| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner, der Spammails verschicktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
04.08.2014, 19:58
| #1 |
 |  Trojaner, der Spammails verschickt Hi, vielen Dank für die schnelle Hilfe! FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Sascha (administrator) on SASCHA-PC on 04-08-2014 20:54:19
Running from C:\Users\Sascha\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Hama\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Hama\Common\RaRegistry64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) F:\Programme\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Hama\Common\RaUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Samsung Electronics Co., Ltd.) F:\Programme\Kies\KiesTrayAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamSpeak Systems GmbH) F:\Programme\TeamSpeak 3\ts3client_win64.exe
() F:\Programme\AutoHotkey\AutoHotkey.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [KiesTrayAgent] => F:\Programme\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2178990997-2898133636-4236303039-1000\...\Run: [EADM] => F:\Spiele\Origin\Origin.exe [3595608 2014-07-26] (Electronic Arts)
HKU\S-1-5-21-2178990997-2898133636-4236303039-1000\...\Run: [Steam] => F:\Spiele\Steam\steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-2178990997-2898133636-4236303039-1000\...\Run: [] => F:\Programme\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-05-26] (Samsung)
HKU\S-1-5-21-2178990997-2898133636-4236303039-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Sascha\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-2178990997-2898133636-4236303039-1000\...\Run: [RGSC] => F:\Spiele\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-2178990997-2898133636-4236303039-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2178990997-2898133636-4236303039-1000\...\MountPoints2: {4e841a95-13ef-11e2-aa81-806e6f6e6963} - D:\Autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
ShortcutTarget: Hama Wireless LAN Utility.lnk -> C:\Program Files (x86)\Hama\Common\RaUI.exe (Ralink Technology, Corp.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB6686B0E66B0CE01
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {BC282D49-DBE7-4cde-A4CA-C7F07227FDD1} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\ttn4rkj9.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> F:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\ttn4rkj9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-07] () [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-27] ()
R2 RalinkRegistryWriter; C:\Program Files (x86)\Hama\Common\RaRegistry.exe [193888 2010-06-01] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Hama\Common\RaRegistry64.exe [211296 2010-06-01] (Ralink Technology, Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-10] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-04-12] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-04-12] (FNet Co., Ltd.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-04 20:54 - 2014-08-04 20:54 - 00015126 _____ () C:\Users\Sascha\Desktop\FRST.txt
2014-08-04 20:53 - 2014-08-04 20:54 - 00000000 ____D () C:\FRST
2014-08-04 20:53 - 2014-08-04 20:53 - 02094080 _____ (Farbar) C:\Users\Sascha\Desktop\FRST64.exe
2014-08-04 19:57 - 2014-08-04 20:06 - 00000948 _____ () C:\Users\Sascha\Desktop\DM-Keybinder.lnk
2014-08-04 19:57 - 2014-08-04 20:06 - 00000048 _____ () C:\Users\Sascha\Desktop\Update.ini
2014-08-04 19:57 - 2014-08-04 19:57 - 00000000 ____D () C:\Users\Sascha\Documents\DM-Keybinder von Alan.Miller
2014-08-04 19:06 - 2014-08-04 19:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 19:05 - 2014-08-04 19:05 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-04 19:05 - 2014-08-04 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-04 19:05 - 2014-08-04 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 19:05 - 2014-08-04 19:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-04 19:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-04 19:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-04 19:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-31 21:32 - 2014-08-02 13:05 - 00000000 ____D () C:\Users\Sascha\Documents\Overlay-Optionen
