| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Avast!GUI defekt, TrojanDownloader.Elenoocka.AWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.06.2014, 12:44
| #1 |
| |  Windows 7: Avast!GUI defekt, TrojanDownloader.Elenoocka.A Hallo alle miteinander, bin leider mit meinem Latein am Ende und muss mich mal an die Profis wenden. Sorgenkind ist das Notebook meines Onkels. Er hat es irgendwie geschafft beim Online-Banking auf eine Fake-Seite zu gelangen und sollte da zum "üben" eine "Demo-SEPA-Überweisung" tätigen. Das hat er aber zum Glück nicht gemacht, so schlau war er dann schon, als er gemerkt hat, dass da irgendwas faul ist. Zugang sperren lassen, Schaden ist erst mal keiner entstanden. Dann bekam ich die Info "Schau dir mal meinen Rechner an, da ist ein Virus drauf." Nach einer sehr aufwendigen Informationsbeschaffung (wie das bei absoluten Laien meist so ist) und nach einiger Analyse des Rechners, konnte ich dann zumindest schon mal raus bekommen, dass... ...das Online-Banking über einen Proxy gelaufen ist, der die Originalseite manipuliert hat. ...möglicherweise ein E-Mail-Anhang mit o.g. TrojanDownloader geöffnet wurde. ...mindestens die Avast!GUI und das Windows-Sicherheitscenter nicht mehr funktioniert. ...sich Avast! weder ändern, deinstallieren, noch neu installieren lässt. Das Auffälligste war natürlich sofort, dass die Avast!GUI nicht mehr ging. Folgende Meldung kam, bei Versuch diese zu öffnen: Windows 7 Home Premium verfügt aber doch normalerweise garnicht über Gruppenrichtlinien?!?! Zumindest nicht über herkömmlich einstellbare? Das Windows-Wartungscenter sagte dann irgendwann auch mal, dass der Sicherheitscenter-Dienst deaktiviert ist und dieser wieder aktiviert werden sollte. Hab ich probiert, aber das wird alles blockiert. Avast! über Programme und Funktionen deinstallieren bzw. ändern klappt auch nicht, hier kommt diese Meldung: Ein neu downgeloadeter Installer verweigert ebenfalls die Arbeit mit deiser Meldung: Was etwas komisch erscheint, ist dass der Avast-Service scheinbar läuft und "nur" die GUI nicht mehr funktioniert?!? Der Abgesicherte Modus brachte auch keine Hilfe, hier lies sich nicht mal der Service starten, da die Abhängigkeiten nicht erfüllt waren. Habe dann mit der manuellen Suche und Bereinigung begonnen. Prozesse/Dienste, Autostart (auch msconfig) kontrolliert. Sämtliche Temp-Verzeichnisse inkl. Recycler geleert. Cache von einigen Anwendungen, die mir dabei über den Weg gelaufen sind gelöscht (Java, Firefox, einige Content-Verzeichnise der Windows-Online-Anwendungen). Einzige Auffälligkeiten bzw. Ungereimtheiten waren hier, ...ein Prozess "KBFiltr.exe" wo ich mir dachte für was sollte da ein Keyboardfilter drauf sein? Hat sich aber später als harmlos herausgestellt, da der zu ASUS gehört. ...ein Dienst der laut Name und Beschreibung zu Nvidia gehört aber ein seltsames Verhalten aufweist, welches ich bisher noch nie hatte. Hab den Dienst vorsichtshalber deaktiviert, da er selbstständig den neuen Benutzer "Updatus" anlegt und der Dienst unter diesem Konto ausgeführt wird?!? Bei uns in der Firma läuft einem das in Domänennetzen schon öfters über den Weg, dass Anwendungen unter bestimmten Konten ausgeführt werden, aber im privaten Bereich und gerade bei einem simplen Updatedienst (zumindest wird's als solcher angegeben) erschien mir das doch etwas verdächtig. Nachdem ich dann sonst weiter nichts offensichtliches entdeckt habe, musste ich den vermeintlichen Übeltäter (Mail-Anhang) nochmal scannen lassen um hoffentlich zu mehr Infos zu kommen. Es ist eine rechnung.cab mit ner .exe drin. Die hat mein Onkel laut seiner Aussage zwar geöffnet (die .cab), aber als er mit dem WinRAR-Fenster nix anzufangen wusste gleich wieder geschlossen. Er hätte eine echte Rechnung erwartet, die er ausdrucken hätte wollen, nachdem da nix derartiges kam, hat er 's wieder zu gemacht. Das Avast! auf meinem Rechner brachte mir nur die Beschreibung Win32/Trojan-gen, welche mich bei der Suche nach Lösungen ja unheimlich weiter brachte. Erst der spätere ESET-Onlinescanner zeigte etwas mehr. Bevor das Problem dann noch in's Unendliche ausgeartet wäre und ich sowieso schon hier gelandet bin, hab ich mich entschlossen Eure Hilfe anzufordern. ESET-Onlinescanner Code:
ATTFilter C:\Users\Andreas *****\Downloads\FreeYouTubeDownload(2).exe Win32/OpenCandy potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Andreas *****\Downloads\FreeYouTubeToMP3Converter.exe Win32/OpenCandy potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
D:\rechnung177.cab Win32/TrojanDownloader.Elenoocka.A Trojaner gelöscht - in Quarantäne kopiert
D:\Software\FreeYouTubeDownload.exe Win32/OpenCandy potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
defogger_disable.txt Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:13 on 21/06/2014 (Andreas ***** )
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-06-2014
Ran by Andreas ***** (administrator) on NB-01 on 20-06-2014 23:50:00
Running from D:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(Verlag Heinrich Vogel in der Springer Transport Media GmbH) C:\Program Files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Sonix Technology Co., Ltd.) C:\Windows\vsnp2uvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Verlag Heinrich Vogel in der Springer Transport Media GmbH) C:\Program Files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_comm_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_system_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_user_customer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2168424 2010-10-13] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-19] (Intel(R) Corporation)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [SessionLogon] => C:\ExpressGateUtil\SessionLogon.exe
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-21] (AVAST Software)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [SpiderService] => C:\Program Files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe [353280 2012-10-11] (Verlag Heinrich Vogel in der Springer Transport Media GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1706950150-641756562-2110156392-1000\...\Run: [PureSync] => C:\Program Files (x86)\PureSync\PureSyncTray.exe [906928 2013-12-20] (Jumping Bytes)
HKU\S-1-5-21-1706950150-641756562-2110156392-1000\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-1706950150-641756562-2110156392-1000\...\MountPoints2: {8c93c3bf-6a68-11e3-bc4f-806e6f6e6963} - D:\InstAll.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2010-11-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2010-11-30] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\Users\Andreas *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Andreas *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{7CA19DE2-AA6C-4AFC-89C9-179AB1D10563}: [NameServer]192.168.2.1,192.168.2.110
Tcpip\..\Interfaces\{9639E2E8-D477-456C-AD2E-4A574776DAED}: [NameServer]192.168.2.1,192.168.2.111
FireFox:
========
FF ProfilePath: C:\Users\Andreas *****\AppData\Roaming\Mozilla\Firefox\Profiles\l603lrsl.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll (The OpenSSL Project, hxxp://www.openssl.org/)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll (The OpenSSL Project, hxxp://www.openssl.org/)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Andreas *****\AppData\Roaming\Mozilla\Firefox\Profiles\l603lrsl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-21]
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-21]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-21] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe [610888 2014-06-17] (Citrix Online, a division of Citrix Systems, Inc.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-09] (SafeNet Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] () [File not signed]
R2 Vogel.USBSpider; C:\Program Files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe [353280 2012-10-11] (Verlag Heinrich Vogel in der Springer Transport Media GmbH) [File not signed]
S4 nvUpdatusService; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [X]
==================== Drivers (Whitelisted) ====================
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-08-09] (SafeNet Inc.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2013-08-09] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-09] (SafeNet Inc.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-21] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-21] ()
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [36432 2008-03-05] (DemoForge, LLC)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [81984 2010-10-28] (Fresco Logic)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-20 23:47 - 2014-06-20 23:50 - 00000000 ____D () C:\FRST
2014-06-20 23:32 - 2014-06-20 23:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-20 23:32 - 2014-06-20 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-20 23:32 - 2014-06-20 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-20 23:32 - 2014-06-20 23:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-20 23:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-20 23:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-20 23:32 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-20 23:27 - 2014-06-20 23:27 - 00000000 ____D () C:\Windows\Sun
2014-06-20 23:26 - 2014-06-20 23:26 - 00004416 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-20 23:26 - 2014-06-20 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-20 23:26 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-20 23:26 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-20 23:26 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-20 23:26 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-20 23:16 - 2014-06-20 23:16 - 00000000 ____H () C:\ProgramData\cm-lock
2014-06-20 23:16 - 2014-06-20 23:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-20 22:17 - 2014-06-20 22:18 - 02347384 _____ (ESET) C:\Users\Andreas *****\Downloads\esetsmartinstaller_deu.exe
2014-06-20 21:57 - 2014-06-20 21:57 - 00000000 __SHD () C:\Users\Andreas *****\AppData\Local\EmieUserList
2014-06-20 21:57 - 2014-06-20 21:57 - 00000000 __SHD () C:\Users\Andreas *****\AppData\Local\EmieSiteList
2014-06-20 20:38 - 2014-06-20 20:38 - 00000000 ____D () C:\Users\Andreas *****\AppData\Local\VirtualStore
2014-06-20 08:38 - 2014-06-20 08:38 - 04245080 _____ (TeamViewer) C:\Users\Andreas *****\Downloads\TeamViewerQS_de.exe
2014-06-19 13:08 - 2014-06-19 13:08 - 01057176 _____ (Adobe) C:\Users\Andreas *****\Downloads\install_flashplayer14x32_mssd_aaa_aih.exe
2014-06-18 21:05 - 2014-06-18 21:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-17 09:32 - 2014-06-17 09:31 - 00169544 _____ (Citrix Online) C:\Windows\system32\g2ax_credential_provider64_715.dll
2014-06-17 09:31 - 2014-06-17 09:31 - 00001514 _____ () C:\Users\Andreas *****\Desktop\GoToAssist Customer.lnk
2014-06-17 09:31 - 2014-06-17 09:31 - 00000000 ____D () C:\Users\Andreas *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-06-15 19:43 - 2014-06-15 19:44 - 32854640 _____ (DVDVideoSoft Ltd. ) C:\Users\Andreas *****\Downloads\FreeYouTubeDownload(2).exe
2014-06-15 19:38 - 2014-06-15 19:38 - 00001538 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-06-15 19:36 - 2014-06-15 19:36 - 00000663 _____ () C:\Users\Andreas *****\Desktop\Musik MP3.lnk
2014-06-15 19:35 - 2014-06-15 19:36 - 34516480 _____ (DVDVideoSoft Ltd. ) C:\Users\Andreas *****\Downloads\FreeYouTubeToMP3Converter.exe
2014-06-15 19:31 - 2014-06-15 19:31 - 00000012 _____ () C:\Windows\SysWOW64\Settings
