| |
| |||||||
Log-Analyse und Auswertung: Windows7-64bit, u.a. Trojan.Agent, C:\Windows\SysWOW64\svchosptd.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.09.2014, 22:10
| #1 | |
 |  Windows7-64bit, u.a. Trojan.Agent, C:\Windows\SysWOW64\svchosptd.exe Hallo, nachdem ich festgestellt hatte, daß ich seit einigen Wochen (!) eine echt üble Internet-Verbindung habe (abends zwischen 20:00 Uhr und ca. 00:00 Uhr) mit einer Latenz von teilweise 300-400 ms UND mir aufgefallen ist, daß Antivir irgendwie kein Update zulässt (der Butten: "Update starten" ist schlicht nicht klickbar) habe ich einmal Malwarebytes Antimalware drüberlaufen lassen - mit folgendem Ergebnis: Zitat:
Da mein Avira Antivir immer noch keine Updates zulässt, ist mir denkbar unwohl bei der Sache. Aufgefallen ist mir die Sache, weil meine Latenz die letzten Wochen sonst unerreichte Höhen erklommen hat (300-400 ms teilweise) und die DL-Rate teilweise mit der UL-Rate gleichzog - mit 600-700 kbit/s wirklich mau war für eine 6k-Leitung, die sonst einiges mehr brachte - vor allem nicht mit Totaleinbrüchen um 20:00 Uhr - 00:00 Uhr herum :-/ Im Anhang befinden sich die Resultate von FRST und Addition, sowie gmerlog. Hoffentlich muss ich nicht wieder das ganze Dingens aufsetzen. Vielen Dank vorab für eure werte Mühe, Gruß Dunkelheit |
|
19.09.2014, 23:27
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows7-64bit, u.a. Trojan.Agent, C:\Windows\SysWOW64\svchosptd.exe Hi und
__________________ Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
20.09.2014, 07:38
| #3 |
| | Windows7-64bit, u.a. Trojan.Agent, C:\Windows\SysWOW64\svchosptd.exe OK,
__________________also hier die FRST - Logdatei: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014 Ran by benutzer2 (administrator) on BENUTZER2-PC on 19-09-2014 22:05:31 Running from C:\Users\benutzer2\Downloads Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor) HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-05] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2842033744-104979599-978530037-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4287536 2013-11-22] () HKU\S-1-5-21-2842033744-104979599-978530037-1000\...\MountPoints2: D - D:\autorun.exe HKU\S-1-5-21-2842033744-104979599-978530037-1000\...\MountPoints2: {0882e723-e4de-11e3-81ac-806e6f6e6963} - D:\autorun.exe HKU\S-1-5-21-2842033744-104979599-978530037-1000\...\MountPoints2: {24ee5073-b801-11dc-ae06-806e6f6e6963} - D:\SETUP.EXE HKU\S-1-5-21-2842033744-104979599-978530037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4287536 2013-11-22] () HKU\S-1-5-21-2842033744-104979599-978530037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: D - D:\autorun.exe HKU\S-1-5-21-2842033744-104979599-978530037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0882e723-e4de-11e3-81ac-806e6f6e6963} - D:\autorun.exe HKU\S-1-5-21-2842033744-104979599-978530037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {24ee5073-b801-11dc-ae06-806e6f6e6963} - D:\SETUP.EXE BootExecute: autocheck autochk * bootdelete ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default FF DefaultSearchEngine: Ixquick HTTPS FF SelectedSearchEngine: Ixquick HTTPS FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\searchplugins\avira-safesearch.xml FF SearchPlugin: C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\searchplugins\ixquick-https.xml FF SearchPlugin: C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\searchplugins\startpage-ssl.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\Extensions\abs@avira.com [2014-08-29] FF Extension: Xmarks - C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\Extensions\foxmarks@kei.com [2014-07-30] FF Extension: Avira SafeSearch - C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\Extensions\safesearch@avira.com [2014-08-05] FF Extension: LastPass - C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\Extensions\support@lastpass.com [2014-04-10] FF Extension: Cookie Monster - C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\Extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2013-11-22] FF Extension: NoScript - C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-21] FF Extension: Adblock Plus - C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-21] FF HKLM-x32\...\Firefox\Extensions: [downloader@freeyoutubetomp3converter.org] - C:\Program Files (x86)\FreeYouTubeToMP3TURBOConverter\Firefox FF Extension: FreeYouTubeToMP3TURBOConverter plugin for Mozilla Firefox - C:\Program Files (x86)\FreeYouTubeToMP3TURBOConverter\Firefox [2014-03-27] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-05] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG) U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed] R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-09-12] (SurfRight B.V.) R2 postgresql-x64-9.0; C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N "postgresql-x64-9.0" -D "C:/Program Files/PostgreSQL/9.0/data" -w [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [277904 2014-05-26] (Protect Software GmbH) S2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [228000 2014-05-26] (Protect Software GmbH) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [42040 2014-07-15] (Avira Operations GmbH & Co. KG) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-19] (Malwarebytes Corporation) R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation) R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation) S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-19 22:05 - 2014-09-19 22:05 - 00014395 _____ () C:\Users\benutzer2\Downloads\FRST.txt 2014-09-19 22:05 - 2014-09-19 22:05 - 00000000 ____D () C:\FRST 2014-09-19 22:04 - 2014-09-19 22:05 - 02105856 _____ (Farbar) C:\Users\benutzer2\Downloads\FRST64.exe 2014-09-19 22:04 - 2014-09-19 22:04 - 00000480 _____ () C:\Users\benutzer2\Downloads\defogger_disable.log 2014-09-19 22:04 - 2014-09-19 22:04 - 00000000 _____ () C:\Users\benutzer2\defogger_reenable 2014-09-19 22:03 - 2014-09-19 22:03 - 00050477 _____ () C:\Users\benutzer2\Downloads\Defogger.exe 2014-09-19 21:48 - 2014-09-19 21:48 - 00008359 _____ () C:\Users\benutzer2\Downloads\hijackthis.log 2014-09-19 21:48 - 2014-09-19 21:48 - 00008359 _____ () C:\Users\benutzer2\Desktop\hijackthis.log 2014-09-19 21:47 - 2014-09-19 21:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\benutzer2\Downloads\HijackThis.exe 2014-09-18 22:39 - 2014-09-18 22:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-17 10:56 - 2014-09-17 10:56 - 00000028 _____ () C:\Users\benutzer2\Desktop\Neues Textdokument (2).txt 2014-09-14 03:05 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-14 03:05 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-14 03:05 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-14 03:05 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-14 03:05 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-14 03:05 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-14 03:05 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-14 03:05 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-14 03:05 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-14 03:05 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-14 03:05 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-14 03:05 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-14 03:05 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-14 03:05 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-14 03:05 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-14 03:05 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-14 03:05 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-14 03:05 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-14 03:05 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-14 03:05 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-14 03:05 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-14 03:05 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-14 03:05 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-14 03:05 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-14 03:05 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-14 03:05 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-14 03:05 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-14 03:05 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-14 03:05 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-14 03:05 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-14 03:05 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-14 03:05 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-14 03:05 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-14 03:05 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-14 03:05 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-14 03:05 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-14 03:05 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-14 03:05 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-14 03:05 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-14 03:05 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-14 03:05 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-14 03:05 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-14 03:05 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-14 03:05 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-14 03:05 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-14 03:05 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-14 03:05 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-14 03:05 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-14 03:05 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-14 03:05 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-14 03:05 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-14 03:05 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-14 03:05 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-14 03:05 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-14 03:05 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-14 