2014-07-30 15:43 - 2014-07-30 15:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 20:05 - 2014-07-27 20:05 - 00001306 _____ () C:\Users\Sascha\Desktop\SAMP.lnk
2014-07-15 09:14 - 2014-07-15 09:14 - 00123566 _____ () C:\Users\Sascha\Desktop\Projekt.rar
2014-07-15 09:09 - 2014-07-14 17:05 - 00003845 _____ () C:\Users\Sascha\Desktop\projekt.sql
2014-07-13 14:33 - 2014-07-13 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2014-07-13 14:30 - 2014-07-13 20:47 - 00000000 ____D () C:\xampp
2014-07-12 16:20 - 2014-07-13 15:27 - 00003306 _____ () C:\projekt.sql
2014-07-12 12:41 - 2014-07-12 13:57 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Notepad++
2014-07-12 12:41 - 2014-07-12 12:41 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-07-12 12:41 - 2014-07-12 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-07-11 21:28 - 2014-07-11 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Maps Radar - Made by OVPD Badge 169
2014-07-09 00:27 - 2014-07-09 00:27 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-07-09 00:21 - 2014-07-09 00:21 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-07-08 22:57 - 2014-07-08 22:57 - 00000967 _____ () C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
2014-07-08 21:58 - 2014-07-09 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-07-08 21:29 - 2014-07-09 18:48 - 00000990 _____ () C:\Users\Public\Desktop\MTA San Andreas 1.4.lnk
2014-07-08 21:29 - 2014-07-08 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.4
2014-07-08 21:27 - 2014-07-08 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3
2014-07-07 20:35 - 2014-07-07 20:35 - 00000000 ____D () C:\Program Files\Common Files\Logitech
2014-07-07 19:52 - 2014-07-07 19:53 - 00000000 ____D () C:\AdwCleaner
2014-07-05 18:03 - 2014-07-05 18:03 - 00000207 _____ () C:\Users\Sascha\Desktop\Company of Heroes.url
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-04 20:54 - 2014-08-04 20:54 - 00015126 _____ () C:\Users\Sascha\Desktop\FRST.txt
2014-08-04 20:54 - 2014-08-04 20:53 - 00000000 ____D () C:\FRST
2014-08-04 20:53 - 2014-08-04 20:53 - 02094080 _____ (Farbar) C:\Users\Sascha\Desktop\FRST64.exe
2014-08-04 20:50 - 2013-04-13 00:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-04 20:06 - 2014-08-04 19:57 - 00000948 _____ () C:\Users\Sascha\Desktop\DM-Keybinder.lnk
2014-08-04 20:06 - 2014-08-04 19:57 - 00000048 _____ () C:\Users\Sascha\Desktop\Update.ini
2014-08-04 19:57 - 2014-08-04 19:57 - 00000000 ____D () C:\Users\Sascha\Documents\DM-Keybinder von Alan.Miller
2014-08-04 19:56 - 2012-10-12 15:33 - 01964081 _____ () C:\Windows\WindowsUpdate.log
2014-08-04 19:06 - 2014-08-04 19:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 19:05 - 2014-08-04 19:05 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-04 19:05 - 2014-08-04 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-04 19:05 - 2014-08-04 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 19:05 - 2014-08-04 19:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-04 18:56 - 2013-04-12 23:59 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\TS3Client
2014-08-04 18:41 - 2013-04-12 22:32 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-04 15:18 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-04 15:18 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-04 15:11 - 2014-04-04 20:28 - 13473523 _____ () C:\Windows\setupact.log
2014-08-04 15:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 13:05 - 2014-07-31 21:32 - 00000000 ____D () C:\Users\Sascha\Documents\Overlay-Optionen
2014-08-01 12:57 - 2013-04-13 10:49 - 00000000 ____D () C:\ProgramData\Origin
2014-07-31 13:11 - 2012-10-12 15:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 15:43 - 2014-07-30 15:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 20:05 - 2014-07-27 20:05 - 00001306 _____ () C:\Users\Sascha\Desktop\SAMP.lnk
2014-07-15 09:14 - 2014-07-15 09:14 - 00123566 _____ () C:\Users\Sascha\Desktop\Projekt.rar
2014-07-14 17:05 - 2014-07-15 09:09 - 00003845 _____ () C:\Users\Sascha\Desktop\projekt.sql