2014-06-11 20:23 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 20:23 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 20:23 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 20:23 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 20:23 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 20:23 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 20:23 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 20:23 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 20:23 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 20:23 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 20:23 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 20:23 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 20:23 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 20:23 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 20:23 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 20:23 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 20:23 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 20:23 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 20:23 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 20:23 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 20:23 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 20:23 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 20:23 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 20:23 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 20:23 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 20:23 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 20:23 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 20:23 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 20:23 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 20:23 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 20:23 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 20:23 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 20:23 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 20:23 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 20:23 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 20:23 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 20:23 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 20:23 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 20:23 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 20:23 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 20:23 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 20:23 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 20:23 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 20:23 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 20:23 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 20:23 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 20:23 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 20:23 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 20:23 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 20:23 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 20:23 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 20:23 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 20:23 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 20:23 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 20:23 - 2014-04-25 04:27 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 20:23 - 2014-04-25 03:58 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 20:23 - 2014-04-05 04:37 - 01897408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 20:23 - 2014-04-05 04:37 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-11 20:23 - 2014-04-05 04:37 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 20:23 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 20:23 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 20:23 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 20:23 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 20:23 - 2014-03-26 04:39 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 20:23 - 2014-03-26 04:36 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 20:23 - 2014-03-26 04:13 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 20:23 - 2014-03-26 04:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 20:21 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 20:21 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 13:47 - 2014-06-05 13:49 - 00000000 ____D () C:\Users\Andreas *****\Desktop\TrekStor
==================== One Month Modified Files and Folders =======
2014-06-20 23:50 - 2014-06-20 23:47 - 00000000 ____D () C:\FRST
2014-06-20 23:34 - 2011-04-12 09:43 - 00746634 _____ () C:\Windows\system32\perfh007.dat
2014-06-20 23:34 - 2011-04-12 09:43 - 00165814 _____ () C:\Windows\system32\perfc007.dat
2014-06-20 23:34 - 2009-07-14 07:13 - 01723180 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-20 23:33 - 2014-06-20 23:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-20 23:32 - 2014-06-20 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-20 23:32 - 2014-06-20 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-20 23:32 - 2014-06-20 23:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-20 23:32 - 2013-12-21 20:00 - 01935064 _____ () C:\Windows\WindowsUpdate.log
2014-06-20 23:27 - 2014-06-20 23:27 - 00000000 ____D () C:\Windows\Sun
2014-06-20 23:26 - 2014-06-20 23:26 - 00004416 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-20 23:26 - 2014-06-20 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-20 23:26 - 2013-12-21 22:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-20 23:26 - 2013-12-21 22:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-20 23:22 - 2009-07-14 06:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-20 23:22 - 2009-07-14 06:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-20 23:17 - 2013-12-21 21:04 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-06-20 23:16 - 2014-06-20 23:16 - 00000000 ____H () C:\ProgramData\cm-lock
2014-06-20 23:16 - 2014-06-20 23:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-20 23:16 - 2013-12-23 19:51 - 00025530 _____ () C:\Windows\setupact.log
2014-06-20 23:16 - 2013-12-21 20:17 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-06-20 23:16 - 2013-12-21 20:17 - 00000000 ____D () C:\Windows\system32\NV
2014-06-20 23:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-20 22:54 - 2013-12-21 21:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-20 22:18 - 2014-06-20 22:17 - 02347384 _____ (ESET) C:\Users\Andreas *****\Downloads\esetsmartinstaller_deu.exe
2014-06-20 21:57 - 2014-06-20 21:57 - 00000000 __SHD () C:\Users\Andreas *****\AppData\Local\EmieUserList
2014-06-20 21:57 - 2014-06-20 21:57 - 00000000 __SHD () C:\Users\Andreas *****\AppData\Local\EmieSiteList
2014-06-20 21:20 - 2013-12-21 22:01 - 00000000 ____D () C:\Users\Andreas *****\Documents\Outlook-Dateien
2014-06-20 20:42 - 2013-12-21 20:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-06-20 20:38 - 2014-06-20 20:38 - 00000000 ____D () C:\Users\Andreas *****\AppData\Local\VirtualStore
2014-06-20 16:59 - 2010-11-21 05:47 - 00247086 _____ () C:\Windows\PFRO.log
2014-06-20 08:38 - 2014-06-20 08:38 - 04245080 _____ (TeamViewer) C:\Users\Andreas *****\Downloads\TeamViewerQS_de.exe
2014-06-19 13:12 - 2013-12-21 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 13:10 - 2013-12-21 21:42 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-19 13:10 - 2013-12-21 21:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-19 13:10 - 2013-12-21 21:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-19 13:08 - 2014-06-19 13:08 - 01057176 _____ (Adobe) C:\Users\Andreas *****\Downloads\install_flashplayer14x32_mssd_aaa_aih.exe
2014-06-18 21:05 - 2014-06-18 21:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 20:24 - 2014-01-04 21:08 - 00034984 _____ () C:\ads_err.adt
2014-06-18 20:24 - 2014-01-04 21:08 - 00003072 _____ () C:\ads_err.adi
2014-06-17 09:31 - 2014-06-17 09:32 - 00169544 _____ (Citrix Online) C:\Windows\system32\g2ax_credential_provider64_715.dll
2014-06-17 09:31 - 2014-06-17 09:31 - 00001514 _____ () C:\Users\Andreas *****\Desktop\GoToAssist Customer.lnk
2014-06-17 09:31 - 2014-06-17 09:31 - 00000000 ____D () C:\Users\Andreas *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-06-15 19:45 - 2013-12-24 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-15 19:45 - 2013-12-24 14:20 - 00000000 ____D () C:\Users\Andreas *****\AppData\Roaming\DVDVideoSoft
2014-06-15 19:45 - 2013-12-24 14:20 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-06-15 19:44 - 2014-06-15 19:43 - 32854640 _____ (DVDVideoSoft Ltd. ) C:\Users\Andreas *****\Downloads\FreeYouTubeDownload(2).exe
2014-06-15 19:38 - 2014-06-15 19:38 - 00001538 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-06-15 19:36 - 2014-06-15 19:36 - 00000663 _____ () C:\Users\Andreas *****\Desktop\Musik MP3.lnk
2014-06-15 19:36 - 2014-06-15 19:35 - 34516480 _____ (DVDVideoSoft Ltd. ) C:\Users\Andreas *****\Downloads\FreeYouTubeToMP3Converter.exe
2014-06-15 19:31 - 2014-06-15 19:31 - 00000012 _____ () C:\Windows\SysWOW64\Settings
2014-06-15 13:28 - 2013-12-23 17:58 - 00128131 _____ () C:\ads_err.dbf
2014-06-13 06:12 - 2013-12-21 21:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-12 03:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 03:02 - 2013-12-27 13:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:01 - 2013-12-27 13:01 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-10 19:18 - 2013-12-21 21:35 - 00001108 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-10 19:18 - 2013-12-21 21:35 - 00001096 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-06-08 11:13 - 2014-06-11 20:21 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 20:21 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 13:49 - 2014-06-05 13:47 - 00000000 ____D () C:\Users\Andreas *****\Desktop\TrekStor
2014-05-30 12:21 - 2014-06-11 20:23 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 20:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 20:23 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 20:23 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 20:23 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 20:23 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 20:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 20:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 20:23 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 20:23 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 20:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 20:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 20:23 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 20:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 20:23 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 20:23 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 20:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 20:23 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 20:23 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 20:23 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 20:23 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 20:23 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 20:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 20:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 20:23 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 20:23 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 20:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 20:23 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 20:23 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 20:23 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 20:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 20:23 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 20:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 20:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 20:23 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 20:23 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 20:23 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 20:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 20:23 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 20:23 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 20:23 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 20:23 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 20:23 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 20:23 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 20:23 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 20:23 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 20:23 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 20:23 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 20:23 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 20:23 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 20:23 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
Some content of TEMP:
====================
C:\Users\Andreas *****\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-18 00:42
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2014
Ran by Andreas ***** at 2014-06-20 23:50:20
Running from D:\
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
AAC Decoder (HKLM-x32\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}) (Version: 1.7.17.25416 - Ihr Firmenname)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.25416 - Ihr Firmenname) Hidden
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0030 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2011 - Avast Software)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
CodeMeter Runtime Kit v4.10c (HKLM\...\{09821619-C6EE-4E33-BE88-C5CECC9D7259}) (Version: 4.10.235.503 - WIBU-SYSTEMS AG)
CodeMeter Runtime Kit v4.50c (HKLM\...\{D2ABD3EE-94BD-48BB-A6C6-E4FFDA64001E}) (Version: 4.50.906.503 - WIBU-SYSTEMS AG)
CodeMeter Runtime Merge Module (Win64 for x64) (Version: 4.10.235.503 - Alexander Schmitt) Hidden
CodeMeter Tools Merge Module (x32 Version: 4.10.235.503 - Marc Beissmann) Hidden
Cult3D ActiveX Player (HKLM-x32\...\Cult3D ActiveX Player) (Version: - )
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX Converter (HKLM-x32\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.0.0 - DivX, Inc.)
DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.0.0 - DivX, Inc.)
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.)
DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.3 - DivX,Inc.)
ETDWare PS/2-x64 7.0.5.15_WHQL (HKLM\...\Elantech) (Version: 7.0.5.15 - ELAN Microelectronics Corp.)
