| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win7: Fund Rce.Gen3 in Quarantäne. Weitere VorgehensweiseWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.09.2014, 10:07
| #1 |
 |  Win7: Fund Rce.Gen3 in Quarantäne. Weitere Vorgehensweise Hallo Gestern bekam ich von Antivir die Meldung, dass Rce.Gen3 in Quarantäne verschoben wurde. Wie gehe ich jetzt weiter vor ? Einfach nur löschen kann u.U. ungesund sein, habe ich gehört. Gibt es auch eine Möglichkeit, herauszufinden, wo ich mir das eingefangen habe ? Achja, ich bin freiberuflicher Fotograf, fällt das auch unter den gewerblichen Ausschluss ? In bester Hoffnung, dass das nicht so ist, sende ich hier die Logfiles: Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:18 on 15/09/2014 (EMQI Admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by EMQI (ATTENTION: The logged in user is not administrator) on EMQI-PC on 15-09-2014 09:22:18
Running from C:\Users\EMQI\Desktop\Trojaner Board
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-09-03] (APN)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1815360027-1045131646-433386647-1000\...\MountPoints2: {330fb04a-b8e3-11e3-bf6c-806e6f6e6963} - D:\start.exe
ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\EMQI\AppData\Roaming\Mozilla\Firefox\Profiles\pfzra16c.FirefoxMarkus Alt
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-09-03] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 hasplms; C:\Windows\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [82800 2013-07-02] (X-Rite Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [42040 2014-07-10] (Avira Operations GmbH & Co. KG)
R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2013-07-10] (Nicomsoft Ltd.)
R2 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [10240 2013-07-10] (Nicomsoft Ltd.) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-15 09:22 - 2014-09-15 09:22 - 00000000 ____D () C:\FRST
2014-09-15 09:10 - 2014-09-15 09:22 - 00000000 ____D () C:\Users\EMQI\Desktop\Trojaner Board
2014-09-13 10:36 - 2014-09-13 10:36 - 00032108 _____ () C:\Users\EMQI\AppData\Local\recently-used.xbel
2014-09-13 00:08 - 2014-09-13 00:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 09:34 - 2014-09-12 09:34 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-11 00:49 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 00:49 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 00:49 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 00:49 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 00:49 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 00:49 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 00:49 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 00:49 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 00:49 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 00:49 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 00:49 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 00:49 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 00:49 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 00:49 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 00:49 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 00:49 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 00:49 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 00:49 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 00:49 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 00:49 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 00:49 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 00:49 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 00:49 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 00:49 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 00:49 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 00:49 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 00:49 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 00:49 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 00:49 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 00:49 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 00:49 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 00:49 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 00:49 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 00:49 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 00:49 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 00:49 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 00:49 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 00:49 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 00:49 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 00:49 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 00:49 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 00:49 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 00:49 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 00:49 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 00:49 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 00:49 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 00:48 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 00:48 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 00:48 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 00:48 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 00:48 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 00:48 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 00:48 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 00:48 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 00:48 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 00:48 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 00:44 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 00:44 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 19:59 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 19:59 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 19:59 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 19:59 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 19:59 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 19:59 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 19:59 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 19:59 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 19:59 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 19:59 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 19:59 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-08 13:52 - 2014-09-08 14:01 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-09-08 13:52 - 2014-09-08 13:52 - 00001040 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2014-09-08 13:36 - 2014-09-08 13:36 - 00000000 ___RD () C:\Users\EMQI\Creative Cloud Files
2014-09-08 13:31 - 2014-09-08 13:31 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-09-08 13:31 - 2014-09-08 13:31 - 00001297 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-09-08 13:26 - 2014-09-08 13:27 - 00615304 _____ (Adobe Systems Incorporated) C:\Users\EMQI\Downloads\CreativeCloudSet-Up.exe
2014-08-31 08:47 - 2014-08-31 08:47 - 00084592 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-31 08:47 - 2014-08-31 08:47 - 00084592 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-29 17:45 - 2014-08-29 17:45 - 00000000 ____D () C:\Users\EMQI\Desktop\Adobe Creative Cloud Fotografie (Photoshop CC + Lightroom) - 1 Jahreslizenz (PC Download)
2014-08-29 17:26 - 2014-08-29 17:27 - 01038704 _____ (Amazon Services LLC) C:\Users\EMQI\Downloads\Adobe_Creative_Cloud_Fotografie_Photoshop_CC_Lightroom_1_Jahreslizenz_Downloader.exe
2014-08-28 07:23 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 07:23 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 07:23 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 21:13 - 2014-08-20 21:13 - 00000000 ____D () C:\Users\EMQI\AppData\Local\Tools&More
2014-08-20 21:12 - 2014-08-20 21:12 - 00001942 _____ () C:\Users\Public\Desktop\Joe.lnk
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools&More
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\Program Files (x86)\Tools&More
2014-08-20 21:05 - 2014-08-20 21:05 - 01101648 _____ () C:\Users\EMQI\Downloads\Joe letzte Freeware Version - CHIP-Installer.exe
2014-08-19 12:56 - 2014-08-28 22:16 - 00000000 ____D () C:\Users\EMQI\AppData\Roaming\FileZilla
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-19 12:54 - 2014-09-15 09:18 - 00000000 ____D () C:\Users\EMQI Admin
2014-08-19 12:53 - 2014-08-19 12:53 - 06052529 _____ (Tim Kosse) C:\Users\EMQI\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 ____D () C:\Users\Surfer
2014-08-18 07:33 - 2014-09-15 08:34 - 00000000 ____D () C:\Users\EMQI\AppData\Local\Adobe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-15 09:22 - 2014-09-15 09:22 - 00000000 ____D () C:\FRST
2014-09-15 09:22 - 2014-09-15 09:10 - 00000000 ____D () C:\Users\EMQI\Desktop\Trojaner Board
2014-09-15 09:18 - 2014-08-19 12:54 - 00000000 ____D () C:\Users\EMQI Admin
2014-09-15 08:35 - 2013-10-29 16:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-15 08:35 - 2013-10-29 16:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-15 08:34 - 2014-08-18 07:33 - 00000000 ____D () C:\Users\EMQI\AppData\Local\Adobe