2014-07-13 20:47 - 2014-07-13 14:30 - 00000000 ____D () C:\xampp
2014-07-13 18:06 - 2014-03-10 11:24 - 00000000 ____D () C:\Users\Sascha\Desktop\MET Pack
2014-07-13 15:27 - 2014-07-12 16:20 - 00003306 _____ () C:\projekt.sql
2014-07-13 14:33 - 2014-07-13 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2014-07-12 13:57 - 2014-07-12 12:41 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Notepad++
2014-07-12 12:43 - 2011-04-12 09:43 - 02149600 _____ () C:\Windows\system32\perfh007.dat
2014-07-12 12:43 - 2011-04-12 09:43 - 00601554 _____ () C:\Windows\system32\perfc007.dat
2014-07-12 12:43 - 2009-07-14 07:13 - 00006422 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-12 12:41 - 2014-07-12 12:41 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-07-12 12:41 - 2014-07-12 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-07-11 21:28 - 2014-07-11 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Maps Radar - Made by OVPD Badge 169
2014-07-10 23:13 - 2013-04-12 23:00 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\vlc
2014-07-09 18:48 - 2014-07-08 21:29 - 00000990 _____ () C:\Users\Public\Desktop\MTA San Andreas 1.4.lnk
2014-07-09 00:27 - 2014-07-09 00:27 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-07-09 00:26 - 2013-11-23 23:14 - 00000000 ____D () C:\Users\Sascha\AppData\Local\Rockstar Games
2014-07-09 00:25 - 2014-07-08 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-07-09 00:25 - 2014-06-16 21:02 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-07-09 00:25 - 2013-04-12 21:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-09 00:22 - 2014-06-09 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2014-07-09 00:21 - 2014-07-09 00:21 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-07-08 23:00 - 2014-04-04 21:03 - 00112837 _____ () C:\Windows\DirectX.log
2014-07-08 22:58 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-08 22:57 - 2014-07-08 22:57 - 00000967 _____ () C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
2014-07-08 21:29 - 2014-07-08 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.4
2014-07-08 21:29 - 2013-05-03 21:20 - 00000000 ____D () C:\ProgramData\MTA San Andreas All
2014-07-08 21:27 - 2014-07-08 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3
2014-07-08 20:50 - 2013-04-13 00:09 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 20:50 - 2013-04-13 00:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 20:50 - 2013-04-13 00:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-07 20:35 - 2014-07-07 20:35 - 00000000 ____D () C:\Program Files\Common Files\Logitech
2014-07-07 19:55 - 2014-05-13 18:09 - 00011732 _____ () C:\Windows\PFRO.log
2014-07-07 19:53 - 2014-07-07 19:52 - 00000000 ____D () C:\AdwCleaner
2014-07-07 19:38 - 2013-04-26 21:52 - 00000000 ____D () C:\Users\Sascha\Documents\KONAMI
2014-07-07 18:31 - 2014-06-19 12:14 - 00001090 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-07-07 18:31 - 2014-06-19 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-07 18:31 - 2014-06-19 12:13 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\DVDVideoSoft
2014-07-05 18:30 - 2013-05-10 14:21 - 00000000 ____D () C:\Users\Sascha\Documents\My Games
2014-07-05 18:03 - 2014-07-05 18:03 - 00000207 _____ () C:\Users\Sascha\Desktop\Company of Heroes.url
Some content of TEMP:
====================
C:\Users\Sascha\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Sascha\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.4-R2.0-26-g31d7c5f-b2943jnks.dll
C:\Users\Sascha\AppData\Local\Temp\libeay32.dll
C:\Users\Sascha\AppData\Local\Temp\NGMDll.dll
C:\Users\Sascha\AppData\Local\Temp\NGMResource.dll
C:\Users\Sascha\AppData\Local\Temp\NGMSetup.exe
C:\Users\Sascha\AppData\Local\Temp\ovisetup-12052014165456.exe
C:\Users\Sascha\AppData\Local\Temp\Quarantine.exe
C:\Users\Sascha\AppData\Local\Temp\ssleay32.dll
C:\Users\Sascha\AppData\Local\Temp\tmd_34015118.exe
C:\Users\Sascha\AppData\Local\Temp\unicows.dll
C:\Users\Sascha\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-28 18:57
==================== End Of Log ============================