ExpressGate Cloud (HKLM-x32\...\InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}) (Version: 2.1.77.381 - Asus)
ExpressGate Cloud (x32 Version: 2.1.77.381 - Asus) Hidden
Fahren Lernen Verwaltung 1.5 (HKLM-x32\...\{EA863E91-B793-4D1B-BF04-97DB395E74C5}_is1) (Version: - Verlag Heinrich Vogel - Springer Transport Media GmbH)
FahrenLernenSync 2.0 (HKLM-x32\...\{7339E5F7-32DE-45CD-995E-A795494A4082}_is1) (Version: - Verlag Heinrich Vogel - Springer Transport Media GmbH)
Fahrschulmanager 9.4 (HKLM-x32\...\{C53E8248-AB7C-41EA-98E3-BF54B0559AC3}_is1) (Version: - Springer Fachmedien München GmbH - Verlag Heinrich Vogel)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.8 - ASUS)
Free YouTube Download version 3.2.39.604 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.39.604 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.39.604 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.39.604 - DVDVideoSoft Ltd.)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
Fresco Logic USB3.0 Host Controller (HKLM\...\{EA2EFBF6-7CFD-47A0-BECE-AFCB98428CFE}) (Version: 3.0.108.16 - Fresco Logic Inc.)
GoToAssist Customer 2.1.0.715 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.1.0.715 - Citrix Online)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
H.264 Decoder (HKLM-x32\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.0.0 - DivX, Inc.)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MKV Splitter (HKLM-x32\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.0 - DivX, Inc.)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
NVIDIA Grafiktreiber 265.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 265.96 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.0.16.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.0.9 (Version: 1.0.9 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 265.96 (Version: 265.96 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.0.9 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PC-Professional Modul Weiterbildung LKW: Schaltstelle Fahrer (HKLM-x32\...\{2D9D5712-150B-4826-BFF3-07E4C4EBEBE6}_is1) (Version: - Verlag Heinrich Vogel)
PureSync (x32 Version: 3.7.9 - Jumping Bytes) Hidden
PureSync 3.7.9 (HKLM-x32\...\PureSync) (Version: 3.7.9 - Jumping Bytes)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6221 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Scan & Teach next generation 2.0 (HKLM-x32\...\{0713D76A-989D-4B17-8821-940C0967E911}) (Version: 2.0.30 - Innovista Werbeagentur)
SonicMaster (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29327 - TeamViewer)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
USB2.0 UVC 2M WebCam (HKLM\...\USB2.0 UVC 2M WebCam) (Version: 5.8.55133.208 - Sonix)
VC80CRTRedist - 8.0.50727.762 (x32 Version: 1.0.0 - DivX, Inc) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) (HKLM\...\3F84B3D0CF7723323F1B217C178C4C4BDC5BA436) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
XviD MPEG-4 Codec (HKLM-x32\...\XviD) (Version: - )
==================== Restore Points =========================
05-06-2014 12:09:45 Windows Update
10-06-2014 06:44:56 Windows Update
12-06-2014 01:00:11 Windows Update
18-06-2014 02:45:25 Windows Update
20-06-2014 21:26:11 Installed Java 7 Update 60
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0D2DEAFB-84EF-4A85-B9EA-39CE861C1C03} - System32\Tasks\{7BA1C8CB-2CE3-4C33-BABC-CD384A62AA91} => C:\Windows\system32\msiexec.exe [2010-11-21] (Microsoft Corporation)
Task: {1E8C15E4-3AE1-4205-B1A4-9BFDE113BECD} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {533D1528-4BF4-4170-A348-7158D87B43EA} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {758C6ABD-108B-43B9-9388-935715C672F5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-19] (Adobe Systems Incorporated)
Task: {845344D6-B960-4C33-A3C8-8850E542F4A1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-21] (AVAST Software)
Task: {87D4F1DA-BA90-4DB0-AD1A-BF76EED6C9BC} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-01] (ASUS)
Task: {91190084-E6E8-460D-9F34-B0BE6FB7D760} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {BBA87F1C-0EF9-4E1B-8FB8-72EE44C801A3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-12-21 22:33 - 2010-06-17 22:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2014-03-15 20:54 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-08-20 19:47 - 2010-08-20 19:47 - 00077312 _____ () C:\ExpressGateUtil\VAWinService.exe
2010-07-19 17:48 - 2010-07-19 17:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-04-02 20:21 - 2008-10-01 00:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-07-14 17:11 - 2010-07-14 17:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2013-12-21 20:10 - 2010-11-28 14:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-07-19 17:48 - 2010-07-19 17:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-09-23 17:53 - 2010-09-23 17:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-08-12 18:52 - 2010-08-12 18:52 - 00021504 _____ () C:\ExpressGateUtil\VAWinAgent.exe
2014-06-20 20:38 - 2014-06-20 19:00 - 02783232 _____ () C:\Program Files\AVAST Software\Avast\defs\14062001\algo.dll
2010-08-12 18:52 - 2010-08-12 18:52 - 00151552 _____ () C:\ExpressGateUtil\libexpat.dll
2010-08-12 18:52 - 2010-08-12 18:52 - 00057344 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL
2014-01-05 17:14 - 2011-03-23 15:09 - 00212992 _____ () C:\Program Files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\System.ComponentModel.Composition.dll
2014-01-05 17:30 - 2011-07-13 12:44 - 00904704 _____ () C:\PROGRAM FILES (X86)\VOGEL VERLAG\GEMEINSAME KOMPONENTEN\FAHRENLERNENSYNC\SERVICEPLUGINS\FSMIPSYNC\SYSTEM.DATA.SQLITE.dll
2012-06-26 14:11 - 2012-06-26 14:11 - 02302040 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll
2012-06-26 14:11 - 2012-06-26 14:11 - 08197208 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll
2012-06-26 14:11 - 2012-06-26 14:11 - 00345688 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll
2012-06-26 14:10 - 2012-06-26 14:10 - 00202328 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
2012-06-26 14:10 - 2012-06-26 14:10 - 00027736 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
2012-06-26 14:11 - 2012-06-26 14:11 - 00282200 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll
2013-12-21 22:26 - 2013-11-28 13:14 - 00013824 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2013-12-21 22:26 - 2013-11-28 19:59 - 00098816 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\PAL.dll
2013-12-21 22:26 - 2013-11-28 19:59 - 00034304 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SATA.dll
2013-12-21 22:26 - 2013-11-28 19:59 - 00032768 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAT.dll
2013-12-21 22:26 - 2013-11-28 20:00 - 00031232 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SMINI.dll
2013-12-21 22:26 - 2013-11-28 19:59 - 00029696 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAS.dll
2014-01-05 17:30 - 2011-09-06 12:29 - 00032768 _____ () C:\PROGRAM FILES (X86)\VOGEL VERLAG\GEMEINSAME KOMPONENTEN\FAHRENLERNENSYNC\PLUGINS\INTEROP.PORTABLEDEVICEAPILIB.dll
2014-01-05 17:14 - 2011-05-18 11:47 - 00052736 _____ () C:\PROGRAM FILES (X86)\VOGEL VERLAG\GEMEINSAME KOMPONENTEN\FAHRENLERNENSYNC\PLUGINS\ONLINESERVICES.SERVICEONLINEUPDATES.DATEN.dll
2014-01-05 17:14 - 2011-07-13 12:44 - 00904704 _____ () C:\PROGRAM FILES (X86)\VOGEL VERLAG\GEMEINSAME KOMPONENTEN\FAHRENLERNENSYNC\PLUGINS\SYSTEM.DATA.SQLITE.dll
2014-01-05 17:14 - 2011-07-27 09:09 - 00028672 _____ () C:\PROGRAM FILES (X86)\VOGEL VERLAG\GEMEINSAME KOMPONENTEN\FAHRENLERNENSYNC\PLUGINS\VERLAGHEINRICHVOGEL.FTP.dll
2014-01-05 17:14 - 2011-07-27 09:09 - 00031232 _____ () C:\PROGRAM FILES (X86)\VOGEL VERLAG\GEMEINSAME KOMPONENTEN\FAHRENLERNENSYNC\PLUGINS\VERLAGHEINRICHVOGEL.ONLINEUPDATES.SERVICECLIENT.dll
2014-01-05 17:14 - 2011-08-22 14:38 - 00031744 _____ () C:\PROGRAM FILES (X86)\VOGEL VERLAG\GEMEINSAME KOMPONENTEN\FAHRENLERNENSYNC\PLUGINS\VERLAGHEINRICHVOGEL.UTILS.dll
2014-01-05 17:14 - 2012-11-30 15:43 - 00026112 _____ () C:\PROGRAM FILES (X86)\VOGEL VERLAG\GEMEINSAME KOMPONENTEN\FAHRENLERNENSYNC\PLUGINS\VOGEL.SYNCSERVICES.PLUGINS.FSMANDROID.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupreg: FSM-Connector => C:\DRISC\Programme\FSM-CONNECTOR.EXE
MSCONFIG\startupreg: IqviBhuy => regsvr32.exe "C:\ProgramData\IqviBhuy\IqviBhuy.dat"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SpiderService => C:\Program Files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/20/2014 11:16:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/20/2014 11:09:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (06/20/2014 10:18:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (06/20/2014 08:38:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/20/2014 08:33:05 PM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )
Description: Die indizierten Daten von Windows Search für den Benutzer 'NB-01\UpdatusUser' können im Zuge der Löschung des Benutzerprofils nicht entfernt werden. Fehlercode 0x8007043C.
Der Dienst kann nicht im abgesicherten Modus gestartet werden.
.
Error: (06/20/2014 08:20:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/20/2014 05:01:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/20/2014 00:23:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/19/2014 01:13:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 01:00:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (06/20/2014 08:42:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/20/2014 08:36:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (06/20/2014 08:36:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (06/20/2014 08:36:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (06/20/2014 08:36:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (06/20/2014 08:36:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (06/20/2014 08:36:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (06/20/2014 08:36:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (06/20/2014 08:36:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (06/20/2014 08:36:53 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}
Microsoft Office Sessions:
=========================
Error: (06/20/2014 11:16:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/20/2014 11:09:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Andreas *****\Downloads\esetsmartinstaller_deu.exe
Error: (06/20/2014 10:18:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Andreas *****\Downloads\esetsmartinstaller_deu.exe
Error: (06/20/2014 08:38:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/20/2014 08:33:05 PM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )
Description: NB-01\UpdatusUser0x8007043CDer Dienst kann nicht im abgesicherten Modus gestartet werden.