2014-09-15 08:34 - 2013-11-13 10:43 - 00001406 ____H () C:\Windows\Tasks\{DD8046B0-2077-4899-AFCD-A0D034E183D4}.job
2014-09-15 08:32 - 2009-07-14 06:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 08:32 - 2009-07-14 06:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 08:29 - 2013-10-28 19:02 - 02000409 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 08:29 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-09-15 08:29 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-09-15 08:29 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 08:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 08:24 - 2009-07-14 06:51 - 00084068 _____ () C:\Windows\setupact.log
2014-09-13 11:54 - 2013-10-29 15:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-13 10:39 - 2013-10-29 18:12 - 00000000 ____D () C:\Users\EMQI\.gimp-2.8
2014-09-13 10:39 - 2013-10-28 19:04 - 00000000 ____D () C:\Users\EMQI
2014-09-13 10:36 - 2014-09-13 10:36 - 00032108 _____ () C:\Users\EMQI\AppData\Local\recently-used.xbel
2014-09-13 08:44 - 2013-10-30 16:39 - 00000000 ____D () C:\Users\EMQI\AppData\Local\gtk-2.0
2014-09-13 08:00 - 2013-11-13 10:43 - 00000388 _____ () C:\Windows\Tasks\X-Rite Device Services Software Updater.job
2014-09-13 00:08 - 2014-09-13 00:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 09:34 - 2014-09-12 09:34 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-12 09:34 - 2013-12-04 21:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-12 09:34 - 2013-10-29 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-12 09:34 - 2013-10-29 15:35 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-11 00:48 - 2013-12-04 21:31 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 00:48 - 2013-10-30 15:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 00:47 - 2013-10-29 16:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 00:44 - 2014-05-06 11:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 00:44 - 2013-10-29 16:43 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-08 14:01 - 2014-09-08 13:52 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-09-08 14:01 - 2013-10-28 20:07 - 00000000 ____D () C:\Users\EMQI\AppData\Roaming\Adobe
2014-09-08 13:59 - 2013-10-28 20:08 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-08 13:57 - 2013-10-30 13:27 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-08 13:57 - 2013-10-28 20:08 - 00000000 ____D () C:\Program Files\Adobe
2014-09-08 13:52 - 2014-09-08 13:52 - 00001040 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2014-09-08 13:52 - 2013-10-28 20:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-08 13:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-08 13:36 - 2014-09-08 13:36 - 00000000 ___RD () C:\Users\EMQI\Creative Cloud Files
2014-09-08 13:31 - 2014-09-08 13:31 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-09-08 13:31 - 2014-09-08 13:31 - 00001297 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-09-08 13:27 - 2014-09-08 13:26 - 00615304 _____ (Adobe Systems Incorporated) C:\Users\EMQI\Downloads\CreativeCloudSet-Up.exe
2014-09-05 04:10 - 2014-09-10 19:59 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 19:59 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 16:24 - 2013-10-29 15:48 - 00000000 ____D () C:\Users\EMQI\AppData\Roaming\Mozilla
2014-08-31 08:47 - 2014-08-31 08:47 - 00084592 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-31 08:47 - 2014-08-31 08:47 - 00084592 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-29 17:45 - 2014-08-29 17:45 - 00000000 ____D () C:\Users\EMQI\Desktop\Adobe Creative Cloud Fotografie (Photoshop CC + Lightroom) - 1 Jahreslizenz (PC Download)
2014-08-29 17:27 - 2014-08-29 17:26 - 01038704 _____ (Amazon Services LLC) C:\Users\EMQI\Downloads\Adobe_Creative_Cloud_Fotografie_Photoshop_CC_Lightroom_1_Jahreslizenz_Downloader.exe
2014-08-29 08:21 - 2009-07-14 06:45 - 00338904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 22:16 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\EMQI\AppData\Roaming\FileZilla
2014-08-23 04:07 - 2014-08-28 07:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 07:23 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 07:23 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 21:13 - 2014-08-20 21:13 - 00000000 ____D () C:\Users\EMQI\AppData\Local\Tools&More
2014-08-20 21:12 - 2014-08-20 21:12 - 00001942 _____ () C:\Users\Public\Desktop\Joe.lnk
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools&More
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\Program Files (x86)\Tools&More
2014-08-20 21:05 - 2014-08-20 21:05 - 01101648 _____ () C:\Users\EMQI\Downloads\Joe letzte Freeware Version - CHIP-Installer.exe
2014-08-19 20:05 - 2014-09-11 00:49 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-11 00:49 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-19 12:53 - 2014-08-19 12:53 - 06052529 _____ (Tim Kosse) C:\Users\EMQI\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-19 01:01 - 2014-09-11 00:49 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 00:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 00:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 00:48 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 00:49 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 00:48 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 00:49 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 00:49 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 00:49 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 00:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 00:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 00:49 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:08 - 2014-09-11 00:48 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:05 - 2014-09-11 00:49 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 00:49 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 00:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 00:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-11 00:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-11 00:49 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-11 00:49 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-11 00:49 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-11 00:49 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-11 00:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-11 00:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 00:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 00:49 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-11 00:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-11 00:49 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-11 00:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 00:49 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-11 00:49 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-11 00:49 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-11 00:49 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-11 00:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-11 00:49 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-11 00:49 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-11 00:49 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-11 00:49 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:23 - 2014-09-11 00:48 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:22 - 2014-09-11 00:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 00:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-11 00:49 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 00:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-11 00:48 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-11 00:49 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:15 - 2014-09-11 00:48 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:09 - 2014-09-11 00:49 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 00:48 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-11 00:49 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-11 00:48 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-11 00:48 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-11 00:49 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:38 - 2014-09-11 00:48 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:37 - 2013-10-29 15:35 - 00000000 ____D () C:\ProgramData\Avira
2014-08-18 22:36 - 2014-09-11 00:49 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 ____D () C:\Users\Surfer
2014-08-18 14:40 - 2014-05-16 22:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
Files to move or delete:
====================
C:\Windows\Tasks\{DD8046B0-2077-4899-AFCD-A0D034E183D4}.job
Some content of TEMP:
====================
C:\Users\EMQI\AppData\Local\Temp\avgnt.exe
C:\Users\EMQI\AppData\Local\Temp\ose00000.exe
C:\Users\EMQI\AppData\Local\Temp\res1.tmp.exe
C:\Users\EMQI\AppData\Local\Temp\twi1.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by EMQI at 2014-09-15 09:22:39
Running from C:\Users\EMQI\Desktop\Trojaner Board
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1008.932.15229 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In (Version: 2.06.0000 - AMD) Hidden
