|
Plagegeister aller Art und deren Bekämpfung: Rechner mit Malware befallen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.10.2014, 16:35 | #1 |
| Rechner mit Malware befallen? Wer würde mir helfen meinen Rechner von Malware zu befreien? Folgendes Problem:habe interessehalber nach einem lüfter für meinen Laptop gesucht. Dabeibin ich auf folgende Seite gestossen (ich hoffe der link darf gepostet werden) hxxp://1016341.en.makepolo.com/products/CPU-fan-for-HP-CQ42-G42-p23735034.html| Avast hat dann gleich eine Meldung gebracht, das eine Bedrohung blockiert wurde. Doch es waren über 40... Danach begann mein Küfter auf einmal lauter zu laufen und läuft seither immer lauter als normal. |
25.10.2014, 16:35 | #2 |
/// the machine /// TB-Ausbilder | Rechner mit Malware befallen? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
26.10.2014, 14:40 | #3 |
| Rechner mit Malware befallen? FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014 Ran by Daniel (administrator) on RECHNER on 26-10-2014 14:34:36 Running from C:\Users\Daniel\Desktop Loaded Profile: Daniel (Available profiles: Daniel) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\AAVUpdateManager\aavus.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Hauppauge Computer Works, Inc) C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Hewlett-Packard Company) C:\HP\KBD\kbd.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Comfort Software Group) C:\Users\Daniel\Windows_7-Programme\FreeVK\FreeVK.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe (Identive GmbH) C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\MyKey.exe (SCM Microsystems) C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\SCMSOK.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-03] (IDT, Inc.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2010-03-18] () HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-05-06] (Synaptics Incorporated) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation) HKLM-x32\...\Run: [WebResearchStartupInit] => C:\Program Files (x86)\Web-Recherche\WRGet.exe [144936 2013-12-01] (macropool GmbH) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-03] (AVAST Software) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-21] (BlueStack Systems, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\S-1-5-21-2452044598-799071972-457528600-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.) Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA2CBF0E78DBFCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: Web-Recherche-Browserhilfsobjekt -> {255215E2-87DC-4819-8724-D0B4C94DBEF5} -> C:\Program Files (x86)\Web-Recherche\WRShell.dll (macropool GmbH) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - Web-Recherche-Symbolleiste - {8F0F47B1-7D4B-4834-A981-91E2A3DCE069} - C:\Program Files (x86)\Web-Recherche\WRShell.dll (macropool GmbH) Toolbar: HKLM-x32 - Web-Recherche-Bearbeitungsleiste - {5338DF6C-3B3B-4E38-8B31-7B99986627B2} - C:\Program Files (x86)\Web-Recherche\WRShell.dll (macropool GmbH) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\zcz1m32e.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Daniel\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\zcz1m32e.default\searchplugins\youtube-videosuche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Flash Video Downloader - YouTube Full HD Download - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\zcz1m32e.default\Extensions\artur.dubovoy@gmail.com [2014-10-03] FF Extension: WebResearch Firefox Extension - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\zcz1m32e.default\Extensions\webresearch@macropool.com [2013-10-05] FF Extension: YouTube Unblocker - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\zcz1m32e.default\Extensions\youtubeunblocker@unblocker.yt [2014-01-24] FF Extension: FEBE - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\zcz1m32e.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-10-03] FF Extension: DownloadHelper - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\zcz1m32e.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-02] FF Extension: Flash and Video Download - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\zcz1m32e.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-10-17] FF Extension: Self-Destructing Cookies - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\zcz1m32e.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2013-10-22] FF Extension: WebResearch ScrapBook Extension - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\zcz1m32e.default\Extensions\scrapbookplus4wr@macropool.com.xpi [2013-10-05] FF Extension: MyKey Interface - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\zcz1m32e.default\Extensions\_{FACC66B7-E49F-49ed-997E-66A221FD956D}.xpi.old [2013-10-03] FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\zcz1m32e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-04] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-02] FF HKLM-x32\...\Firefox\Extensions: [{FACC66B7-E49F-49ed-997E-66A221FD956D}] - C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\FireFox FF Extension: MyKey Interface - C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\FireFox [2014-02-19] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-03] CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Daniel\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-01-07] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] () S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-04-14] (Adobe Systems) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-03] (AVAST Software) S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.) S3 Droppix Service; C:\Program Files (x86)\Common Files\Droppix\DxService.exe [221184 2009-08-28] (Droppix) [File not signed] R2 Hauppauge WinTV Extender; C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe [59392 2013-08-07] (Hauppauge Computer Works, Inc) [File not signed] R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [579072 2013-12-11] (Hauppauge Computer Works) [File not signed] S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation) S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-28] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-03] (IDT, Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-03] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-03] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-03] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-03] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-10-03] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-03] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-03] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-03] () R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-21] (BlueStack Systems) S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [758016 2011-02-08] (Hauppauge Computer Works, Inc.) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-08-28] (Intel Corporation) U5 Ps2; C:\Windows\System32\Drivers\Ps2.sys [19072 2010-03-18] (Hewlett-Packard Company) [File not signed] S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-08-20] (RapidSolution Software AG) R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2013-12-18] (Audials AG) R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-08-20] (RapidSolution Software AG) S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [290520 2013-07-25] (Realtek Semiconductor Corp.) R3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [70016 2012-06-21] (Identive) S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [157432 2014-10-14] (Ray Hinchliffe) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-07-12] (Synaptics Incorporated) R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [124176 2012-11-30] (High Criteria inc.) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-01-23] () R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-01-23] () R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700680 2014-01-23] () S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-26 14:34 - 2014-10-26 14:35 - 00016008 _____ () C:\Users\Daniel\Desktop\FRST.txt 2014-10-26 14:27 - 2014-10-26 14:34 - 00000000 ____D () C:\FRST 2014-10-26 14:27 - 2014-10-26 14:27 - 02113024 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe 2014-10-18 01:05 - 2014-10-18 01:05 - 00000000 ____D () C:\d8d32c8a6a7b0cfe9c 2014-10-17 14:56 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-17 14:56 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-17 14:56 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-17 14:56 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-17 14:56 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-17 14:56 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-17 14:56 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-17 14:56 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-17 14:56 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-17 14:56 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-17 14:56 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-17 14:56 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-17 14:56 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-17 14:56 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-17 14:56 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-17 14:56 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-17 14:56 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-17 14:56 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-17 14:56 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-17 14:56 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-17 14:56 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-17 14:56 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-17 14:56 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-17 14:56 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-17 14:56 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-17 14:56 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-17 14:56 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-17 14:56 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-17 14:56 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-17 14:56 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-17 14:56 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-17 14:56 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-17 14:56 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-17 14:56 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-17 14:56 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-17 14:56 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-17 14:56 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-17 14:56 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-17 14:56 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-17 14:55 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-17 14:55 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-17 14:55 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-17 14:55 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-17 14:55 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-17 14:55 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-17 14:55 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-17 14:55 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-17 14:55 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-17 14:55 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-17 14:55 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-17 14:55 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-17 14:55 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-17 14:55 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-17 14:55 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-17 14:55 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-17 14:55 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-17 14:55 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-17 14:55 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-17 14:55 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-17 14:55 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-17 14:55 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-17 14:55 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-17 14:55 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-17 14:54 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-17 14:54 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-17 14:54 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-17 14:54 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-17 14:54 - 2014-07-17 03:07 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-17 14:54 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-17 14:54 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-17 14:54 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-17 14:54 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-17 