:56 - 2014-06-07 17:56 - 61444096 _____ () C:\Users\loswochos\Downloads\calibre-64bit-1.39.0.msi
2014-06-06 18:10 - 2014-05-22 15:04 - 00000000 ____D () C:\Users\loswochos\Desktop\Schreiben Jurk
2014-05-30 16:58 - 2011-09-29 18:30 - 00000000 ____D () C:\ProgramData\Origin
2014-05-30 16:57 - 2011-09-29 18:30 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-30 12:21 - 2014-06-17 20:10 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-17 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-17 20:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-17 20:10 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-17 20:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-17 20:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-17 20:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-17 20:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-17 20:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-17 20:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-17 20:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:21 - 2014-06-17 20:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:20 - 2014-06-17 20:10 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-17 20:11 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-17 20:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-17 20:10 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-17 20:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-17 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-17 20:11 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-17 20:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-17 20:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-17 20:10 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-17 20:10 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-17 20:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-17 20:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-17 20:11 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-17 20:10 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-17 20:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-17 20:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-17 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-17 20:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-17 20:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-17 20:11 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-17 20:10 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-17 20:10 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-17 20:11 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-17 20:11 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-17 20:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-17 20:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-17 20:11 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-17 20:10 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-17 20:10 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-17 20:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-17 20:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-17 20:11 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-17 20:10 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-17 20:11 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-17 20:11 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-17 20:10 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-17 20:11 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-17 20:10 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-17 20:10 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-28 12:17 - 2012-08-30 17:22 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-23 16:44 - 2014-05-23 16:44 - 00000000 ____D () C:\Users\loswochos\Documents\ProcAlyzer Dumps
2014-05-23 16:44 - 2014-01-19 23:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-23 14:27 - 2011-04-24 12:07 - 00001021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-23 14:27 - 2011-04-23 15:45 - 00001003 _____ () C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-22 23:22 - 2014-05-22 23:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\loswochos\Downloads\Stop Autoplay - CHIP-Downloader.exe
2014-05-22 23:22 - 2014-05-22 23:22 - 00041147 _____ () C:\Users\loswochos\Downloads\stop_autoplay-1.2.1-sm_fx.zip
2014-05-22 21:11 - 2014-05-13 21:20 - 00004894 _____ () C:\Users\loswochos\Documents\NeueDatenbank.kdbx
2014-05-22 13:12 - 2014-01-20 00:07 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-22 13:12 - 2014-01-20 00:07 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-18 19:00
==================== End Of Log ============================
--- --- --- |
|
19.06.2014, 21:07
| #6 |
| /// TB-Ausbilder /// Anleitungs-Guru | Antivir durch Gruppenrichtlinie blockiert Ok, Schritt 1 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs ()
HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\Run: [java ska] => wscript.exe //B "C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs" <===== ATTENTION
C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs
Reboot:
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3  Bitte starte FRST erneut und drücke auf Scan. Bitte poste mir den Inhalt der FRST.txt.
__________________ --> Antivir durch Gruppenrichtlinie blockiert |
|
19.06.2014, 21:56
| #7 |
| | Antivir durch Gruppenrichtlinie blockiert Ok habe alles so gemacht wie du gesagt hast, nach dem ersten Neustarten schien auch Antivir wieder zu laufen (ein gutes Zeichen..oder?  ), habe dann den Adwcleaner laufen lassen und zuletzt noch mal FRST. Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2014
Ran by loswochos at 2014-06-19 22:25:14 Run:2
Running from C:\Users\loswochos\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs ()
HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\Run: [java ska] => wscript.exe //B "C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs" <===== ATTENTION
C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs
Reboot:
*****************
C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs => Moved successfully.
HKU\S-1-5-21-2942367688-666253811-2896108010-1001\Software\Microsoft\Windows\CurrentVersion\Run\\java ska => value deleted successfully.
Could not move "C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs" => Scheduled to move on reboot.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-19 22:33:14)<=
C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs => Is moved successfully.
==== End of Fixlog ====
Code:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 19/06/2014 um 22:38:59
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : loswochos - LOSWOCHOS-PC
# Gestartet von : C:\Users\loswochos\Desktop\adwcleaner_3.212.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\v35vtery.default\prefs.js ]
[ Datei : C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.aniweather.timeShifted", 1479036);
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [16404 octets] - [23/05/2014 13:34:05]
AdwCleaner[R1].txt - [1103 octets] - [10/06/2014 22:41:19]
AdwCleaner[R2].txt - [1223 octets] - [11/06/2014 03:16:31]
AdwCleaner[R3].txt - [1394 octets] - [19/06/2014 22:37:55]
AdwCleaner[S0].txt - [14336 octets] - [23/05/2014 14:27:48]
AdwCleaner[S1].txt - [1165 octets] - [10/06/2014 22:42:40]
AdwCleaner[S2].txt - [1285 octets] - [11/06/2014 04:12:49]
AdwCleaner[S3].txt - [1315 octets] - [19/06/2014 22:38:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1375 octets] ##########
FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014 Ran by loswochos (administrator) on LOSWOCHOS-PC on 19-06-2014 22:50:18 Running from C:\Users\loswochos\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe (Dropbox, Inc.) C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-07-23] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-31] () HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\Run: [java ska] => wscript.exe //B "C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs" <===== ATTENTION Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs () BootExecute: autocheck autochk * sdnclean64.exelsdelete ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x48D946F0E691CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\..\Interfaces\{19902E11-779E-4975-ACCA-397C9EC695E6}: [NameServer]141.30.207.2 FireFox: ======== FF ProfilePath: C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default FF NewTab: chrome://quick_start/content/index.html FF Homepage: about:home FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Xchange\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Xchange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.116.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\loswochos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\searchplugins\ecosia.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Unblock YouTube - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\ich@maltegoetz.de [2013-12-12] FF Extension: Forecastfox - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-10-09] FF Extension: Flashblock - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-05-25] FF Extension: DownloadHelper - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-06] FF Extension: SearchPreview - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2014-05-22] FF Extension: Ghostery - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\firefox@ghostery.com.xpi [2013-08-02] FF Extension: Quick Note - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\jid0-T01UQ5416mmgiAxnF7j8Iwzeffc@jetpack.xpi [2012-08-14] FF Extension: ScrollyFox - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\scrollyfox@shawfiresolutions.com.au.xpi [2013-04-21] FF Extension: Scroll to Top/Bottom - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\scroll_to_top-bottom@developer.bobdawg.org.xpi [2012-08-12] FF Extension: Status-4-Evar - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\status4evar@caligonstudios.com.xpi [2014-06-19] FF Extension: Scientific Calculator - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\ststusscicalc@sunny.xpi [2012-07-18] FF Extension: TinyURL Generator - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2014-01-13] FF Extension: Trafficanzeige - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\traffic@anzeige3.xpi [2013-01-21] FF Extension: YouTube to MP3 - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\youtube2mp3@mondayx.de.xpi [2011-06-30] FF Extension: Stop Autoplay - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}.xpi [2014-05-22] FF Extension: AniWeather - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2011-05-02] FF Extension: Multirow Bookmarks Toolbar Plus - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2012-07-23] FF Extension: SmoothWheel (mozdev.org) - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2011-05-02] FF Extension: Adblock Plus - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-24] FF Extension: Download Statusbar - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-04-24] FF Extension: DownThemAll! - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-04-24] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-08-14] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23] ==================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-07-23] (Advanced Micro Devices, Inc.) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG) R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed] R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION) R2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152720 2014-05-13] (Lavasoft Limited) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-07-13] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) ==================== Drivers (Whitelisted) ==================== S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.) R3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2014-05-13] () R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-10-28] (Lavasoft AB) S3 MAUSBFASTTRACKPRO; C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys [187912 2010-12-07] (Avid Technology, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 VaneFltr; C:\Windows\System32\drivers\Lachesis.sys [29952 2009-10-16] (Razer (Asia-Pacific) Pte Ltd) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-19 22:40 - 2014-06-19 22:40 - 00000022 _____ () C:\Windows\S.dirmngr 2014-06-19 16:09 - 2014-06-19 16:09 - 00021776 _____ () C:\ComboFix.txt 2014-06-19 15:47 - 2014-06-19 16:09 - 00000000 ____D () C:\ComboFix 2014-06-19 15:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-06-19 15:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-06-19 15:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-06-19 15:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-06-19 15:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-06-19 15:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-06-19 15:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-06-19 15:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-06-19 15:45 - 2014-06-19 16:09 - 00000000 ____D () C:\Qoobox 2014-06-19 15:44 - 2014-06-19 16:06 - 00000000 ____D () C:\Windows\erdnt 2014-06-19 15:43 - 2014-06-19 15:43 - 05207168 ____R (Swearware) C:\Users\loswochos\Desktop\ComboFix.exe 2014-06-19 15:41 - 2014-06-19 15:41 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine 2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Panda Security 2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security 2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine 2014-06-19 15:40 - 2014-06-19 15:40 - 00848856 _____ (Panda Security ) C:\Users\loswochos\Desktop\USBVaccineSetup.exe 2014-06-19 15:05 - 2014-06-19 15:05 - 00001059 _____ () C:\Users\loswochos\Desktop\mbmt.txt 2014-06-19 15:02 - 2014-06-19 15:02 - 00007426 _____ () C:\Users\loswochos\Desktop\Gmer.txt 2014-06-19 14:40 - 2014-06-19 14:42 - 00045731 _____ () C:\Users\loswochos\Desktop\Addition.txt 2014-06-19 14:39 - 2014-06-19 22:50 - 00019708 _____ () C:\Users\loswochos\Desktop\FRST.txt 2014-06-19 14:39 - 2014-06-19 22:50 - 00000000 ____D () C:\FRST 2014-06-19 14:38 - 2014-06-19 14:38 - 00000480 _____ () C:\Users\loswochos\Desktop\defogger_disable.log 2014-06-19 14:38 - 2014-06-19 14:38 - 00000000 _____ () C:\Users\loswochos\defogger_reenable 2014-06-19 14:33 - 2014-06-19 15:37 - 00000000 ____D () C:\Users\loswochos\Downloads\trojaner board 2014-06-19 14:33 - 2014-06-19 14:33 - 02082304 _____ (Farbar) C:\Users\loswochos\Desktop\FRST64.exe 2014-06-19 14:33 - 2014-06-19 14:33 - 00380416 _____ () C:\Users\loswochos\Desktop\Gmer-19357.exe 2014-06-19 14:33 - 2014-06-19 14:33 - 00050477 _____ () C:\Users\loswochos\Desktop\Defogger.exe 2014-06-19 13:45 - 2014-06-19 13:45 - 27437354 _____ () C:\Users\loswochos\Downloads\torbrowser-install-3.6.2_de.exe 2014-06-18 18:14 - 2014-06-18 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-18 09:17 - 2014-06-19 22:42 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) 2014-06-17 20:51 - 2014-06-18 09:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-06-17 20:11 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-17 20:11 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-17 20:11 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-17 20:11 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-17 20:11 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-17 20:11 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-17 20:11 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-17 20:11 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-17 20:11 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-17 20:11 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-17 20:11 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-17 20:11 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-17 20:11 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-17 20:11 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-17 20:11 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-17 20:11 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-17 20:11 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-17 20:11 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-17 20:11 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-17 20:11 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-17 20:11 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-17 20:11 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-17 20:11 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-17 20:11 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-17 20:11 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-17 20:11 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-17 20:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-17 20:11 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-17 20:11 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-17 20:11 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-17 20:11 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-17 20:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-17 20:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-17 20:11 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-17 20:11 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-17 20:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-17 20:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-17 20:10 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-17 20:10 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-17 20:10 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-17 20:10 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-17 20:10 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-17 20:10 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-17 20:10 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-17 20:10 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-17 20:10 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-17 20:10 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-17 20:10 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-17 20:10 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-17 20:10 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-17 20:10 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-17 20:10 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-17 20:10 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-17 20:10 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-17 20:10 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-17 20:10 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-17 20:10 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-17 20:10 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-17 20:10 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-17 20:10 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-17 20:10 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-17 20:10 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-17 20:10 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-17 20:10 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-17 20:10 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-17 20:10 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-10 22:50 - 2014-06-19 22:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-10 22:50 - 2014-06-10 22:50 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-10 22:50 - 2014-06-10 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-10 22:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-10 22:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-10 22:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-10 22:49 - 2014-06-10 22:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-10 22:44 - 2014-06-19 22:40 - 00003478 _____ () C:\Windows\PFRO.log 2014-06-10 22:42 - 2014-06-10 22:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\loswochos\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-10 22:40 - 2014-06-10 22:40 - 01333465 _____ () C:\Users\loswochos\Desktop\adwcleaner_3.212.exe 2014-06-10 13:48 - 2014-06-19 22:40 - 00000672 _____ () C:\Windows\setupact.log 2014-06-10 13:48 - 2014-06-10 13:48 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-10 13:28 - 2014-06-19 22:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-10 13:28 - 2014-06-10 13:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-06-10 13:22 - 2014-06-10 13:22 - 01057176 _____ (Adobe) C:\Users\loswochos\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe 2014-06-09 12:50 - 2014-06-09 12:56 - 00000000 ____D () C:\Users\loswochos\Desktop\dresktop 2014-06-07 20:07 - 2014-06-07 20:09 - 21903785 _____ () C:\Users\loswochos\Downloads\The Walking Dead 092.cbz 2014-06-07 20:07 - 2014-06-07 20:09 - 21866326 _____ () C:\Users\loswochos\Downloads\The Walking Dead 091.cbr 2014-06-07 20:06 - 2014-06-07 20:07 - 18796468 _____ () C:\Users\loswochos\Downloads\The Walking Dead 086.cbr 2014-06-07 20:06 - 2014-06-07 20:07 - 17863030 _____ () C:\Users\loswochos\Downloads\The Walking Dead 080.cbr 2014-06-07 20:06 - 2014-06-07 20:07 - 10376899 _____ () C:\Users\loswochos\Downloads\The Walking Dead 061.cbr 2014-06-07 20:05 - 2014-06-07 20:07 - 17669982 _____ () C:\Users\loswochos\Downloads\The Walking Dead 074.cbr 2014-06-07 18:03 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Local\calibre-cache 2014-06-07 18:02 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\calibre 2014-06-07 18:01 - 2014-06-07 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2014-06-07 18:01 - 2014-06-07 18:01 - 00000000 ____D () C:\Program Files\Calibre2 2014-06-07 17:56 - 2014-06-07 17:56 - 61444096 _____ () C:\Users\loswochos\Downloads\calibre-64bit-1.39.0.msi 2014-05-23 16:44 - 2014-05-23 16:44 - 00000000 ____D () C:\Users\loswochos\Documents\ProcAlyzer Dumps 2014-05-23 13:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-23 13:33 - 2014-06-19 22:39 - 00000000 ____D () C:\AdwCleaner 2014-05-22 23:22 - 2014-05-22 23:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\loswochos\Downloads\Stop Autoplay - CHIP-Downloader.exe 2014-05-22 23:22 - 2014-05-22 23:22 - 00041147 _____ () C:\Users\loswochos\Downloads\stop_autoplay-1.2.1-sm_fx.zip 2014-05-22 15:04 - 2014-06-06 18:10 - 00000000 ____D () C:\Users\loswochos\Desktop\Schreiben Jurk ==================== One Month Modified Files and Folders ======= 2014-06-19 22:51 - 2014-06-19 14:39 - 00019708 _____ () C:\Users\loswochos\Desktop\FRST.txt 2014-06-19 22:51 - 2012-12-31 13:06 - 00000000 ____D () C:\Users\loswochos\AppData\Local\PMB Files 2014-06-19 22:50 - 2014-06-19 14:39 - 00000000 ____D () C:\FRST 2014-06-19 22:50 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-19 22:50 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-19 22:47 - 2011-04-23 15:43 - 01722501 _____ () C:\Windows\WindowsUpdate.log 2014-06-19 22:45 - 2014-06-10 22:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-19 22:43 - 2014-05-03 11:37 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\DropboxMaster 2014-06-19 22:43 - 2012-08-30 17:27 - 00000000 ___RD () C:\Users\loswochos\Dropbox 2014-06-19 22:43 - 2012-08-30 17:17 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\Dropbox 2014-06-19 22:42 - 2014-06-18 09:17 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) 2014-06-19 22:40 - 2014-06-19 22:40 - 00000022 _____ () C:\Windows\S.dirmngr 2014-06-19 22:40 - 2014-06-10 22:44 - 00003478 _____ () C:\Windows\PFRO.log 2014-06-19 22:40 - 2014-06-10 13:48 - 00000672 _____ () C:\Windows\setupact.log 2014-06-19 22:40 - 2014-05-14 10:42 - 00011606 _____ () C:\aaw7boot.log 2014-06-19 22:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-19 22:39 - 2014-05-23 13:33 - 00000000 ____D () C:\AdwCleaner 2014-06-19 22:23 - 2014-06-10 13:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-19 16:09 - 2014-06-19 16:09 - 00021776 _____ () C:\ComboFix.txt 2014-06-19 16:09 - 2014-06-19 15:47 - 00000000 ____D () C:\ComboFix 2014-06-19 16:09 - 2014-06-19 15:45 - 00000000 ____D () C:\Qoobox 2014-06-19 16:09 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-06-19 16:06 - 2014-06-19 15:44 - 00000000 ____D () C:\Windows\erdnt 2014-06-19 16:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-06-19 15:43 - 2014-06-19 15:43 - 05207168 ____R (Swearware) C:\Users\loswochos\Desktop\ComboFix.exe 2014-06-19 15:41 - 2014-06-19 15:41 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine 2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Panda Security 2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security 2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine 2014-06-19 15:40 - 2014-06-19 15:40 - 00848856 _____ (Panda Security ) C:\Users\loswochos\Desktop\USBVaccineSetup.exe 2014-06-19 15:37 - 2014-06-19 14:33 - 00000000 ____D () C:\Users\loswochos\Downloads\trojaner board 2014-06-19 15:05 - 2014-06-19 15:05 - 00001059 _____ () C:\Users\loswochos\Desktop\mbmt.txt 2014-06-19 15:02 - 2014-06-19 15:02 - 00007426 _____ () C:\Users\loswochos\Desktop\Gmer.txt 2014-06-19 14:42 - 2014-06-19 14:40 - 00045731 _____ () C:\Users\loswochos\Desktop\Addition.txt 2014-06-19 14:38 - 2014-06-19 14:38 - 00000480 _____ () C:\Users\loswochos\Desktop\defogger_disable.log 2014-06-19 14:38 - 2014-06-19 14:38 - 00000000 _____ () C:\Users\loswochos\defogger_reenable 2014-06-19 14:38 - 2011-04-23 15:43 - 00000000 ____D () C:\Users\loswochos 2014-06-19 14:33 - 2014-06-19 14:33 - 02082304 _____ (Farbar) C:\Users\loswochos\Desktop\FRST64.exe 2014-06-19 14:33 - 2014-06-19 14:33 - 00380416 _____ () C:\Users\loswochos\Desktop\Gmer-19357.exe 2014-06-19 14:33 - 2014-06-19 14:33 - 00050477 _____ () C:\Users\loswochos\Desktop\Defogger.exe 2014-06-19 13:47 - 2012-11-10 13:58 - 00000000 ____D () C:\Users\loswochos\Downloads\Tor Browser 2014-06-19 13:45 - 2014-06-19 13:45 - 27437354 _____ () C:\Users\loswochos\Downloads\torbrowser-install-3.6.2_de.exe 2014-06-19 10:02 - 2012-05-14 16:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-18 19:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-06-18 18:14 - 2014-06-18 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-18 09:26 - 2014-06-17 20:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-06-18 00:54 - 2013-08-26 03:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-18 00:51 - 2011-04-23 17:09 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-18 00:50 - 2011-04-23 16:12 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-18 00:48 - 2014-04-23 19:09 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-17 20:05 - 2014-05-16 12:02 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat 2014-06-17 20:05 - 2014-05-16 12:02 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat 2014-06-11 04:15 - 2011-07-30 12:54 - 00000000 ____D () C:\Windows\64F6748976BB4CDDA236F954BE774B35.TMP 2014-06-10 23:10 - 2014-05-13 01:57 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\KeePass 2014-06-10 22:50 - 2014-06-10 22:50 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-10 22:50 - 2014-06-10 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-10 22:50 - 2014-06-10 22:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-10 22:48 - 2014-06-10 22:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\loswochos\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-10 22:40 - 2014-06-10 22:40 - 01333465 _____ () C:\Users\loswochos\Desktop\adwcleaner_3.212.exe 2014-06-10 22:16 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2014-06-10 22:16 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2014-06-10 22:16 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-10 16:46 - 2011-04-26 13:01 - 00000000 ___RD () C:\Users\loswochos\Desktop\Programme 2014-06-10 13:48 - 2014-06-10 13:48 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-10 13:43 - 2012-04-21 14:33 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-06-10 13:28 - 2014-06-10 13:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-06-10 13:28 - 2012-05-13 20:18 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-06-10 13:28 - 2011-05-28 11:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-10 13:22 - 2014-06-10 13:22 - 01057176 _____ (Adobe) C:\Users\loswochos\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe 2014-06-09 14:54 - 2013-11-08 02:07 - 00000000 ____D () C:\Users\loswochos\AppData\Local\Arma 3 2014-06-09 12:56 - 2014-06-09 12:50 - 00000000 ____D () C:\Users\loswochos\Desktop\dresktop 2014-06-09 00:02 - 2011-06-07 22:41 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\vlc 2014-06-08 11:13 - 2014-06-17 20:10 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-08 11:08 - 2014-06-17 20:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-07 20:09 - 2014-06-07 20:07 - 21903785 _____ () C:\Users\loswochos\Downloads\The Walking Dead 092.cbz 2014-06-07 20:09 - 2014-06-07 20:07 - 21866326 _____ () C:\Users\loswochos\Downloads\The Walking Dead 091.cbr 2014-06-07 20:07 - 2014-06-07 20:06 - 18796468 _____ () C:\Users\loswochos\Downloads\The Walking Dead 086.cbr 2014-06-07 20:07 - 2014-06-07 20:06 - 17863030 _____ () C:\Users\loswochos\Downloads\The Walking Dead 080.cbr 2014-06-07 20:07 - 2014-06-07 20:06 - 10376899 _____ () C:\Users\loswochos\Downloads\The Walking Dead 061.cbr 2014-06-07 20:07 - 2014-06-07 20:05 - 17669982 _____ () C:\Users\loswochos\Downloads\The Walking Dead 074.cbr 2014-06-07 18:03 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Local\calibre-cache 2014-06-07 18:03 - 2014-06-07 18:02 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\calibre 2014-06-07 18:02 - 2014-06-07 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2014-06-07 18:01 - 2014-06-07 18:01 - 00000000 ____D () C:\Program Files\Calibre2 2014-06-07 17:56 - 2014-06-07 17:56 - 61444096 _____ () C:\Users\loswochos\Downloads\calibre-64bit-1.39.0.msi 2014-06-06 18:10 - 2014-05-22 15:04 - 00000000 ____D () C:\Users\loswochos\Desktop\Schreiben Jurk 2014-05-30 16:58 - 2011-09-29 18:30 - 00000000 ____D () C:\ProgramData\Origin 2014-05-30 16:57 - 2011-09-29 18:30 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-05-30 12:21 - 2014-06-17 20:10 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-30 12:02 - 2014-06-17 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-30 12:02 - 2014-06-17 20:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-05-30 11:45 - 2014-06-17 20:10 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-30 11:39 - 2014-06-17 20:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-30 11:39 - 2014-06-17 20:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-05-30 11:38 - 2014-06-17 20:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-05-30 11:28 - 2014-06-17 20:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-30 11:27 - 2014-06-17 20:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-05-30 11:24 - 2014-06-17 20:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-30 11:21 - 2014-06-17 20:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-05-30 11:21 - 2014-06-17 20:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-30 11:20 - 2014-06-17 20:10 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-05-30 11:18 - 2014-06-17 20:11 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-30 11:11 - 2014-06-17 20:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-05-30 11:08 - 2014-06-17 20:10 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-30 11:06 - 2014-06-17 20:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-30 11:02 - 2014-06-17 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-30 10:55 - 2014-06-17 20:11 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-05-30 10:49 - 2014-06-17 20:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-05-30 10:46 - 2014-06-17 20:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-30 10:44 - 2014-06-17 20:10 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-05-30 10:44 - 2014-06-17 20:10 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-30 10:43 - 2014-06-17 20:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-05-30 10:42 - 2014-06-17 20:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-05-30 10:38 - 2014-06-17 20:11 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-05-30 10:35 - 2014-06-17 20:10 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-05-30 10:34 - 2014-06-17 20:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-05-30 10:33 - 2014-06-17 20:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-05-30 10:30 - 2014-06-17 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-05-30 10:29 - 2014-06-17 20:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-30 10:28 - 2014-06-17 20:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-05-30 10:27 - 2014-06-17 20:11 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-05-30 10:24 - 2014-06-17 20:10 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-05-30 10:23 - 2014-06-17 20:10 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-30 10:16 - 2014-06-17 20:11 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-05-30 10:10 - 2014-06-17 20:11 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-05-30 10:06 - 2014-06-17 20:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-05-30 10:04 - 2014-06-17 20:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-30 10:02 - 2014-06-17 20:11 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-05-30 09:56 - 2014-06-17 20:10 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-05-30 09:56 - 2014-06-17 20:10 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-30 09:54 - 2014-06-17 20:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-05-30 09:50 - 2014-06-17 20:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-05-30 09:49 - 2014-06-17 20:11 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-05-30 09:43 - 2014-06-17 20:10 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-30 09:40 - 2014-06-17 20:11 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-05-30 09:30 - 2014-06-17 20:11 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-30 09:21 - 2014-06-17 20:10 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-05-30 09:15 - 2014-06-17 20:11 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-05-30 09:13 - 2014-06-17 20:10 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-05-30 09:13 - 2014-06-17 20:10 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-05-28 12:17 - 2012-08-30 17:22 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-23 16:44 - 2014-05-23 16:44 - 00000000 ____D () C:\Users\loswochos\Documents\ProcAlyzer Dumps 2014-05-23 16:44 - 2014-01-19 23:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-23 14:27 - 2011-04-24 12:07 - 00001021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-23 14:27 - 2011-04-23 15:45 - 00001003 _____ () C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-22 23:22 - 2014-05-22 23:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\loswochos\Downloads\Stop Autoplay - CHIP-Downloader.exe 2014-05-22 23:22 - 2014-05-22 23:22 - 00041147 _____ () C:\Users\loswochos\Downloads\stop_autoplay-1.2.1-sm_fx.zip 2014-05-22 21:11 - 2014-05-13 21:20 - 00004894 _____ () C:\Users\loswochos\Documents\NeueDatenbank.kdbx 2014-05-22 13:12 - 2014-01-20 00:07 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-05-22 13:12 - 2014-01-20 00:07 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys Some content of TEMP: ==================== C:\Users\loswochos\AppData\Local\Temp\avgnt.exe C:\Users\loswochos\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaopkuu.dll C:\Users\loswochos\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-18 19:00 ==================== End Of Log ============================ |
|
19.06.2014, 22:03
| #8 |
| /// TB-Ausbilder /// Anleitungs-Guru | Antivir durch Gruppenrichtlinie blockiert Naja, ich muss Dich jetzt in die Tiefen von Windows schicken... Zur Übung machen wir erstmal nen Scan mit FRST aus der RE: Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
20.06.2014, 14:37
| #9 |
| | Antivir durch Gruppenrichtlinie blockiert Hallo und guten Tag, also ich bin so verfahren wie beschrieben, es ist aber ein Problem aufgetaucht, denn der USB Stick auf dem ich jetzt das Log vom Scan habe, zeigt nur Verknüpfungen an ( ich vermute auch infiziert? ). Wie auch bei meinem anderen Stick. Bin etwas ratlos ,deswegen und dachte ich frage sicherheitshalber erst nochmal nach, hoffe du kannst mir weiterhelfen. Gruß |
|
20.06.2014, 15:52
| #10 |
| /// TB-Ausbilder /// Anleitungs-Guru | Antivir durch Gruppenrichtlinie blockiert Hi, kannst Du das Log denn posten? Schließe den Stick auch an den PC an und lasse ihn "impfen".
