| |
| |||||||
Log-Analyse und Auswertung: PUP.Optional.InstallCore.A endgültig entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.10.2014, 11:47
| #3 |
| |  PUP.Optional.InstallCore.A endgültig entfernen Hallo schrauber,
__________________vielen Dank für deine Antwort! Ich habe mit Revo Installer das Programm "Download &Install Packages" gelöscht und anschließend AdwCleaner verwendet, hier ist der entsprechende Log-File, wobei seltsamerweise die Logs von gestern und heute beide in derselben Datei mit S3 gespeichert waren Code:
ATTFilter ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2578 octets] ##########AdwCleaner Logfile: Hier ist das JRT-Log: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.1 (10.06.2014:1)
OS: Windows 7 Professional x64
Ran by Philip on 08.10.2014 at 10:34:16,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Philip\AppData\Roaming\mozilla\firefox\profiles\yjhd14lv.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.10.2014 at 10:36:52,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Philip (administrator) on DON on 08-10-2014 10:38:17
Running from D:\Downloads
Loaded Profile: Philip (Available profiles: Philip)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Dropbox, Inc.) C:\Users\Philip\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [QuickTime Task] => D:\Programme\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-08-15] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-07] (AVAST Software)
HKU\S-1-5-21-3499735770-1425299318-1802209914-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-3499735770-1425299318-1802209914-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-3499735770-1425299318-1802209914-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-05-24] (AMD)
HKU\S-1-5-21-3499735770-1425299318-1802209914-1000\...\MountPoints2: {145ae873-8325-11e1-ba0f-002522dba429} - F:\Startme.exe
HKU\S-1-5-21-3499735770-1425299318-1802209914-1000\...\MountPoints2: {b56cc84c-0805-11e2-b93a-002522dba429} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
Startup: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Philip\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA162493C2AD2CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\yjhd14lv.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\yjhd14lv.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\yjhd14lv.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\yjhd14lv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-05]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-09-24]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - D:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-07]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\yjhd14lv.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-07]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136544 2010-03-12] ()
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-07] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2012-01-25] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AODDriver; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-10-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-07] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-07] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-01-14] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-01-14] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-08] (Malwarebytes Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-27] ()
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-08 10:36 - 2014-10-08 10:36 - 00000758 _____ () C:\Users\Philip\Desktop\JRT.txt
2014-10-08 10:14 - 2014-10-08 10:14 - 00001268 _____ () C:\Users\Philip\Desktop\Revo Uninstaller.lnk
2014-10-08 10:14 - 2014-10-08 10:14 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-07 23:55 - 2014-10-07 23:55 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-10-07 23:55 - 2014-10-07 23:55 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-07 23:55 - 2014-10-07 23:55 - 00001026 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-07 23:55 - 2014-10-07 23:55 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\AVAST Software
2014-10-07 23:55 - 2014-10-07 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-10-07 23:55 - 2014-10-07 23:54 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-10-07 23:55 - 2014-10-07 23:54 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-07 23:55 - 2014-10-07 23:54 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-10-07 23:55 - 2014-10-07 23:54 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-10-07 23:55 - 2014-10-07 23:54 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-10-07 23:55 - 2014-10-07 23:54 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-07 23:55 - 2014-10-07 23:54 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-07 23:54 - 2014-10-07 23:54 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-07 23:54 - 2014-10-07 23:54 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-07 23:52 - 2014-10-07 23:54 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-07 23:08 - 2014-10-07 23:08 - 00002692 _____ () C:\Users\Philip\.recently-used.xbel
2014-10-02 16:09 - 2014-10-02 16:09 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\LolClient
2014-10-02 15:51 - 2014-10-02 15:51 - 00000000 ____D () C:\ProgramData\Riot Games
2014-10-02 15:51 - 2014-10-02 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-10-02 15:50 - 2014-10-02 15:51 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Riot Games
2014-10-01 17:55 - 2014-10-01 17:55 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\TERA
2014-09-28 12:24 - 2014-09-28 12:24 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-28 12:24 - 2014-09-28 12:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-28 12:24 - 2014-09-28 12:24 - 00000000 ____D () C:\Users\Philip\AppData\Local\Skype
2014-09-28 12:24 - 2014-09-28 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-28 12:20 - 2014-10-08 10:20 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\0D1F2W1G1I1F1T1QyE2W1L1G1Q1F2W1B
2014-09-28 12:20 - 2014-09-28 20:42 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-09-28 12:20 - 2014-09-28 12:23 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Panda Security
2014-09-28 12:20 - 2014-09-28 12:23 - 00000000 ____D () C:\ProgramData\Panda Security
2014-09-28 12:19 - 2014-09-28 12:19 - 36005480 ____N (Skype Technologies S.A.) C:\Users\Philip\Downloads\Skype.exe