03:05 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-14 03:01 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-14 03:01 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-12 11:18 - 2014-09-12 11:18 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk 2014-09-12 11:18 - 2014-09-12 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2014-09-12 11:07 - 2014-09-12 11:18 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin 2014-09-12 09:48 - 2014-09-12 09:48 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2014-09-12 09:48 - 2014-09-12 09:48 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2014-09-12 09:47 - 2014-09-12 09:48 - 17703856 _____ (Adobe Systems Inc.) C:\Users\benutzer2\Downloads\AdobeAIRInstaller(1).exe 2014-09-12 09:39 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-12 09:39 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-12 09:38 - 2014-09-12 09:38 - 34888568 _____ (Riot Games) C:\Users\benutzer2\Downloads\LeagueofLegends_EUW_Installer_06_12_13(3).exe 2014-09-12 09:38 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-12 09:38 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-12 09:35 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-12 09:35 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-12 09:35 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-12 09:35 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-12 09:35 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-12 09:34 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-12 09:34 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-12 09:31 - 2014-09-12 09:31 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-09-11 12:52 - 2014-05-03 14:25 - 00040960 ____H (-) C:\Windows\SysWOW64\svchosptd.exe 2014-09-11 12:49 - 2014-09-12 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinTimer 3 2014-09-11 12:49 - 2014-09-12 09:22 - 00000000 ____D () C:\Program Files\WinTimer 2014-09-06 02:05 - 2014-09-06 02:14 - 00000385 _____ () C:\Users\benutzer2\Desktop\turmholzdeckestatik.txt 2014-09-04 15:48 - 2014-09-04 15:48 - 00000000 _____ () C:\Users\benutzer2\Desktop\1003402560.txt 2014-09-01 20:33 - 2014-09-01 20:33 - 00007334 _____ () C:\Users\benutzer2\Desktop\route.odt 2014-09-01 20:25 - 2014-09-01 20:25 - 00002564 _____ () C:\Users\benutzer2\Desktop\kredit haus garten turm.xml 2014-09-01 20:00 - 2014-09-01 20:00 - 00000884 _____ () C:\Users\benutzer2\Desktop\finanzierung - haus garten turm.xml 2014-09-01 19:56 - 2014-09-12 09:23 - 00000000 ____D () C:\Users\benutzer2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unknown 2014-09-01 19:56 - 2014-09-12 09:23 - 00000000 ____D () C:\Users\benutzer2\AppData\Local\BaufiFX 1.4 2014-09-01 19:56 - 2014-09-01 19:56 - 00000000 ____D () C:\Users\benutzer2\AppData\Roaming\de.thomasbolz.baufi.BaufiMain 2014-09-01 19:54 - 2014-09-01 19:56 - 64137872 _____ (Unknown ) C:\Users\benutzer2\Desktop\BaufiFX.exe 2014-09-01 19:53 - 2014-09-01 19:53 - 00367472 _____ () C:\Users\benutzer2\Downloads\SoftonicDownloader_fuer_finanzierungsrechner.exe 2014-09-01 19:42 - 2014-09-08 13:51 - 00001030 _____ () C:\Users\benutzer2\Desktop\Neues Textdokument.txt 2014-08-28 09:00 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-28 09:00 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-28 09:00 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-24 01:10 - 2014-08-24 01:10 - 02394944 _____ (Xacti, LLC ) C:\Users\benutzer2\Downloads\MoviesSetup.exe 2014-08-24 01:10 - 2014-08-24 01:10 - 02394944 _____ (Xacti, LLC ) C:\Users\benutzer2\Downloads\MoviesSetup(1).exe 2014-08-21 13:07 - 2014-08-21 13:07 - 00001990 _____ () C:\Users\benutzer2\Desktop\putingedicht.txt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-19 22:05 - 2014-09-19 22:05 - 00014395 _____ () C:\Users\benutzer2\Downloads\FRST.txt 2014-09-19 22:05 - 2014-09-19 22:05 - 00000000 ____D () C:\FRST 2014-09-19 22:05 - 2014-09-19 22:04 - 02105856 _____ (Farbar) C:\Users\benutzer2\Downloads\FRST64.exe 2014-09-19 22:05 - 2013-11-22 00:37 - 00000000 ____D () C:\Users\benutzer2\AppData\Local\PMB Files 2014-09-19 22:04 - 2014-09-19 22:04 - 00000480 _____ () C:\Users\benutzer2\Downloads\defogger_disable.log 2014-09-19 22:04 - 2014-09-19 22:04 - 00000000 _____ () C:\Users\benutzer2\defogger_reenable 2014-09-19 22:04 - 2013-11-21 19:53 - 00000000 ____D () C:\Users\benutzer2 2014-09-19 22:03 - 2014-09-19 22:03 - 00050477 _____ () C:\Users\benutzer2\Downloads\Defogger.exe 2014-09-19 22:02 - 2009-07-14 06:45 - 00027168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-19 22:02 - 2009-07-14 06:45 - 00027168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-19 21:59 - 2008-01-01 02:36 - 01140084 _____ () C:\Windows\WindowsUpdate.log 2014-09-19 21:57 - 2014-07-01 16:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-19 21:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-19 21:52 - 2009-07-14 06:51 - 00111247 _____ () C:\Windows\setupact.log 2014-09-19 21:48 - 2014-09-19 21:48 - 00008359 _____ () C:\Users\benutzer2\Downloads\hijackthis.log 2014-09-19 21:48 - 2014-09-19 21:48 - 00008359 _____ () C:\Users\benutzer2\Desktop\hijackthis.log 2014-09-19 21:48 - 2013-11-21 19:53 - 00000000 ____D () C:\Users\benutzer2\AppData\Local\VirtualStore 2014-09-19 21:47 - 2014-09-19 21:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\benutzer2\Downloads\HijackThis.exe 2014-09-19 21:27 - 2013-11-21 22:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-19 20:53 - 2013-11-22 00:37 - 00000000 ____D () C:\ProgramData\PMB Files 2014-09-19 19:19 - 2014-01-10 20:22 - 00000000 ____D () C:\Users\benutzer2\AppData\Roaming\.minecraft 2014-09-19 19:18 - 2014-07-07 13:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-19 16:49 - 2013-11-21 23:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-19 16:49 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-18 22:39 - 2014-09-18 22:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-18 20:23 - 2014-01-19 17:22 - 00000000 ____D () C:\Users\benutzer2\AppData\Local\Battle.net 2014-09-18 20:00 - 2013-11-21 22:56 - 00000000 ____D () C:\Users\benutzer2\AppData\Roaming\vlc 2014-09-18 19:59 - 2014-03-17 07:18 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-09-17 10:56 - 2014-09-17 10:56 - 00000028 _____ () C:\Users\benutzer2\Desktop\Neues Textdokument (2).txt 2014-09-14 10:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-09-14 03:04 - 2014-02-28 13:21 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-14 03:04 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat 2014-09-14 03:04 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat 2014-09-14 03:04 - 2009-07-14 07:13 - 01592628 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-14 03:03 - 2013-12-05 06:30 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-14 03:02 - 2013-12-05 06:30 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-14 03:00 - 2014-04-30 03:43 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-13 11:27 - 2013-11-21 22:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-13 11:27 - 2013-11-21 22:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-13 11:27 - 2013-11-21 22:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-12 11:20 - 2013-11-22 00:47 - 00000000 ____D () C:\Users\benutzer2\AppData\Roaming\Riot Games 2014-09-12 11:18 - 2014-09-12 11:18 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk 2014-09-12 11:18 - 2014-09-12 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2014-09-12 11:18 - 2014-09-12 11:07 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin 2014-09-12 09:48 - 2014-09-12 09:48 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2014-09-12 09:48 - 2014-09-12 09:48 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2014-09-12 09:48 - 2014-09-12 09:47 - 17703856 _____ (Adobe Systems Inc.) C:\Users\benutzer2\Downloads\AdobeAIRInstaller(1).exe 2014-09-12 09:48 - 2014-07-07 13:51 - 00000000 ____D () C:\Users\benutzer2\AppData\Local\Adobe 2014-09-12 09:48 - 2014-07-07 13:47 - 00000000 ____D () C:\ProgramData\Adobe 2014-09-12 09:48 - 2014-07-07 13:47 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-09-12 09:48 - 2013-11-21 23:02 - 00000000 ____D () C:\Users\benutzer2\AppData\Roaming\Adobe 2014-09-12 09:38 - 2014-09-12 09:38 - 34888568 _____ (Riot Games) C:\Users\benutzer2\Downloads\LeagueofLegends_EUW_Installer_06_12_13(3).exe 2014-09-12 09:32 - 2014-08-05 09:27 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-12 09:31 - 2014-09-12 09:31 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-09-12 09:31 - 2013-11-22 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-09-12 09:24 - 2014-08-09 12:59 - 00000000 ____D () C:\Users\postgres 2014-09-12 09:23 - 2014-09-01 19:56 - 00000000 ____D () C:\Users\benutzer2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unknown 2014-09-12 09:23 - 2014-09-01 19:56 - 00000000 ____D () C:\Users\benutzer2\AppData\Local\BaufiFX 1.4 2014-09-12 09:23 - 2014-06-03 18:45 - 00000000 ____D () C:\Users\benutzer2\Desktop\stick 2014-09-12 09:23 - 2014-01-19 17:22 - 00000000 ____D () C:\Users\benutzer2\AppData\Roaming\Battle.net 2014-09-12 09:23 - 2013-11-21 22:58 - 00000000 ____D () C:\Windows\system32\Macromed 2014-09-12 09:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas 2014-09-12 09:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-09-12 09:22 - 2014-09-11 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinTimer 3 2014-09-12 09:22 - 2014-09-11 12:49 - 00000000 ____D () C:\Program Files\WinTimer 2014-09-12 09:22 - 2014-04-29 23:13 - 00000000 ____D () C:\Program Files\HitmanPro 2014-09-12 09:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-09-12 09:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-09-12 09:18 - 2013-11-21 22:22 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-09-08 13:51 - 2014-09-01 19:42 - 00001030 _____ () C:\Users\benutzer2\Desktop\Neues Textdokument.txt 2014-09-06 02:14 - 2014-09-06 02:05 - 00000385 _____ () C:\Users\benutzer2\Desktop\turmholzdeckestatik.txt 2014-09-05 04:10 - 2014-09-12 09:34 