ADDITION: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Sascha (administrator) on SASCHA-PC on 04-08-2014 20:54:19
Running from C:\Users\Sascha\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Hama\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Hama\Common\RaRegistry64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) F:\Programme\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Hama\Common\RaUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Samsung Electronics Co., Ltd.) F:\Programme\Kies\KiesTrayAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamSpeak Systems GmbH) F:\Programme\TeamSpeak 3\ts3client_win64.exe
() F:\Programme\AutoHotkey\AutoHotkey.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [KiesTrayAgent] => F:\Programme\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2178990997-2898133636-4236303039-1000\...\Run: [EADM] => F:\Spiele\Origin\Origin.exe [3595608 2014-07-26] (Electronic Arts)
HKU\S-1-5-21-2178990997-2898133636-4236303039-1000\...\Run: [Steam] => F:\Spiele\Steam\steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-2178990997-2898133636-4236303039-1000\...\Run: [] => F:\Programme\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-05-26] (Samsung)
HKU\S-1-5-21-2178990997-2898133636-4236303039-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Sascha\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-2178990997-2898133636-4236303039-1000\...\Run: [RGSC] => F:\Spiele\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-2178990997-2898133636-4236303039-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2178990997-2898133636-4236303039-1000\...\MountPoints2: {4e841a95-13ef-11e2-aa81-806e6f6e6963} - D:\Autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
ShortcutTarget: Hama Wireless LAN Utility.lnk -> C:\Program Files (x86)\Hama\Common\RaUI.exe (Ralink Technology, Corp.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB6686B0E66B0CE01
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {BC282D49-DBE7-4cde-A4CA-C7F07227FDD1} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\ttn4rkj9.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> F:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\ttn4rkj9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-07] () [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-27] ()
R2 RalinkRegistryWriter; C:\Program Files (x86)\Hama\Common\RaRegistry.exe [193888 2010-06-01] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Hama\Common\RaRegistry64.exe [211296 2010-06-01] (Ralink Technology, Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-10] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-04-12] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-04-12] (FNet Co., Ltd.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-04 20:54 - 2014-08-04 20:54 - 00015126 _____ () C:\Users\Sascha\Desktop\FRST.txt
2014-08-04 20:53 - 2014-08-04 20:54 - 00000000 ____D () C:\FRST
2014-08-04 20:53 - 2014-08-04 20:53 - 02094080 _____ (Farbar) C:\Users\Sascha\Desktop\FRST64.exe
2014-08-04 19:57 - 2014-08-04 20:06 - 00000948 _____ () C:\Users\Sascha\Desktop\DM-Keybinder.lnk
2014-08-04 19:57 - 2014-08-04 20:06 - 00000048 _____ () C:\Users\Sascha\Desktop\Update.ini
2014-08-04 19:57 - 2014-08-04 19:57 - 00000000 ____D () C:\Users\Sascha\Documents\DM-Keybinder von Alan.Miller
2014-08-04 19:06 - 2014-08-04 19:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 19:05 - 2014-08-04 19:05 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-04 19:05 - 2014-08-04 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-04 19:05 - 2014-08-04 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 19:05 - 2014-08-04 19:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-04 19:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-04 19:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-04 19:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-31 21:32 - 2014-08-02 13:05 - 00000000 ____D () C:\Users\Sascha\Documents\Overlay-Optionen
2014-07-30 15:43 - 2014-07-30 15:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 20:05 - 2014-07-27 20:05 - 00001306 _____ () C:\Users\Sascha\Desktop\SAMP.lnk