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C1002}) (Version: 12.16.2.2040 - APN, LLC)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
GIMP 2.8.8 (HKLM\...\GIMP-2_is1) (Version: 2.8.8 - The GIMP Team)
GIMP Extensions 2.8.20131021 (HKLM\...\GIMP Extensions) (Version: 2.8.20131021 - Pedro Cunha)
i1Profiler (HKLM-x32\...\i1Profiler_is1) (Version: 1.5.0 - X-Rite)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Joe (HKLM-x32\...\{0AD3DEBC-5321-457E-8B43-8F546940169B}) (Version: 4.00.0050 - Wirth IT Design)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20051 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.19900.9.11 - Nero AG) Hidden
Nero CoverDesigner 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10800.6.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10300 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero MediaHome Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.5.10400 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.13300.42.0 - Nero AG) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
The Photographer's Ephemeris (HKLM-x32\...\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1) (Version: 1.1.1 - UNKNOWN)
The Photographer's Ephemeris (x32 Version: 1.1.1 - UNKNOWN) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
XRD i1d3 (x32 Version: 1.0.135 - X-Rite) Hidden
X-Rite Device Services Manager (HKLM-x32\...\{DD8046B0-2077-4899-AFCD-A0D034E183D4}) (Version: 2.3.75 - X-Rite)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: C:\Windows\Tasks\X-Rite Device Services Software Updater.job => ?
Task: C:\Windows\Tasks\{DD8046B0-2077-4899-AFCD-A0D034E183D4}.job => ?
==================== Loaded Modules (whitelisted) =============
2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-10-29 20:25 - 2012-12-11 14:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-10-08 10:34 - 2013-10-08 10:34 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-07-16 11:05 - 2014-07-16 11:05 - 05558432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^i1Profiler Tray.lnk => C:\Windows\pss\i1Profiler Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^XRGamma.lnk => C:\Windows\pss\XRGamma.lnk.CommonStartup
==================== Faulty Device Manager Devices =============
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/15/2014 08:26:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/14/2014 09:53:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/14/2014 04:16:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (09/14/2014 00:24:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/14/2014 08:44:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.1.5367, Zeitstempel: 0x541259dd
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.1.5367, Zeitstempel: 0x541225d2
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x474
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (09/14/2014 08:02:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/13/2014 07:16:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (09/13/2014 06:02:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/13/2014 01:45:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/13/2014 11:56:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (09/09/2014 06:44:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 09.09.2014 um 16:22:18 unerwartet heruntergefahren.
Error: (09/07/2014 06:26:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk10\DR12 gefunden.
Error: (09/07/2014 06:26:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk10\DR12 gefunden.
Error: (09/07/2014 05:07:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (09/06/2014 11:16:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (09/01/2014 11:27:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (08/30/2014 03:08:26 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error: (08/30/2014 03:08:25 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error: (08/30/2014 03:08:25 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error: (08/30/2014 03:08:24 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Microsoft Office Sessions:
=========================
Error: (09/15/2014 08:26:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/14/2014 09:53:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/14/2014 04:16:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe
Error: (09/14/2014 00:24:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/14/2014 08:44:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.1.5367541259ddmozalloc.dll32.0.1.5367541225d2800000030000141b47401cfcfe28ff98114C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll9ca9bed1-3bda-11e4-81b5-8c89a5599717
Error: (09/14/2014 08:02:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/13/2014 07:16:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe
Error: (09/13/2014 06:02:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/13/2014 01:45:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/13/2014 11:56:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: AMD A6-3650 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 16%
Total physical RAM: 15845.4 MB
Available physical RAM: 13161.66 MB
Total Pagefile: 31688.98 MB
Available Pagefile: 28898.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:29.26 GB) NTFS
Drive d: (Video-Training) (CDROM) (Total:3.69 GB) (Free:0 GB) CDFS
Drive i: (Volume) (Fixed) (Total:1863.01 GB) (Free:141.76 GB) NTFS
Drive m: (NIKON D700) (Removable) (Total:7.45 GB) (Free:4.77 GB) FAT32
Drive o: () (Removable) (Total:14.72 GB) (Free:12.3 GB) FAT32
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-15 10:36:54
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 KINGSTON_SV300S37A120G rev.505ABBF1 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\EMQIAD~1\AppData\Local\Temp\kxldapod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077241465 2 bytes [24, 77]
.text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772414bb 2 bytes [24, 77]
.text ... * 2
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077241465 2 bytes [24, 77]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772414bb 2 bytes [24, 77]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077241465 2 bytes [24, 77]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772414bb 2 bytes [24, 77]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [3296] entry point in ".rdata" section 000000005b6e71e6
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077241465 2 bytes [24, 77]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772414bb 2 bytes [24, 77]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077241465 2 bytes [24, 77]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772414bb 2 bytes [24, 77]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077241465 2 bytes [24, 77]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772414bb 2 bytes [24, 77]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077241465 2 bytes [24, 77]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772414bb 2 bytes [24, 77]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077241465 2 bytes [24, 77]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772414bb 2 bytes [24, 77]
.text ... * 2
---- EOF - GMER 2.1 ----
Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 15.09.2014 Suchlauf-Zeit: 10:20:11 Logdatei: Malwarebytes logfile.txt Administrator: Nein Version: 2.00.2.1012 Malware Datenbank: v2014.09.15.04 Rootkit Datenbank: v2014.09.13.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: EMQI Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 245511 Verstrichene Zeit: 5 Min, 38 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 14. September 2014 23:14
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : EMQI-PC
Versionsinformationen:
BUILD.DAT : 14.0.6.570 92022 Bytes 15.08.2014 10:30:00
AVSCAN.EXE : 14.0.6.548 1046608 Bytes 30.07.2014 11:17:44
AVSCANRC.DLL : 14.0.6.522 62544 Bytes 30.07.2014 11:17:45
LUKE.DLL : 14.0.6.522 57936 Bytes 30.07.2014 11:18:51
AVSCPLR.DLL : 14.0.6.548 92752 Bytes 30.07.2014 11:17:45
AVREG.DLL : 14.0.6.522 262224 Bytes 30.07.2014 11:17:36
avlode.dll : 14.0.6.526 603728 Bytes 30.07.2014 11:17:34
avlode.rdf : 14.0.4.46 64835 Bytes 08.09.2014 11:36:52
XBV00009.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00010.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00011.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00012.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00013.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00014.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00015.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00016.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:30
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:23:31
XBV00244.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00245.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00246.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00247.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00248.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00249.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00250.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00251.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00252.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00253.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00254.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00255.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:29:16