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-05 04:05 - 2014-09-12 09:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-04 15:48 - 2014-09-04 15:48 - 00000000 _____ () C:\Users\benutzer2\Desktop\1003402560.txt 2014-09-01 20:33 - 2014-09-01 20:33 - 00007334 _____ () C:\Users\benutzer2\Desktop\route.odt 2014-09-01 20:25 - 2014-09-01 20:25 - 00002564 _____ () C:\Users\benutzer2\Desktop\kredit haus garten turm.xml 2014-09-01 20:00 - 2014-09-01 20:00 - 00000884 _____ () C:\Users\benutzer2\Desktop\finanzierung - haus garten turm.xml 2014-09-01 19:56 - 2014-09-01 19:56 - 00000000 ____D () C:\Users\benutzer2\AppData\Roaming\de.thomasbolz.baufi.BaufiMain 2014-09-01 19:56 - 2014-09-01 19:54 - 64137872 _____ (Unknown ) C:\Users\benutzer2\Desktop\BaufiFX.exe 2014-09-01 19:53 - 2014-09-01 19:53 - 00367472 _____ () C:\Users\benutzer2\Downloads\SoftonicDownloader_fuer_finanzierungsrechner.exe 2014-08-29 13:22 - 2014-07-17 18:20 - 00000000 ____D () C:\Users\benutzer2\Documents\888poker 2014-08-28 12:00 - 2009-07-14 06:45 - 00298904 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-25 09:52 - 2014-03-08 18:56 - 00000000 ____D () C:\Users\benutzer2\AppData\Local\Microsoft Games 2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-08-24 01:10 - 2014-08-24 01:10 - 02394944 _____ (Xacti, LLC ) C:\Users\benutzer2\Downloads\MoviesSetup.exe 2014-08-24 01:10 - 2014-08-24 01:10 - 02394944 _____ (Xacti, LLC ) C:\Users\benutzer2\Downloads\MoviesSetup(1).exe 2014-08-23 04:07 - 2014-08-28 09:00 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-08-28 09:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-08-28 09:00 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-22 19:02 - 2014-06-05 21:22 - 00000000 ____D () C:\Users\benutzer2\Desktop\mp3s 2014-08-22 17:59 - 2014-04-10 19:27 - 00000000 ____D () C:\Users\benutzer2\AppData\Roaming\Skype 2014-08-21 13:07 - 2014-08-21 13:07 - 00001990 _____ () C:\Users\benutzer2\Desktop\putingedicht.txt Some content of TEMP: ==================== C:\Users\benutzer2\AppData\Local\Temp\AskSLib.dll C:\Users\benutzer2\AppData\Local\Temp\avgnt.exe C:\Users\benutzer2\AppData\Local\Temp\devcon64.exe C:\Users\benutzer2\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe C:\Users\benutzer2\AppData\Local\Temp\HiRezLauncherControls.dll C:\Users\benutzer2\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\benutzer2\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\benutzer2\AppData\Local\Temp\Quarantine.exe C:\Users\benutzer2\AppData\Local\Temp\SandboxieInstall.exe C:\Users\benutzer2\AppData\Local\Temp\swt-win32-3349.dll C:\Users\benutzer2\AppData\Local\Temp\vcredist_x64.exe C:\Users\benutzer2\AppData\Local\Temp\vlc-2.1.4-win64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-17 17:52 ==================== End Of Log ============================ --- --- --- --- --- --- ------------------------------------------------------------------------------------ Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by benutzer2 at 2014-09-19 22:06:09
Running from C:\Users\benutzer2\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
888poker (HKLM-x32\...\888poker) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{AF88A32E-BC54-2AA3-2FC8-D63D86DF4A7A}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.0806.1213.19931 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.70727.2220 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In (Version: 2.06.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0806.1213.19931 - Ihr Firmenname) Hidden
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A03}) (Version: 12.10.3.4489 - APN, LLC)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BaufiFX 1.4 (HKCU\...\{BaufiMain}}_is1) (Version: 1.4 - Unknown)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Don't Starve (HKLM-x32\...\DontStarve) (Version: - Klei Entertainment)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2014.5.6.0 - ) <==== ATTENTION
Free YouTube to MP3 TURBO Converter 2013 (HKLM-x32\...\FreeYoutubeToMP3TURBOConverter_is1) (Version: - Bitberry Software)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
ICM Trainer (HKLM-x32\...\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}) (Version: 1.0.0 - PokerStrategy)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mein Paradies für Hunde (HKCU\...\Mein Paradies für Hunde) (Version: V1.000000 - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
OMC ModPack Version 0.9.1.0 (HKLM-x32\...\{6C38BB40-8A08-4238-89AA-4EED5FC11549}_is1) (Version: 0.9.1.0 - Odem Mortis)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.1.5.34983 - Grinding Gear Games)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version: - )
PostgreSQL 9.0 (HKLM\...\PostgreSQL 9.0) (Version: 9.0 - PostgreSQL Global Development Group)
ProtectDisc Helper Driver 10 (HKLM-x32\...\ProtectDisc Driver 10) (Version: 10.0.0.3 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2247.4 - Hi-Rez Studios)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
William Hill Poker (HKCU\...\William Hill Poker) (Version: - )
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2842033744-104979599-978530037-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2842033744-104979599-978530037-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2842033744-104979599-978530037-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2842033744-104979599-978530037-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2842033744-104979599-978530037-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2842033744-104979599-978530037-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
==================== Restore Points =========================
12-09-2014 07:38:07 Windows Update
12-09-2014 09:07:00 Installed League of Legends
12-09-2014 09:17:55 Installed League of Legends
12-09-2014 09:19:53 DirectX wurde installiert
14-09-2014 01:00:25 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1223897E-BF4F-41F7-B875-0BDFA4104D54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2012-08-06 13:24 - 2012-08-06 13:24 - 00212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 17:03 - 2012-03-05 17:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-02-16 15:53 - 2012-02-16 15:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-08-09 12:47 - 2012-09-21 09:55 - 00217600 _____ () C:\Program Files\PostgreSQL\9.0\bin\LIBPQ.dll
2014-08-09 12:47 - 2012-08-14 14:02 - 02258432 _____ () C:\Program Files\PostgreSQL\9.0\bin\libxml2.dll
2013-11-22 00:37 - 2013-11-22 00:37 - 04287536 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
2012-08-06 13:24 - 2012-08-06 13:24 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-06 13:07 - 2012-08-06 13:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-05 09:27 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\benutzer2\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-18 22:39 - 2014-09-18 22:39 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-10 19:36 - 2014-04-10 19:36 - 01020928 _____ () C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/19/2014 09:54:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/19/2014 09:51:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x501fefb5
Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000033c1
ID des fehlerhaften Prozesses: 0x770
Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0
Pfad der fehlerhaften Anwendung: Fuel.Service.exe1
Pfad des fehlerhaften Moduls: Fuel.Service.exe2
Berichtskennung: Fuel.Service.exe3
Error: (09/19/2014 07:17:54 PM) (Source: MsiInstaller) (EventID: 1024) (User: benutzer2-PC)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (09/19/2014 07:12:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/19/2014 04:55:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x501fefb5
Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000033c1
ID des fehlerhaften Prozesses: 0x77c
Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0
Pfad der fehlerhaften Anwendung: Fuel.Service.exe1
Pfad des fehlerhaften Moduls: Fuel.Service.exe2
Berichtskennung: Fuel.Service.exe3
Error: (09/19/2014 04:50:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/19/2014 01:57:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x501fefb5
Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000033c1
ID des fehlerhaften Prozesses: 0x764
Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0
Pfad der fehlerhaften Anwendung: Fuel.Service.exe1
Pfad des fehlerhaften Moduls: Fuel.Service.exe2
Berichtskennung: Fuel.Service.exe3
Error: (09/16/2014 03:42:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/16/2014 03:37:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x501fefb5
Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000033c1
ID des fehlerhaften Prozesses: 0x77c
Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0
Pfad der fehlerhaften Anwendung: Fuel.Service.exe1
Pfad des fehlerhaften Moduls: Fuel.Service.exe2
Berichtskennung: Fuel.Service.exe3
Error: (09/16/2014 01:32:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: wwanapi.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be0a8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000333eb
ID des fehlerhaften Prozesses: 0x990
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
System errors:
=============
Error: (09/19/2014 09:54:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (09/19/2014 09:54:07 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%4.
Error: (09/19/2014 09:51:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/19/2014 07:11:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (09/19/2014 07:11:15 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%4.
Error: (09/19/2014 04:55:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/19/2014 04:49:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (09/19/2014 04:49:45 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%4.
Error: (09/19/2014 01:57:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/19/2014 06:43:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.