Error: (06/20/2014 08:20:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/20/2014 05:01:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/20/2014 00:23:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll
Error: (06/19/2014 01:13:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 01:00:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll
==================== Memory info ===========================
Percentage of memory in use: 33%
Total physical RAM: 6054.78 MB
Available physical RAM: 4042.4 MB
Total Pagefile: 12107.75 MB
Available Pagefile: 10030.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:111.69 GB) (Free:29 GB) NTFS
Drive d: (Daten) (Fixed) (Total:465.76 GB) (Free:439.38 GB) NTFS
Drive f: (CODEMETER) (Fixed) (Total:0.04 GB) (Free:0 GB) FAT32
Drive g: (MISTERIX) (Removable) (Total:14.92 GB) (Free:2.29 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 9FA8BB52)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8D69BCE8)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (Size: 15 GB) (Disk ID: 444A0C80)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-21 00:18:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Samsung_ rev.EXT0 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\ANDREA~1\AppData\Local\Temp\pgddqpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Windows\system32\services.exe[828] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Windows\system32\winlogon.exe[908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[360] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Windows\System32\svchost.exe[692] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[1392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1588] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1708] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1420] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe[1704] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075611465 2 bytes [61, 75]
.text C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756114bb 2 bytes [61, 75]
.text ... * 2
.text C:\Windows\system32\hasplms.exe[2252] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2564] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\ExpressGateUtil\VAWinService.exe[2684] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe[2712] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2824] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2824] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075611465 2 bytes [61, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2824] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000756114bb 2 bytes [61, 75]
.text ... * 2
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Windows\Explorer.EXE[3172] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe[3252] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3324] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3524] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Windows\System32\hkcmd.exe[3776] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[4060] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3164] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3704] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Windows\vsnp2uvc.exe[4136] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files\Elantech\ETDCtrl.exe[4168] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Program Files (x86)\PureSync\PureSyncTray.exe[4208] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\PureSync\PureSyncTray.exe[4208] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075611465 2 bytes [61, 75]
.text C:\Program Files (x86)\PureSync\PureSyncTray.exe[4208] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000756114bb 2 bytes [61, 75]
.text ... * 2
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4328] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4460] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[4472] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4712] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4756] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4756] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 0000000075611465 2 bytes [61, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4756] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 00000000756114bb 2 bytes [61, 75]
.text ... * 2
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4768] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4820] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4828] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[4876] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4908] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4956] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4976] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\ExpressGateUtil\VAWinAgent.exe[4984] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[5020] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[5020] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 0000000075611465 2 bytes [61, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[5020] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 00000000756114bb 2 bytes [61, 75]
.text ... * 2
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[3544] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[4260] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe[1644] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_comm_customer.exe[5176] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_comm_customer.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075611465 2 bytes [61, 75]
.text C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_comm_customer.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756114bb 2 bytes [61, 75]
.text ... * 2
.text C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_system_customer.exe[5292] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_system_customer.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075611465 2 bytes [61, 75]
.text C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_system_customer.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756114bb 2 bytes [61, 75]
.text ... * 2
.text C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_user_customer.exe[5456] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_user_customer.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075611465 2 bytes [61, 75]
.text C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_user_customer.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756114bb 2 bytes [61, 75]
.text ... * 2
.text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[5704] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[5976] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe[6744] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe[7036] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe[6156] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text C:\Windows\system32\WLANExt.exe[2980] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000777af11d 1 byte [62]
.text D:\Gmer-19357.exe[2760] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076fca32d 1 byte [62]
---- Processes - GMER 2.1 ----
Process C:\ExpressGateUtil\VAWinService.exe (*** suspicious ***) @ C:\ExpressGateUtil\VAWinService.exe [2684](2010-08-20 17:47:58) 00000000010f0000
Library C:\ExpressGateUtil\libexpat.dll (*** suspicious ***) @ C:\ExpressGateUtil\VAWinService.exe [2684](2010-08-12 16:52:16) 0000000010000000
Library C:\ExpressGateUtil\netProfileDatabase.DLL (*** suspicious ***) @ C:\ExpressGateUtil\VAWinService.exe [2684](2010-08-12 16:52:16) 0000000071060000
Process C:\ExpressGateUtil\VAWinAgent.exe (*** suspicious ***) @ C:\ExpressGateUtil\VAWinAgent.exe [4984](2010-08-12 16:52:16) 0000000000130000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{2884F7CF-9719-4A2C-8404-A44F82AFB22D}\Connection@Name isatap.{4E4A64FE-4807-4254-92A2-6BB1922E8A23}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{4B4C438B-FCAF-4EA0-9A5E-A5298F40B4A7}\Connection@Name isatap.{D792FE91-0711-4646-9CBF-FD54CB6A190B}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{2884F7CF-9719-4A2C-8404-A44F82AFB22D}?\Device\{4B4C438B-FCAF-4EA0-9A5E-A5298F40B4A7}?\Device\{0FD7F3B2-C237-4CB9-A2DF-1D8612CC0253}?\Device\{FECA5BD1-CAF4-4CF8-8F52-71EA87D8EC8E}?\Device\{AEDEDF09-7E25-4D43-AE0B-1B594826ABCB}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{2884F7CF-9719-4A2C-8404-A44F82AFB22D}"?"{4B4C438B-FCAF-4EA0-9A5E-A5298F40B4A7}"?"{0FD7F3B2-C237-4CB9-A2DF-1D8612CC0253}"?"{FECA5BD1-CAF4-4CF8-8F52-71EA87D8EC8E}"?"{AEDEDF09-7E25-4D43-AE0B-1B594826ABCB}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{2884F7CF-9719-4A2C-8404-A44F82AFB22D}?\Device\TCPIP6TUNNEL_{4B4C438B-FCAF-4EA0-9A5E-A5298F40B4A7}?\Device\TCPIP6TUNNEL_{0FD7F3B2-C237-4CB9-A2DF-1D8612CC0253}?\Device\TCPIP6TUNNEL_{FECA5BD1-CAF4-4CF8-8F52-71EA87D8EC8E}?\Device\TCPIP6TUNNEL_{AEDEDF09-7E25-4D43-AE0B-1B594826ABCB}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{2884F7CF-9719-4A2C-8404-A44F82AFB22D}@InterfaceName isatap.{4E4A64FE-4807-4254-92A2-6BB1922E8A23}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{2884F7CF-9719-4A2C-8404-A44F82AFB22D}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4B4C438B-FCAF-4EA0-9A5E-A5298F40B4A7}@InterfaceName isatap.{D792FE91-0711-4646-9CBF-FD54CB6A190B}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4B4C438B-FCAF-4EA0-9A5E-A5298F40B4A7}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\9c-c7-a6-6d-62-1c@ClientLocalPort 50600
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\9c-c7-a6-6d-62-1c@TeredoAddress 2001:0:5ef5:79fb:386b:3a57:a21a:298a
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 956
---- EOF - GMER 2.1 ----
MBAM (ohne Funde), OTL und Extras.txt noch im Anhang Logfiles.zip. Es wären noch Avast!-Logfiles vorhanden, allerdings nicht viel brauchbares auf den ersten Blick. Bei Bedarf Anfragen. Hoffentlich könnt ihr mir weiter helfen. MfG Misterix |
|
21.06.2014, 13:41
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Avast!GUI defekt, TrojanDownloader.Elenoocka.A hi,
__________________Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Scan mit Combofix
__________________ |
|
21.06.2014, 15:29
| #3 |
| | Windows 7: Avast!GUI defekt, TrojanDownloader.Elenoocka.A Hi schrauber,
__________________vielen Dank für die Unterstützung. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-06-2014
Ran by Andreas ***** at 2014-06-21 15:06:31 Run:1
Running from D:\
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
*****************
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
==== End of Fixlog ====
Code:
ATTFilter ComboFix 14-06-21.02 - Andreas ***** 21.06.2014 16:02:56.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6055.3822 [GMT 2:00]
ausgeführt von:: D:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Java\jre7\bin\jp2ssv.dll
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-05-21 bis 2014-06-21 ))))))))))))))))))))))))))))))
.
.