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 18:14:08
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 18:14:08
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 18:14:08
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 18:14:08
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 18:14:08
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 18:14:08
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 13:38:07
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 18:01:59
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 11:23:30
XBV00042.VDF : 8.11.167.234 1073152 Bytes 19.08.2014 11:29:08
XBV00043.VDF : 8.11.167.236 3584 Bytes 19.08.2014 11:29:08
XBV00044.VDF : 8.11.167.238 17408 Bytes 19.08.2014 17:29:07
XBV00045.VDF : 8.11.167.242 7168 Bytes 19.08.2014 17:29:07
XBV00046.VDF : 8.11.167.248 2048 Bytes 19.08.2014 17:29:07
XBV00047.VDF : 8.11.168.26 19968 Bytes 19.08.2014 17:29:07
XBV00048.VDF : 8.11.168.44 10240 Bytes 19.08.2014 13:53:25
XBV00049.VDF : 8.11.168.60 2048 Bytes 19.08.2014 13:53:25
XBV00050.VDF : 8.11.168.78 27136 Bytes 20.08.2014 13:53:25
XBV00051.VDF : 8.11.168.80 2048 Bytes 20.08.2014 13:53:25
XBV00052.VDF : 8.11.168.98 15360 Bytes 20.08.2014 13:53:25
XBV00053.VDF : 8.11.168.100 2048 Bytes 20.08.2014 13:53:25
XBV00054.VDF : 8.11.168.116 28160 Bytes 20.08.2014 19:53:25
XBV00055.VDF : 8.11.168.118 9216 Bytes 20.08.2014 04:55:56
XBV00056.VDF : 8.11.168.120 4096 Bytes 20.08.2014 04:55:56
XBV00057.VDF : 8.11.168.124 12800 Bytes 21.08.2014 17:01:48
XBV00058.VDF : 8.11.168.126 25088 Bytes 21.08.2014 17:01:48
XBV00059.VDF : 8.11.168.132 33280 Bytes 21.08.2014 05:11:34
XBV00060.VDF : 8.11.168.134 2048 Bytes 21.08.2014 05:11:34
XBV00061.VDF : 8.11.168.138 11776 Bytes 21.08.2014 05:11:34
XBV00062.VDF : 8.11.168.140 3584 Bytes 21.08.2014 05:11:34
XBV00063.VDF : 8.11.168.158 3584 Bytes 22.08.2014 11:11:37
XBV00064.VDF : 8.11.168.174 2048 Bytes 22.08.2014 11:11:37
XBV00065.VDF : 8.11.168.180 5120 Bytes 22.08.2014 11:11:37
XBV00066.VDF : 8.11.168.220 7168 Bytes 22.08.2014 11:11:37
XBV00067.VDF : 8.11.168.222 20480 Bytes 22.08.2014 17:11:35
XBV00068.VDF : 8.11.168.226 17920 Bytes 22.08.2014 05:32:26
XBV00069.VDF : 8.11.168.230 8704 Bytes 22.08.2014 05:32:26
XBV00070.VDF : 8.11.168.234 4608 Bytes 23.08.2014 14:27:08
XBV00071.VDF : 8.11.168.236 4608 Bytes 23.08.2014 14:27:08
XBV00072.VDF : 8.11.168.238 4608 Bytes 23.08.2014 14:27:08
XBV00073.VDF : 8.11.168.240 37376 Bytes 23.08.2014 07:12:09
XBV00074.VDF : 8.11.168.242 2048 Bytes 23.08.2014 07:12:09
XBV00075.VDF : 8.11.168.244 38400 Bytes 24.08.2014 13:12:09
XBV00076.VDF : 8.11.168.246 2048 Bytes 24.08.2014 13:12:09
XBV00077.VDF : 8.11.168.248 14848 Bytes 24.08.2014 19:12:10
XBV00078.VDF : 8.11.168.252 2048 Bytes 24.08.2014 19:12:10
XBV00079.VDF : 8.11.168.254 24576 Bytes 24.08.2014 19:12:10
XBV00080.VDF : 8.11.169.2 2048 Bytes 24.08.2014 05:04:38
XBV00081.VDF : 8.11.169.4 22528 Bytes 25.08.2014 05:04:38
XBV00082.VDF : 8.11.169.20 6656 Bytes 25.08.2014 11:04:35
XBV00083.VDF : 8.11.169.36 4608 Bytes 25.08.2014 11:04:35
XBV00084.VDF : 8.11.169.38 11264 Bytes 25.08.2014 11:04:35
XBV00085.VDF : 8.11.169.40 2048 Bytes 25.08.2014 11:04:35
XBV00086.VDF : 8.11.169.54 8192 Bytes 25.08.2014 17:04:35
XBV00087.VDF : 8.11.169.62 28672 Bytes 25.08.2014 07:17:00
XBV00088.VDF : 8.11.169.66 14336 Bytes 25.08.2014 07:17:00
XBV00089.VDF : 8.11.169.68 3584 Bytes 25.08.2014 07:17:00
XBV00090.VDF : 8.11.169.72 15872 Bytes 26.08.2014 07:17:00
XBV00091.VDF : 8.11.169.74 6144 Bytes 26.08.2014 07:17:00
XBV00092.VDF : 8.11.169.76 12288 Bytes 26.08.2014 07:17:00
XBV00093.VDF : 8.11.169.78 5632 Bytes 26.08.2014 13:17:00
XBV00094.VDF : 8.11.169.80 25088 Bytes 26.08.2014 13:17:00
XBV00095.VDF : 8.11.169.82 5120 Bytes 26.08.2014 13:17:00
XBV00096.VDF : 8.11.169.88 24064 Bytes 26.08.2014 19:17:21
XBV00097.VDF : 8.11.169.90 9216 Bytes 26.08.2014 19:17:22
XBV00098.VDF : 8.11.169.94 33280 Bytes 26.08.2014 05:32:56
XBV00099.VDF : 8.11.169.108 7680 Bytes 26.08.2014 05:32:56
XBV00100.VDF : 8.11.169.122 5120 Bytes 26.08.2014 05:32:56
XBV00101.VDF : 8.11.169.136 3072 Bytes 27.08.2014 05:32:56
XBV00102.VDF : 8.11.169.138 8704 Bytes 27.08.2014 05:32:56
XBV00103.VDF : 8.11.169.140 15872 Bytes 27.08.2014 11:32:56
XBV00104.VDF : 8.11.169.142 10240 Bytes 27.08.2014 11:32:56
XBV00105.VDF : 8.11.169.144 17408 Bytes 27.08.2014 11:32:56
XBV00106.VDF : 8.11.169.148 18944 Bytes 27.08.2014 18:05:18
XBV00107.VDF : 8.11.169.150 2048 Bytes 27.08.2014 18:05:18
XBV00108.VDF : 8.11.169.152 14336 Bytes 27.08.2014 05:23:49
XBV00109.VDF : 8.11.169.154 2048 Bytes 27.08.2014 05:23:49
XBV00110.VDF : 8.11.169.156 2048 Bytes 27.08.2014 05:23:49
XBV00111.VDF : 8.11.169.160 11264 Bytes 27.08.2014 05:23:49
XBV00112.VDF : 8.11.169.164 31744 Bytes 28.08.2014 05:23:49
XBV00113.VDF : 8.11.169.166 18432 Bytes 28.08.2014 11:23:53
XBV00114.VDF : 8.11.169.168 10240 Bytes 28.08.2014 17:23:49
XBV00115.VDF : 8.11.169.186 35328 Bytes 28.08.2014 17:23:49
XBV00116.VDF : 8.11.169.202 8192 Bytes 28.08.2014 06:26:46
XBV00117.VDF : 8.11.169.214 2048 Bytes 28.08.2014 06:26:46
XBV00118.VDF : 8.11.169.216 2048 Bytes 28.08.2014 06:26:46
XBV00119.VDF : 8.11.169.230 40960 Bytes 29.08.2014 06:26:46
XBV00120.VDF : 8.11.169.232 8192 Bytes 29.08.2014 12:26:46
XBV00121.VDF : 8.11.169.238 45056 Bytes 29.08.2014 12:26:46
XBV00122.VDF : 8.11.169.242 4096 Bytes 29.08.2014 12:26:46
XBV00123.VDF : 8.11.169.248 52224 Bytes 29.08.2014 18:26:54
XBV00124.VDF : 8.11.170.12 4096 Bytes 29.08.2014 05:09:09
XBV00125.VDF : 8.11.170.24 2560 Bytes 29.08.2014 05:09:09
XBV00126.VDF : 8.11.170.38 5632 Bytes 30.08.2014 11:51:00
XBV00127.VDF : 8.11.170.40 19456 Bytes 30.08.2014 11:51:02
XBV00128.VDF : 8.11.170.42 25088 Bytes 30.08.2014 17:50:06
XBV00129.VDF : 8.11.170.44 69632 Bytes 31.08.2014 13:19:50
XBV00130.VDF : 8.11.170.48 7168 Bytes 31.08.2014 19:19:50
XBV00131.VDF : 8.11.170.50 8192 Bytes 31.08.2014 19:19:50
XBV00132.VDF : 8.11.170.52 19456 Bytes 01.09.2014 11:01:01
XBV00133.VDF : 8.11.170.64 3072 Bytes 01.09.2014 11:01:02
XBV00134.VDF : 8.11.170.74 3584 Bytes 01.09.2014 11:01:02
XBV00135.VDF : 8.11.170.84 8192 Bytes 01.09.2014 11:01:03
XBV00136.VDF : 8.11.170.90 41472 Bytes 01.09.2014 06:18:25
XBV00137.VDF : 8.11.170.94 2048 Bytes 01.09.2014 06:18:25
XBV00138.VDF : 8.11.170.96 29696 Bytes 01.09.2014 06:18:25
XBV00139.VDF : 8.11.170.100 28160 Bytes 01.09.2014 06:18:25
XBV00140.VDF : 8.11.170.102 23552 Bytes 01.09.2014 06:18:25
XBV00141.VDF : 8.11.170.106 13824 Bytes 02.09.2014 06:18:25
XBV00142.VDF : 8.11.170.116 10752 Bytes 02.09.2014 14:13:51
XBV00143.VDF : 8.11.170.126 5632 Bytes 02.09.2014 14:13:51
XBV00144.VDF : 8.11.170.136 13824 Bytes 02.09.2014 14:13:51
XBV00145.VDF : 8.11.170.140 23040 Bytes 02.09.2014 20:43:02
XBV00146.VDF : 8.11.170.142 7168 Bytes 02.09.2014 20:43:02
XBV00147.VDF : 8.11.170.144 16384 Bytes 02.09.2014 20:43:02
XBV00148.VDF : 8.11.170.148 25600 Bytes 02.09.2014 20:43:02
XBV00149.VDF : 8.11.170.150 12800 Bytes 02.09.2014 20:43:02
XBV00150.VDF : 8.11.170.152 5632 Bytes 02.09.2014 06:31:46
XBV00151.VDF : 8.11.170.158 4608 Bytes 03.09.2014 06:31:46
XBV00152.VDF : 8.11.170.160 3072 Bytes 03.09.2014 06:31:46
XBV00153.VDF : 8.11.170.166 25600 Bytes 03.09.2014 12:31:48
XBV00154.VDF : 8.11.170.168 14848 Bytes 03.09.2014 12:31:48
XBV00155.VDF : 8.11.170.170 2048 Bytes 03.09.2014 12:31:48
XBV00156.VDF : 8.11.170.174 18944 Bytes 03.09.2014 18:31:46
XBV00157.VDF : 8.11.170.186 4608 Bytes 03.09.2014 04:53:57
XBV00158.VDF : 8.11.170.194 7680 Bytes 03.09.2014 04:53:57
XBV00159.VDF : 8.11.170.202 2560 Bytes 03.09.2014 04:53:57
XBV00160.VDF : 8.11.170.204 5120 Bytes 04.09.2014 04:53:57
XBV00161.VDF : 8.11.170.208 15360 Bytes 04.09.2014 10:53:59
XBV00162.VDF : 8.11.170.212 2048 Bytes 04.09.2014 10:53:59
XBV00163.VDF : 8.11.170.214 6656 Bytes 04.09.2014 16:53:56
XBV00164.VDF : 8.11.170.218 14848 Bytes 04.09.2014 16:53:56
XBV00165.VDF : 8.11.170.222 27648 Bytes 04.09.2014 06:30:37
XBV00166.VDF : 8.11.170.226 8192 Bytes 04.09.2014 06:30:37
XBV00167.VDF : 8.11.170.228 3072 Bytes 05.09.2014 06:30:37
XBV00168.VDF : 8.11.170.230 3072 Bytes 05.09.2014 06:30:37
XBV00169.VDF : 8.11.170.232 2560 Bytes 05.09.2014 06:30:37
XBV00170.VDF : 8.11.170.234 3584 Bytes 05.09.2014 12:30:37
XBV00171.VDF : 8.11.170.236 17920 Bytes 05.09.2014 12:30:37
XBV00172.VDF : 8.11.170.240 58368 Bytes 05.09.2014 18:30:38
XBV00173.VDF : 8.11.170.250 13312 Bytes 05.09.2014 06:27:51
XBV00174.VDF : 8.11.171.2 4608 Bytes 05.09.2014 06:27:51
XBV00175.VDF : 8.11.171.10 5632 Bytes 05.09.2014 06:27:51
XBV00176.VDF : 8.11.171.18 12288 Bytes 06.09.2014 12:28:25
XBV00177.VDF : 8.11.171.20 4608 Bytes 06.09.2014 12:28:25
XBV00178.VDF : 8.11.171.22 24576 Bytes 06.09.2014 18:28:25
XBV00179.VDF : 8.11.171.24 25600 Bytes 07.09.2014 15:32:44
XBV00180.VDF : 8.11.171.26 2048 Bytes 07.09.2014 15:32:44
XBV00181.VDF : 8.11.171.28 31744 Bytes 07.09.2014 15:32:44
XBV00182.VDF : 8.11.171.30 2048 Bytes 07.09.2014 15:32:45