Microsoft Office Sessions:
=========================
Error: (09/19/2014 09:54:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/19/2014 09:51:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c177001cfd42c9d586965C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll65589906-4036-11e4-be08-448a5b21a980
Error: (09/19/2014 07:17:54 PM) (Source: MsiInstaller) (EventID: 1024) (User: benutzer2-PC)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)
Error: (09/19/2014 07:12:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/19/2014 04:55:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c177c01cfd418de17f0ffC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll09b6ddb3-400d-11e4-8d95-448a5b21a980
Error: (09/19/2014 04:50:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/19/2014 01:57:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c176401cfd1b3c1d7e46fC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll25dcb1ca-3ff4-11e4-be02-448a5b21a980
Error: (09/16/2014 03:42:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/16/2014 03:37:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c177c01cfd1a15ba66218C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dlla704b5a2-3da6-11e4-82b0-448a5b21a980
Error: (09/16/2014 01:32:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4wwanapi.dll6.1.7600.163854a5be0a8c000000500000000000333eb99001cfd1a163284ab8C:\Windows\Explorer.EXEC:\Windows\system32\wwanapi.dll14b7e0d4-3d95-11e4-82b0-448a5b21a980
==================== Memory info ===========================
Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 27%
Total physical RAM: 8140.05 MB
Available physical RAM: 5893.85 MB
Total Pagefile: 16278.29 MB
Available Pagefile: 12036.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:113.13 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 25580574)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== End Of Log ============================
gmerlog: GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-19 22:41:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AZDX-00SC2B0 rev.01.01A01 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\BENUTZ~1\AppData\Local\Temp\fwddquob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2544] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075218791 5 bytes [33, C0, C2, 04, 00]
---- EOF - GMER 2.1 ----
-------------------------------------------------------------------------------------- Und hier noch ein HIJACKTHIS - Log: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:48:33, on 19.09.2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17280) FIREFOX: 32.0.2 (x86 de) Boot mode: Normal Running processes: C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe C:\Users\benutzer2\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: (no name) - {41564952-412D-5637-00A7-7A786E7484D7} - (no file) O4 - HKLM\..\Run: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" O9 - Extra button: Download Video - {B30C9F17-BF16-481e-BAEA-44A86128E1B4} - C:\Program Files (x86)\FreeYouTubeToMP3TURBOConverter\ytmRunner.html O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Browser-Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: postgresql-x64-9.0 - PostgreSQL Server 9.0 (postgresql-x64-9.0) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8358 bytes ----------------------------------------------------------------------------------------- Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:45 on 19/09/2014 (benutzer2)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
|
20.09.2014, 15:06
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows7-64bit, u.a. Trojan.Agent, C:\Windows\SysWOW64\svchosptd.exe Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.09.2014, 19:33
| #5 |
| | Windows7-64bit, u.a. Trojan.Agent, C:\Windows\SysWOW64\svchosptd.exe hi, ComboFix-Log Code:
ATTFilter ComboFix 14-09-18.01 - benutzer2 20.09.2014 20:12:32.1.6 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8140.6078 [GMT 2:00]
ausgeführt von:: c:\users\benutzer2\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\BENUTZ~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\benutzer2\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-08-20 bis 2014-09-20 ))))))))))))))))))))))))))))))
.
.
2014-09-20 06:33 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0627C206-A9D8-4F93-B72F-51DF7FB16402}\mpengine.dll
2014-09-19 20:41 . 2014-09-19 20:41 -------- d-----w- c:\users\benutzer2\AppData\Local\ElevatedDiagnostics
2014-09-19 20:41 . 2014-09-19 20:41 -------- d-----w- c:\users\benutzer2\AppData\Local\Diagnostics
2014-09-19 20:05 . 2014-09-19 20:06 -------- d-----w- C:\FRST
2014-09-14 01:01 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-14 01:01 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-12 09:07 . 2014-09-12 09:18 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2014-09-12 07:48 . 2014-09-12 07:48 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2014-09-12 07:39 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-12 07:39 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-12 07:38 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-12 07:38 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-12 07:35 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-12 07:35 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-12 07:35 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-12 07:35 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-12 07:35 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-12 07:34 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-12 07:34 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-11 10:49 . 2014-09-12 07:22 -------- d-----w- c:\program files\WinTimer
2014-09-01 17:56 . 2014-09-01 17:56 -------- d-----w- c:\users\benutzer2\AppData\Roaming\de.thomasbolz.baufi.BaufiMain
2014-09-01 17:56 . 2014-09-12 07:23 -------- d-----w- c:\users\benutzer2\AppData\Local\BaufiFX 1.4
2014-08-28 07:00 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 07:00 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 07:00 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-20 17:16 . 2014-07-14 15:20 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-09-19 20:45 . 2014-07-01 14:12 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-14 01:02 . 2013-12-05 04:30 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-13 09:27 . 2013-11-21 20:59 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-13 09:27 . 2013-11-21 20:59 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-25 04:53 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 03:23 . 2014-08-14 22:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-14 22:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-07-15 11:32 . 2013-11-21 22:03 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-14 02:02 . 2014-08-14 22:44 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-14 22:44 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-07-11 01:02 . 2014-07-31 08:32 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-09 02:03 . 2014-08-14 22:46 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-14 22:46 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-14 22:46 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-14 22:46 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-14 22:46 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-14 22:46 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-14 22:46 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-07-01 11:46 . 2013-11-21 20:22 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-30 22:24 . 2014-08-15 08:57 8856 ----a-w- c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-15 08:57 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-06-25 02:05 . 2014-08-14 22:46 14175744 ----a-w- c:\windows\system32\shell32.dll
2013-11-21 20:34 . 2013-11-21 20:34 12767232 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-11-21 4287536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-05 751184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-27 164656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys;c:\windows\SYSNATIVE\drivers\acehlp10.sys [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys;c:\windows\SYSNATIVE\drivers\acedrv10.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 postgresql-x64-9.0;postgresql-x64-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3hub.sys [x]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3xhc.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-21 09:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-27 7191768]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
AddRemove-Trusted Software Assistant_is1 - c:\program files (x86)\File Type Assistant\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-20 20:30:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-09-20 18:30
.
Vor Suchlauf: 13 Verzeichnis(se), 127.543.619.584 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 128.571.678.720 Bytes frei
.
- - End Of File - - 406E8D82F00D1DAFCA700CA34B702E05
A36C5E4F47E84449FF07ED3517B43A31
Laut Vodafone Speedcheck (Hilfe&FAQ) weisen meine Netzwerk-Aktivitäten ggf. auch auf eine Verseuchung hin -> Netzwerkauslastung überdurchschnittlich, obwohl ich nichts weltbewegendes laufen habe. Geändert von Dunkelheit (20.09.2014 um 19:42 Uhr) |
|
20.09.2014, 23:35
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows7-64bit, u.a. Trojan.Agent, C:\Windows\SysWOW64\svchosptd.exe Adware/Junkware/Toolbars entfernen 1. Schritt: Malwarebytes Downloade Dir bitte  Malwarebytes Anti-Malware
(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 2. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
3. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
4. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> Windows7-64bit, u.a. Trojan.Agent, C:\Windows\SysWOW64\svchosptd.exe |
|
21.09.2014, 15:35
| #7 |
| | Windows7-64bit, u.a. Trojan.Agent, C:\Windows\SysWOW64\svchosptd.exe Vielen Dank nochmal für Deine Hilfe, also, hier die Inhalte: MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 21.09.2014 Suchlauf-Zeit: 15:50:36 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.21.03 Rootkit Datenbank: v2014.09.19.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: benutzer2 Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 431944 Verstrichene Zeit: 10 Min, 15 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.310 - Bericht erstellt am 21/09/2014 um 16:10:12
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : benutzer2 - BENUTZER2-PC
# Gestartet von : C:\Users\benutzer2\Desktop\AdwCleaner_3.310.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Bitberry Software
Schlüssel Gelöscht : HKCU\Software\Bitberry
Schlüssel Gelöscht : HKCU\Software\FileTypeAssistant