2014-07-15 09:14 - 2014-07-15 09:14 - 00123566 _____ () C:\Users\Sascha\Desktop\Projekt.rar
2014-07-15 09:09 - 2014-07-14 17:05 - 00003845 _____ () C:\Users\Sascha\Desktop\projekt.sql
2014-07-13 14:33 - 2014-07-13 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2014-07-13 14:30 - 2014-07-13 20:47 - 00000000 ____D () C:\xampp
2014-07-12 16:20 - 2014-07-13 15:27 - 00003306 _____ () C:\projekt.sql
2014-07-12 12:41 - 2014-07-12 13:57 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Notepad++
2014-07-12 12:41 - 2014-07-12 12:41 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-07-12 12:41 - 2014-07-12 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-07-11 21:28 - 2014-07-11 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Maps Radar - Made by OVPD Badge 169
2014-07-09 00:27 - 2014-07-09 00:27 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-07-09 00:21 - 2014-07-09 00:21 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-07-08 22:57 - 2014-07-08 22:57 - 00000967 _____ () C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
2014-07-08 21:58 - 2014-07-09 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-07-08 21:29 - 2014-07-09 18:48 - 00000990 _____ () C:\Users\Public\Desktop\MTA San Andreas 1.4.lnk
2014-07-08 21:29 - 2014-07-08 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.4
2014-07-08 21:27 - 2014-07-08 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3
2014-07-07 20:35 - 2014-07-07 20:35 - 00000000 ____D () C:\Program Files\Common Files\Logitech
2014-07-07 19:52 - 2014-07-07 19:53 - 00000000 ____D () C:\AdwCleaner
2014-07-05 18:03 - 2014-07-05 18:03 - 00000207 _____ () C:\Users\Sascha\Desktop\Company of Heroes.url
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-04 20:54 - 2014-08-04 20:54 - 00015126 _____ () C:\Users\Sascha\Desktop\FRST.txt
2014-08-04 20:54 - 2014-08-04 20:53 - 00000000 ____D () C:\FRST
2014-08-04 20:53 - 2014-08-04 20:53 - 02094080 _____ (Farbar) C:\Users\Sascha\Desktop\FRST64.exe
2014-08-04 20:50 - 2013-04-13 00:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-04 20:06 - 2014-08-04 19:57 - 00000948 _____ () C:\Users\Sascha\Desktop\DM-Keybinder.lnk
2014-08-04 20:06 - 2014-08-04 19:57 - 00000048 _____ () C:\Users\Sascha\Desktop\Update.ini
2014-08-04 19:57 - 2014-08-04 19:57 - 00000000 ____D () C:\Users\Sascha\Documents\DM-Keybinder von Alan.Miller
2014-08-04 19:56 - 2012-10-12 15:33 - 01964081 _____ () C:\Windows\WindowsUpdate.log
2014-08-04 19:06 - 2014-08-04 19:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 19:05 - 2014-08-04 19:05 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-04 19:05 - 2014-08-04 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-04 19:05 - 2014-08-04 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 19:05 - 2014-08-04 19:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-04 18:56 - 2013-04-12 23:59 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\TS3Client
2014-08-04 18:41 - 2013-04-12 22:32 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-04 15:18 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-04 15:18 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-04 15:11 - 2014-04-04 20:28 - 13473523 _____ () C:\Windows\setupact.log
2014-08-04 15:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 13:05 - 2014-07-31 21:32 - 00000000 ____D () C:\Users\Sascha\Documents\Overlay-Optionen
2014-08-01 12:57 - 2013-04-13 10:49 - 00000000 ____D () C:\ProgramData\Origin
2014-07-31 13:11 - 2012-10-12 15:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 15:43 - 2014-07-30 15:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 20:05 - 2014-07-27 20:05 - 00001306 _____ () C:\Users\Sascha\Desktop\SAMP.lnk
2014-07-15 09:14 - 2014-07-15 09:14 - 00123566 _____ () C:\Users\Sascha\Desktop\Projekt.rar
2014-07-14 17:05 - 2014-07-15 09:09 - 00003845 _____ () C:\Users\Sascha\Desktop\projekt.sql
2014-07-13 20:47 - 2014-07-13 14:30 - 00000000 ____D () C:\xampp
2014-07-13 18:06 - 2014-03-10 11:24 - 00000000 ____D () C:\Users\Sascha\Desktop\MET Pack
2014-07-13 15:27 - 2014-07-12 16:20 - 00003306 _____ () C:\projekt.sql