2014-06-21 14:06 . 2014-06-21 14:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-21 08:01 . 2014-06-21 08:01 -------- d-----w- c:\program files (x86)\ESET
2014-06-20 23:19 . 2014-06-20 23:19 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C6948FF-95DA-45F2-B81A-3604D6FD0F30}\offreg.dll
2014-06-20 22:48 . 2014-06-20 22:48 -------- d-----w- C:\usr
2014-06-20 21:47 . 2014-06-21 13:06 -------- d-----w- C:\FRST
2014-06-20 21:32 . 2014-06-20 21:33 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-20 21:32 . 2014-06-20 21:32 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-06-20 21:32 . 2014-06-20 21:32 -------- d-----w- c:\programdata\Malwarebytes
2014-06-20 21:32 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-20 21:32 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-20 21:32 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-20 21:32 . 2014-06-20 21:32 -------- d-----w- c:\users\Andreas *****\AppData\Local\Programs
2014-06-20 21:27 . 2014-06-20 21:27 -------- d-----w- c:\windows\Sun
2014-06-20 21:26 . 2014-06-20 21:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-06-20 21:26 . 2014-05-07 13:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-20 21:16 . 2014-06-20 21:16 -------- d-----w- c:\programdata\NVIDIA
2014-06-20 19:57 . 2014-06-20 19:57 -------- d-sh--w- c:\users\Andreas *****\AppData\Local\EmieUserList
2014-06-20 19:57 . 2014-06-20 19:57 -------- d-sh--w- c:\users\Andreas *****\AppData\Local\EmieSiteList
2014-06-20 18:38 . 2014-06-20 18:38 -------- d-----w- c:\users\Andreas *****\AppData\Local\VirtualStore
2014-06-20 13:18 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C6948FF-95DA-45F2-B81A-3604D6FD0F30}\mpengine.dll
2014-06-17 07:32 . 2014-06-17 07:31 169544 ----a-w- c:\windows\system32\g2ax_credential_provider64_715.dll
2014-06-11 18:21 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-11 18:21 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-21 14:06 . 2013-12-21 19:04 45056 ----a-w- c:\windows\system32\acovcnt.exe
2014-06-19 11:10 . 2013-12-21 19:42 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-19 11:10 . 2013-12-21 19:42 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-12 12:33 . 2013-12-21 19:49 588496 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-06-12 01:01 . 2013-12-27 11:01 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-04-12 02:34 . 2014-05-13 22:01 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:34 . 2014-05-13 22:01 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:32 . 2014-05-13 22:01 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-04-12 02:32 . 2014-05-13 22:01 243712 ----a-w- c:\windows\system32\wow64.dll
2014-04-12 02:32 . 2014-05-13 22:01 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-04-12 02:32 . 2014-05-13 22:01 215552 ----a-w- c:\windows\system32\winsrv.dll
2014-04-12 02:32 . 2014-05-13 22:01 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:32 . 2014-05-13 22:01 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:32 . 2014-05-13 22:01 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:32 . 2014-05-13 22:01 307712 ----a-w- c:\windows\system32\ncrypt.dll
2014-04-12 02:32 . 2014-05-13 22:01 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-04-12 02:32 . 2014-05-13 22:01 1461248 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:32 . 2014-05-13 22:01 1164800 ----a-w- c:\windows\system32\kernel32.dll
2014-04-12 02:31 . 2014-05-13 22:01 43520 ----a-w- c:\windows\system32\csrsrv.dll
2014-04-12 02:31 . 2014-05-13 22:01 463872 ----a-w- c:\windows\system32\certcli.dll
2014-04-12 02:31 . 2014-05-13 22:01 58368 ----a-w- c:\windows\system32\appidapi.dll
2014-04-12 02:31 . 2014-05-13 22:01 34304 ----a-w- c:\windows\system32\appidsvc.dll
2014-04-12 02:31 . 2014-05-13 22:01 112640 ----a-w- c:\windows\system32\smss.exe
2014-04-12 02:31 . 2014-05-13 22:01 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:31 . 2014-05-13 22:01 338432 ----a-w- c:\windows\system32\conhost.exe
2014-04-12 02:31 . 2014-05-13 22:01 148480 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2014-04-12 02:31 . 2014-05-13 22:01 64000 ----a-w- c:\windows\system32\auditpol.exe
2014-04-12 02:31 . 2014-05-13 22:01 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2014-04-12 02:30 . 2014-05-13 22:01 60416 ----a-w- c:\windows\system32\msobjs.dll
2014-04-12 02:29 . 2014-05-13 22:01 145920 ----a-w- c:\windows\system32\msaudite.dll
2014-04-12 02:28 . 2014-05-13 22:01 6656 ----a-w- c:\windows\system32\apisetschema.dll
2014-04-12 02:28 . 2014-05-13 22:01 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-04-12 02:28 . 2014-05-13 22:01 685056 ----a-w- c:\windows\system32\adtschema.dll
2014-04-12 02:06 . 2014-05-13 22:01 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:06 . 2014-05-13 22:01 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-04-12 02:06 . 2014-05-13 22:01 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-04-12 02:06 . 2014-05-13 22:01 342528 ----a-w- c:\windows\SysWow64\certcli.dll
2014-04-12 02:06 . 2014-05-13 22:01 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2014-04-12 02:06 . 2014-05-13 22:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-04-12 02:06 . 2014-05-13 22:01 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-04-12 02:06 . 2014-05-13 22:01 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2014-04-12 02:05 . 2014-05-13 22:01 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-04-12 02:05 . 2014-05-13 22:01 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-04-12 02:04 . 2014-05-13 22:01 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2014-04-12 02:04 . 2014-05-13 22:01 145920 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-04-12 02:03 . 2014-05-13 22:01 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2014-04-12 02:03 . 2014-05-13 22:01 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2014-04-12 02:03 . 2014-05-13 22:01 685056 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-04-12 01:34 . 2014-05-13 22:01 61952 ----a-w- c:\windows\system32\drivers\appid.sys
2014-04-12 01:03 . 2014-05-13 22:01 7680 ----a-w- c:\windows\SysWow64\instnm.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-12-21 19:51 220632 ----a-w- c:\users\Andreas *****\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-12-21 19:51 220632 ----a-w- c:\users\Andreas *****\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-12-21 19:51 220632 ----a-w- c:\users\Andreas *****\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PureSync"="c:\program files (x86)\PureSync\PureSyncTray.exe" [2013-12-20 906928]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-09 984400]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-12 21504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-21 3764024]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"SpiderService"="c:\program files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe" [2012-10-11 353280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
c:\users\Andreas *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [2012-11-21 8443832]
Samsung Magician.lnk - c:\program files (x86)\Samsung\Samsung Magician\Samsung Magician.exe /AUTOHIDE [2013-12-21 4580256]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [2012-11-21 8443832]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2013-12-21 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe;c:\expressgateutil\VAWinService.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]
S2 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe Start=service;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe Start=service [x]
S2 hasplms;Sentinel LDK License Manager;c:\windows\system32\hasplms.exe;c:\windows\SYSNATIVE\hasplms.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 Vogel.USBSpider;Vogel - FahrenLernenSync;c:\program files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe;c:\program files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe [x]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys;c:\windows\SYSNATIVE\DRIVERS\dfmirage.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-21 11:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-12-21 19:51 244696 ----a-w- c:\users\Andreas *****\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-12-21 19:51 244696 ----a-w- c:\users\Andreas *****\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-12-21 19:51 244696 ----a-w- c:\users\Andreas *****\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-12 12:35 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-12 12:35 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-12 12:35 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-21 20:07 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-03 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-03 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-03 417304]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-10-13 2168424]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2010-01-21 909824]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = www.google.de
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: Interfaces\{7CA19DE2-AA6C-4AFC-89C9-179AB1D10563}: NameServer = 192.168.2.1,192.168.2.110
TCP: Interfaces\{9639E2E8-D477-456C-AD2E-4A574776DAED}: NameServer = 192.168.2.1,192.168.2.111
FF - ProfilePath - c:\users\Andreas *****\AppData\Roaming\Mozilla\Firefox\Profiles\l603lrsl.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-SessionLogon - c:\expressgateutil\SessionLogon.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1706950150-641756562-2110156392-1000\Software\SecuROM\License information*]
"datasecu"=hex:82,03,89,94,f7,5f,ad,c6,db,a0,fe,68,30,b4,91,10,70,d5,a7,0c,92,
97,0a,94,f9,31,0c,ca,35,a4,64,4c,b5,7c,a2,64,b4,6f,39,2b,3d,fc,5d,b0,4f,e3,\
"rkeysecu"=hex:e5,92,5a,83,ba,75,d1,02,d3,a2,1e,df,31,ea,5f,11
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-21 16:07:55
ComboFix-quarantined-files.txt 2014-06-21 14:07
.
Vor Suchlauf: 10 Verzeichnis(se), 28.957.835.264 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 28.802.396.160 Bytes frei
.
- - End Of File - - 6E77A69C34FE50F14D53AC17817F61BD
|
|
22.06.2014, 07:00
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Avast!GUI defekt, TrojanDownloader.Elenoocka.A Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.06.2014, 10:59
| #5 |
| | Windows 7: Avast!GUI defekt, TrojanDownloader.Elenoocka.ACode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 22.06.2014 Suchlauf-Zeit: 11:30:39 Logdatei: mbam2.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.22.01 Rootkit Datenbank: v2014.06.20.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Andreas ***** Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 288808 Verstrichene Zeit: 5 Min, 50 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 22/06/2014 um 11:40:36
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Andreas ***** - NB-01
# Gestartet von : D:\adwcleaner_3.212.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Andreas *****\AppData\Roaming\dvdvideosoftiehelpers
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Andreas *****\AppData\Roaming\Mozilla\Firefox\Profiles\l603lrsl.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [888 octets] - [22/06/2014 11:38:38]
AdwCleaner[S0].txt - [810 octets] - [22/06/2014 11:40:36]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [869 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Andreas ***** on 22.06.2014 at 11:44:20,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.06.2014 at 11:49:36,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-06-2014
Ran by Andreas ***** (administrator) on NB-01 on 22-06-2014 11:50:42
Running from D:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(Verlag Heinrich Vogel in der Springer Transport Media GmbH) C:\Program Files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_comm_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_system_customer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_user_customer.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Sonix Technology Co., Ltd.) C:\Windows\vsnp2uvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Verlag Heinrich Vogel in der Springer Transport Media GmbH) C:\Program Files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2168424 2010-10-13] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-19] (Intel(R) Corporation)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-21] (AVAST Software)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [SpiderService] => C:\Program Files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe [353280 2012-10-11] (Verlag Heinrich Vogel in der Springer Transport Media GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1706950150-641756562-2110156392-1000\...\Run: [PureSync] => C:\Program Files (x86)\PureSync\PureSyncTray.exe [906928 2013-12-20] (Jumping Bytes)
HKU\S-1-5-21-1706950150-641756562-2110156392-1000\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2010-11-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2010-11-30] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\Users\Andreas *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Andreas *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{7CA19DE2-AA6C-4AFC-89C9-179AB1D10563}: [NameServer]192.168.2.1,192.168.2.110
Tcpip\..\Interfaces\{9639E2E8-D477-456C-AD2E-4A574776DAED}: [NameServer]192.168.2.1,192.168.2.111
FireFox:
========
FF ProfilePath: C:\Users\Andreas *****\AppData\Roaming\Mozilla\Firefox\Profiles\l603lrsl.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll (The OpenSSL Project, hxxp://www.openssl.org/)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll (The OpenSSL Project, hxxp://www.openssl.org/)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Andreas *****\AppData\Roaming\Mozilla\Firefox\Profiles\l603lrsl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-21]
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-21]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-21] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe [610888 2014-06-17] (Citrix Online, a division of Citrix Systems, Inc.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-09] (SafeNet Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] () [File not signed]
R2 Vogel.USBSpider; C:\Program Files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe [353280 2012-10-11] (Verlag Heinrich Vogel in der Springer Transport Media GmbH) [File not signed]