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trusted Software Assistant_is1
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
-\\ Mozilla Firefox v32.0.2 (x86 de)
[ Datei : C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Ixquick hxxpS");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Ixquick hxxpS");
*************************
AdwCleaner[R0].txt - [1366 octets] - [21/11/2013 23:39:51]
AdwCleaner[R1].txt - [936 octets] - [21/11/2013 23:47:15]
AdwCleaner[R2].txt - [2315 octets] - [01/07/2014 16:03:54]
AdwCleaner[R3].txt - [1182 octets] - [01/07/2014 16:32:42]
AdwCleaner[R4].txt - [1550 octets] - [03/07/2014 00:50:28]
AdwCleaner[R5].txt - [1528 octets] - [09/08/2014 23:13:17]
AdwCleaner[R6].txt - [2265 octets] - [21/09/2014 16:07:10]
AdwCleaner[S0].txt - [1429 octets] - [21/11/2013 23:41:26]
AdwCleaner[S1].txt - [996 octets] - [21/11/2013 23:47:50]
AdwCleaner[S2].txt - [2376 octets] - [01/07/2014 16:06:02]
AdwCleaner[S3].txt - [1244 octets] - [01/07/2014 16:33:14]
AdwCleaner[S4].txt - [1565 octets] - [03/07/2014 00:51:10]
AdwCleaner[S5].txt - [1589 octets] - [09/08/2014 23:18:50]
AdwCleaner[S6].txt - [1964 octets] - [21/09/2014 16:10:12]
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [2024 octets] ##########
Code:
ATTFilter # AdwCleaner v3.310 - Bericht erstellt am 21/09/2014 um 16:14:05
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : benutzer2 - BENUTZER2-PC
# Gestartet von : C:\Users\benutzer2\Desktop\AdwCleaner_3.310.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
-\\ Mozilla Firefox v32.0.2 (x86 de)
[ Datei : C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1366 octets] - [21/11/2013 23:39:51]
AdwCleaner[R1].txt - [936 octets] - [21/11/2013 23:47:15]
AdwCleaner[R2].txt - [2315 octets] - [01/07/2014 16:03:54]
AdwCleaner[R3].txt - [1182 octets] - [01/07/2014 16:32:42]
AdwCleaner[R4].txt - [1550 octets] - [03/07/2014 00:50:28]
AdwCleaner[R5].txt - [1528 octets] - [09/08/2014 23:13:17]
AdwCleaner[R6].txt - [2265 octets] - [21/09/2014 16:07:10]
AdwCleaner[R7].txt - [1694 octets] - [21/09/2014 16:13:04]
AdwCleaner[S0].txt - [1429 octets] - [21/11/2013 23:41:26]
AdwCleaner[S1].txt - [996 octets] - [21/11/2013 23:47:50]
AdwCleaner[S2].txt - [2376 octets] - [01/07/2014 16:06:02]
AdwCleaner[S3].txt - [1244 octets] - [01/07/2014 16:33:14]
AdwCleaner[S4].txt - [1565 octets] - [03/07/2014 00:51:10]
AdwCleaner[S5].txt - [1589 octets] - [09/08/2014 23:18:50]
AdwCleaner[S6].txt - [2104 octets] - [21/09/2014 16:10:12]
AdwCleaner[S7].txt - [1615 octets] - [21/09/2014 16:14:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1675 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.9 (09.20.2014:1)
OS: Windows 7 Ultimate x64
Ran by benutzer2 on 21.09.2014 at 16:17:29,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Successfully deleted the following from C:\Users\benutzer2\AppData\Roaming\mozilla\firefox\profiles\rr23ydws.default\prefs.js
user_pref("avira.safe_search.search_was_active", "false");
user_pref("extensions.bootstrappedAddons", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.6.4\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\benutzer2
user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"147a511e30c12-069593015d82468-42504136-0-147a511e30d21d\"");
user_pref("extensions.safesearch.SAUTH_expires_at", "1411412298");
user_pref("extensions.safesearch.SAUTH_rndsnr", "\"0e3b9fb4593a037a6678ef92622393408bb5e610\"");
user_pref("extensions.safesearch.SAUTH_userid", "4220894680");
user_pref("extensions.safesearch.SAUTH_utoken", "\"3f64ab0af98bc09007aa218753a00c4f98e5bb51\"");
user_pref("extensions.safesearch.install", "1407223718673");
Emptied folder: C:\Users\benutzer2\AppData\Roaming\mozilla\firefox\profiles\rr23ydws.default\minidumps [20 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.09.2014 at 16:25:13,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by benutzer2 (administrator) on BENUTZER2-PC on 21-09-2014 16:26:08
Running from C:\Users\benutzer2\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2842033744-104979599-978530037-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4287536 2013-11-22] ()
BootExecute: autocheck autochk * bootdelete
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\searchplugins\startpage-ssl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\Extensions\abs@avira.com [2014-08-29]
FF Extension: Xmarks - C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\Extensions\foxmarks@kei.com [2014-07-30]
FF Extension: Avira SafeSearch - C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\Extensions\safesearch@avira.com [2014-08-05]
FF Extension: LastPass - C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\Extensions\support@lastpass.com [2014-04-10]
FF Extension: Cookie Monster - C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\Extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2013-11-22]
FF Extension: NoScript - C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-21]
FF Extension: Adblock Plus - C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-21]
FF HKLM-x32\...\Firefox\Extensions: [downloader@freeyoutubetomp3converter.org] - C:\Program Files (x86)\FreeYouTubeToMP3TURBOConverter\Firefox
FF Extension: FreeYouTubeToMP3TURBOConverter plugin for Mozilla Firefox - C:\Program Files (x86)\FreeYouTubeToMP3TURBOConverter\Firefox [2014-03-27]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-09-12] (SurfRight B.V.)
R2 postgresql-x64-9.0; C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N "postgresql-x64-9.0" -D "C:/Program Files/PostgreSQL/9.0/data" -w [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [277904 2014-05-26] (Protect Software GmbH)
S2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [228000 2014-05-26] (Protect Software GmbH)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [42040 2014-07-15] (Avira Operations GmbH & Co. KG)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-21] (Malwarebytes Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-21 16:25 - 2014-09-21 16:25 - 00001702 _____ () C:\Users\benutzer2\Desktop\JRT.txt
2014-09-21 16:16 - 2014-09-21 16:16 - 00001755 _____ () C:\Users\benutzer2\Desktop\AdwCleaner[S7].txt
2014-09-21 16:12 - 2014-09-21 16:12 - 00002104 _____ () C:\Users\benutzer2\Desktop\AdwCleaner[S6].txt
2014-09-21 16:06 - 2014-09-21 16:06 - 01373475 _____ () C:\Users\benutzer2\Desktop\AdwCleaner_3.310.exe
2014-09-21 16:06 - 2014-09-21 16:06 - 01027006 _____ (Thisisu) C:\Users\benutzer2\Desktop\JRT.exe
2014-09-21 16:02 - 2014-09-21 16:02 - 00001163 _____ () C:\Users\benutzer2\Desktop\mbam.txt
2014-09-21 13:55 - 2014-09-21 13:55 - 00000000 ____D () C:\Users\jana sofia\AppData\Roaming\Avira
2014-09-21 13:50 - 2014-09-21 13:50 - 00000000 __SHD () C:\Users\jana sofia\AppData\Local\EmieUserList
2014-09-21 13:50 - 2014-09-21 13:50 - 00000000 __SHD () C:\Users\jana sofia\AppData\Local\EmieSiteList
2014-09-21 13:49 - 2014-09-21 13:49 - 00066008 _____ () C:\Users\filip marko\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-21 13:49 - 2014-09-21 13:49 - 00001421 _____ () C:\Users\filip marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-21 13:49 - 2014-09-21 13:49 - 00000020 ___SH () C:\Users\filip marko\ntuser.ini
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\Vorlagen
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\Startmenü
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\Netzwerkumgebung
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\Lokale Einstellungen
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\Eigene Dateien
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\Druckumgebung
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\Documents\Eigene Musik
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\Documents\Eigene Bilder
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\AppData\Local\Verlauf
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\AppData\Local\Anwendungsdaten
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\Anwendungsdaten
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 ____D () C:\Users\filip marko\AppData\Roaming\Adobe
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 ____D () C:\Users\filip marko\AppData\Local\VirtualStore
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 ____D () C:\Users\filip marko
2014-09-21 13:49 - 2014-09-12 09:48 - 00000000 ____D () C:\Users\filip marko\AppData\Roaming\Macromedia
2014-09-21 13:49 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\filip marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-21 13:49 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\filip marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-21 07:40 - 2014-09-21 07:40 - 00066008 _____ () C:\Users\jana sofia\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-21 07:40 - 2014-09-21 07:40 - 00001421 _____ () C:\Users\jana sofia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-21 07:40 - 2014-09-21 07:40 - 00000020 ___SH () C:\Users\jana sofia\ntuser.ini
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\Vorlagen
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\Startmenü
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\Netzwerkumgebung
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\Lokale Einstellungen
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\Eigene Dateien
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\Druckumgebung
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\Documents\Eigene Musik
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\Documents\Eigene Bilder
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\AppData\Local\Verlauf
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\AppData\Local\Anwendungsdaten
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\Anwendungsdaten
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 ____D () C:\Users\jana sofia\AppData\Roaming\Adobe
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 ____D () C:\Users\jana sofia\AppData\Local\VirtualStore
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 ____D () C:\Users\jana sofia
2014-09-21 07:40 - 2014-09-12 09:48 - 00000000 ____D () C:\Users\jana sofia\AppData\Roaming\Macromedia
2014-09-21 07:40 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\jana sofia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-21 07:40 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\jana sofia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-20 20:30 - 2014-09-20 20:30 - 00019913 _____ () C:\ComboFix.txt
2014-09-20 20:10 - 2014-09-20 20:30 - 00000000 ____D () C:\Qoobox
2014-09-20 20:10 - 2014-09-20 20:29 - 00000000 ____D () C:\Windows\erdnt