2014-07-13 14:33 - 2014-07-13 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2014-07-12 13:57 - 2014-07-12 12:41 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Notepad++
2014-07-12 12:43 - 2011-04-12 09:43 - 02149600 _____ () C:\Windows\system32\perfh007.dat
2014-07-12 12:43 - 2011-04-12 09:43 - 00601554 _____ () C:\Windows\system32\perfc007.dat
2014-07-12 12:43 - 2009-07-14 07:13 - 00006422 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-12 12:41 - 2014-07-12 12:41 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-07-12 12:41 - 2014-07-12 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-07-11 21:28 - 2014-07-11 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Maps Radar - Made by OVPD Badge 169
2014-07-10 23:13 - 2013-04-12 23:00 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\vlc
2014-07-09 18:48 - 2014-07-08 21:29 - 00000990 _____ () C:\Users\Public\Desktop\MTA San Andreas 1.4.lnk
2014-07-09 00:27 - 2014-07-09 00:27 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-07-09 00:26 - 2013-11-23 23:14 - 00000000 ____D () C:\Users\Sascha\AppData\Local\Rockstar Games
2014-07-09 00:25 - 2014-07-08 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-07-09 00:25 - 2014-06-16 21:02 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-07-09 00:25 - 2013-04-12 21:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-09 00:22 - 2014-06-09 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2014-07-09 00:21 - 2014-07-09 00:21 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-07-08 23:00 - 2014-04-04 21:03 - 00112837 _____ () C:\Windows\DirectX.log
2014-07-08 22:58 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-08 22:57 - 2014-07-08 22:57 - 00000967 _____ () C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
2014-07-08 21:29 - 2014-07-08 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.4
2014-07-08 21:29 - 2013-05-03 21:20 - 00000000 ____D () C:\ProgramData\MTA San Andreas All
2014-07-08 21:27 - 2014-07-08 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3
2014-07-08 20:50 - 2013-04-13 00:09 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 20:50 - 2013-04-13 00:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 20:50 - 2013-04-13 00:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-07 20:35 - 2014-07-07 20:35 - 00000000 ____D () C:\Program Files\Common Files\Logitech
2014-07-07 19:55 - 2014-05-13 18:09 - 00011732 _____ () C:\Windows\PFRO.log
2014-07-07 19:53 - 2014-07-07 19:52 - 00000000 ____D () C:\AdwCleaner
2014-07-07 19:38 - 2013-04-26 21:52 - 00000000 ____D () C:\Users\Sascha\Documents\KONAMI
2014-07-07 18:31 - 2014-06-19 12:14 - 00001090 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-07-07 18:31 - 2014-06-19 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-07 18:31 - 2014-06-19 12:13 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\DVDVideoSoft
2014-07-05 18:30 - 2013-05-10 14:21 - 00000000 ____D () C:\Users\Sascha\Documents\My Games
2014-07-05 18:03 - 2014-07-05 18:03 - 00000207 _____ () C:\Users\Sascha\Desktop\Company of Heroes.url
Some content of TEMP:
====================
C:\Users\Sascha\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Sascha\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.4-R2.0-26-g31d7c5f-b2943jnks.dll
C:\Users\Sascha\AppData\Local\Temp\libeay32.dll
C:\Users\Sascha\AppData\Local\Temp\NGMDll.dll
C:\Users\Sascha\AppData\Local\Temp\NGMResource.dll
C:\Users\Sascha\AppData\Local\Temp\NGMSetup.exe
C:\Users\Sascha\AppData\Local\Temp\ovisetup-12052014165456.exe
C:\Users\Sascha\AppData\Local\Temp\Quarantine.exe
C:\Users\Sascha\AppData\Local\Temp\ssleay32.dll
C:\Users\Sascha\AppData\Local\Temp\tmd_34015118.exe
C:\Users\Sascha\AppData\Local\Temp\unicows.dll
C:\Users\Sascha\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-28 18:57
==================== End Of Log ============================
|
|
| Themen zu Trojaner, der Spammails verschickt |
| accounts, avast, detected, forum, malwarebytes, protection, system, trojaner, verschickt, viren, wahrscheinlich, website, win32/bundled.toolbar.ask.g, win32/bundled.toolbar.google.d, win32/downware.l, win32/installmonetizer.aq, windows, windows 7 |
Hybrid-Darstellung