14:54 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-17 14:54 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-17 14:54 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-17 14:54 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-17 14:54 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-17 14:54 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-17 14:54 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-17 14:54 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-17 14:54 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-17 14:54 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-17 14:54 - 2014-05-30 09:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-10-17 14:54 - 2014-05-30 09:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-10-17 14:54 - 2014-05-30 09:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-10-17 14:54 - 2014-05-30 09:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-10-17 14:54 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-10-17 14:54 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-10-17 14:54 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-10-17 14:54 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-10-17 14:50 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-17 14:50 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-11 17:25 - 2014-10-11 17:26 - 00000000 ____D () C:\Users\Daniel\Desktop\siv44.6 2014-10-11 16:59 - 2014-10-25 15:40 - 00000000 ____D () C:\Users\Daniel\Desktop\siv_v4.47 2014-10-11 16:59 - 2014-10-14 17:15 - 00157432 _____ (Ray Hinchliffe) C:\Windows\system32\Drivers\SIVX64.sys 2014-10-11 14:35 - 2014-10-11 14:35 - 05262124 _____ () C:\Users\Daniel\Desktop\siv_v4.47.zip 2014-10-11 08:49 - 2014-10-11 08:19 - 1017118720 _____ () C:\Users\Daniel\Desktop\ubuntu-14.04-desktop-i386.iso 2014-10-11 07:57 - 2014-10-11 07:57 - 05022859 _____ (LinuxLive USB Creator) C:\Users\Daniel\Desktop\LinuxLive_USB_Creator_2.8.30.exe 2014-10-11 07:57 - 2014-10-11 07:57 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator 2014-10-11 07:57 - 2014-10-11 07:57 - 00000000 ____D () C:\Program Files (x86)\LinuxLive USB Creator 2014-10-11 07:40 - 2014-10-11 07:40 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-10 03:17 - 2014-10-11 13:52 - 00146810 _____ () C:\Users\Daniel\Documents\WebShield.txt 2014-10-03 14:28 - 2014-10-03 14:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-03 13:46 - 2014-10-03 13:46 - 00001100 _____ () C:\Windows\PFRO.log 2014-10-03 13:44 - 2014-10-03 13:44 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-10-03 13:43 - 2014-10-03 13:43 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-10-02 20:15 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-10-02 20:15 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-10-02 20:15 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-10-02 20:15 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-10-02 20:15 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-10-02 20:15 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-10-02 20:15 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-10-02 20:15 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-10-02 18:54 - 2014-06-03 11:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-02 18:53 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-10-02 18:53 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-10-02 18:53 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-10-02 18:53 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-10-02 18:53 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-02 18:53 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-10-02 18:53 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-10-02 18:52 - 2014-07-07 03:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-10-02 18:52 - 2014-07-07 03:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-10-02 18:52 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-10-02 18:52 - 2014-07-07 02:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-10-02 18:52 - 2014-07-07 02:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-10-02 18:51 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-10-02 18:51 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-10-02 18:51 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-10-02 18:51 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-10-02 18:39 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-10-02 18:39 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-10-02 18:39 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-10-02 18:39 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-10-02 18:39 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-10-02 18:39 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-10-02 18:39 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-10-02 18:39 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-10-02 18:39 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-10-02 18:39 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-10-02 18:38 - 2014-05-14 08:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-10-02 18:38 - 2014-05-14 08:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-10-02 18:38 - 2014-05-14 08:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-10-02 18:38 - 2014-05-14 08:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-26 14:34 - 2013-10-05 18:23 - 00000000 ____D () C:\Users\Daniel\Documents\Web-Recherchen 2014-10-26 14:17 - 2010-11-21 07:50 - 00705784 _____ () C:\Windows\system32\perfh007.dat 2014-10-26 14:17 - 2010-11-21 07:50 - 00151650 _____ () C:\Windows\system32\perfc007.dat 2014-10-26 14:17 - 2009-07-14 06:13 - 01631306 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-26 14:17 - 2009-07-14 05:45 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-26 14:17 - 2009-07-14 05:45 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-26 14:16 - 2013-10-02 16:07 - 01426774 _____ () C:\Windows\WindowsUpdate.log 2014-10-26 14:12 - 2014-03-20 22:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-26 14:10 - 2014-03-13 19:55 - 00000540 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2452044598-799071972-457528600-1000.job 2014-10-26 14:09 - 2014-07-19 16:41 - 00002106 _____ () C:\Windows\setupact.log 2014-10-26 14:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-25 17:06 - 2013-10-04 10:27 - 00159879 _____ () C:\Users\Daniel\Desktop\su.txt 