XBV00183.VDF : 8.11.171.32 2048 Bytes 07.09.2014 15:32:45
XBV00184.VDF : 8.11.171.34 38912 Bytes 08.09.2014 05:36:52
XBV00185.VDF : 8.11.171.42 3072 Bytes 08.09.2014 11:36:52
XBV00186.VDF : 8.11.171.48 3584 Bytes 08.09.2014 11:36:52
XBV00187.VDF : 8.11.171.54 9728 Bytes 08.09.2014 11:36:53
XBV00188.VDF : 8.11.171.56 2048 Bytes 08.09.2014 11:36:53
XBV00189.VDF : 8.11.171.58 19968 Bytes 08.09.2014 17:36:53
XBV00190.VDF : 8.11.171.66 2048 Bytes 08.09.2014 17:36:53
XBV00191.VDF : 8.11.171.74 29184 Bytes 08.09.2014 06:10:44
XBV00192.VDF : 8.11.171.76 2048 Bytes 08.09.2014 06:10:44
XBV00193.VDF : 8.11.171.78 2048 Bytes 08.09.2014 06:10:44
XBV00194.VDF : 8.11.171.86 28160 Bytes 08.09.2014 06:10:44
XBV00195.VDF : 8.11.171.88 2048 Bytes 09.09.2014 06:10:44
XBV00196.VDF : 8.11.171.94 11776 Bytes 09.09.2014 06:10:44
XBV00197.VDF : 8.11.171.96 10240 Bytes 09.09.2014 06:10:44
XBV00198.VDF : 8.11.171.98 5120 Bytes 09.09.2014 20:04:07
XBV00199.VDF : 8.11.171.100 4096 Bytes 09.09.2014 20:04:07
XBV00200.VDF : 8.11.171.102 7680 Bytes 09.09.2014 20:04:07
XBV00201.VDF : 8.11.171.104 5120 Bytes 09.09.2014 20:04:07
XBV00202.VDF : 8.11.171.106 9216 Bytes 09.09.2014 20:04:07
XBV00203.VDF : 8.11.171.110 24576 Bytes 09.09.2014 20:04:07
XBV00204.VDF : 8.11.171.112 5632 Bytes 09.09.2014 20:04:07
XBV00205.VDF : 8.11.171.116 13824 Bytes 09.09.2014 09:21:34
XBV00206.VDF : 8.11.171.118 3584 Bytes 09.09.2014 09:21:34
XBV00207.VDF : 8.11.171.120 7680 Bytes 09.09.2014 09:21:34
XBV00208.VDF : 8.11.171.128 12288 Bytes 10.09.2014 09:21:34
XBV00209.VDF : 8.11.171.134 16384 Bytes 10.09.2014 09:21:34
XBV00210.VDF : 8.11.171.140 12288 Bytes 10.09.2014 09:21:34
XBV00211.VDF : 8.11.171.142 15872 Bytes 10.09.2014 15:21:35
XBV00212.VDF : 8.11.171.146 15872 Bytes 10.09.2014 21:21:35
XBV00213.VDF : 8.11.171.148 2048 Bytes 10.09.2014 21:21:35
XBV00214.VDF : 8.11.171.150 15360 Bytes 10.09.2014 21:21:35
XBV00215.VDF : 8.11.171.152 8192 Bytes 10.09.2014 21:21:35
XBV00216.VDF : 8.11.171.158 13312 Bytes 10.09.2014 05:29:26
XBV00217.VDF : 8.11.171.160 6656 Bytes 10.09.2014 05:29:26
XBV00218.VDF : 8.11.171.166 21504 Bytes 11.09.2014 05:29:26
XBV00219.VDF : 8.11.171.168 6144 Bytes 11.09.2014 12:14:18
XBV00220.VDF : 8.11.171.170 6144 Bytes 11.09.2014 12:14:18
XBV00221.VDF : 8.11.171.172 11264 Bytes 11.09.2014 12:14:18
XBV00222.VDF : 8.11.171.176 16896 Bytes 11.09.2014 21:09:37
XBV00223.VDF : 8.11.171.178 11264 Bytes 11.09.2014 21:09:37
XBV00224.VDF : 8.11.171.180 11776 Bytes 11.09.2014 21:09:37
XBV00225.VDF : 8.11.171.188 5120 Bytes 11.09.2014 21:09:37
XBV00226.VDF : 8.11.171.192 20992 Bytes 11.09.2014 07:33:49
XBV00227.VDF : 8.11.171.196 5120 Bytes 12.09.2014 07:33:49
XBV00228.VDF : 8.11.171.202 8192 Bytes 12.09.2014 07:33:49
XBV00229.VDF : 8.11.171.204 13824 Bytes 12.09.2014 07:33:49
XBV00230.VDF : 8.11.171.206 5632 Bytes 12.09.2014 13:33:49
XBV00231.VDF : 8.11.171.208 21504 Bytes 12.09.2014 13:33:49
XBV00232.VDF : 8.11.171.210 2560 Bytes 12.09.2014 13:33:49
XBV00233.VDF : 8.11.171.214 2048 Bytes 12.09.2014 13:33:49
XBV00234.VDF : 8.11.171.218 37888 Bytes 12.09.2014 19:56:47
XBV00235.VDF : 8.11.171.224 23040 Bytes 12.09.2014 05:26:45
XBV00236.VDF : 8.11.171.228 3584 Bytes 13.09.2014 11:48:28
XBV00237.VDF : 8.11.171.232 31744 Bytes 13.09.2014 11:48:28
XBV00238.VDF : 8.11.171.234 15872 Bytes 13.09.2014 17:48:28
XBV00239.VDF : 8.11.171.238 2048 Bytes 13.09.2014 17:48:28
XBV00240.VDF : 8.11.171.242 32768 Bytes 14.09.2014 12:05:14
XBV00241.VDF : 8.11.171.244 2048 Bytes 14.09.2014 12:05:14
XBV00242.VDF : 8.11.171.250 17920 Bytes 14.09.2014 18:05:13
XBV00243.VDF : 8.11.171.252 2048 Bytes 14.09.2014 18:05:13
LOCAL001.VDF : 8.11.171.252 110920704 Bytes 14.09.2014 18:05:26
Engineversion : 8.3.24.22
AEVDF.DLL : 8.3.1.6 133992 Bytes 20.08.2014 13:53:25
AESCRIPT.DLL : 8.2.0.22 436136 Bytes 04.09.2014 10:53:59
AESCN.DLL : 8.3.2.2 139456 Bytes 21.07.2014 11:20:52
AESBX.DLL : 8.2.20.24 1409224 Bytes 08.05.2014 17:02:46
AERDL.DLL : 8.2.0.138 704888 Bytes 02.12.2013 13:45:19
AEPACK.DLL : 8.4.0.50 792488 Bytes 07.08.2014 19:03:33
AEOFFICE.DLL : 8.3.0.20 216104 Bytes 14.08.2014 16:35:38
AEHEUR.DLL : 8.1.4.1266 7473064 Bytes 04.09.2014 10:53:59
AEHELP.DLL : 8.3.1.0 278728 Bytes 28.05.2014 19:33:47
AEGEN.DLL : 8.1.7.28 450752 Bytes 06.06.2014 12:06:14
AEEXP.DLL : 8.4.2.32 247712 Bytes 02.09.2014 14:13:49
AEEMU.DLL : 8.1.3.4 399264 Bytes 07.08.2014 19:03:31
AEDROID.DLL : 8.4.2.24 442568 Bytes 04.06.2014 12:47:16
AECORE.DLL : 8.3.2.6 243712 Bytes 07.08.2014 19:03:30
AEBB.DLL : 8.1.2.0 60448 Bytes 07.08.2014 19:03:30
AVWINLL.DLL : 14.0.6.522 24144 Bytes 30.07.2014 11:17:01
AVPREF.DLL : 14.0.6.522 50256 Bytes 30.07.2014 11:17:36
AVREP.DLL : 14.0.6.522 219216 Bytes 30.07.2014 11:17:36
AVARKT.DLL : 14.0.5.368 226384 Bytes 24.06.2014 12:19:41
AVEVTLOG.DLL : 14.0.6.522 182352 Bytes 30.07.2014 11:17:29
SQLITE3.DLL : 14.0.6.522 452176 Bytes 30.07.2014 11:18:58
AVSMTP.DLL : 14.0.6.522 76368 Bytes 30.07.2014 11:17:45
NETNT.DLL : 14.0.6.522 13392 Bytes 30.07.2014 11:18:51
RCIMAGE.DLL : 14.0.6.544 4863568 Bytes 30.07.2014 11:17:01
RCTEXT.DLL : 14.0.6.558 76080 Bytes 28.08.2014 11:23:52
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_5415f1c3\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Reparieren
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig
Beginn des Suchlaufs: Sonntag, 14. September 2014 23:14
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '146' Modul(e) wurden durchsucht
Durchsuche Prozess 'WTabletServiceCon.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'WISPTIS.EXE' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Fuel.Service.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '130' Modul(e) wurden durchsucht
Durchsuche Prozess 'apnmcp.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'hasplms.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'xrdd.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '128' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'WISPTIS.EXE' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '168' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'TBNotifier.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'Creative Cloud.exe' - '145' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeIPCBroker.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '259' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'avwebg7.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'Lightroom.exe' - '170' Modul(e) wurden durchsucht
Durchsuche Prozess 'CoreSync.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '138' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TabletUser.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'WacomHost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_Tablet.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TouchUser.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'Adobe CEF Helper.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'Adobe CEF Helper.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'Adobe CEF Helper.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_14_0_0_179.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_14_0_0_179.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'thunderbird.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\EMQI\AppData\Local\Mozilla\Firefox\Profiles\pfzra16c.FirefoxMarkus Alt\cache2\entries\63E16C3FD28A359DED41CF85FF677B92A77F6C1B'
C:\Users\EMQI\AppData\Local\Mozilla\Firefox\Profiles\pfzra16c.FirefoxMarkus Alt\cache2\entries\63E16C3FD28A359DED41CF85FF677B92A77F6C1B
[FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Rce.Gen3
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50b1971a.qua' verschoben!
Ende des Suchlaufs: Sonntag, 14. September 2014 23:14
Benötigte Zeit: 00:18 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
1148 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1147 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Bernd |
|
15.09.2014, 10:09
| #2 |
| /// the machine /// TB-Ausbilder    | Win7: Fund Rce.Gen3 in Quarantäne. Weitere Vorgehensweise Hi,
__________________FRST bitte nochmal, unsere Tools brauchen immer Adminrechte.
__________________ |
|
15.09.2014, 10:38
| #3 |
| | Win7: Fund Rce.Gen3 in Quarantäne. Weitere Vorgehensweise FRST jetzt mit Admin
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by EMQI (administrator) on EMQI-PC on 15-09-2014 11:34:57
Running from C:\Users\EMQI\Desktop\Trojaner Board\FRST64
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-09-03] (APN)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1815360027-1045131646-433386647-1000\...\MountPoints2: {330fb04a-b8e3-11e3-bf6c-806e6f6e6963} - D:\start.exe
ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\EMQI\AppData\Roaming\Mozilla\Firefox\Profiles\pfzra16c.FirefoxMarkus Alt
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-09-03] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 hasplms; C:\Windows\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [82800 2013-07-02] (X-Rite Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [42040 2014-07-10] (Avira Operations GmbH & Co. KG)
R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2013-07-10] (Nicomsoft Ltd.)