S4 nvUpdatusService; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [X]
==================== Drivers (Whitelisted) ====================
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-08-09] (SafeNet Inc.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2013-08-09] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-09] (SafeNet Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2013-03-02] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-21] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-21] ()
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [36432 2008-03-05] (DemoForge, LLC)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [81984 2010-10-28] (Fresco Logic)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-22 11:49 - 2014-06-22 11:49 - 00000635 _____ () C:\Users\Andreas *****\Desktop\JRT.txt
2014-06-22 11:44 - 2014-06-22 11:44 - 00000000 ____D () C:\Windows\ERUNT
2014-06-22 11:41 - 2014-06-22 11:41 - 00000000 ____H () C:\ProgramData\cm-lock
2014-06-22 11:38 - 2014-06-22 11:40 - 00000000 ____D () C:\AdwCleaner
2014-06-22 10:26 - 2014-06-22 10:26 - 00000000 ____D () C:\Users\Andreas *****\AppData\Local\Adobe
2014-06-21 16:07 - 2014-06-21 16:07 - 00031968 _____ () C:\ComboFix.txt
2014-06-21 16:02 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-21 16:02 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-21 16:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-21 16:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-21 16:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-21 16:02 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-21 16:02 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-21 16:02 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-21 15:10 - 2014-06-21 16:07 - 00000000 ____D () C:\Qoobox
2014-06-21 15:10 - 2014-06-21 16:06 - 00000000 ____D () C:\Windows\erdnt
2014-06-21 10:01 - 2014-06-21 10:01 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-21 00:48 - 2014-06-21 00:48 - 787531405 _____ () C:\Windows\MEMORY.DMP
2014-06-21 00:48 - 2014-06-21 00:48 - 00447208 _____ () C:\Windows\Minidump\062114-10826-01.dmp
2014-06-21 00:48 - 2014-06-21 00:48 - 00000000 ____D () C:\Windows\Minidump
2014-06-21 00:48 - 2014-06-21 00:48 - 00000000 ____D () C:\usr
2014-06-20 23:47 - 2014-06-22 11:50 - 00000000 ____D () C:\FRST
2014-06-20 23:32 - 2014-06-22 11:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-20 23:32 - 2014-06-20 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-20 23:32 - 2014-06-20 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-20 23:32 - 2014-06-20 23:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-20 23:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-20 23:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-20 23:32 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-20 23:27 - 2014-06-20 23:27 - 00000000 ____D () C:\Windows\Sun
2014-06-20 23:26 - 2014-06-20 23:26 - 00004416 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-20 23:26 - 2014-06-20 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-20 23:26 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-20 23:26 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-20 23:26 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-20 23:26 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-20 23:16 - 2014-06-20 23:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-20 22:17 - 2014-06-20 22:18 - 02347384 _____ (ESET) C:\Users\Andreas *****\Downloads\esetsmartinstaller_deu.exe
2014-06-20 21:57 - 2014-06-20 21:57 - 00000000 __SHD () C:\Users\Andreas *****\AppData\Local\EmieUserList
2014-06-20 21:57 - 2014-06-20 21:57 - 00000000 __SHD () C:\Users\Andreas *****\AppData\Local\EmieSiteList
2014-06-20 20:38 - 2014-06-20 20:38 - 00000000 ____D () C:\Users\Andreas *****\AppData\Local\VirtualStore
2014-06-20 08:38 - 2014-06-20 08:38 - 04245080 _____ (TeamViewer) C:\Users\Andreas *****\Downloads\TeamViewerQS_de.exe
2014-06-19 13:08 - 2014-06-19 13:08 - 01057176 _____ (Adobe) C:\Users\Andreas *****\Downloads\install_flashplayer14x32_mssd_aaa_aih.exe
2014-06-18 21:05 - 2014-06-18 21:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-17 09:32 - 2014-06-17 09:31 - 00169544 _____ (Citrix Online) C:\Windows\system32\g2ax_credential_provider64_715.dll
2014-06-17 09:31 - 2014-06-17 09:31 - 00001514 _____ () C:\Users\Andreas *****\Desktop\GoToAssist Customer.lnk
2014-06-17 09:31 - 2014-06-17 09:31 - 00000000 ____D () C:\Users\Andreas *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-06-15 19:38 - 2014-06-15 19:38 - 00001538 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-06-15 19:36 - 2014-06-15 19:36 - 00000663 _____ () C:\Users\Andreas *****\Desktop\Musik MP3.lnk
2014-06-15 19:31 - 2014-06-15 19:31 - 00000012 _____ () C:\Windows\SysWOW64\Settings
2014-06-11 20:23 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 20:23 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 20:23 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 20:23 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 20:23 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 20:23 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 20:23 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 20:23 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 20:23 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 20:23 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 20:23 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 20:23 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 20:23 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 20:23 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 20:23 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 20:23 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 20:23 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 20:23 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 20:23 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 20:23 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 20:23 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 20:23 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 20:23 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 20:23 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 20:23 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 20:23 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 20:23 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 20:23 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 20:23 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 20:23 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 20:23 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 20:23 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 20:23 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 20:23 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 20:23 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 20:23 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 20:23 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 20:23 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 20:23 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 20:23 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 20:23 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 20:23 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 20:23 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 20:23 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 20:23 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 20:23 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 20:23 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 20:23 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 20:23 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 20:23 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 20:23 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 20:23 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 20:23 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 20:23 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 20:23 - 2014-04-25 04:27 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 20:23 - 2014-04-25 03:58 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 20:23 - 2014-04-05 04:37 - 01897408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 20:23 - 2014-04-05 04:37 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-11 20:23 - 2014-04-05 04:37 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 20:23 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 20:23 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 20:23 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 20:23 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 20:23 - 2014-03-26 04:39 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 20:23 - 2014-03-26 04:36 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 20:23 - 2014-03-26 04:13 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 20:23 - 2014-03-26 04:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 20:21 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 20:21 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 13:47 - 2014-06-05 13:49 - 00000000 ____D () C:\Users\Andreas *****\Desktop\TrekStor
==================== One Month Modified Files and Folders =======
2014-06-22 11:50 - 2014-06-20 23:47 - 00000000 ____D () C:\FRST
2014-06-22 11:49 - 2014-06-22 11:49 - 00000635 _____ () C:\Users\Andreas *****\Desktop\JRT.txt
2014-06-22 11:48 - 2009-07-14 06:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-22 11:48 - 2009-07-14 06:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-22 11:47 - 2011-04-12 09:43 - 00746634 _____ () C:\Windows\system32\perfh007.dat
2014-06-22 11:47 - 2011-04-12 09:43 - 00165814 _____ () C:\Windows\system32\perfc007.dat
2014-06-22 11:47 - 2009-07-14 07:13 - 01723180 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-22 11:46 - 2013-12-21 21:04 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-06-22 11:44 - 2014-06-22 11:44 - 00000000 ____D () C:\Windows\ERUNT
2014-06-22 11:41 - 2014-06-22 11:41 - 00000000 ____H () C:\ProgramData\cm-lock
2014-06-22 11:41 - 2013-12-23 19:51 - 00025642 _____ () C:\Windows\setupact.log
2014-06-22 11:41 - 2013-12-21 20:00 - 01984875 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 11:41 - 2010-11-21 05:47 - 00247846 _____ () C:\Windows\PFRO.log
2014-06-22 11:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-22 11:40 - 2014-06-22 11:38 - 00000000 ____D () C:\AdwCleaner
2014-06-22 11:30 - 2014-06-20 23:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-22 11:07 - 2014-01-04 21:08 - 00034984 _____ () C:\ads_err.adt
2014-06-22 11:07 - 2013-12-23 17:58 - 00128971 _____ () C:\ads_err.dbf
2014-06-22 10:54 - 2013-12-21 21:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-22 10:27 - 2013-12-21 22:01 - 00000000 ____D () C:\Users\Andreas *****\Documents\Outlook-Dateien
2014-06-22 10:26 - 2014-06-22 10:26 - 00000000 ____D () C:\Users\Andreas *****\AppData\Local\Adobe
2014-06-21 16:07 - 2014-06-21 16:07 - 00031968 _____ () C:\ComboFix.txt
2014-06-21 16:07 - 2014-06-21 15:10 - 00000000 ____D () C:\Qoobox
2014-06-21 16:07 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-21 16:06 - 2014-06-21 15:10 - 00000000 ____D () C:\Windows\erdnt
2014-06-21 16:06 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-21 13:14 - 2013-12-21 20:00 - 00000000 ____D () C:\Users\Andreas *****
2014-06-21 10:01 - 2014-06-21 10:01 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-21 00:48 - 2014-06-21 00:48 - 787531405 _____ () C:\Windows\MEMORY.DMP
2014-06-21 00:48 - 2014-06-21 00:48 - 00447208 _____ () C:\Windows\Minidump\062114-10826-01.dmp
2014-06-21 00:48 - 2014-06-21 00:48 - 00000000 ____D () C:\Windows\Minidump
2014-06-21 00:48 - 2014-06-21 00:48 - 00000000 ____D () C:\usr
2014-06-20 23:32 - 2014-06-20 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-20 23:32 - 2014-06-20 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-20 23:32 - 2014-06-20 23:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-20 23:27 - 2014-06-20 23:27 - 00000000 ____D () C:\Windows\Sun
2014-06-20 23:26 - 2014-06-20 23:26 - 00004416 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-20 23:26 - 2014-06-20 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-20 23:26 - 2013-12-21 22:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-20 23:26 - 2013-12-21 22:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-20 23:16 - 2014-06-20 23:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-20 23:16 - 2013-12-21 20:17 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-06-20 23:16 - 2013-12-21 20:17 - 00000000 ____D () C:\Windows\system32\NV
2014-06-20 22:18 - 2014-06-20 22:17 - 02347384 _____ (ESET) C:\Users\Andreas *****\Downloads\esetsmartinstaller_deu.exe
2014-06-20 21:57 - 2014-06-20 21:57 - 00000000 __SHD () C:\Users\Andreas *****\AppData\Local\EmieUserList
2014-06-20 21:57 - 2014-06-20 21:57 - 00000000 __SHD () C:\Users\Andreas *****\AppData\Local\EmieSiteList
2014-06-20 20:42 - 2013-12-21 20:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-06-20 20:38 - 2014-06-20 20:38 - 00000000 ____D () C:\Users\Andreas *****\AppData\Local\VirtualStore
2014-06-20 08:38 - 2014-06-20 08:38 - 04245080 _____ (TeamViewer) C:\Users\Andreas *****\Downloads\TeamViewerQS_de.exe
2014-06-19 13:12 - 2013-12-21 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 13:10 - 2013-12-21 21:42 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-19 13:10 - 2013-12-21 21:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-19 13:10 - 2013-12-21 21:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-19 13:08 - 2014-06-19 13:08 - 01057176 _____ (Adobe) C:\Users\Andreas *****\Downloads\install_flashplayer14x32_mssd_aaa_aih.exe
2014-06-18 21:05 - 2014-06-18 21:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 20:24 - 2014-01-04 21:08 - 00003072 _____ () C:\ads_err.adi
2014-06-17 09:31 - 2014-06-17 09:32 - 00169544 _____ (Citrix Online) C:\Windows\system32\g2ax_credential_provider64_715.dll
2014-06-17 09:31 - 2014-06-17 09:31 - 00001514 _____ () C:\Users\Andreas *****\Desktop\GoToAssist Customer.lnk
2014-06-17 09:31 - 2014-06-17 09:31 - 00000000 ____D () C:\Users\Andreas *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-06-15 19:45 - 2013-12-24 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-15 19:45 - 2013-12-24 14:20 - 00000000 ____D () C:\Users\Andreas *****\AppData\Roaming\DVDVideoSoft