2014-09-24 23:18 - 2014-09-24 23:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-22 23:51 - 2014-09-22 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-09-22 11:35 - 2014-09-22 14:02 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Dev-Cpp
2014-09-22 11:35 - 2014-09-22 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
2014-09-18 23:33 - 2014-09-18 23:50 - 00010439 _____ () C:\Users\Philip\Desktop\StundenplanWS1415.xlsx
2014-09-18 18:30 - 2014-09-18 18:30 - 00000637 _____ () C:\Users\Philip\Desktop\HD Tune.lnk
2014-09-18 18:30 - 2014-09-18 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2014-09-17 19:11 - 2014-09-17 19:11 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ANNO1602
2014-09-17 19:10 - 2014-09-17 19:10 - 00000000 ____D () C:\ANNO1602
2014-09-17 18:35 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-09-17 18:35 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-09-13 23:08 - 2014-09-17 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO1602
2014-09-13 12:25 - 2014-09-13 12:25 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Oracle
2014-09-13 12:24 - 2014-09-13 12:24 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-13 12:24 - 2014-09-13 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-12 01:50 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 01:50 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 01:50 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 01:50 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 01:50 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 01:50 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 01:50 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 01:50 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 01:50 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 01:50 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 01:50 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 01:50 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 01:50 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 01:50 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 01:50 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 01:50 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 01:50 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 01:50 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 01:50 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 01:50 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 01:50 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 01:50 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 01:50 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 01:50 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 01:50 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 01:50 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 01:50 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 01:50 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 01:50 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 01:50 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 01:50 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 01:50 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 01:50 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 01:50 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 01:50 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 01:50 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 01:50 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 01:50 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 01:50 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 01:50 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 01:50 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 01:50 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 01:50 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 01:50 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 01:50 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 01:50 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 01:50 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 01:50 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 01:50 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 01:50 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 01:50 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 01:50 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 01:50 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 01:50 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 01:50 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 01:50 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 00:33 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-12 00:33 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-12 00:33 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-12 00:33 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 00:33 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 00:33 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 00:33 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 00:33 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-08 10:38 - 2013-10-11 16:11 - 00000000 ____D () C:\FRST
2014-10-08 10:29 - 2009-07-14 06:45 - 00022000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-08 10:29 - 2009-07-14 06:45 - 00022000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-08 10:26 - 2011-04-12 09:43 - 20057438 _____ () C:\Windows\system32\perfh007.dat
2014-10-08 10:26 - 2011-04-12 09:43 - 06258844 _____ () C:\Windows\system32\perfc007.dat
2014-10-08 10:26 - 2009-07-14 07:13 - 00006702 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-08 10:25 - 2012-01-13 20:46 - 01990463 _____ () C:\Windows\WindowsUpdate.log
2014-10-08 10:23 - 2012-04-10 13:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-08 10:22 - 2012-06-20 13:23 - 00000000 ___RD () C:\Users\Philip\Dropbox
2014-10-08 10:22 - 2012-06-20 13:20 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Dropbox
2014-10-08 10:22 - 2010-11-21 05:47 - 00516342 _____ () C:\Windows\PFRO.log
2014-10-08 10:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-08 10:22 - 2009-07-14 06:51 - 00271901 _____ () C:\Windows\setupact.log
2014-10-08 10:21 - 2013-10-11 15:47 - 00000000 ____D () C:\AdwCleaner