R2 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [10240 2013-07-10] (Nicomsoft Ltd.) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-15 10:00 - 2014-09-15 10:00 - 00275456 _____ () C:\Windows\Minidump\091514-7909-01.dmp
2014-09-15 09:48 - 2014-09-15 10:36 - 00004636 _____ () C:\Users\EMQI Admin\Desktop\gmer.txt
2014-09-15 09:22 - 2014-09-15 11:34 - 00000000 ____D () C:\FRST
2014-09-15 09:18 - 2014-09-15 09:18 - 00000000 _____ () C:\Users\EMQI Admin\defogger_reenable
2014-09-15 09:10 - 2014-09-15 10:48 - 00000000 ____D () C:\Users\EMQI\Desktop\Trojaner Board
2014-09-13 10:36 - 2014-09-13 10:36 - 00032108 _____ () C:\Users\EMQI\AppData\Local\recently-used.xbel
2014-09-13 00:08 - 2014-09-13 00:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 09:34 - 2014-09-12 09:34 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-11 00:49 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 00:49 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 00:49 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 00:49 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 00:49 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 00:49 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 00:49 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 00:49 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 00:49 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 00:49 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 00:49 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 00:49 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 00:49 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 00:49 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 00:49 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 00:49 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 00:49 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 00:49 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 00:49 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 00:49 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 00:49 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 00:49 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 00:49 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 00:49 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 00:49 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 00:49 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 00:49 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 00:49 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 00:49 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 00:49 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 00:49 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 00:49 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 00:49 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 00:49 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 00:49 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 00:49 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 00:49 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 00:49 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 00:49 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 00:49 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 00:49 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 00:49 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 00:49 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 00:49 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 00:49 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 00:49 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 00:48 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 00:48 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 00:48 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 00:48 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 00:48 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 00:48 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 00:48 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 00:48 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 00:48 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 00:48 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 00:44 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 00:44 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 19:59 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 19:59 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 19:59 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 19:59 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 19:59 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 19:59 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 19:59 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 19:59 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 19:59 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 19:59 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 19:59 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-08 15:56 - 2014-09-08 15:56 - 00003498 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-EMQI-PC-EMQI
2014-09-08 13:52 - 2014-09-08 14:01 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-09-08 13:52 - 2014-09-08 13:52 - 00001040 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2014-09-08 13:36 - 2014-09-08 13:36 - 00000000 ___RD () C:\Users\EMQI\Creative Cloud Files
2014-09-08 13:31 - 2014-09-08 13:31 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-09-08 13:31 - 2014-09-08 13:31 - 00001297 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-09-08 13:28 - 2014-09-14 17:21 - 00000000 ____D () C:\Users\EMQI Admin\AppData\Local\Adobe
2014-09-08 13:26 - 2014-09-08 13:27 - 00615304 _____ (Adobe Systems Incorporated) C:\Users\EMQI\Downloads\CreativeCloudSet-Up.exe
2014-08-31 08:47 - 2014-08-31 08:47 - 00084592 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-31 08:47 - 2014-08-31 08:47 - 00084592 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-29 17:45 - 2014-08-29 17:45 - 00000000 ____D () C:\Users\EMQI\Desktop\Adobe Creative Cloud Fotografie (Photoshop CC + Lightroom) - 1 Jahreslizenz (PC Download)
2014-08-29 17:26 - 2014-08-29 17:27 - 01038704 _____ (Amazon Services LLC) C:\Users\EMQI\Downloads\Adobe_Creative_Cloud_Fotografie_Photoshop_CC_Lightroom_1_Jahreslizenz_Downloader.exe
2014-08-28 07:23 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 07:23 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 07:23 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 07:11 - 2014-09-15 10:40 - 00000000 ____D () C:\Users\EMQI Admin\AppData\Roaming\Adobe
2014-08-22 07:11 - 2014-08-22 07:11 - 00001421 _____ () C:\Users\EMQI Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-22 07:11 - 2014-08-22 07:11 - 00000000 ____D () C:\Users\EMQI Admin\AppData\Roaming\WTablet
2014-08-22 07:11 - 2014-08-22 07:11 - 00000000 ____D () C:\Users\EMQI Admin\AppData\Roaming\ATI
2014-08-22 07:11 - 2014-08-22 07:11 - 00000000 ____D () C:\Users\EMQI Admin\AppData\Local\VirtualStore
2014-08-22 07:11 - 2014-08-22 07:11 - 00000000 ____D () C:\Users\EMQI Admin\AppData\Local\ATI
2014-08-22 07:11 - 2014-08-22 07:11 - 00000000 ____D () C:\Users\EMQI Admin\AppData\Local\AMD
2014-08-20 21:13 - 2014-08-20 21:13 - 00000000 ____D () C:\Users\EMQI\AppData\Local\Tools&More
2014-08-20 21:12 - 2014-08-20 21:12 - 00001942 _____ () C:\Users\Public\Desktop\Joe.lnk
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools&More
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\Program Files (x86)\Tools&More
2014-08-20 21:10 - 2014-08-20 21:10 - 00084592 _____ () C:\Users\EMQI Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-20 21:05 - 2014-08-20 21:05 - 01101648 _____ () C:\Users\EMQI\Downloads\Joe letzte Freeware Version - CHIP-Installer.exe
2014-08-19 12:56 - 2014-08-28 22:16 - 00000000 ____D () C:\Users\EMQI\AppData\Roaming\FileZilla
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-19 12:54 - 2014-09-15 09:18 - 00000000 ____D () C:\Users\EMQI Admin
2014-08-19 12:54 - 2014-08-19 12:54 - 00000020 ___SH () C:\Users\EMQI Admin\ntuser.ini
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\Vorlagen
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\Startmenü
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\Netzwerkumgebung
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\Lokale Einstellungen
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\Eigene Dateien
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\Druckumgebung
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\Documents\Eigene Musik
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\Documents\Eigene Bilder
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\AppData\Local\Verlauf
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\AppData\Local\Anwendungsdaten
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\Anwendungsdaten
2014-08-19 12:54 - 2014-04-09 12:48 - 00000000 ____D () C:\Users\EMQI Admin\AppData\Roaming\Macromedia
2014-08-19 12:54 - 2013-10-30 22:44 - 00000000 ____D () C:\Users\EMQI Admin\AppData\Local\Microsoft Help
2014-08-19 12:54 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\EMQI Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-19 12:54 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\EMQI Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-19 12:53 - 2014-08-19 12:53 - 06052529 _____ (Tim Kosse) C:\Users\EMQI\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-18 22:37 - 2014-08-18 22:38 - 00000000 ____D () C:\Users\Surfer\AppData\Roaming\Mozilla
2014-08-18 22:37 - 2014-08-18 22:38 - 00000000 ____D () C:\Users\Surfer\AppData\Local\Mozilla
2014-08-18 22:37 - 2014-08-18 22:37 - 00000000 __SHD () C:\Users\Surfer\AppData\Local\EmieUserList
2014-08-18 22:37 - 2014-08-18 22:37 - 00000000 __SHD () C:\Users\Surfer\AppData\Local\EmieSiteList
2014-08-18 22:36 - 2014-08-18 22:36 - 00084592 _____ () C:\Users\Surfer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-18 22:36 - 2014-08-18 22:36 - 00001421 _____ () C:\Users\Surfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-18 22:36 - 2014-08-18 22:36 - 00000020 ___SH () C:\Users\Surfer\ntuser.ini
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\Vorlagen
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\Startmenü
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\Netzwerkumgebung
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\Lokale Einstellungen
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\Eigene Dateien
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\Druckumgebung
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\Documents\Eigene Musik
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\Documents\Eigene Bilder
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\AppData\Local\Verlauf
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\AppData\Local\Anwendungsdaten
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\Anwendungsdaten
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 ____D () C:\Users\Surfer\AppData\Roaming\WTablet
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 ____D () C:\Users\Surfer\AppData\Roaming\ATI
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 ____D () C:\Users\Surfer\AppData\Roaming\Adobe
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 ____D () C:\Users\Surfer\AppData\Local\VirtualStore
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 ____D () C:\Users\Surfer\AppData\Local\ATI
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 ____D () C:\Users\Surfer\AppData\Local\AMD
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 ____D () C:\Users\Surfer
2014-08-18 22:36 - 2014-04-09 12:48 - 00000000 ____D () C:\Users\Surfer\AppData\Roaming\Macromedia
2014-08-18 22:36 - 2013-10-30 22:44 - 00000000 ____D () C:\Users\Surfer\AppData\Local\Microsoft Help
2014-08-18 22:36 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Surfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-18 22:36 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Surfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-18 07:33 - 2014-09-15 11:34 - 00000000 ____D () C:\Users\EMQI\AppData\Local\Adobe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-15 11:34 - 2014-09-15 09:22 - 00000000 ____D () C:\FRST
2014-09-15 11:34 - 2014-08-18 07:33 - 00000000 ____D () C:\Users\EMQI\AppData\Local\Adobe
2014-09-15 11:34 - 2013-11-13 10:43 - 00001406 ____H () C:\Windows\Tasks\{DD8046B0-2077-4899-AFCD-A0D034E183D4}.job
2014-09-15 11:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 11:34 - 2009-07-14 06:51 - 00084236 _____ () C:\Windows\setupact.log
2014-09-15 11:33 - 2013-10-28 19:02 - 02008745 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 10:48 - 2014-09-15 09:10 - 00000000 ____D () C:\Users\EMQI\Desktop\Trojaner Board
2014-09-15 10:47 - 2009-07-14 06:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 10:47 - 2009-07-14 06:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 10:44 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-09-15 10:44 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-09-15 10:44 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 10:40 - 2014-08-22 07:11 - 00000000 ____D () C:\Users\EMQI Admin\AppData\Roaming\Adobe
2014-09-15 10:36 - 2014-09-15 09:48 - 00004636 _____ () C:\Users\EMQI Admin\Desktop\gmer.txt
2014-09-15 10:00 - 2014-09-15 10:00 - 00275456 _____ () C:\Windows\Minidump\091514-7909-01.dmp
2014-09-15 10:00 - 2013-11-21 09:48 - 00000000 ____D () C:\Windows\Minidump
2014-09-15 09:59 - 2013-11-21 09:48 - 791663748 _____ () C:\Windows\MEMORY.DMP
2014-09-15 09:18 - 2014-09-15 09:18 - 00000000 _____ () C:\Users\EMQI Admin\defogger_reenable