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
20.06.2014, 16:40
| #11 |
| | Antivir durch Gruppenrichtlinie blockiert Hey, habe versucht den USB Stick zu impfen allerdings erhalte ich die Fehlermeldung " Vaccination not possible. Error backing up the original AUTORUN.inf". Das Logfile lässt sich allerdings öffnen: FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014 Ran by SYSTEM on MININT-IQDOH9E on 20-06-2014 15:15:46 Running from F:\ Platform: Windows 7 Professional (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-07-23] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\loswochos\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-31] () HKU\loswochos\...\Run: [java ska] => wscript.exe //B "C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs" <===== ATTENTION Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs () BootExecute: autocheck autochk * sdnclean64.exelsdelete ==================== Services (Whitelisted) ================= S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-07-23] (Advanced Micro Devices, Inc.) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG) S2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () S2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION) S2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152720 2014-05-13] (Lavasoft Limited) S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-07-13] () S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) ==================== Drivers (Whitelisted) ==================== S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices) S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG) S1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.) S3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2014-05-13] () S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-10-28] (Lavasoft AB) S3 MAUSBFASTTRACKPRO; C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys [187912 2010-12-07] (Avid Technology, Inc.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 VaneFltr; C:\Windows\System32\drivers\Lachesis.sys [29952 2009-10-16] (Razer (Asia-Pacific) Pte Ltd) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-20 08:09 - 2014-06-20 08:09 - 00506208 _____ () C:\Windows\Minidump\062014-17721-01.dmp 2014-06-19 15:09 - 2014-06-19 15:09 - 00021776 _____ () C:\ComboFix.txt 2014-06-19 14:47 - 2014-06-19 15:09 - 00000000 ____D () C:\ComboFix 2014-06-19 14:47 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-06-19 14:47 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-06-19 14:47 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-06-19 14:47 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-06-19 14:47 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-06-19 14:47 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-06-19 14:47 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-06-19 14:47 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-06-19 14:45 - 2014-06-19 15:09 - 00000000 ____D () C:\Qoobox 2014-06-19 14:44 - 2014-06-19 15:06 - 00000000 ____D () C:\Windows\erdnt 2014-06-19 14:43 - 2014-06-19 14:43 - 05207168 ____R (Swearware) C:\Users\loswochos\Desktop\ComboFix.exe 2014-06-19 14:41 - 2014-06-19 14:41 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine 2014-06-19 14:41 - 2014-06-19 14:41 - 00000000 ____D () C:\ProgramData\Panda Security 2014-06-19 14:41 - 2014-06-19 14:41 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine 2014-06-19 14:40 - 2014-06-19 14:40 - 00848856 _____ (Panda Security ) C:\Users\loswochos\Desktop\USBVaccineSetup.exe 2014-06-19 14:05 - 2014-06-19 14:05 - 00001059 _____ () C:\Users\loswochos\Desktop\mbmt.txt 2014-06-19 14:02 - 2014-06-19 14:02 - 00007426 _____ () C:\Users\loswochos\Desktop\Gmer.txt 2014-06-19 13:40 - 2014-06-19 13:42 - 00045731 _____ () C:\Users\loswochos\Desktop\Addition.txt 2014-06-19 13:39 - 2014-06-20 15:15 - 00000000 ____D () C:\FRST 2014-06-19 13:39 - 2014-06-19 21:51 - 00051152 _____ () C:\Users\loswochos\Desktop\FRST.txt 2014-06-19 13:38 - 2014-06-19 13:38 - 00000480 _____ () C:\Users\loswochos\Desktop\defogger_disable.log 2014-06-19 13:38 - 2014-06-19 13:38 - 00000000 _____ () C:\Users\loswochos\defogger_reenable 2014-06-19 13:33 - 2014-06-19 14:37 - 00000000 ____D () C:\Users\loswochos\Downloads\trojaner board 2014-06-19 13:33 - 2014-06-19 13:33 - 02082304 _____ (Farbar) C:\Users\loswochos\Desktop\FRST64.exe 2014-06-19 13:33 - 2014-06-19 13:33 - 00380416 _____ () C:\Users\loswochos\Desktop\Gmer-19357.exe 2014-06-19 13:33 - 2014-06-19 13:33 - 00050477 _____ () C:\Users\loswochos\Desktop\Defogger.exe 2014-06-19 12:45 - 2014-06-19 12:45 - 27437354 _____ () C:\Users\loswochos\Downloads\torbrowser-install-3.6.2_de.exe 2014-06-18 17:14 - 2014-06-18 17:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-18 08:17 - 2014-06-20 14:04 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) 2014-06-17 19:51 - 2014-06-18 08:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-06-17 19:11 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-06-17 19:11 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2014-06-17 19:11 - 2014-05-30 10:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2014-06-17 19:11 - 2014-05-30 10:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2014-06-17 19:11 - 2014-05-30 10:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-17 19:11 - 2014-05-30 10:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2014-06-17 19:11 - 2014-05-30 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-17 19:11 - 2014-05-30 09:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-06-17 19:11 - 2014-05-30 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-17 19:11 - 2014-05-30 09:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-17 19:11 - 2014-05-30 09:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-17 19:11 - 2014-05-30 09:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-17 19:11 - 2014-05-30 09:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-17 19:11 - 2014-05-30 09:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-17 19:11 - 2014-05-30 09:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-06-17 19:11 - 2014-05-30 09:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-17 19:11 - 2014-05-30 09:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-17 19:11 - 2014-05-30 09:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-17 19:11 - 2014-05-30 09:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-17 19:11 - 2014-05-30 09:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-17 19:11 - 2014-05-30 08:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-17 19:11 - 2014-05-30 08:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-17 19:11 - 2014-05-30 08:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-17 19:11 - 2014-05-30 08:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-06-17 19:11 - 2014-05-30 08:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-17 19:11 - 2014-04-25 03:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll 2014-06-17 19:11 - 2014-04-25 03:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-17 19:11 - 2014-04-05 03:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2014-06-17 19:11 - 2014-04-05 03:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2014-06-17 19:11 - 2014-03-26 15:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2014-06-17 19:11 - 2014-03-26 15:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2014-06-17 19:11 - 2014-03-26 15:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml6r.dll 2014-06-17 19:11 - 2014-03-26 15:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2014-06-17 19:11 - 2014-03-26 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-17 19:11 - 2014-03-26 15:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-17 19:11 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-17 19:11 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-17 19:10 - 2014-06-08 10:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll 2014-06-17 19:10 - 2014-06-08 10:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll 2014-06-17 19:10 - 2014-05-30 11:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-06-17 19:10 - 2014-05-30 10:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-06-17 19:10 - 2014-05-30 10:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2014-06-17 19:10 - 2014-05-30 10:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-06-17 19:10 - 2014-05-30 10:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2014-06-17 19:10 - 2014-05-30 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2014-06-17 19:10 - 2014-05-30 10:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2014-06-17 19:10 - 2014-05-30 10:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2014-06-17 19:10 - 2014-05-30 10:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2014-06-17 19:10 - 2014-05-30 10:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2014-06-17 19:10 - 2014-05-30 10:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-06-17 19:10 - 2014-05-30 09:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2014-06-17 19:10 - 2014-05-30 09:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2014-06-17 19:10 - 2014-05-30 09:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-17 19:10 - 2014-05-30 09:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2014-06-17 19:10 - 2014-05-30 09:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-06-17 19:10 - 2014-05-30 09:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-17 19:10 - 2014-05-30 09:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2014-06-17 19:10 - 2014-05-30 09:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-06-17 19:10 - 2014-05-30 09:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-17 19:10 - 2014-05-30 08:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-17 19:10 - 2014-05-30 08:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-06-17 19:10 - 2014-05-30 08:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-17 19:10 - 2014-05-30 08:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-06-17 19:10 - 2014-05-30 08:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-17 19:10 - 2014-05-30 08:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2014-06-17 19:10 - 2014-05-30 08:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-10 21:50 - 2014-06-20 14:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2014-06-10 21:50 - 2014-06-10 21:50 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-10 21:50 - 2014-05-12 06:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys 2014-06-10 21:50 - 2014-05-12 06:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys 2014-06-10 21:50 - 2014-05-12 06:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2014-06-10 21:49 - 2014-06-10 21:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-10 21:49 - 2014-06-10 21:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-10 21:44 - 2014-06-19 21:40 - 00003478 _____ () C:\Windows\PFRO.log 2014-06-10 21:42 - 2014-06-10 21:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\loswochos\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-10 21:40 - 2014-06-10 21:40 - 01333465 _____ () C:\Users\loswochos\Desktop\adwcleaner_3.212.exe 2014-06-10 12:48 - 2014-06-20 14:02 - 00000840 _____ () C:\Windows\setupact.log 2014-06-10 12:48 - 2014-06-10 12:48 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-10 12:28 - 2014-06-20 11:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-10 12:28 - 2014-06-10 12:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-06-10 12:22 - 2014-06-10 12:22 - 01057176 _____ (Adobe) C:\Users\loswochos\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe 2014-06-09 11:50 - 2014-06-09 11:56 - 00000000 ____D () C:\Users\loswochos\Desktop\dresktop 2014-06-07 19:07 - 2014-06-07 19:09 - 21903785 _____ () C:\Users\loswochos\Downloads\The Walking Dead 092.cbz 2014-06-07 19:07 - 2014-06-07 19:09 - 21866326 _____ () C:\Users\loswochos\Downloads\The Walking Dead 091.cbr 2014-06-07 19:06 - 2014-06-07 19:07 - 18796468 _____ () C:\Users\loswochos\Downloads\The Walking Dead 086.cbr 2014-06-07 19:06 - 2014-06-07 19:07 - 17863030 _____ () C:\Users\loswochos\Downloads\The Walking Dead 080.cbr 2014-06-07 19:06 - 2014-06-07 19:07 - 10376899 _____ () C:\Users\loswochos\Downloads\The Walking Dead 061.cbr 2014-06-07 19:05 - 2014-06-07 19:07 - 17669982 _____ () C:\Users\loswochos\Downloads\The Walking Dead 074.cbr 2014-06-07 17:03 - 2014-06-07 17:03 - 00000000 ____D () C:\Users\loswochos\AppData\Local\calibre-cache 2014-06-07 17:02 - 2014-06-07 17:03 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\calibre 2014-06-07 17:01 - 2014-06-07 17:01 - 00000000 ____D () C:\Program Files\Calibre2 2014-06-07 16:56 - 2014-06-07 16:56 - 61444096 _____ () C:\Users\loswochos\Downloads\calibre-64bit-1.39.0.msi 2014-05-23 15:44 - 2014-05-23 15:44 - 00000000 ____D () C:\Users\loswochos\Documents\ProcAlyzer Dumps 2014-05-23 12:34 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-23 12:33 - 2014-06-19 21:39 - 00000000 ____D () C:\AdwCleaner 2014-05-22 22:22 - 2014-05-22 22:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\loswochos\Downloads\Stop Autoplay - CHIP-Downloader.exe 2014-05-22 22:22 - 2014-05-22 22:22 - 00041147 _____ () C:\Users\loswochos\Downloads\stop_autoplay-1.2.1-sm_fx.zip 2014-05-22 14:04 - 2014-06-06 17:10 - 00000000 ____D () C:\Users\loswochos\Desktop\Schreiben Jurk ==================== One Month Modified Files and Folders ======= 2014-06-20 15:15 - 2014-06-19 13:39 - 00000000 ____D () C:\FRST 2014-06-20 14:12 - 2012-12-31 12:06 - 00000000 ____D () C:\Users\loswochos\AppData\Local\PMB Files 2014-06-20 14:12 - 2012-08-30 16:27 - 00000000 ___RD () C:\Users\loswochos\Dropbox 2014-06-20 14:12 - 2011-04-23 14:43 - 01746660 _____ () C:\Windows\WindowsUpdate.log 2014-06-20 14:12 - 2009-07-14 05:45 - 00013568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-20 14:12 - 2009-07-14 05:45 - 00013568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-20 14:07 - 2014-06-10 21:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2014-06-20 14:04 - 2014-06-18 08:17 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) 2014-06-20 14:04 - 2014-05-03 10:37 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\DropboxMaster 2014-06-20 14:04 - 2012-08-30 16:17 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\Dropbox 2014-06-20 14:02 - 2014-06-10 12:48 - 00000840 _____ () C:\Windows\setupact.log 2014-06-20 14:02 - 2014-05-14 09:42 - 00012278 _____ () C:\aaw7boot.log 2014-06-20 14:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-20 11:23 - 2014-06-10 12:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-20 08:09 - 2014-06-20 08:09 - 00506208 _____ () C:\Windows\Minidump\062014-17721-01.dmp 2014-06-20 08:09 - 2011-08-25 12:32 - 00000000 ____D () C:\Windows\Minidump 2014-06-19 21:51 - 2014-06-19 13:39 - 00051152 _____ () C:\Users\loswochos\Desktop\FRST.txt 2014-06-19 21:40 - 2014-06-10 21:44 - 00003478 _____ () C:\Windows\PFRO.log 2014-06-19 21:39 - 2014-05-23 12:33 - 00000000 ____D () C:\AdwCleaner 2014-06-19 15:09 - 2014-06-19 15:09 - 00021776 _____ () C:\ComboFix.txt 2014-06-19 15:09 - 2014-06-19 14:47 - 00000000 ____D () C:\ComboFix 2014-06-19 15:09 - 2014-06-19 14:45 - 00000000 ____D () C:\Qoobox 2014-06-19 15:09 - 2009-07-14 04:20 - 00000000 __RHD () C:\users\Default 2014-06-19 15:06 - 2014-06-19 14:44 - 00000000 ____D () C:\Windows\erdnt 2014-06-19 15:04 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-06-19 14:43 - 2014-06-19 14:43 - 05207168 ____R (Swearware) C:\Users\loswochos\Desktop\ComboFix.exe 2014-06-19 14:41 - 2014-06-19 14:41 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine 2014-06-19 14:41 - 2014-06-19 14:41 - 00000000 ____D () C:\ProgramData\Panda Security 2014-06-19 14:41 - 2014-06-19 14:41 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine 2014-06-19 14:40 - 2014-06-19 14:40 - 00848856 _____ (Panda Security ) C:\Users\loswochos\Desktop\USBVaccineSetup.exe 2014-06-19 14:37 - 2014-06-19 13:33 - 00000000 ____D () C:\Users\loswochos\Downloads\trojaner board 2014-06-19 14:05 - 2014-06-19 14:05 - 00001059 _____ () C:\Users\loswochos\Desktop\mbmt.txt 2014-06-19 14:02 - 2014-06-19 14:02 - 00007426 _____ () C:\Users\loswochos\Desktop\Gmer.txt 2014-06-19 13:42 - 2014-06-19 13:40 - 00045731 _____ () C:\Users\loswochos\Desktop\Addition.txt 2014-06-19 13:38 - 2014-06-19 13:38 - 00000480 _____ () C:\Users\loswochos\Desktop\defogger_disable.log 2014-06-19 13:38 - 2014-06-19 13:38 - 00000000 _____ () C:\Users\loswochos\defogger_reenable 2014-06-19 13:38 - 2011-04-23 14:43 - 00000000 ____D () C:\users\loswochos 2014-06-19 13:33 - 2014-06-19 13:33 - 02082304 _____ (Farbar) C:\Users\loswochos\Desktop\FRST64.exe 2014-06-19 13:33 - 2014-06-19 13:33 - 00380416 _____ () C:\Users\loswochos\Desktop\Gmer-19357.exe 2014-06-19 13:33 - 2014-06-19 13:33 - 00050477 _____ () C:\Users\loswochos\Desktop\Defogger.exe 2014-06-19 12:47 - 2012-11-10 12:58 - 00000000 ____D () C:\Users\loswochos\Downloads\Tor Browser 2014-06-19 12:45 - 2014-06-19 12:45 - 27437354 _____ () C:\Users\loswochos\Downloads\torbrowser-install-3.6.2_de.exe 2014-06-19 09:02 - 2012-05-14 15:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-18 18:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-06-18 17:14 - 2014-06-18 17:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-18 08:26 - 2014-06-17 19:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-06-17 23:54 - 2013-08-26 02:01 - 00000000 ____D () C:\Windows\System32\MRT 2014-06-17 23:51 - 2011-04-23 16:09 - 95414520 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-06-17 23:50 - 2011-04-23 15:12 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-17 23:48 - 2014-04-23 18:09 - 00000000 ___SD () C:\Windows\System32\CompatTel 2014-06-17 19:05 - 2014-05-16 11:02 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat 2014-06-17 19:05 - 2014-05-16 11:02 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat 2014-06-11 03:15 - 2011-07-30 11:54 - 00000000 ____D () C:\Windows\64F6748976BB4CDDA236F954BE774B35.TMP 2014-06-10 22:10 - 2014-05-13 00:57 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\KeePass 2014-06-10 21:50 - 2014-06-10 21:50 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-10 21:50 - 2014-06-10 21:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-10 21:49 - 2014-06-10 21:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-10 21:48 - 2014-06-10 21:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\loswochos\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-10 21:40 - 2014-06-10 21:40 - 01333465 _____ () C:\Users\loswochos\Desktop\adwcleaner_3.212.exe 2014-06-10 21:16 - 2009-07-14 18:58 - 00699432 _____ () C:\Windows\System32\perfh007.dat 2014-06-10 21:16 - 2009-07-14 18:58 - 00149572 _____ () C:\Windows\System32\perfc007.dat 2014-06-10 21:16 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-06-10 15:46 - 2011-04-26 12:01 - 00000000 ___RD () C:\Users\loswochos\Desktop\Programme 2014-06-10 12:48 - 2014-06-10 12:48 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-10 12:43 - 2012-04-21 13:33 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-06-10 12:28 - 2014-06-10 12:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-06-10 12:28 - 2012-05-13 19:18 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-06-10 12:28 - 2011-05-28 10:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-10 12:22 - 2014-06-10 12:22 - 01057176 _____ (Adobe) C:\Users\loswochos\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe 2014-06-09 13:54 - 2013-11-08 01:07 - 00000000 ____D () C:\Users\loswochos\AppData\Local\Arma 3 2014-06-09 11:56 - 2014-06-09 11:50 - 00000000 ____D () C:\Users\loswochos\Desktop\dresktop 2014-06-08 23:02 - 2011-06-07 21:41 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\vlc 2014-06-08 10:13 - 2014-06-17 19:10 - 00506368 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll 2014-06-08 10:08 - 2014-06-17 19:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll 2014-06-07 19:09 - 2014-06-07 19:07 - 21903785 _____ () C:\Users\loswochos\Downloads\The Walking Dead 092.cbz 2014-06-07 19:09 - 2014-06-07 19:07 - 21866326 _____ () C:\Users\loswochos\Downloads\The Walking Dead 091.cbr 2014-06-07 19:07 - 2014-06-07 19:06 - 18796468 _____ () C:\Users\loswochos\Downloads\The Walking Dead 086.cbr 2014-06-07 19:07 - 2014-06-07 19:06 - 17863030 _____ () C:\Users\loswochos\Downloads\The Walking Dead 080.cbr 2014-06-07 19:07 - 2014-06-07 19:06 - 10376899 _____ () C:\Users\loswochos\Downloads\The Walking Dead 061.cbr 2014-06-07 19:07 - 2014-06-07 19:05 - 17669982 _____ () C:\Users\loswochos\Downloads\The Walking Dead 074.cbr 2014-06-07 17:03 - 2014-06-07 17:03 - 00000000 ____D () C:\Users\loswochos\AppData\Local\calibre-cache 2014-06-07 17:03 - 2014-06-07 17:02 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\calibre 2014-06-07 17:01 - 2014-06-07 17:01 - 00000000 ____D () C:\Program Files\Calibre2 2014-06-07 16:56 - 2014-06-07 16:56 - 61444096 _____ () C:\Users\loswochos\Downloads\calibre-64bit-1.39.0.msi 2014-06-06 17:10 - 2014-05-22 14:04 - 00000000 ____D () C:\Users\loswochos\Desktop\Schreiben Jurk 2014-05-30 15:58 - 2011-09-29 17:30 - 00000000 ____D () C:\ProgramData\Origin 2014-05-30 15:57 - 2011-09-29 17:30 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-05-30 11:21 - 2014-06-17 19:10 - 23414784 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-05-30 11:02 - 2014-06-17 19:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-05-30 11:02 - 2014-06-17 19:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2014-05-30 10:45 - 2014-06-17 19:10 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-05-30 10:39 - 2014-06-17 19:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2014-05-30 10:39 - 2014-06-17 19:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-05-30 10:38 - 2014-06-17 19:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2014-05-30 10:28 - 2014-06-17 19:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2014-05-30 10:27 - 2014-06-17 19:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2014-05-30 10:24 - 2014-06-17 19:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2014-05-30 10:21 - 2014-06-17 19:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2014-05-30 10:21 - 2014-06-17 19:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2014-05-30 10:20 - 2014-06-17 19:10 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2014-05-30 10:18 - 2014-06-17 19:11 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-30 10:11 - 2014-06-17 19:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2014-05-30 10:08 - 2014-06-17 19:10 - 05782528 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-05-30 10:06 - 2014-06-17 19:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2014-05-30 10:02 - 2014-06-17 19:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-30 09:55 - 2014-06-17 19:11 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-05-30 09:49 - 2014-06-17 19:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2014-05-30 09:46 - 2014-06-17 19:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2014-05-30 09:44 - 2014-06-17 19:10 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-05-30 09:44 - 2014-06-17 19:10 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2014-05-30 