2014-10-08 10:08 - 2014-04-01 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-10-08 10:04 - 2014-06-30 17:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-08 09:57 - 2012-06-20 13:23 - 00001015 _____ () C:\Users\Philip\Desktop\Dropbox.lnk
2014-10-08 09:57 - 2012-06-20 13:21 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-08 00:39 - 2012-12-29 21:50 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-10-08 00:38 - 2013-10-11 15:52 - 00000000 ____D () C:\Windows\ERUNT
2014-10-08 00:38 - 2012-12-29 21:50 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-10-08 00:38 - 2012-01-28 23:33 - 00000000 ____D () C:\ACDFREE12
2014-10-08 00:38 - 2012-01-20 15:07 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\gtk-2.0
2014-10-08 00:38 - 2011-04-12 09:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-08 00:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-10-07 23:39 - 2012-01-13 20:49 - 00000000 ____D () C:\Users\Philip
2014-10-07 23:09 - 2013-09-04 17:27 - 00905305 _____ () C:\Users\Philip\Desktop\Menzheim.xlsx
2014-10-07 23:09 - 2012-01-20 15:05 - 00000000 ____D () C:\Users\Philip\.gimp-2.6
2014-10-07 19:57 - 2014-05-09 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JKI
2014-10-07 19:56 - 2014-05-09 14:03 - 00000000 ____D () C:\ProgramData\National Instruments
2014-10-07 19:40 - 2014-02-02 15:28 - 00000000 ____D () C:\Users\Philip\Desktop\Klausuren
2014-10-07 18:56 - 2012-01-13 21:33 - 00000000 ____D () C:\Meine Dokumente
2014-10-07 17:34 - 2012-03-08 02:34 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Skype
2014-10-07 15:17 - 2014-03-30 22:56 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Audacity
2014-09-28 20:42 - 2012-01-13 21:06 - 00113584 _____ () C:\Users\Philip\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-28 20:42 - 2009-07-14 06:45 - 00438944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-28 12:23 - 2012-03-08 02:33 - 00000000 ____D () C:\ProgramData\Skype
2014-09-27 22:06 - 2012-12-02 00:24 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\vlc
2014-09-26 13:24 - 2014-04-04 12:21 - 00000000 ____D () C:\Users\Philip\AppData\Local\Battle.net
2014-09-26 12:27 - 2012-04-27 07:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-22 23:51 - 2013-01-10 16:06 - 00000000 ____D () C:\ProgramData\Cisco
2014-09-22 23:51 - 2013-01-10 16:06 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-09-21 15:11 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-21 11:56 - 2014-07-18 17:02 - 00000000 ____D () C:\Users\Philip\AppData\Roaming\Guild Wars 2
2014-09-18 23:21 - 2014-07-08 19:05 - 00000000 ____D () C:\Users\Philip\.VirtualBox
2014-09-18 18:27 - 2014-07-08 19:05 - 00000000 ____D () C:\Users\Philip\VirtualBox VMs
2014-09-18 18:26 - 2014-07-08 19:02 - 00000000 ____D () C:\Program Files\Andy
2014-09-18 12:43 - 2014-03-18 20:04 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-18 12:28 - 2014-06-15 22:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-16 15:58 - 2012-01-16 19:58 - 00000000 ____D () C:\Users\Philip\Desktop\LaTex
2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 12:24 - 2013-11-26 18:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-13 12:24 - 2012-02-26 12:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-12 13:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-12 01:49 - 2013-08-15 00:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 01:47 - 2012-01-16 19:47 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 18:23 - 2012-04-10 13:43 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 18:23 - 2012-04-10 13:43 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-11 18:23 - 2012-01-14 03:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Philip\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Philip\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpify3qk.dll
C:\Users\Philip\AppData\Local\Temp\ERUNT.exe
C:\Users\Philip\AppData\Local\Temp\First15.exe
C:\Users\Philip\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Philip\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Philip\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Philip\AppData\Local\Temp\Quarantine.exe
C:\Users\Philip\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Philip\AppData\Local\Temp\VP6Install.exe
C:\Users\Philip\AppData\Local\Temp\VP6VFW.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 17:26
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- MAM ist jetzt zufrieden und findet nichts mehr, der ESET-Scanner hingegen findet einige evtl. unerwünschte Programme  MAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 08.10.2014 Suchlauf-Zeit: 11:06:57 Logdatei: Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.10.08.02 Rootkit Datenbank: v2014.09.19.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Philip Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 336260 Verstrichene Zeit: 10 Min, 22 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) ESET: Code:
ATTFilter C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DivX_Browser_Bar_DE\hk64tbDivX.dll.vir Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DivX_Browser_Bar_DE\hktbDivX.dll.vir Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DivX_Browser_Bar_DE\ldrtbDivX.dll.vir Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DivX_Browser_Bar_DE\prxtbDivX.dll.vir Win32/Toolbar.Conduit.N evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DivX_Browser_Bar_DE\tbDivX.dll.vir Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js.vir Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Philip\AppData\Local\Temp\OCS\ocs_v71a.exe.vir Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Philip\AppData\LocalLow\DivX_Browser_Bar_DE\hk64tbDivX.dll.vir Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Philip\AppData\LocalLow\DivX_Browser_Bar_DE\hktbDivX.dll.vir Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Philip\AppData\LocalLow\DivX_Browser_Bar_DE\ldrtbDivX.dll.vir Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Philip\AppData\LocalLow\DivX_Browser_Bar_DE\tbDivX.dll.vir Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Users\Philip\AppData\Local\Temp\1333402.Uninstall\uninstaller.exe Win32/InstallCore.PC evtl. unerwünschte Anwendung
C:\Users\Philip\AppData\Local\Temp\is1158881826\5916039_stp.EXE Variante von Win32/AdWare.SpeedingUpMyPC.G Anwendung
D:\Downloads\FreeYouTubeToMP3Converter_3.12.46.923.exe Variante von Win32/OpenCandy.A potenziell unsichere Anwendung
Geändert von Hagenbert (08.10.2014 um 09:54 Uhr) |
Baum-Darstellung