2014-09-15 09:18 - 2014-08-19 12:54 - 00000000 ____D () C:\Users\EMQI Admin
2014-09-15 08:35 - 2013-10-29 16:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-15 08:35 - 2013-10-29 16:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-14 17:21 - 2014-09-08 13:28 - 00000000 ____D () C:\Users\EMQI Admin\AppData\Local\Adobe
2014-09-13 11:54 - 2013-10-29 15:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-13 10:39 - 2013-10-29 18:12 - 00000000 ____D () C:\Users\EMQI\.gimp-2.8
2014-09-13 10:39 - 2013-10-28 19:04 - 00000000 ____D () C:\Users\EMQI
2014-09-13 10:36 - 2014-09-13 10:36 - 00032108 _____ () C:\Users\EMQI\AppData\Local\recently-used.xbel
2014-09-13 08:44 - 2013-10-30 16:39 - 00000000 ____D () C:\Users\EMQI\AppData\Local\gtk-2.0
2014-09-13 08:00 - 2013-11-13 10:43 - 00000388 _____ () C:\Windows\Tasks\X-Rite Device Services Software Updater.job
2014-09-13 00:08 - 2014-09-13 00:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 09:34 - 2014-09-12 09:34 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-12 09:34 - 2013-12-04 21:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-12 09:34 - 2013-10-29 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-12 09:34 - 2013-10-29 15:35 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-11 00:48 - 2013-12-04 21:31 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 00:48 - 2013-10-30 15:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 00:47 - 2013-10-29 16:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 00:44 - 2014-05-06 11:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 00:44 - 2013-10-29 16:43 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-08 15:56 - 2014-09-08 15:56 - 00003498 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-EMQI-PC-EMQI
2014-09-08 14:01 - 2014-09-08 13:52 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-09-08 14:01 - 2013-10-28 20:07 - 00000000 ____D () C:\Users\EMQI\AppData\Roaming\Adobe
2014-09-08 13:59 - 2013-10-28 20:08 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-08 13:57 - 2013-10-30 13:27 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-08 13:57 - 2013-10-28 20:08 - 00000000 ____D () C:\Program Files\Adobe
2014-09-08 13:52 - 2014-09-08 13:52 - 00001040 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2014-09-08 13:52 - 2013-10-28 20:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-08 13:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-08 13:36 - 2014-09-08 13:36 - 00000000 ___RD () C:\Users\EMQI\Creative Cloud Files
2014-09-08 13:31 - 2014-09-08 13:31 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-09-08 13:31 - 2014-09-08 13:31 - 00001297 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-09-08 13:27 - 2014-09-08 13:26 - 00615304 _____ (Adobe Systems Incorporated) C:\Users\EMQI\Downloads\CreativeCloudSet-Up.exe
2014-09-05 04:10 - 2014-09-10 19:59 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 19:59 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 16:24 - 2013-10-29 15:48 - 00000000 ____D () C:\Users\EMQI\AppData\Roaming\Mozilla
2014-08-31 08:47 - 2014-08-31 08:47 - 00084592 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-31 08:47 - 2014-08-31 08:47 - 00084592 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-29 17:45 - 2014-08-29 17:45 - 00000000 ____D () C:\Users\EMQI\Desktop\Adobe Creative Cloud Fotografie (Photoshop CC + Lightroom) - 1 Jahreslizenz (PC Download)
2014-08-29 17:27 - 2014-08-29 17:26 - 01038704 _____ (Amazon Services LLC) C:\Users\EMQI\Downloads\Adobe_Creative_Cloud_Fotografie_Photoshop_CC_Lightroom_1_Jahreslizenz_Downloader.exe
2014-08-29 08:21 - 2009-07-14 06:45 - 00338904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 22:16 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\EMQI\AppData\Roaming\FileZilla
2014-08-23 04:07 - 2014-08-28 07:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 07:23 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 07:23 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 07:11 - 2014-08-22 07:11 - 00001421 _____ () C:\Users\EMQI Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-22 07:11 - 2014-08-22 07:11 - 00000000 ____D () C:\Users\EMQI Admin\AppData\Roaming\WTablet
2014-08-22 07:11 - 2014-08-22 07:11 - 00000000 ____D () C:\Users\EMQI Admin\AppData\Roaming\ATI
2014-08-22 07:11 - 2014-08-22 07:11 - 00000000 ____D () C:\Users\EMQI Admin\AppData\Local\VirtualStore
2014-08-22 07:11 - 2014-08-22 07:11 - 00000000 ____D () C:\Users\EMQI Admin\AppData\Local\ATI
2014-08-22 07:11 - 2014-08-22 07:11 - 00000000 ____D () C:\Users\EMQI Admin\AppData\Local\AMD
2014-08-20 21:13 - 2014-08-20 21:13 - 00000000 ____D () C:\Users\EMQI\AppData\Local\Tools&More
2014-08-20 21:12 - 2014-08-20 21:12 - 00001942 _____ () C:\Users\Public\Desktop\Joe.lnk
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools&More
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\Program Files (x86)\Tools&More
2014-08-20 21:10 - 2014-08-20 21:10 - 00084592 _____ () C:\Users\EMQI Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-20 21:05 - 2014-08-20 21:05 - 01101648 _____ () C:\Users\EMQI\Downloads\Joe letzte Freeware Version - CHIP-Installer.exe
2014-08-19 20:05 - 2014-09-11 00:49 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-11 00:49 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-19 12:54 - 2014-08-19 12:54 - 00000020 ___SH () C:\Users\EMQI Admin\ntuser.ini
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\Vorlagen
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\Startmenü
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\Netzwerkumgebung
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\Lokale Einstellungen
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\Eigene Dateien
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\Druckumgebung
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\Documents\Eigene Musik
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\Documents\Eigene Bilder
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\AppData\Local\Verlauf
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\AppData\Local\Anwendungsdaten
2014-08-19 12:54 - 2014-08-19 12:54 - 00000000 _SHDL () C:\Users\EMQI Admin\Anwendungsdaten
2014-08-19 12:53 - 2014-08-19 12:53 - 06052529 _____ (Tim Kosse) C:\Users\EMQI\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-19 01:01 - 2014-09-11 00:49 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 00:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 00:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 00:48 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 00:49 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 00:48 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 00:49 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 00:49 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 00:49 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 00:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 00:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 00:49 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:08 - 2014-09-11 00:48 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:05 - 2014-09-11 00:49 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 00:49 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 00:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 00:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-11 00:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-11 00:49 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-11 00:49 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-11 00:49 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-11 00:49 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-11 00:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-11 00:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 00:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 00:49 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-11 00:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-11 00:49 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-11 00:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 00:49 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-11 00:49 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-11 00:49 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-11 00:49 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-11 00:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-11 00:49 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-11 00:49 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-11 00:49 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-11 00:49 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:23 - 2014-09-11 00:48 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:22 - 2014-09-11 00:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 00:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-11 00:49 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 00:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-11 00:48 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-11 00:49 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:15 - 2014-09-11 00:48 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:09 - 2014-09-11 00:49 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 00:48 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-11 00:49 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-11 00:48 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-11 00:48 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-11 00:49 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:38 - 2014-09-11 00:48 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-08-18 22:37 - 00000000 ____D () C:\Users\Surfer\AppData\Roaming\Mozilla
2014-08-18 22:38 - 2014-08-18 22:37 - 00000000 ____D () C:\Users\Surfer\AppData\Local\Mozilla
2014-08-18 22:37 - 2014-08-18 22:37 - 00000000 __SHD () C:\Users\Surfer\AppData\Local\EmieUserList
2014-08-18 22:37 - 2014-08-18 22:37 - 00000000 __SHD () C:\Users\Surfer\AppData\Local\EmieSiteList
2014-08-18 22:37 - 2013-10-29 15:35 - 00000000 ____D () C:\ProgramData\Avira
2014-08-18 22:36 - 2014-09-11 00:49 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 22:36 - 2014-08-18 22:36 - 00084592 _____ () C:\Users\Surfer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-18 22:36 - 2014-08-18 22:36 - 00001421 _____ () C:\Users\Surfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-18 22:36 - 2014-08-18 22:36 - 00000020 ___SH () C:\Users\Surfer\ntuser.ini
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\Vorlagen
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\Startmenü
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\Netzwerkumgebung
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\Lokale Einstellungen
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\Eigene Dateien
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\Druckumgebung
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\Documents\Eigene Musik
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\Documents\Eigene Bilder
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\AppData\Local\Verlauf
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\AppData\Local\Anwendungsdaten
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 _SHDL () C:\Users\Surfer\Anwendungsdaten
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 ____D () C:\Users\Surfer\AppData\Roaming\WTablet
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 ____D () C:\Users\Surfer\AppData\Roaming\ATI
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 ____D () C:\Users\Surfer\AppData\Roaming\Adobe
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 ____D () C:\Users\Surfer\AppData\Local\VirtualStore
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 ____D () C:\Users\Surfer\AppData\Local\ATI
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 ____D () C:\Users\Surfer\AppData\Local\AMD
2014-08-18 22:36 - 2014-08-18 22:36 - 00000000 ____D () C:\Users\Surfer
2014-08-18 14:40 - 2014-05-16 22:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
Files to move or delete:
====================
C:\Windows\Tasks\{DD8046B0-2077-4899-AFCD-A0D034E183D4}.job
Some content of TEMP:
====================
C:\Users\EMQI\AppData\Local\Temp\avgnt.exe
C:\Users\EMQI\AppData\Local\Temp\ose00000.exe
C:\Users\EMQI\AppData\Local\Temp\res1.tmp.exe
C:\Users\EMQI\AppData\Local\Temp\twi1.tmp.exe
C:\Users\EMQI Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Surfer\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-06 08:44
==================== End Of Log ============================
|
|
15.09.2014, 18:53
| #4 |
| /// the machine /// TB-Ausbilder | Win7: Fund Rce.Gen3 in Quarantäne. Weitere Vorgehensweise hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.09.2014, 19:40
| #5 |
| | Win7: Fund Rce.Gen3 in Quarantäne. Weitere Vorgehensweise Hi nachdem der Schritt 27 nach 20 Minuten immer noch nicht weiter ging, habe ich abgebrochen, da mir die lange Zeit ohne Firewall und Antivir langsam suspekt wurde. Wie lange läuft denn das Programm normalerweise ? Vielleicht noch eine Verständnisfrage: Kann man nach Start von Combofix eigentlich die Internetverbindung trennen um einen Befall in dieser Zeit zu vermeiden ? Und muss die Firewall als Bestandteil von Antivir auch ausser Kraft gesetzt werden ? Geändert von Bernd Brot (15.09.2014 um 20:13 Uhr) |
|
16.09.2014, 12:22
| #6 |
| /// the machine /// TB-Ausbilder | Win7: Fund Rce.Gen3 in Quarantäne. Weitere Vorgehensweise Firewall kann anbleiben, Internet muss anbleiben. Einfach Echtzeitschutz des AV abschalten. Combofix kann schon bissl dauern.