2014-09-20 20:10 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-20 20:10 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-20 20:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-20 20:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-20 20:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-20 20:10 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-20 20:10 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-20 20:10 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-20 20:06 - 2014-09-20 20:07 - 05578824 ____R (Swearware) C:\Users\benutzer2\Desktop\ComboFix.exe
2014-09-19 22:47 - 2014-09-19 22:47 - 00001889 _____ () C:\malwarebytesantimalwarescan.txt
2014-09-19 22:47 - 2014-09-19 22:47 - 00001880 _____ () C:\Users\benutzer2\Desktop\mwbantimalwareScan.txt
2014-09-19 22:41 - 2014-09-19 22:41 - 00000550 _____ () C:\Users\benutzer2\Desktop\gmerlog.log
2014-09-19 22:09 - 2014-09-19 22:10 - 00380416 _____ () C:\Users\benutzer2\Downloads\Gmer-19357.exe
2014-09-19 22:07 - 2014-09-19 22:07 - 00037805 _____ () C:\Users\benutzer2\Desktop\FRST.txt
2014-09-19 22:06 - 2014-09-19 22:06 - 00026475 _____ () C:\Users\benutzer2\Downloads\Addition.txt
2014-09-19 22:06 - 2014-09-19 22:06 - 00026475 _____ () C:\Users\benutzer2\Desktop\Addition.txt
2014-09-19 22:06 - 2014-09-19 22:06 - 00000000 ____D () C:\Users\benutzer2\Desktop\games
2014-09-19 22:05 - 2014-09-21 16:26 - 00013318 _____ () C:\Users\benutzer2\Downloads\FRST.txt
2014-09-19 22:05 - 2014-09-21 16:26 - 00000000 ____D () C:\FRST
2014-09-19 22:04 - 2014-09-21 07:45 - 00000482 _____ () C:\Users\benutzer2\Desktop\defogger_disable.log
2014-09-19 22:04 - 2014-09-19 22:05 - 02105856 _____ (Farbar) C:\Users\benutzer2\Downloads\FRST64.exe
2014-09-19 22:04 - 2014-09-19 22:04 - 00000000 _____ () C:\Users\benutzer2\defogger_reenable
2014-09-19 22:03 - 2014-09-19 22:03 - 00050477 _____ () C:\Users\benutzer2\Downloads\Defogger.exe
2014-09-19 21:48 - 2014-09-19 21:48 - 00008359 _____ () C:\Users\benutzer2\Downloads\hijackthis.log
2014-09-19 21:48 - 2014-09-19 21:48 - 00008359 _____ () C:\Users\benutzer2\Desktop\hijackthis.log
2014-09-19 21:47 - 2014-09-19 21:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\benutzer2\Downloads\HijackThis.exe
2014-09-18 22:39 - 2014-09-18 22:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-17 10:56 - 2014-09-17 10:56 - 00000028 _____ () C:\Users\benutzer2\Desktop\Neues Textdokument (2).txt
2014-09-14 03:05 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-14 03:05 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-14 03:05 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-14 03:05 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-14 03:05 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-14 03:05 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-14 03:05 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-14 03:05 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-14 03:05 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-14 03:05 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-14 03:05 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-14 03:05 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-14 03:05 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-14 03:05 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-14 03:05 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-14 03:05 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-14 03:05 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-14 03:05 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-14 03:05 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-14 03:05 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-14 03:05 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-14 03:05 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-14 03:05 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-14 03:05 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-14 03:05 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-14 03:05 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-14 03:05 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-14 03:05 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-14 03:05 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-14 03:05 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-14 03:05 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-14 03:05 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-14 03:05 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-14 03:05 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-14 03:05 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-14 03:05 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-14 03:05 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-14 03:05 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-14 03:05 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-14 03:05 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-14 03:05 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-14 03:05 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-14 03:05 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-14 03:05 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-14 03:05 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-14 03:05 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-14 03:05 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-14 03:05 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-14 03:05 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-14 03:05 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-14 03:05 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-14 03:05 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-14 03:05 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-14 03:05 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-14 03:05 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-14 03:05 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-14 03:01 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-14 03:01 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-12 11:18 - 2014-09-12 11:18 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-09-12 11:18 - 2014-09-12 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-09-12 09:48 - 2014-09-12 09:48 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-09-12 09:48 - 2014-09-12 09:48 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-09-12 09:47 - 2014-09-12 09:48 - 17703856 _____ (Adobe Systems Inc.) C:\Users\benutzer2\Downloads\AdobeAIRInstaller(1).exe
2014-09-12 09:39 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 09:39 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-12 09:38 - 2014-09-12 09:38 - 34888568 _____ (Riot Games) C:\Users\benutzer2\Downloads\LeagueofLegends_EUW_Installer_06_12_13(3).exe
2014-09-12 09:38 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 09:38 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-12 09:35 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 09:35 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 09:35 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 09:35 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 09:35 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-12 09:34 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 09:34 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 09:31 - 2014-09-12 09:31 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-11 12:49 - 2014-09-12 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinTimer 3
2014-09-11 12:49 - 2014-09-12 09:22 - 00000000 ____D () C:\Program Files\WinTimer
2014-09-06 02:05 - 2014-09-06 02:14 - 00000385 _____ () C:\Users\benutzer2\Desktop\turmholzdeckestatik.txt
2014-09-04 15:48 - 2014-09-04 15:48 - 00000000 _____ () C:\Users\benutzer2\Desktop\1003402560.txt
2014-09-01 20:33 - 2014-09-01 20:33 - 00007334 _____ () C:\Users\benutzer2\Desktop\route.odt
2014-09-01 20:25 - 2014-09-01 20:25 - 00002564 _____ () C:\Users\benutzer2\Desktop\kredit haus garten turm.xml
2014-09-01 20:00 - 2014-09-01 20:00 - 00000884 _____ () C:\Users\benutzer2\Desktop\finanzierung - haus garten turm.xml
2014-09-01 19:56 - 2014-09-12 09:23 - 00000000 ____D () C:\Users\benutzer2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unknown
2014-09-01 19:56 - 2014-09-12 09:23 - 00000000 ____D () C:\Users\benutzer2\AppData\Local\BaufiFX 1.4
2014-09-01 19:56 - 2014-09-01 19:56 - 00000000 ____D () C:\Users\benutzer2\AppData\Roaming\de.thomasbolz.baufi.BaufiMain
2014-09-01 19:54 - 2014-09-01 19:56 - 64137872 _____ (Unknown ) C:\Users\benutzer2\Desktop\BaufiFX.exe
2014-09-01 19:42 - 2014-09-08 13:51 - 00001030 _____ () C:\Users\benutzer2\Desktop\Neues Textdokument.txt
2014-08-28 09:00 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:00 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 09:00 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-21 16:27 - 2013-11-21 22:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-21 16:26 - 2014-09-19 22:05 - 00013318 _____ () C:\Users\benutzer2\Downloads\FRST.txt
2014-09-21 16:26 - 2014-09-19 22:05 - 00000000 ____D () C:\FRST
2014-09-21 16:26 - 2013-11-22 00:37 - 00000000 ____D () C:\Users\benutzer2\AppData\Local\PMB Files
2014-09-21 16:25 - 2014-09-21 16:25 - 00001702 _____ () C:\Users\benutzer2\Desktop\JRT.txt
2014-09-21 16:23 - 2009-07-14 06:45 - 00027152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-21 16:23 - 2009-07-14 06:45 - 00027152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-21 16:16 - 2014-09-21 16:16 - 00001755 _____ () C:\Users\benutzer2\Desktop\AdwCleaner[S7].txt
2014-09-21 16:14 - 2013-11-21 23:25 - 00000000 ____D () C:\AdwCleaner
2014-09-21 16:14 - 2010-11-21 05:47 - 00303716 _____ () C:\Windows\PFRO.log
2014-09-21 16:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-21 16:14 - 2009-07-14 06:51 - 00111527 _____ () C:\Windows\setupact.log
2014-09-21 16:12 - 2014-09-21 16:12 - 00002104 _____ () C:\Users\benutzer2\Desktop\AdwCleaner[S6].txt
2014-09-21 16:10 - 2008-01-01 02:36 - 01238163 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 16:06 - 2014-09-21 16:06 - 01373475 _____ () C:\Users\benutzer2\Desktop\AdwCleaner_3.310.exe
2014-09-21 16:06 - 2014-09-21 16:06 - 01027006 _____ (Thisisu) C:\Users\benutzer2\Desktop\JRT.exe
2014-09-21 16:02 - 2014-09-21 16:02 - 00001163 _____ () C:\Users\benutzer2\Desktop\mbam.txt
2014-09-21 15:50 - 2014-07-01 16:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 15:47 - 2013-11-22 00:37 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-21 13:55 - 2014-09-21 13:55 - 00000000 ____D () C:\Users\jana sofia\AppData\Roaming\Avira
2014-09-21 13:50 - 2014-09-21 13:50 - 00000000 __SHD () C:\Users\jana sofia\AppData\Local\EmieUserList
2014-09-21 13:50 - 2014-09-21 13:50 - 00000000 __SHD () C:\Users\jana sofia\AppData\Local\EmieSiteList
2014-09-21 13:49 - 2014-09-21 13:49 - 00066008 _____ () C:\Users\filip marko\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-21 13:49 - 2014-09-21 13:49 - 00001421 _____ () C:\Users\filip marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-21 13:49 - 2014-09-21 13:49 - 00000020 ___SH () C:\Users\filip marko\ntuser.ini