09:43 - 2014-06-17 19:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-05-30 09:42 - 2014-06-17 19:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-05-30 09:38 - 2014-06-17 19:11 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-05-30 09:35 - 2014-06-17 19:10 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-05-30 09:34 - 2014-06-17 19:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-05-30 09:33 - 2014-06-17 19:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-05-30 09:30 - 2014-06-17 19:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-05-30 09:29 - 2014-06-17 19:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-05-30 09:28 - 2014-06-17 19:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-05-30 09:27 - 2014-06-17 19:11 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-05-30 09:24 - 2014-06-17 19:10 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2014-05-30 09:23 - 2014-06-17 19:10 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-05-30 09:16 - 2014-06-17 19:11 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-05-30 09:10 - 2014-06-17 19:11 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-05-30 09:06 - 2014-06-17 19:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-05-30 09:04 - 2014-06-17 19:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-30 09:02 - 2014-06-17 19:11 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-05-30 08:56 - 2014-06-17 19:10 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-05-30 08:56 - 2014-06-17 19:10 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-05-30 08:54 - 2014-06-17 19:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-05-30 08:50 - 2014-06-17 19:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-05-30 08:49 - 2014-06-17 19:11 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-05-30 08:43 - 2014-06-17 19:10 - 13522944 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-05-30 08:40 - 2014-06-17 19:11 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-05-30 08:30 - 2014-06-17 19:11 - 01398272 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-05-30 08:21 - 2014-06-17 19:10 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-05-30 08:15 - 2014-06-17 19:11 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-05-30 08:13 - 2014-06-17 19:10 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2014-05-30 08:13 - 2014-06-17 19:10 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-05-23 15:44 - 2014-05-23 15:44 - 00000000 ____D () C:\Users\loswochos\Documents\ProcAlyzer Dumps 2014-05-23 15:44 - 2014-01-19 22:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-22 22:22 - 2014-05-22 22:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\loswochos\Downloads\Stop Autoplay - CHIP-Downloader.exe 2014-05-22 22:22 - 2014-05-22 22:22 - 00041147 _____ () C:\Users\loswochos\Downloads\stop_autoplay-1.2.1-sm_fx.zip 2014-05-22 20:11 - 2014-05-13 20:20 - 00004894 _____ () C:\Users\loswochos\Documents\NeueDatenbank.kdbx 2014-05-22 12:12 - 2014-01-19 23:07 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys 2014-05-22 12:12 - 2014-01-19 23:07 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys Some content of TEMP: ==================== C:\Users\loswochos\AppData\Local\Temp\avgnt.exe C:\Users\loswochos\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqi95zq.dll C:\Users\loswochos\AppData\Local\Temp\Quarantine.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2014-05-31 13:51:35 Restore point made on: 2014-06-03 16:14:38 Restore point made on: 2014-06-07 17:01:04 Restore point made on: 2014-06-10 16:14:41 Restore point made on: 2014-06-17 23:47:15 Restore point made on: 2014-06-19 14:47:36 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 4095.24 MB Available physical RAM: 3500.3 MB Total Pagefile: 4093.39 MB Available Pagefile: 3491.48 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:153.38 GB) (Free:17.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (EMPIRE_DISC2) (CDROM) (Total:5.54 GB) (Free:0 GB) CDFS Drive e: () (Removable) (Total:14.53 GB) (Free:4.31 GB) FAT32 Drive f: (KINGSTON) (Removable) (Total:14.64 GB) (Free:14.64 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 153 GB) (Disk ID: CB4ACB4A) Partition 1: (Active) - (Size=153 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=15 GB) - (Type=0C) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: 88032E65) Partition 1: (Active) - (Size=15 GB) - (Type=0C) LastRegBack: 2014-06-18 18:00 ==================== End Of Log ============================ |
|
20.06.2014, 16:45
| #12 |
| /// TB-Ausbilder /// Anleitungs-Guru | Antivir durch Gruppenrichtlinie blockiert OK, dann mache bitte diesen Fix auch in den Reparaturoptionen und starte danach in den Normalmodus und mache einen normalen Scan mit FRST. Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\loswochos\...\Run: [java ska] => wscript.exe //B "C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs" <===== ATTENTION
C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs
Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs ()
C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
20.06.2014, 17:03
| #13 |
| | Antivir durch Gruppenrichtlinie blockiert Hab ich gemacht, hier das Fixlog dazu: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2014
Ran by SYSTEM at 2014-06-20 17:55:38 Run:3
Running from F:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
HKU\loswochos\...\Run: [java ska] => wscript.exe //B "C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs" <===== ATTENTION
C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs
Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs ()
C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs
*****************
HKU\loswochos\Software\Microsoft\Windows\CurrentVersion\Run\\java ska => value deleted successfully.
C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs => Moved successfully.
C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs => Moved successfully.
"C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs" => File/Directory not found.
==== End of Fixlog ====
|
|
20.06.2014, 17:32
| #14 |
| /// TB-Ausbilder /// Anleitungs-Guru | Antivir durch Gruppenrichtlinie blockiert OK, gut gemacht. Und jetzt noch FRST im Normalmodus bitte...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
20.06.2014, 17:42
| #15 |
| | Antivir durch Gruppenrichtlinie blockiert Achja sorry, Hier ist das FRST aus dem Normalmodus: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-06-2014 Ran by loswochos (administrator) on LOSWOCHOS-PC on 20-06-2014 18:41:04 Running from C:\Users\loswochos\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Dropbox, Inc.) C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-07-23] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-31] () Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exelsdelete ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x48D946F0E691CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\..\Interfaces\{19902E11-779E-4975-ACCA-397C9EC695E6}: [NameServer]141.30.207.2 FireFox: ======== FF ProfilePath: C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default FF NewTab: chrome://quick_start/content/index.html FF Homepage: about:home FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Xchange\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Xchange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.116.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\loswochos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\searchplugins\ecosia.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Unblock YouTube - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\ich@maltegoetz.de [2013-12-12] FF Extension: Forecastfox - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-10-09] FF Extension: Flashblock - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-05-25] FF Extension: DownloadHelper - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-06] FF Extension: SearchPreview - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2014-05-22] FF Extension: Ghostery - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\firefox@ghostery.com.xpi [2013-08-02] FF Extension: Quick Note - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\jid0-T01UQ5416mmgiAxnF7j8Iwzeffc@jetpack.xpi [2012-08-14] FF Extension: ScrollyFox - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\scrollyfox@shawfiresolutions.com.au.xpi [2013-04-21] FF Extension: Scroll to Top/Bottom - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\scroll_to_top-bottom@developer.bobdawg.org.xpi [2012-08-12] FF Extension: Status-4-Evar - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\status4evar@caligonstudios.com.xpi [2014-06-19] FF Extension: Scientific Calculator - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\ststusscicalc@sunny.xpi [2012-07-18] FF Extension: TinyURL Generator - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2014-01-13] FF Extension: Trafficanzeige - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\traffic@anzeige3.xpi [2013-01-21] FF Extension: YouTube to MP3 - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\youtube2mp3@mondayx.de.xpi [2011-06-30] FF Extension: Stop Autoplay - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}.xpi [2014-05-22] FF Extension: AniWeather - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2011-05-02] FF Extension: Multirow Bookmarks Toolbar Plus - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2012-07-23] FF Extension: SmoothWheel (mozdev.org) - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2011-05-02] FF Extension: Adblock Plus - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-24] FF Extension: Download Statusbar - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-04-24] FF Extension: DownThemAll! - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-04-24] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-08-14] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23] ==================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-07-23] (Advanced Micro Devices, Inc.) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG) R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed] R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION) R2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152720 2014-05-13] (Lavasoft Limited) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-07-13] () S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) ==================== Drivers (Whitelisted) ==================== S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.) R3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2014-05-13] () R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-10-28] (Lavasoft AB) S3 MAUSBFASTTRACKPRO; C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys [187912 2010-12-07] (Avid Technology, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 VaneFltr; C:\Windows\System32\drivers\Lachesis.sys [29952 2009-10-16] (Razer (Asia-Pacific) Pte Ltd) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-20 18:40 - 2014-06-20 18:40 - 00000000 ____D () C:\Users\loswochos\Desktop\FRST-OlderVersion 2014-06-20 17:56 - 2014-06-20 17:56 - 00000022 _____ () C:\Windows\S.dirmngr 2014-06-20 09:09 - 2014-06-20 09:09 - 00506208 _____ () C:\Windows\Minidump\062014-17721-01.dmp 2014-06-19 16:09 - 2014-06-19 16:09 - 00021776 _____ () C:\ComboFix.txt 2014-06-19 15:47 - 2014-06-19 16:09 - 00000000 ____D () C:\ComboFix 2014-06-19 15:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-06-19 15:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-06-19 15:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-06-19 15:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-06-19 15:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-06-19 15:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-06-19 15:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-06-19 15:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-06-19 15:45 - 2014-06-19 16:09 - 00000000 ____D () C:\Qoobox 2014-06-19 15:44 - 2014-06-19 16:06 - 00000000 ____D () C:\Windows\erdnt 2014-06-19 15:43 - 2014-06-19 15:43 - 05207168 ____R (Swearware) C:\Users\loswochos\Desktop\ComboFix.exe 2014-06-19 15:41 - 2014-06-19 15:41 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine 2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Panda Security 2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security 2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine 2014-06-19 15:40 - 2014-06-19 15:40 - 00848856 _____ (Panda Security ) C:\Users\loswochos\Desktop\USBVaccineSetup.exe 2014-06-19 15:05 - 2014-06-19 15:05 - 00001059 _____ () C:\Users\loswochos\Desktop\mbmt.txt 2014-06-19 15:02 - 2014-06-19 15:02 - 00007426 _____ () C:\Users\loswochos\Desktop\Gmer.txt 2014-06-19 14:40 - 2014-06-19 14:42 - 00045731 _____ () C:\Users\loswochos\Desktop\Addition.txt 2014-06-19 14:39 - 2014-06-20 18:41 - 00022184 _____ () C:\Users\loswochos\Desktop\FRST.txt 2014-06-19 14:39 - 2014-06-20 18:41 - 00000000 ____D () C:\FRST 2014-06-19 14:38 - 2014-06-19 14:38 - 00000480 _____ () C:\Users\loswochos\Desktop\defogger_disable.log 2014-06-19 14:38 - 2014-06-19 14:38 - 00000000 _____ () C:\Users\loswochos\defogger_reenable 2014-06-19 14:33 - 2014-06-20 18:40 - 02083328 _____ (Farbar) C:\Users\loswochos\Desktop\FRST64.exe 2014-06-19 14:33 - 2014-06-19 15:37 - 00000000 ____D () C:\Users\loswochos\Downloads\trojaner board 2014-06-19 14:33 - 2014-06-19 14:33 - 00380416 _____ () C:\Users\loswochos\Desktop\Gmer-19357.exe 2014-06-19 14:33 - 2014-06-19 14:33 - 00050477 _____ () C:\Users\loswochos\Desktop\Defogger.exe 2014-06-19 13:45 - 2014-06-19 13:45 - 27437354 _____ () C:\Users\loswochos\Downloads\torbrowser-install-3.6.2_de.exe 2014-06-18 18:14 - 2014-06-18 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-18 09:17 - 2014-06-20 17:57 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) 2014-06-17 20:51 - 2014-06-18 09:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-06-17 20:11 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-17 20:11 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-17 20:11 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-17 20:11 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-17 20:11 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-17 20:11 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-17 20:11 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-17 20:11 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-17 20:11 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-17 20:11 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-17 20:11 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-17 20:11 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-17 20:11 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-17 20:11 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-17 20:11 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-17 20:11 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-17 20:11 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-17 20:11 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-17 20:11 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-17 20:11 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-17 20:11 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-17 20:11 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-17 20:11 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-17 20:11 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-17 20:11 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-17 20:11 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-17 20:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-17 20:11 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-17 20:11 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-17 20:11 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-17 20:11 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-17 20:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-17 20:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-17 20:11 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-17 20:11 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-17 20:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-17 20:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-17 20:10 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-17 20:10 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-17 20:10 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-17 20:10 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-17 20:10 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-17 20:10 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-17 20:10 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-17 20:10 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-17 20:10 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-17 20:10 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-17 20:10 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-17 20:10 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-17 20:10 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-17 20:10 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-17 20:10 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-17 20:10 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-17 20:10 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-17 20:10 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-17 20:10 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-17 20:10 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-17 20:10 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-17 20:10 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-17 20:10 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-17 20:10 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-17 20:10 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-17 20:10 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-17 20:10 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-17 20:10 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-17 20:10 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-10 22:50 - 2014-06-20 18:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-10 22:50 - 2014-06-10 22:50 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-10 22:50 - 2014-06-10 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-10 22:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-10 22:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-10 22:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-10 22:49 - 2014-06-10 22:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-10 22:44 - 2014-06-19 22:40 - 00003478 _____ () C:\Windows\PFRO.log 2014-06-10 22:42 - 2014-06-10 22:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\loswochos\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-10 22:40 - 2014-06-10 22:40 - 01333465 _____ () C:\Users\loswochos\Desktop\adwcleaner_3.212.exe 2014-06-10 13:48 - 2014-06-20 17:56 - 00001747 _____ () C:\Windows\setupact.log 2014-06-10 13:48 - 2014-06-10 13:48 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-10 13:28 - 2014-06-20 18:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-10 13:28 - 2014-06-10 13:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-06-10 13:22 - 2014-06-10 13:22 - 01057176 _____ (Adobe) C:\Users\loswochos\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe 2014-06-09 12:50 - 2014-06-09 12:56 - 00000000 ____D () C:\Users\loswochos\Desktop\dresktop 2014-06-07 20:07 - 2014-06-07 20:09 - 21903785 _____ () C:\Users\loswochos\Downloads\The Walking Dead 092.cbz 2014-06-07 20:07 - 2014-06-07 20:09 - 21866326 _____ () C:\Users\loswochos\Downloads\The Walking Dead 091.cbr 2014-06-07 20:06 - 2014-06-07 20:07 - 18796468 _____ () C:\Users\loswochos\Downloads\The Walking Dead 086.cbr 2014-06-07 20:06 - 2014-06-07 20:07 - 17863030 _____ () C:\Users\loswochos\Downloads\The Walking Dead 080.cbr 2014-06-07 20:06 - 2014-06-07 20:07 - 10376899 _____ () C:\Users\loswochos\Downloads\The Walking Dead 061.cbr 2014-06-07 20:05 - 2014-06-07 20:07 - 17669982 _____ () C:\Users\loswochos\Downloads\The Walking Dead 074.cbr 2014-06-07 18:03 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Local\calibre-cache 2014-06-07 18:02 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\calibre 2014-06-07 18:01 - 2014-06-07 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2014-06-07 18:01 - 2014-06-07 18:01 - 00000000 ____D () C:\Program Files\Calibre2 2014-06-07 17:56 - 2014-06-07 17:56 - 61444096 _____ () C:\Users\loswochos\Downloads\calibre-64bit-1.39.0.msi 2014-05-23 16:44 - 2014-05-23 16:44 - 00000000 ____D () C:\Users\loswochos\Documents\ProcAlyzer Dumps 2014-05-23 13:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-23 13:33 - 2014-06-19 22:39 - 00000000 ____D () C:\AdwCleaner 2014-05-22 23:22 - 2014-05-22 23:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\loswochos\Downloads\Stop Autoplay - CHIP-Downloader.exe 2014-05-22 23:22 - 2014-05-22 23:22 - 00041147 _____ () C:\Users\loswochos\Downloads\stop_autoplay-1.2.1-sm_fx.zip 2014-05-22 15:04 - 2014-06-06 18:10 - 00000000 ____D () C:\Users\loswochos\Desktop\Schreiben Jurk ==================== One Month Modified Files and Folders ======= 2014-06-20 18:41 - 2014-06-19 14:39 - 00022184 _____ () C:\Users\loswochos\Desktop\FRST.txt 2014-06-20 18:41 - 2014-06-19 14:39 - 00000000 ____D () C:\FRST 2014-06-20 18:40 - 2014-06-20 18:40 - 00000000 ____D () C:\Users\loswochos\Desktop\FRST-OlderVersion 2014-06-20 18:40 - 2014-06-19 14:33 - 02083328 _____ (Farbar) C:\Users\loswochos\Desktop\FRST64.exe 2014-06-20 18:30 - 2012-12-31 13:06 - 00000000 ____D () C:\Users\loswochos\AppData\Local\PMB Files 2014-06-20 18:23 - 2014-06-10 13:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-20 18:10 - 2014-06-10 22:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-20 18:06 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-20 18:06 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-20 18:02 - 2011-04-23 15:43 - 01753849 _____ () C:\Windows\WindowsUpdate.log 2014-06-20 17:59 - 2012-08-30 17:27 - 00000000 ___RD () C:\Users\loswochos\Dropbox 2014-06-20 17:59 - 2012-08-30 17:17 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\Dropbox 2014-06-20 17:58 - 2014-05-03 11:37 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\DropboxMaster 2014-06-20 17:57 - 2014-06-18 09:17 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) 2014-06-20 17:56 - 2014-06-20 17:56 - 00000022 _____ () C:\Windows\S.dirmngr 2014-06-20 17:56 - 2014-06-10 13:48 - 00001747 _____ () C:\Windows\setupact.log 2014-06-20 17:56 - 2014-05-14 10:42 - 00012726 _____ () C:\aaw7boot.log 2014-06-20 17:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-20 16:20 - 2011-05-11 21:27 - 00000000 ____D () C:\Windows\System32\Tasks\Games 2014-06-20 15:32 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2014-06-20 15:32 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2014-06-20 15:32 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-20 09:09 - 2014-06-20 09:09 - 00506208 _____ () C:\Windows\Minidump\062014-17721-01.dmp 2014-06-20 09:09 - 2011-08-25 13:32 - 00000000 ____D () C:\Windows\Minidump 2014-06-19 22:40 - 2014-06-10 22:44 - 00003478 _____ () C:\Windows\PFRO.log 2014-06-19 22:39 - 2014-05-23 13:33 - 00000000 ____D () C:\AdwCleaner 2014-06-19 16:09 - 2014-06-19 16:09 - 00021776 _____ () C:\ComboFix.txt 2014-06-19 16:09 - 2014-06-19 15:47 - 00000000 ____D () C:\ComboFix 2014-06-19 16:09 - 2014-06-19 15:45 - 00000000 ____D () C:\Qoobox 2014-06-19 16:09 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-06-19 16:06 - 2014-06-19 15:44 - 00000000 ____D () C:\Windows\erdnt 2014-06-19 16:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-06-19 15:43 - 2014-06-19 15:43 - 05207168 ____R (Swearware) C:\Users\loswochos\Desktop\ComboFix.exe 2014-06-19 15:41 - 2014-06-19 15:41 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine 2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Panda Security 2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security 2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine 2014-06-19 15:40 - 2014-06-19 15:40 - 00848856 _____ (Panda Security ) C:\Users\loswochos\Desktop\USBVaccineSetup.exe 2014-06-19 15:37 - 2014-06-19 14:33 - 00000000 ____D () C:\Users\loswochos\Downloads\trojaner board 2014-06-19 15:05 - 2014-06-19 15:05 - 00001059 _____ () C:\Users\loswochos\Desktop\mbmt.txt 2014-06-19 15:02 - 2014-06-19 15:02 - 00007426 _____ () C:\Users\loswochos\Desktop\Gmer.txt 2014-06-19 14:42 - 2014-06-19 14:40 - 00045731 _____ () C:\Users\loswochos\Desktop\Addition.txt 2014-06-19 14:38 - 2014-06-19 14:38 - 00000480 _____ () C:\Users\loswochos\Desktop\defogger_disable.log 2014-06-19 14:38 - 2014-06-19 14:38 - 00000000 _____ () C:\Users\loswochos\defogger_reenable 2014-06-19 14:38 - 2011-04-23 15:43 - 00000000 ____D () C:\Users\loswochos 2014-06-19 14:33 - 2014-06-19 14:33 - 00380416 _____ () C:\Users\loswochos\Desktop\Gmer-19357.exe 2014-06-19 14:33 - 2014-06-19 14:33 - 00050477 _____ () C:\Users\loswochos\Desktop\Defogger.exe 2014-06-19 13:47 - 2012-11-10 13:58 - 00000000 ____D () C:\Users\loswochos\Downloads\Tor Browser 2014-06-19 13:45 - 2014-06-19 13:45 - 27437354 _____ () C:\Users\loswochos\Downloads\torbrowser-install-3.6.2_de.exe 2014-06-19 10:02 - 2012-05-14 16:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-18 19:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-06-18 18:14 - 2014-06-18 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-18 09:26 - 2014-06-17 20:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-06-18 00:54 - 2013-08-26 03:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-18 00:51 - 2011-04-23 17:09 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-18 00:50 - 2011-04-23 16:12 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-18 00:48 - 2014-04-23 19:09 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-17 20:05 - 2014-05-16 12:02 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat 2014-06-17 20:05 - 2014-05-16 12:02 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat 2014-06-11 04:15 - 2011-07-30 12:54 - 00000000 ____D () C:\Windows\64F6748976BB4CDDA236F954BE774B35.TMP 2014-06-10 23:10 - 2014-05-13 01:57 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\KeePass 2014-06-10 22:50 - 2014-06-10 22:50 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-10 22:50 - 2014-06-10 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-10 22:50 - 2014-06-10 22:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-10 22:48 - 2014-06-10 22:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\loswochos\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-10 22:40 - 2014-06-10 22:40 - 01333465 _____ () C:\Users\loswochos\Desktop\adwcleaner_3.212.exe 2014-06-10 16:46 - 2011-04-26 13:01 - 00000000 ___RD () C:\Users\loswochos\Desktop\Programme 2014-06-10 13:48 - 2014-06-10 13:48 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-10 13:43 - 2012-04-21 14:33 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-06-10 13:28 - 2014-06-10 13:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-06-10 13:28 - 2012-05-13 20:18 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-06-10 13:28 - 2011-05-28 11:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-10 13:22 - 2014-06-10 13:22 - 01057176 _____ (Adobe) C:\Users\loswochos\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe 2014-06-09 14:54 - 2013-11-08 02:07 - 00000000 ____D () C:\Users\loswochos\AppData\Local\Arma 3 2014-06-09 12:56 - 2014-06-09 12:50 - 00000000 ____D () C:\Users\loswochos\Desktop\dresktop 2014-06-09 00:02 - 2011-06-07 22:41 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\vlc 2014-06-08 11:13 - 2014-06-17 20:10 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-08 11:08 - 2014-06-17 20:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-07 20:09 - 2014-06-07 20:07 - 21903785 _____ () C:\Users\loswochos\Downloads\The Walking Dead 092.cbz 2014-06-07 20:09 - 2014-06-07 20:07 - 21866326 _____ () C:\Users\loswochos\Downloads\The Walking Dead 091.cbr 2014-06-07 20:07 - 2014-06-07 20:06 - 18796468 _____ () C:\Users\loswochos\Downloads\The Walking Dead 086.cbr 2014-06-07 20:07 - 2014-06-07 20:06 - 17863030 _____ () C:\Users\loswochos\Downloads\The Walking Dead 080.cbr 2014-06-07 20:07 - 2014-06-07 20:06 - 10376899 _____ () C:\Users\loswochos\Downloads\The Walking Dead 061.cbr 2014-06-07 20:07 - 2014-06-07 20:05 - 17669982 _____ () C:\Users\loswochos\Downloads\The Walking Dead 074.cbr 2014-06-07 18:03 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Local\calibre-cache 2014-06-07 18:03 - 2014-06-07 18:02 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\calibre 2014-06-07 18:02 - 2014-06-07 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2014-06-07 18:01 - 2014-06-07 18:01 - 00000000 ____D () C:\Program Files\Calibre2 2014-06-07 17:56 - 2014-06-07 17:56 - 61444096 _____ () C:\Users\loswochos\Downloads\calibre-64bit-1.39.0.msi 2014-06-06 18:10 - 2014-05-22 15:04 - 00000000 ____D () C:\Users\loswochos\Desktop\Schreiben Jurk 2014-05-30 16:58 - 2011-09-29 18:30 - 00000000 ____D () C:\ProgramData\Origin 2014-05-30 16:57 - 2011-09-29 18:30 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-05-30 12:21 - 2014-06-17 20:10 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-30 12:02 - 2014-06-17 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-30 12:02 - 2014-06-17 20:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-05-30 11:45 - 2014-06-17 20:10 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-30 11:39 - 2014-06-17 20:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-30 11:39 - 2014-06-17 20:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-05-30 11:38 - 2014-06-17 20:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-05-30 11:28 - 2014-06-17 20:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-30 11:27 - 2014-06-17 20:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-05-30 11:24 - 2014-06-17 20:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-30 11:21 - 2014-06-17 20:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-05-30 11:21 - 2014-06-17 20:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-30 11:20 - 2014-06-17 20:10 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-05-30 11:18 - 2014-06-17 20:11 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-30 11:11 - 2014-06-17 20:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-05-30 11:08 - 2014-06-17 20:10 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-30 11:06 - 2014-06-17 20:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-30 11:02 - 2014-06-17 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-30 10:55 - 2014-06-17 20:11 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-05-30 10:49 - 2014-06-17 20:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-05-30 10:46 - 2014-06-17 20:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-30 10:44 - 2014-06-17 20:10 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-05-30 10:44 - 2014-06-17 20:10 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-30 10:43 - 2014-06-17 20:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-05-30 10:42 - 2014-06-17 20:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-05-30 10:38 - 2014-06-17 20:11 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-05-30 10:35 - 2014-06-17 20:10 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-05-30 10:34 - 2014-06-17 20:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-05-30 10:33 - 2014-06-17 20:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-05-30 10:30 - 2014-06-17 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-05-30 10:29 - 2014-06-17 20:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-30 10:28 - 2014-06-17 20:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-05-30 10:27 - 2014-06-17 20:11 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-05-30 10:24 - 2014-06-17 20:10 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-05-30 10:23 - 2014-06-17 20:10 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-30 10:16 - 2014-06-17 20:11 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-05-30 10:10 - 2014-06-17 20:11 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-05-30 10:06 - 2014-06-17 20:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-05-30 10:04 - 2014-06-17 20:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-30 10:02 - 2014-06-17 20:11 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-05-30 09:56 - 2014-06-17 20:10 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-05-30 09:56 - 2014-06-17 20:10 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-30 09:54 - 2014-06-17 20:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-05-30 09:50 - 2014-06-17 20:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-05-30 09:49 - 2014-06-17 20:11 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-05-30 09:43 - 2014-06-17 20:10 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-30 09:40 - 2014-06-17 20:11 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-05-30 09:30 - 2014-06-17 20:11 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-30 09:21 - 2014-06-17 20:10 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-05-30 09:15 - 2014-06-17 20:11 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-05-30 09:13 - 2014-06-17 20:10 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-05-30 09:13 - 2014-06-17 20:10 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-05-28 12:17 - 2012-08-30 17:22 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-23 16:44 - 2014-05-23 16:44 - 00000000 ____D () C:\Users\loswochos\Documents\ProcAlyzer Dumps 2014-05-23 16:44 - 2014-01-19 23:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-23 14:27 - 2011-04-24 12:07 - 00001021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-23 14:27 - 2011-04-23 15:45 - 00001003 _____ () C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-22 23:22 - 2014-05-22 23:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\loswochos\Downloads\Stop Autoplay - CHIP-Downloader.exe 2014-05-22 23:22 - 2014-05-22 23:22 - 00041147 _____ () C:\Users\loswochos\Downloads\stop_autoplay-1.2.1-sm_fx.zip 2014-05-22 21:11 - 2014-05-13 21:20 - 00004894 _____ () C:\Users\loswochos\Documents\NeueDatenbank.kdbx 2014-05-22 13:12 - 2014-01-20 00:07 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-05-22 13:12 - 2014-01-20 00:07 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys Some content of TEMP: ==================== C:\Users\loswochos\AppData\Local\Temp\avgnt.exe C:\Users\loswochos\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpingoks.dll C:\Users\loswochos\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-18 19:00 ==================== End Of Log ============================ |
|
Linear-Darstellung