2014-06-15 19:45 - 2013-12-24 14:20 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-06-15 19:38 - 2014-06-15 19:38 - 00001538 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-06-15 19:36 - 2014-06-15 19:36 - 00000663 _____ () C:\Users\Andreas *****\Desktop\Musik MP3.lnk
2014-06-15 19:31 - 2014-06-15 19:31 - 00000012 _____ () C:\Windows\SysWOW64\Settings
2014-06-13 06:12 - 2013-12-21 21:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-12 03:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 03:02 - 2013-12-27 13:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:01 - 2013-12-27 13:01 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-10 19:18 - 2013-12-21 21:35 - 00001108 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-10 19:18 - 2013-12-21 21:35 - 00001096 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-06-08 11:13 - 2014-06-11 20:21 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 20:21 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 13:49 - 2014-06-05 13:47 - 00000000 ____D () C:\Users\Andreas *****\Desktop\TrekStor
2014-05-30 12:21 - 2014-06-11 20:23 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 20:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 20:23 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 20:23 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 20:23 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 20:23 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 20:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 20:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 20:23 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 20:23 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 20:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 20:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 20:23 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 20:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 20:23 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 20:23 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 20:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 20:23 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 20:23 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 20:23 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 20:23 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 20:23 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 20:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 20:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 20:23 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 20:23 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 20:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 20:23 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 20:23 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 20:23 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 20:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 20:23 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 20:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 20:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 20:23 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 20:23 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 20:23 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 20:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 20:23 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 20:23 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 20:23 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 20:23 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 20:23 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 20:23 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 20:23 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 20:23 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 20:23 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 20:23 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 20:23 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 20:23 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 20:23 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
Some content of TEMP:
====================
C:\Users\Andreas *****\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-18 00:42
==================== End Of Log ============================
--- --- --- |
|
23.06.2014, 09:40
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: Avast!GUI defekt, TrojanDownloader.Elenoocka.AESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Windows 7: Avast!GUI defekt, TrojanDownloader.Elenoocka.A |
|
23.06.2014, 18:43
| #7 | |
| | Windows 7: Avast!GUI defekt, TrojanDownloader.Elenoocka.AZitat:
Proxyeinstellungen hab ich noch kontrolliert aber auch hier war nichts eingetragen. Scans mit den Logs gibts nach Feierabend... Ist es möglich, dass der Virus/Trojaner rein über Java gekommen ist bzw nur die aufgerufene Seite infiziert war und am Rechner "nur" die jetzt bekannten Probleme verändert wurden? Was kann man tun um sich vor sowas zu schützen, die Gruppenrichtlinen werden sich ja nicht von selbst geändert haben (hoff ich)? so, hier die neuesten Ergebnisse: ESET Code:
ATTFilter I:\Sicherung Automatisch\C_Users\Andreas *****\Downloads\FreeYouTubeDownload(1).exe Win32/InstallCore.MN evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
I:\Sicherung Automatisch\C_Users\Andreas *****\Downloads\FreeYouTubeDownload.exe Win32/OpenCandy potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
I:\Sicherung Automatisch\D_Software\FreeYouTubeDownload.exe Win32/OpenCandy potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
Code:
ATTFilter Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 60
Java version out of Date!
Adobe Flash Player 14.0.0.125
Adobe Reader XI
Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Andreas ***** (administrator) on NB-01 on 23-06-2014 19:38:02
Running from D:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(Verlag Heinrich Vogel in der Springer Transport Media GmbH) C:\Program Files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_comm_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_system_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_user_customer.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Sonix Technology Co., Ltd.) C:\Windows\vsnp2uvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Verlag Heinrich Vogel in der Springer Transport Media GmbH) C:\Program Files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2168424 2010-10-13] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-19] (Intel(R) Corporation)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-21] (AVAST Software)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [SpiderService] => C:\Program Files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe [353280 2012-10-11] (Verlag Heinrich Vogel in der Springer Transport Media GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1706950150-641756562-2110156392-1000\...\Run: [PureSync] => C:\Program Files (x86)\PureSync\PureSyncTray.exe [906928 2013-12-20] (Jumping Bytes)
HKU\S-1-5-21-1706950150-641756562-2110156392-1000\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2010-11-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2010-11-30] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\Users\Andreas *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Andreas *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{7CA19DE2-AA6C-4AFC-89C9-179AB1D10563}: [NameServer]192.168.2.1,192.168.2.110
Tcpip\..\Interfaces\{9639E2E8-D477-456C-AD2E-4A574776DAED}: [NameServer]192.168.2.1,192.168.2.111
FireFox:
========
FF ProfilePath: C:\Users\Andreas *****\AppData\Roaming\Mozilla\Firefox\Profiles\l603lrsl.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll (The OpenSSL Project, hxxp://www.openssl.org/)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll (The OpenSSL Project, hxxp://www.openssl.org/)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Andreas *****\AppData\Roaming\Mozilla\Firefox\Profiles\l603lrsl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-21]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-21] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe [610888 2014-06-17] (Citrix Online, a division of Citrix Systems, Inc.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-09] (SafeNet Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] () [File not signed]
R2 Vogel.USBSpider; C:\Program Files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe [353280 2012-10-11] (Verlag Heinrich Vogel in der Springer Transport Media GmbH) [File not signed]
S4 nvUpdatusService; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [X]
==================== Drivers (Whitelisted) ====================
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-08-09] (SafeNet Inc.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2013-08-09] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-09] (SafeNet Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2013-03-02] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-21] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-21] ()
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [36432 2008-03-05] (DemoForge, LLC)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [81984 2010-10-28] (Fresco Logic)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-22 11:44 - 2014-06-22 11:44 - 00000000 ____D () C:\Windows\ERUNT
2014-06-22 11:41 - 2014-06-22 11:41 - 00000000 ____H () C:\ProgramData\cm-lock
2014-06-22 11:38 - 2014-06-22 11:40 - 00000000 ____D () C:\AdwCleaner
2014-06-22 10:26 - 2014-06-22 10:26 - 00000000 ____D () C:\Users\Andreas *****\AppData\Local\Adobe
2014-06-21 16:07 - 2014-06-21 16:07 - 00031968 _____ () C:\ComboFix.txt
2014-06-21 16:02 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-21 16:02 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-21 16:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-21 16:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-21 16:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-21 16:02 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-21 16:02 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-21 16:02 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-21 15:10 - 2014-06-21 16:07 - 00000000 ____D () C:\Qoobox
2014-06-21 15:10 - 2014-06-21 16:06 - 00000000 ____D () C:\Windows\erdnt
2014-06-21 10:01 - 2014-06-21 10:01 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-21 00:48 - 2014-06-21 00:48 - 787531405 _____ () C:\Windows\MEMORY.DMP
2014-06-21 00:48 - 2014-06-21 00:48 - 00447208 _____ () C:\Windows\Minidump\062114-10826-01.dmp
2014-06-21 00:48 - 2014-06-21 00:48 - 00000000 ____D () C:\Windows\Minidump
2014-06-21 00:48 - 2014-06-21 00:48 - 00000000 ____D () C:\usr
2014-06-20 23:47 - 2014-06-23 19:38 - 00000000 ____D () C:\FRST
2014-06-20 23:32 - 2014-06-22 11:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-20 23:32 - 2014-06-20 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-20 23:32 - 2014-06-20 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-20 23:32 - 2014-06-20 23:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-20 23:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-20 23:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-20 23:32 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-20 23:27 - 2014-06-20 23:27 - 00000000 ____D () C:\Windows\Sun
2014-06-20 23:26 - 2014-06-20 23:26 - 00004416 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-20 23:26 - 2014-06-20 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-20 23:26 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-20 23:26 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-20 23:26 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-20 23:26 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-20 23:16 - 2014-06-20 23:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-20 22:17 - 2014-06-20 22:18 - 02347384 _____ (ESET) C:\Users\Andreas *****\Downloads\esetsmartinstaller_deu.exe
2014-06-20 21:57 - 2014-06-20 21:57 - 00000000 __SHD () C:\Users\Andreas *****\AppData\Local\EmieUserList
2014-06-20 21:57 - 2014-06-20 21:57 - 00000000 __SHD () C:\Users\Andreas *****\AppData\Local\EmieSiteList
2014-06-20 20:38 - 2014-06-20 20:38 - 00000000 ____D () C:\Users\Andreas *****\AppData\Local\VirtualStore
2014-06-20 08:38 - 2014-06-20 08:38 - 04245080 _____ (TeamViewer) C:\Users\Andreas *****\Downloads\TeamViewerQS_de.exe
2014-06-19 13:08 - 2014-06-19 13:08 - 01057176 _____ (Adobe) C:\Users\Andreas *****\Downloads\install_flashplayer14x32_mssd_aaa_aih.exe
2014-06-18 21:05 - 2014-06-18 21:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-17 09:32 - 2014-06-17 09:31 - 00169544 _____ (Citrix Online) C:\Windows\system32\g2ax_credential_provider64_715.dll
2014-06-17 09:31 - 2014-06-17 09:31 - 00001514 _____ () C:\Users\Andreas *****\Desktop\GoToAssist Customer.lnk
2014-06-17 09:31 - 2014-06-17 09:31 - 00000000 ____D () C:\Users\Andreas *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-06-15 19:38 - 2014-06-15 19:38 - 00001538 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-06-15 19:36 - 2014-06-15 19:36 - 00000663 _____ () C:\Users\Andreas *****\Desktop\Musik MP3.lnk
2014-06-15 19:31 - 2014-06-15 19:31 - 00000012 _____ () C:\Windows\SysWOW64\Settings