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\Vorlagen
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\Startmenü
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\Netzwerkumgebung
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\Lokale Einstellungen
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\Eigene Dateien
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\Druckumgebung
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\Documents\Eigene Musik
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\Documents\Eigene Bilder
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\AppData\Local\Verlauf
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\AppData\Local\Anwendungsdaten
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 _SHDL () C:\Users\filip marko\Anwendungsdaten
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 ____D () C:\Users\filip marko\AppData\Roaming\Adobe
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 ____D () C:\Users\filip marko\AppData\Local\VirtualStore
2014-09-21 13:49 - 2014-09-21 13:49 - 00000000 ____D () C:\Users\filip marko
2014-09-21 10:49 - 2013-11-21 22:56 - 00000000 ____D () C:\Users\benutzer2\AppData\Roaming\vlc
2014-09-21 07:45 - 2014-09-19 22:04 - 00000482 _____ () C:\Users\benutzer2\Desktop\defogger_disable.log
2014-09-21 07:40 - 2014-09-21 07:40 - 00066008 _____ () C:\Users\jana sofia\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-21 07:40 - 2014-09-21 07:40 - 00001421 _____ () C:\Users\jana sofia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-21 07:40 - 2014-09-21 07:40 - 00000020 ___SH () C:\Users\jana sofia\ntuser.ini
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\Vorlagen
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\Startmenü
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\Netzwerkumgebung
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\Lokale Einstellungen
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\Eigene Dateien
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\Druckumgebung
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\Documents\Eigene Musik
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\Documents\Eigene Bilder
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\AppData\Local\Verlauf
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\AppData\Local\Anwendungsdaten
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 _SHDL () C:\Users\jana sofia\Anwendungsdaten
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 ____D () C:\Users\jana sofia\AppData\Roaming\Adobe
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 ____D () C:\Users\jana sofia\AppData\Local\VirtualStore
2014-09-21 07:40 - 2014-09-21 07:40 - 00000000 ____D () C:\Users\jana sofia
2014-09-20 20:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-20 20:30 - 2014-09-20 20:30 - 00019913 _____ () C:\ComboFix.txt
2014-09-20 20:30 - 2014-09-20 20:10 - 00000000 ____D () C:\Qoobox
2014-09-20 20:30 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-20 20:29 - 2014-09-20 20:10 - 00000000 ____D () C:\Windows\erdnt
2014-09-20 20:27 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-20 20:07 - 2014-09-20 20:06 - 05578824 ____R (Swearware) C:\Users\benutzer2\Desktop\ComboFix.exe
2014-09-19 22:47 - 2014-09-19 22:47 - 00001889 _____ () C:\malwarebytesantimalwarescan.txt
2014-09-19 22:47 - 2014-09-19 22:47 - 00001880 _____ () C:\Users\benutzer2\Desktop\mwbantimalwareScan.txt
2014-09-19 22:41 - 2014-09-19 22:41 - 00000550 _____ () C:\Users\benutzer2\Desktop\gmerlog.log
2014-09-19 22:12 - 2014-03-27 16:40 - 00000000 ____D () C:\Program Files (x86)\FreeYouTubeToMP3TURBOConverter
2014-09-19 22:10 - 2014-09-19 22:09 - 00380416 _____ () C:\Users\benutzer2\Downloads\Gmer-19357.exe
2014-09-19 22:07 - 2014-09-19 22:07 - 00037805 _____ () C:\Users\benutzer2\Desktop\FRST.txt
2014-09-19 22:06 - 2014-09-19 22:06 - 00026475 _____ () C:\Users\benutzer2\Downloads\Addition.txt
2014-09-19 22:06 - 2014-09-19 22:06 - 00026475 _____ () C:\Users\benutzer2\Desktop\Addition.txt
2014-09-19 22:06 - 2014-09-19 22:06 - 00000000 ____D () C:\Users\benutzer2\Desktop\games
2014-09-19 22:06 - 2014-08-09 13:57 - 00000000 ____D () C:\Users\benutzer2\Desktop\Poker (1)
2014-09-19 22:05 - 2014-09-19 22:04 - 02105856 _____ (Farbar) C:\Users\benutzer2\Downloads\FRST64.exe
2014-09-19 22:04 - 2014-09-19 22:04 - 00000000 _____ () C:\Users\benutzer2\defogger_reenable
2014-09-19 22:04 - 2013-11-21 19:53 - 00000000 ____D () C:\Users\benutzer2
2014-09-19 22:03 - 2014-09-19 22:03 - 00050477 _____ () C:\Users\benutzer2\Downloads\Defogger.exe
2014-09-19 21:48 - 2014-09-19 21:48 - 00008359 _____ () C:\Users\benutzer2\Downloads\hijackthis.log
2014-09-19 21:48 - 2014-09-19 21:48 - 00008359 _____ () C:\Users\benutzer2\Desktop\hijackthis.log
2014-09-19 21:48 - 2013-11-21 19:53 - 00000000 ____D () C:\Users\benutzer2\AppData\Local\VirtualStore
2014-09-19 21:47 - 2014-09-19 21:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\benutzer2\Downloads\HijackThis.exe
2014-09-19 19:19 - 2014-01-10 20:22 - 00000000 ____D () C:\Users\benutzer2\AppData\Roaming\.minecraft
2014-09-19 19:18 - 2014-07-07 13:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-19 16:49 - 2013-11-21 23:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-19 16:49 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-18 22:39 - 2014-09-18 22:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 20:23 - 2014-01-19 17:22 - 00000000 ____D () C:\Users\benutzer2\AppData\Local\Battle.net
2014-09-18 19:59 - 2014-03-17 07:18 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-17 10:56 - 2014-09-17 10:56 - 00000028 _____ () C:\Users\benutzer2\Desktop\Neues Textdokument (2).txt
2014-09-14 10:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-14 03:04 - 2014-02-28 13:21 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-14 03:04 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-09-14 03:04 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-09-14 03:04 - 2009-07-14 07:13 - 01592628 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 03:03 - 2013-12-05 06:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-14 03:02 - 2013-12-05 06:30 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-14 03:00 - 2014-04-30 03:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-13 11:27 - 2013-11-21 22:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-13 11:27 - 2013-11-21 22:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-13 11:27 - 2013-11-21 22:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-12 11:20 - 2013-11-22 00:47 - 00000000 ____D () C:\Users\benutzer2\AppData\Roaming\Riot Games
2014-09-12 11:18 - 2014-09-12 11:18 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-09-12 11:18 - 2014-09-12 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-09-12 09:48 - 2014-09-21 13:49 - 00000000 ____D () C:\Users\filip marko\AppData\Roaming\Macromedia
2014-09-12 09:48 - 2014-09-21 07:40 - 00000000 ____D () C:\Users\jana sofia\AppData\Roaming\Macromedia
2014-09-12 09:48 - 2014-09-12 09:48 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-09-12 09:48 - 2014-09-12 09:48 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-09-12 09:48 - 2014-09-12 09:47 - 17703856 _____ (Adobe Systems Inc.) C:\Users\benutzer2\Downloads\AdobeAIRInstaller(1).exe
2014-09-12 09:48 - 2014-07-07 13:51 - 00000000 ____D () C:\Users\benutzer2\AppData\Local\Adobe
2014-09-12 09:48 - 2014-07-07 13:47 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-12 09:48 - 2014-07-07 13:47 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-12 09:48 - 2013-11-21 23:02 - 00000000 ____D () C:\Users\benutzer2\AppData\Roaming\Adobe
2014-09-12 09:38 - 2014-09-12 09:38 - 34888568 _____ (Riot Games) C:\Users\benutzer2\Downloads\LeagueofLegends_EUW_Installer_06_12_13(3).exe
2014-09-12 09:32 - 2014-08-05 09:27 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-12 09:31 - 2014-09-12 09:31 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-12 09:31 - 2013-11-22 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-12 09:24 - 2014-08-09 12:59 - 00000000 ____D () C:\Users\postgres
2014-09-12 09:23 - 2014-09-01 19:56 - 00000000 ____D () C:\Users\benutzer2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unknown
2014-09-12 09:23 - 2014-09-01 19:56 - 00000000 ____D () C:\Users\benutzer2\AppData\Local\BaufiFX 1.4
2014-09-12 09:23 - 2014-06-03 18:45 - 00000000 ____D () C:\Users\benutzer2\Desktop\stick
2014-09-12 09:23 - 2014-01-19 17:22 - 00000000 ____D () C:\Users\benutzer2\AppData\Roaming\Battle.net
2014-09-12 09:23 - 2013-11-21 22:58 - 00000000 ____D () C:\Windows\system32\Macromed
2014-09-12 09:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas
2014-09-12 09:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-12 09:22 - 2014-09-11 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinTimer 3
2014-09-12 09:22 - 2014-09-11 12:49 - 00000000 ____D () C:\Program Files\WinTimer
2014-09-12 09:22 - 2014-04-29 23:13 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-12 09:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-12 09:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-12 09:18 - 2013-11-21 22:22 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-08 13:51 - 2014-09-01 19:42 - 00001030 _____ () C:\Users\benutzer2\Desktop\Neues Textdokument.txt
2014-09-06 02:14 - 2014-09-06 02:05 - 00000385 _____ () C:\Users\benutzer2\Desktop\turmholzdeckestatik.txt
2014-09-05 04:10 - 2014-09-12 09:34 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-12 09:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 15:48 - 2014-09-04 15:48 - 00000000 _____ () C:\Users\benutzer2\Desktop\1003402560.txt
2014-09-01 20:33 - 2014-09-01 20:33 - 00007334 _____ () C:\Users\benutzer2\Desktop\route.odt
2014-09-01 20:25 - 2014-09-01 20:25 - 00002564 _____ () C:\Users\benutzer2\Desktop\kredit haus garten turm.xml
2014-09-01 20:00 - 2014-09-01 20:00 - 00000884 _____ () C:\Users\benutzer2\Desktop\finanzierung - haus garten turm.xml
2014-09-01 19:56 - 2014-09-01 19:56 - 00000000 ____D () C:\Users\benutzer2\AppData\Roaming\de.thomasbolz.baufi.BaufiMain
2014-09-01 19:56 - 2014-09-01 19:54 - 64137872 _____ (Unknown ) C:\Users\benutzer2\Desktop\BaufiFX.exe
2014-08-29 13:22 - 2014-07-17 18:20 - 00000000 ____D () C:\Users\benutzer2\Documents\888poker
2014-08-28 12:00 - 2009-07-14 06:45 - 00298904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 09:52 - 2014-03-08 18:56 - 00000000 ____D () C:\Users\benutzer2\AppData\Local\Microsoft Games
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-28 09:00 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 09:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 09:00 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 19:02 - 2014-06-05 21:22 - 00000000 ____D () C:\Users\benutzer2\Desktop\mp3s