__________________ --> Win7: Fund Rce.Gen3 in Quarantäne. Weitere Vorgehensweise |
|
16.09.2014, 15:41
| #7 |
| | Win7: Fund Rce.Gen3 in Quarantäne. Weitere Vorgehensweise So, jetzt noch Combofix Code:
ATTFilter ComboFix 14-09-16.01 - EMQI 16.09.2014 15:39:59.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.15845.12882 [GMT 2:00]
ausgeführt von:: C:\Users\EMQI\Desktop\Trojaner Board\Combofix\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
C:\Users\EMQI\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
I:\install.exe
((((((((((((((((((((((( Dateien erstellt von 2014-08-16 bis 2014-09-16 ))))))))))))))))))))))))))))))
2014-09-16 14:27:28 . 2014-09-16 14:27:28 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-09-15 07:22:09 . 2014-09-15 09:35:23 -------- d-----w- C:\FRST
2014-09-10 22:48:59 . 2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\system32\jscript9.dll
2014-09-10 22:48:59 . 2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-10 22:48:59 . 2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-10 22:48:58 . 2014-08-19 18:05:24 810168 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-09-10 22:48:58 . 2014-08-19 17:39:25 812216 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-09-10 22:48:58 . 2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\system32\inetcpl.cpl
2014-09-10 22:48:58 . 2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-10 22:48:58 . 2014-08-18 20:55:05 1447424 ----a-w- C:\Windows\system32\urlmon.dll
2014-09-10 22:48:57 . 2014-08-18 21:16:25 13588480 ----a-w- C:\Windows\system32\ieframe.dll
2014-09-10 22:44:17 . 2014-06-27 02:08:12 2777088 ----a-w- C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 22:44:17 . 2014-06-27 01:45:52 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-10 17:59:36 . 2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\system32\TSWorkspace.dll
2014-09-10 17:59:36 . 2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-10 17:59:31 . 2014-06-24 03:29:36 2565120 ----a-w- C:\Windows\system32\d3d10warp.dll
2014-09-10 17:59:31 . 2014-06-24 02:59:49 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-10 17:59:26 . 2014-07-07 02:06:35 728064 ----a-w- C:\Windows\system32\kerberos.dll
2014-09-10 17:59:26 . 2014-07-07 02:06:35 1460736 ----a-w- C:\Windows\system32\lsasrv.dll
2014-09-10 17:59:26 . 2014-07-07 01:40:12 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-10 17:59:25 . 2014-07-07 01:40:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-10 17:59:25 . 2014-07-07 01:39:16 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-10 17:59:24 . 2014-09-05 02:10:43 578048 ----a-w- C:\Windows\system32\aepdu.dll
2014-09-10 17:59:23 . 2014-09-05 02:05:42 424448 ----a-w- C:\Windows\system32\aeinv.dll
2014-09-08 11:52:17 . 2014-09-08 12:01:43 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2014-09-08 11:36:36 . 2014-09-08 11:36:36 -------- d-----r- C:\Users\EMQI\Creative Cloud Files
2014-08-28 05:23:04 . 2014-08-23 02:07:00 404480 ----a-w- C:\Windows\system32\gdi32.dll
2014-08-28 05:23:04 . 2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\system32\win32k.sys
2014-08-28 05:23:03 . 2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-20 19:13:05 . 2014-08-20 19:13:05 -------- d-----w- C:\Users\EMQI\AppData\Local\Tools&More
2014-08-20 19:12:48 . 2014-08-20 19:12:48 -------- d-----w- C:\Program Files (x86)\Tools&More
2014-08-20 19:12:18 . 2014-08-20 19:12:18 -------- d-----w- C:\Windows\Downloaded Installations
2014-08-19 10:56:49 . 2014-08-28 20:16:44 -------- d-----w- C:\Users\EMQI\AppData\Roaming\FileZilla
2014-08-19 10:56:41 . 2014-08-19 10:56:43 -------- d-----w- C:\Program Files (x86)\FileZilla FTP Client
2014-08-19 10:54:01 . 2014-09-15 07:18:48 -------- d-----w- C:\Users\EMQI Admin
2014-08-18 20:36:00 . 2014-08-18 20:36:11 -------- d-----w- C:\Users\Surfer
2014-08-18 05:33:07 . 2014-09-16 12:52:59 -------- d-----w- C:\Users\EMQI\AppData\Local\Adobe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
2014-09-16 07:45:33 . 2014-05-16 20:14:08 122584 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-09-15 06:35:00 . 2013-10-29 14:26:55 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-15 06:35:00 . 2013-10-29 14:26:55 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-10 22:44:38 . 2013-10-29 14:43:26 101694776 ----a-w- C:\Windows\system32\MRT.exe
2014-07-25 00:35:46 . 2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47:06 . 2014-07-24 21:47:06 869544 ----a-w- C:\Windows\system32\msvcr120_clr0400.dll
2014-07-16 03:23:41 . 2014-08-13 09:41:58 2048 ----a-w- C:\Windows\system32\tzres.dll
2014-07-16 02:46:02 . 2014-08-13 09:41:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45 . 2014-08-13 09:39:11 1216000 ----a-w- C:\Windows\system32\rpcrt4.dll
2014-07-14 01:40:58 . 2014-08-13 09:39:11 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-10 11:06:48 . 2013-10-29 13:35:57 42040 ----a-w- C:\Windows\system32\drivers\avnetflt.sys
2014-07-09 02:03:23 . 2014-08-13 09:42:01 7168 ----a-w- C:\Windows\system32\KBDYAK.DLL
2014-07-09 02:03:23 . 2014-08-13 09:42:01 7168 ----a-w- C:\Windows\system32\KBDTAT.DLL
2014-07-09 02:03:23 . 2014-08-13 09:42:01 7168 ----a-w- C:\Windows\system32\KBDRU1.DLL
2014-07-09 02:03:23 . 2014-08-13 09:42:01 6656 ----a-w- C:\Windows\system32\KBDRU.DLL
2014-07-09 02:03:22 . 2014-08-13 09:42:01 7168 ----a-w- C:\Windows\system32\KBDBASH.DLL
2014-07-09 01:31:42 . 2014-08-13 09:42:01 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 . 2014-08-13 09:42:01 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-06-30 22:24:50 . 2014-08-13 19:18:21 8856 ----a-w- C:\Windows\system32\icardres.dll
2014-06-30 22:14:53 . 2014-08-13 19:18:21 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-06-25 02:05:42 . 2014-08-13 09:41:52 14175744 ----a-w- C:\Windows\system32\shell32.dll
2014-06-24 12:19:45 . 2013-10-29 13:35:57 117712 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2014-09-03 19:39:08 12184 ----a-w- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2014-09-03 19:39:08 12184]
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-30 11:17:32 751184]
"ApnTBMon"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-09-03 19:39:10 1942424]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 16:57:26 959904]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-08 08:59:30 766208]
"Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-07-22 15:15:56 2694040]
"Avira Systray"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-27 13:00:48 164656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe;C:\Program Files (x86)\Nero\Update\NASvc.exe [x]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys;C:\Windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys;C:\Windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 aksdf;aksdf;C:\Windows\system32\drivers\aksdf.sys;C:\Windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 APNMCP;Ask Aktualisierungsdienst;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;C:\Windows\system32\DRIVERS\avnetflt.sys;C:\Windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 hasplms;Sentinel HASP License Manager;C:\Windows\system32\hasplms.exe -run;C:\Windows\SYSNATIVE\hasplms.exe -run [x]
S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\Windows\system32\drivers\DDCDrv.sys;C:\Windows\SYSNATIVE\drivers\DDCDrv.sys [x]
S2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [x]
S2 xrdd.exe;X-Rite Device Services Manager;C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe;C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys;C:\Windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 hidkmdf;KMDF Driver;C:\Windows\system32\DRIVERS\hidkmdf.sys;C:\Windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\system32\DRIVERS\wachidrouter.sys;C:\Windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\system32\DRIVERS\wacomrouterfilter.sys;C:\Windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
Inhalt des "geplante Tasks" Ordners
2014-09-13 C:\Windows\Tasks\X-Rite Device Services Software Updater.job
- C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [2013-07-02 09:31:08 . 2013-07-02 09:31:08]
--------- X64 Entries -----------
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2014-09-03 19:39:08 13720 ----a-w- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" [2014-09-03 19:39:08 13720]
[HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-07-16 09:06:22 672416 ----a-w- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-07-16 09:06:22 672416 ----a-w- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-07-16 09:06:22 672416 ----a-w- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 18:38:18 558496]
------- Zusätzlicher Suchlauf -------
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\EMQI\AppData\Roaming\Mozilla\Firefox\Profiles\pfzra16c.FirefoxMarkus Alt\
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
|
|
17.09.2014, 08:02
| #8 |
| /// the machine /// TB-Ausbilder | Win7: Fund Rce.Gen3 in Quarantäne. Weitere Vorgehensweise Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Win7: Fund Rce.Gen3 in Quarantäne. Weitere Vorgehensweise |
| adware, antivir, antivirus, avira.oe.extapi.dll, branding, browser, desktop, fehler, firefox, flash player, home, mozilla, programm, registry, schutz, security, services.exe, software, svchost.exe, tablet, trojaner, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