2014-06-11 20:23 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 20:23 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 20:23 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 20:23 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 20:23 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 20:23 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 20:23 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 20:23 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 20:23 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 20:23 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 20:23 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 20:23 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 20:23 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 20:23 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 20:23 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 20:23 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 20:23 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 20:23 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 20:23 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 20:23 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 20:23 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 20:23 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 20:23 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 20:23 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 20:23 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 20:23 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 20:23 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 20:23 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 20:23 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 20:23 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 20:23 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 20:23 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 20:23 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 20:23 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 20:23 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 20:23 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 20:23 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 20:23 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 20:23 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 20:23 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 20:23 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 20:23 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 20:23 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 20:23 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 20:23 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 20:23 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 20:23 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 20:23 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 20:23 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 20:23 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 20:23 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 20:23 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 20:23 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 20:23 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 20:23 - 2014-04-25 04:27 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 20:23 - 2014-04-25 03:58 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 20:23 - 2014-04-05 04:37 - 01897408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 20:23 - 2014-04-05 04:37 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-11 20:23 - 2014-04-05 04:37 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 20:23 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 20:23 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 20:23 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 20:23 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 20:23 - 2014-03-26 04:39 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 20:23 - 2014-03-26 04:36 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 20:23 - 2014-03-26 04:13 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 20:23 - 2014-03-26 04:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 20:21 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 20:21 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 13:47 - 2014-06-05 13:49 - 00000000 ____D () C:\Users\Andreas *****\Desktop\TrekStor
==================== One Month Modified Files and Folders =======
2014-06-23 19:38 - 2014-06-20 23:47 - 00000000 ____D () C:\FRST
2014-06-23 19:34 - 2013-12-21 20:00 - 02028695 _____ () C:\Windows\WindowsUpdate.log
2014-06-23 18:54 - 2013-12-21 21:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-23 17:40 - 2013-12-21 21:04 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-06-23 17:29 - 2013-12-21 21:35 - 00001108 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-23 17:29 - 2013-12-21 21:35 - 00001096 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-06-23 16:15 - 2011-04-12 09:43 - 00746634 _____ () C:\Windows\system32\perfh007.dat
2014-06-23 16:15 - 2011-04-12 09:43 - 00165814 _____ () C:\Windows\system32\perfc007.dat
2014-06-23 16:15 - 2009-07-14 07:13 - 01723180 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-23 16:13 - 2013-12-21 22:01 - 00000000 ____D () C:\Users\Andreas *****\Documents\Outlook-Dateien
2014-06-22 11:48 - 2009-07-14 06:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-22 11:48 - 2009-07-14 06:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-22 11:44 - 2014-06-22 11:44 - 00000000 ____D () C:\Windows\ERUNT
2014-06-22 11:41 - 2014-06-22 11:41 - 00000000 ____H () C:\ProgramData\cm-lock
2014-06-22 11:41 - 2013-12-23 19:51 - 00025642 _____ () C:\Windows\setupact.log
2014-06-22 11:41 - 2010-11-21 05:47 - 00247846 _____ () C:\Windows\PFRO.log
2014-06-22 11:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-22 11:40 - 2014-06-22 11:38 - 00000000 ____D () C:\AdwCleaner
2014-06-22 11:30 - 2014-06-20 23:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-22 11:07 - 2014-01-04 21:08 - 00034984 _____ () C:\ads_err.adt
2014-06-22 11:07 - 2013-12-23 17:58 - 00128971 _____ () C:\ads_err.dbf
2014-06-22 10:26 - 2014-06-22 10:26 - 00000000 ____D () C:\Users\Andreas *****\AppData\Local\Adobe
2014-06-21 16:07 - 2014-06-21 16:07 - 00031968 _____ () C:\ComboFix.txt
2014-06-21 16:07 - 2014-06-21 15:10 - 00000000 ____D () C:\Qoobox
2014-06-21 16:07 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-21 16:06 - 2014-06-21 15:10 - 00000000 ____D () C:\Windows\erdnt
2014-06-21 16:06 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-21 13:14 - 2013-12-21 20:00 - 00000000 ____D () C:\Users\Andreas *****
2014-06-21 10:01 - 2014-06-21 10:01 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-21 00:48 - 2014-06-21 00:48 - 787531405 _____ () C:\Windows\MEMORY.DMP
2014-06-21 00:48 - 2014-06-21 00:48 - 00447208 _____ () C:\Windows\Minidump\062114-10826-01.dmp
2014-06-21 00:48 - 2014-06-21 00:48 - 00000000 ____D () C:\Windows\Minidump
2014-06-21 00:48 - 2014-06-21 00:48 - 00000000 ____D () C:\usr
2014-06-20 23:32 - 2014-06-20 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-20 23:32 - 2014-06-20 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-20 23:32 - 2014-06-20 23:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-20 23:27 - 2014-06-20 23:27 - 00000000 ____D () C:\Windows\Sun
2014-06-20 23:26 - 2014-06-20 23:26 - 00004416 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-20 23:26 - 2014-06-20 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-20 23:26 - 2013-12-21 22:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-20 23:26 - 2013-12-21 22:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-20 23:16 - 2014-06-20 23:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-20 23:16 - 2013-12-21 20:17 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-06-20 23:16 - 2013-12-21 20:17 - 00000000 ____D () C:\Windows\system32\NV
2014-06-20 22:18 - 2014-06-20 22:17 - 02347384 _____ (ESET) C:\Users\Andreas *****\Downloads\esetsmartinstaller_deu.exe
2014-06-20 21:57 - 2014-06-20 21:57 - 00000000 __SHD () C:\Users\Andreas *****\AppData\Local\EmieUserList
2014-06-20 21:57 - 2014-06-20 21:57 - 00000000 __SHD () C:\Users\Andreas *****\AppData\Local\EmieSiteList
2014-06-20 20:42 - 2013-12-21 20:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-06-20 20:38 - 2014-06-20 20:38 - 00000000 ____D () C:\Users\Andreas *****\AppData\Local\VirtualStore
2014-06-20 08:38 - 2014-06-20 08:38 - 04245080 _____ (TeamViewer) C:\Users\Andreas *****\Downloads\TeamViewerQS_de.exe
2014-06-19 13:12 - 2013-12-21 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 13:10 - 2013-12-21 21:42 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-19 13:10 - 2013-12-21 21:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-19 13:10 - 2013-12-21 21:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-19 13:08 - 2014-06-19 13:08 - 01057176 _____ (Adobe) C:\Users\Andreas *****\Downloads\install_flashplayer14x32_mssd_aaa_aih.exe
2014-06-18 21:05 - 2014-06-18 21:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 20:24 - 2014-01-04 21:08 - 00003072 _____ () C:\ads_err.adi
2014-06-17 09:31 - 2014-06-17 09:32 - 00169544 _____ (Citrix Online) C:\Windows\system32\g2ax_credential_provider64_715.dll
2014-06-17 09:31 - 2014-06-17 09:31 - 00001514 _____ () C:\Users\Andreas *****\Desktop\GoToAssist Customer.lnk
2014-06-17 09:31 - 2014-06-17 09:31 - 00000000 ____D () C:\Users\Andreas *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-06-15 19:45 - 2013-12-24 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-15 19:45 - 2013-12-24 14:20 - 00000000 ____D () C:\Users\Andreas *****\AppData\Roaming\DVDVideoSoft
2014-06-15 19:45 - 2013-12-24 14:20 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-06-15 19:38 - 2014-06-15 19:38 - 00001538 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-06-15 19:36 - 2014-06-15 19:36 - 00000663 _____ () C:\Users\Andreas *****\Desktop\Musik MP3.lnk
2014-06-15 19:31 - 2014-06-15 19:31 - 00000012 _____ () C:\Windows\SysWOW64\Settings
2014-06-13 06:12 - 2013-12-21 21:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-12 03:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 03:02 - 2013-12-27 13:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:01 - 2013-12-27 13:01 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 11:13 - 2014-06-11 20:21 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 20:21 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 13:49 - 2014-06-05 13:47 - 00000000 ____D () C:\Users\Andreas *****\Desktop\TrekStor
2014-05-30 12:21 - 2014-06-11 20:23 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 20:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 20:23 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 20:23 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 20:23 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 20:23 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 20:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 20:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 20:23 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 20:23 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 20:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 20:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 20:23 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 20:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 20:23 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 20:23 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 20:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 20:23 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 20:23 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 20:23 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 20:23 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 20:23 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 20:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 20:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 20:23 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 20:23 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 20:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 20:23 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 20:23 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 20:23 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 20:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 20:23 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 20:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 20:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 20:23 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 20:23 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 20:23 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 20:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 20:23 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 20:23 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 20:23 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 20:23 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 20:23 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 20:23 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 20:23 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 20:23 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 20:23 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 20:23 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 20:23 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 20:23 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 20:23 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
Some content of TEMP:
====================
C:\Users\Andreas *****\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-18 00:42
==================== End Of Log ============================
--- --- --- --- --- --- Ich würd ja mal stark zu "SAUBER" tendieren. Ist das so? Edit: UAC ist mittlerweile auf Stufe 1 aktiv... |
|
24.06.2014, 12:31
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: Avast!GUI defekt, TrojanDownloader.Elenoocka.A Java updaten. Funde von ESET manuell löschen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.06.2014, 18:09
| #9 | ||
| | Windows 7: Avast!GUI defekt, TrojanDownloader.Elenoocka.AZitat:
Beim Versuch Combofix zu deinstallieren, macht Avast! sofort das hier: Code:
ATTFilter 24.06.2014 18:45:03 D:\Virenscanner und Tools\uninstall.exe [L] FileRepMetagen [DRP] (0)
Datei erfolgreich in Container verschoben...
 Zitat:
Vielen Dank für Deine Unterstützung!!!  |
|
24.06.2014, 19:12
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: Avast!GUI defekt, TrojanDownloader.Elenoocka.A weil es Java schon in Version 8 gibt Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.06.2014, 19:57
| #11 |
| | Windows 7: Avast!GUI defekt, TrojanDownloader.Elenoocka.A Oops, die neue Version ist wohl an mir vorbeigelaufen. Naja, da es e fast jeden Tag Updates gab, geht man eigentlich davon aus, dass sowas installiert wird. Ok, werd ich gleich überall installieren. |
|
25.06.2014, 18:08
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7: Avast!GUI defekt, TrojanDownloader.Elenoocka.A ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: Avast!GUI defekt, TrojanDownloader.Elenoocka.A |
| 4d36e972-e325-11ce-bfc1-08002be10318, antivirus, association, downloader, dvdvideosoft ltd., flash player, focus, monitor, msiexec.exe, problem, registry, security, seltsames verhalten, services.exe, starten, svchost.exe, teredo, tunnel, virus, win32/installcore.mn, win32/trojandownloader.elenoocka.a, windows, wscript.exe, ändern |
WARNUNG an die MITLESER: 
Linear-Darstellung