2014-08-22 17:59 - 2014-04-10 19:27 - 00000000 ____D () C:\Users\benutzer2\AppData\Roaming\Skype
Some content of TEMP:
====================
C:\Users\benutzer2\AppData\Local\Temp\avgnt.exe
C:\Users\benutzer2\AppData\Local\Temp\Quarantine.exe
C:\Users\filip marko\AppData\Local\Temp\avgnt.exe
C:\Users\jana sofia\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-17 17:52
==================== End Of Log ============================
--- --- --- |
|
21.09.2014, 17:12
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows7-64bit, u.a. Trojan.Agent, C:\Windows\SysWOW64\svchosptd.exe Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken. 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.09.2014, 20:47
| #9 |
| | Windows7-64bit, u.a. Trojan.Agent, C:\Windows\SysWOW64\svchosptd.exe Whooops, hier der Addition-Scan: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by benutzer2 at 2014-09-21 21:46:18
Running from C:\Users\benutzer2\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
888poker (HKLM-x32\...\888poker) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{AF88A32E-BC54-2AA3-2FC8-D63D86DF4A7A}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.0806.1213.19931 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.70727.2220 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In (Version: 2.06.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0806.1213.19931 - Ihr Firmenname) Hidden
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A03}) (Version: 12.10.3.4489 - APN, LLC)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BaufiFX 1.4 (HKCU\...\{BaufiMain}}_is1) (Version: 1.4 - Unknown)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Don't Starve (HKLM-x32\...\DontStarve) (Version: - Klei Entertainment)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Free YouTube to MP3 TURBO Converter 2013 (HKLM-x32\...\FreeYoutubeToMP3TURBOConverter_is1) (Version: - Bitberry Software)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
ICM Trainer (HKLM-x32\...\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}) (Version: 1.0.0 - PokerStrategy)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mein Paradies für Hunde (HKCU\...\Mein Paradies für Hunde) (Version: V1.000000 - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
OMC ModPack Version 0.9.1.0 (HKLM-x32\...\{6C38BB40-8A08-4238-89AA-4EED5FC11549}_is1) (Version: 0.9.1.0 - Odem Mortis)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.1.5.34983 - Grinding Gear Games)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version: - )
PostgreSQL 9.0 (HKLM\...\PostgreSQL 9.0) (Version: 9.0 - PostgreSQL Global Development Group)
ProtectDisc Helper Driver 10 (HKLM-x32\...\ProtectDisc Driver 10) (Version: 10.0.0.3 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2247.4 - Hi-Rez Studios)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
William Hill Poker (HKCU\...\William Hill Poker) (Version: - )
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2842033744-104979599-978530037-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2842033744-104979599-978530037-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2842033744-104979599-978530037-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2842033744-104979599-978530037-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2842033744-104979599-978530037-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2842033744-104979599-978530037-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
==================== Restore Points =========================
14-09-2014 01:00:25 Windows Update
20-09-2014 06:32:58 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1223897E-BF4F-41F7-B875-0BDFA4104D54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2012-08-06 13:24 - 2012-08-06 13:24 - 00212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 17:03 - 2012-03-05 17:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-02-16 15:53 - 2012-02-16 15:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-08-09 12:47 - 2012-09-21 09:55 - 00217600 _____ () C:\Program Files\PostgreSQL\9.0\bin\LIBPQ.dll
2014-08-09 12:47 - 2012-08-14 14:02 - 02258432 _____ () C:\Program Files\PostgreSQL\9.0\bin\libxml2.dll
2012-08-06 13:24 - 2012-08-06 13:24 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-06 13:07 - 2012-08-06 13:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-09-21 16:11 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\benutzer2\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-18 22:39 - 2014-09-18 22:39 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-10 19:36 - 2014-04-10 19:36 - 01020928 _____ () C:\Users\benutzer2\AppData\Roaming\Mozilla\Firefox\Profiles\rr23ydws.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2014-09-13 11:27 - 2014-09-13 11:27 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-09-20 20:18:43.752
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-20 20:18:43.721
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 24%
Total physical RAM: 8140.05 MB
Available physical RAM: 6153.42 MB
Total Pagefile: 16278.29 MB
Available Pagefile: 12211.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:118.81 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 25580574)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
21.09.2014, 23:47
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows7-64bit, u.a. Trojan.Agent, C:\Windows\SysWOW64\svchosptd.exe Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.09.2014, 17:27
| #11 |
| | Windows7-64bit, u.a. Trojan.Agent, C:\Windows\SysWOW64\svchosptd.exe Hallo, hier mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 22.09.2014 Suchlauf-Zeit: 15:22:10 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.22.02 Rootkit Datenbank: v2014.09.19.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: benutzer2 Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 431848 Verstrichene Zeit: 10 Min, 50 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ecd3833157058b4ea6d1d8eacdedbc40
# engine=20244
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-22 04:21:52
# local_time=2014-09-22 06:21:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 4179562 276826202 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 50840 163032762 0 0
# scanned=250208
# found=24
# cleaned=0
# scan_time=9771
sh=F2804D091BEC900E3984853DD856EA199F4C5AB2 ft=1 fh=b6352ca64d82ae0c vn="Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\ftacfg.exe.vir"
sh=4F6A504DAE2929C4B753AD772D96BBFAC3F8CA53 ft=1 fh=6a48d7e397d98671 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\TSASetup.exe.vir"
sh=FD1BBC58B1E5527626449865725E489DD63146CE ft=1 fh=810032c115ad72d7 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\tsassist.exe.vir"
sh=4F6A504DAE2929C4B753AD772D96BBFAC3F8CA53 ft=1 fh=6a48d7e397d98671 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\temp\~tmp.exe.vir"
sh=2714DB0A06F74A4282CDDC307EA1599670422E09 ft=1 fh=dbe7f66a91f8fadc vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\BENUTZ~1\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=BA39F8C9886EF4AABD72262B192DB8A177C7E206 ft=1 fh=078180abaf06d010 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=2718053800D44DAE154F30CDCC3B967EF389749F ft=1 fh=3790c7326800cd62 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\PokerTracker 4\Data\Bin\PartyCommunicator.pt4"
sh=7DE27864824C6930ED853E22C1189DC2F14FED7D ft=1 fh=6a78958f5a04567a vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\PokerTracker 4\Data\Bin\StarsCommunicator.pt4"
sh=FAC7341A571C709AE52946FF8F6120142664290F ft=1 fh=9dd3926ecd994b9d vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\PokerTracker 4\Data\Bin\TiltCommunicator.pt4"
sh=7DE27864824C6930ED853E22C1189DC2F14FED7D ft=1 fh=6a78958f5a04567a vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\benutzer2\AppData\Local\PokerTracker 4\Temp\StarsCommunicator.pt4"
sh=88CF847E288860B0A148B25FEE3D559E57C2D130 ft=1 fh=d6ccd7b65d3141fd vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\benutzer2\Desktop\inst\OpenOffice - CHIP-Installer.exe"
sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\benutzer2\Desktop\inst\wzmp_8.exe"
sh=8D2A9E163F07334EA15254C9E48361EDEE3A6A9C ft=1 fh=ab707b389babb24a vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\benutzer2\Desktop\Poker (1)\PT-Install-v4.11.11.exe"
sh=16286F452F5787D76F156D7393F782E6E11F6FBD ft=1 fh=e63982776593dcc8 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\benutzer2\Desktop\stick\xyz\FoxitReader603.0524_enu_Setup.exe"
sh=3FF425DD6DA9829D39E0151C657231F59A8D2598 ft=1 fh=ac2b2be4d775b8d7 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\benutzer2\Downloads\avira_free_antivirus_de.exe"
sh=09DA613D643659A1CC850C1F3E5C8EE15681B387 ft=1 fh=e15ce3645d20f05d vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\benutzer2\Downloads\YouTubeToMP3Converter2013Update1Setup.exe"
sh=567F7670AC05037B3D666088C2B25036098F2AA7 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z"
sh=5A66C171963EC6CD5840A912571F2E0FEB40D43E ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z"
sh=567F7670AC05037B3D666088C2B25036098F2AA7 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z"
sh=5A66C171963EC6CD5840A912571F2E0FEB40D43E ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z"
 |
|
22.09.2014, 17:38
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows7-64bit, u.a. Trojan.Agent, C:\Windows\SysWOW64\svchosptd.exeZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.09.2014, 17:38
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows7-64bit, u.a. Trojan.Agent, C:\Windows\SysWOW64\svchosptd.exeZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.09.2014, 17:42
| #14 |
| | Windows7-64bit, u.a. Trojan.Agent, C:\Windows\SysWOW64\svchosptd.exe Ja, das ist eine Pokerdatenbank, die Daten über die Spieler sammelt (legal). |
|
22.09.2014, 18:03
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows7-64bit, u.a. Trojan.Agent, C:\Windows\SysWOW64\svchosptd.exe Downloadordner mal aufräumen... Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Hosts:
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows7-64bit, u.a. Trojan.Agent, C:\Windows\SysWOW64\svchosptd.exe |
| antimalware, antivir update, avira antivir, c:\windows, downloader, fehlercode 0x5, fehlercode 0xc0000005, fehlercode windows, festgestellt, malwarebytes, malwarebytes antimalware, msil/advancedsystemprotector.f, ping zu hoch, pup.optional.installcore, pup.optional.softonic, pup.optional.toolbarinstaller, trojan.agent, win32/bundled.toolbar.ask, win32/bundled.toolbar.ask.d, win32/bundled.toolbar.ask.f, win32/bundled.toolbar.ask.g, win32/downloadsponsor.a, win32/filetypeassistant.a, win32/packed.themida, win64/systweak.a |
Linear-Darstellung