2014-10-25 16:46 - 2013-10-03 21:17 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\vlc 2014-10-25 16:07 - 2014-04-16 22:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-24 22:39 - 2014-06-16 19:23 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Adobe 2014-10-24 22:39 - 2014-03-20 22:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-10-24 22:39 - 2013-10-06 13:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-10-24 22:39 - 2013-10-06 13:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-10-24 22:37 - 2013-10-02 20:55 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-10-24 16:34 - 2014-06-14 17:42 - 00000000 ____D () C:\Users\Daniel\Documents\Kontoauszug 2014-10-18 07:30 - 2009-07-14 05:45 - 00369216 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-18 01:05 - 2013-10-02 21:49 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-18 01:05 - 2013-10-02 21:49 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-11 16:54 - 2013-10-06 11:36 - 00000000 ____D () C:\Users\Daniel\SL 2014-10-11 09:23 - 2013-10-04 10:01 - 00000000 ____D () C:\Program Files (x86)\PDF Editor 3 2014-10-11 07:40 - 2014-04-16 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-11 07:40 - 2014-04-16 22:10 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-04 12:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-10-04 08:02 - 2013-10-02 19:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-03 15:31 - 2014-03-13 19:55 - 00003570 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2452044598-799071972-457528600-1000 2014-10-03 13:44 - 2013-10-02 20:55 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-10-03 13:43 - 2014-06-06 12:17 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-10-03 13:43 - 2014-01-07 17:33 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-10-03 13:43 - 2013-10-02 20:55 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-10-03 13:43 - 2013-10-02 20:55 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-10-03 13:43 - 2013-10-02 20:55 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-10-03 13:43 - 2013-10-02 20:55 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-10-03 13:43 - 2013-10-02 20:55 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-10-03 13:43 - 2013-10-02 20:55 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-10-03 13:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-10-02 21:16 - 2013-10-02 19:41 - 01609330 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-10-02 14:53 - 2010-11-21 04:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-05 23:18 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2014 Ran by Daniel at 2014-10-26 14:35:52 Running from C:\Users\Daniel\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version: - Microsoft) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH) Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Illustrator CS2 (HKLM-x32\...\Adobe Illustrator CS2) (Version: 12.000.000 - Adobe Systems Inc.) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.) AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Ihr Firmenname) Hidden AMD Catalyst Install Manager (HKLM\...\{08D35D3C-C4F7-09FB-0F89-F680A1CCD3A3}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.80830.1925 - Advanced Micro Devices, Inc.) Hidden Aqua Kitty 1.02m (HKLM-x32\...\{19668445-485C-4205-8D72-7198BB54DF18}_is1) (Version: 1.02m - Tikipod Ltd) Ashampoo Snap 4 v.4.3.0 (HKLM-x32\...\Ashampoo Snap 4_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG) Ashampoo Snap 5 v.5.1.5 (HKLM-x32\...\{C92AB6F1-DF43-1F74-81AF-9BE56BF1D67F}_is1) (Version: 5.1.5 - Ashampoo GmbH & Co. KG) Audials (HKLM-x32\...\{15FA1110-CA8E-43E4-BD79-A28A897CD563}) (Version: 11.0.48200.0 - Audials AG) Audials (HKLM-x32\...\{73ABAA0E-70F0-4048-AD43-A5F5A13A198D}) (Version: 9.1.31900.0 - Audials AG) avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software) Awesomenauts (HKLM-x32\...\Awesomenauts) (Version: - ) BackupOutlook (HKLM-x32\...\{75210106-92D4-45A9-B2B7-EC9E901DF334}_is1) (Version: 3.0.21 - Wisco) BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.10.3096 - BlueStack Systems, Inc.) BlueStacks Notification Center (HKLM-x32\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.) BurnAware Free 7.1 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP) CHIPDRIVE MyKey (HKLM-x32\...\CHIPDRIVE MyKey_CDInst21) (Version: - Identive GmbH) Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix) CutStudio (HKLM-x32\...\{AB84E88F-89CA-4002-A6F4-422C2C8CB1F8}) (Version: - ) DirReader 1.55 (HKLM-x32\...\{BC6332C4-60CD-4B71-B7FE-CE921D46ECC2}_is1) (Version: 1.55 - PolarSoft) DriverTuner 3.1.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.1 - LionSea SoftWare) Droppix Label Maker 2.x (HKLM-x32\...\Droppix Label Maker_is1) (Version: 2.9.8 - Droppix) Dust An Elysian Tail (HKLM-x32\...\{5032E613-6DC9-4750-A02D-FED65F973F5E}) (Version: 1.04 - Humble Hearts LLC) Dustforce (HKLM-x32\...\Steam App 65300) (Version: - Hitbox Team) EasySketchPro version 1.0.7 (HKLM-x32\...\{90BB7D95-EBCA-4276-B15E-156F85E8B1DA}_is1) (Version: 1.0.7 - Inner Cirle Riches) ENE CIR Receiver Driver (HKLM\...\9201E5BD02AE4540AF31E8A23F8E4A0A8FEFB31C) (Version: 2.7.4.3 - ENE) Evoland (HKLM-x32\...\Steam App 233470) (Version: - Shiro Games) Exif-Viewer 2.51 (HKLM-x32\...\Exif-Viewer) (Version: 2.51 - Ralf Bibinger) Free Video to MP3 Converter version 5.0.33.213 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.33.213 - DVDVideoSoft Ltd.) GoToMeeting 6.4.3.1767 (HKCU\...\GoToMeeting) (Version: 6.4.3.1767 - CitrixOnline) Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.2.31347 (CD 3.2) - Hauppauge Computer Works) Hell Yeah! (HKLM-x32\...\Steam App 205230) (Version: - Arkedo) HP Picasso Media Center Add-In (x32 Version: 1.0.0 - HP) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.8.2.1000 - Intel Corporation) Hidden Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.9.254 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden Ittle Dew (HKLM-x32\...\Steam App 241320) (Version: - Ludosity) K-Lite Codec Pack 10.3.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.0 - ) LightScribe Template Labeler (HKLM-x32\...\{43523FEF-9D8E-4572-BB11-0E914D366E0A}) (Version: 1.18.15.1 - LightScribe) LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere) Lone Survivor: The Director's Cut (HKLM-x32\...\Steam App 209830) (Version: - Jasper Byrne) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Mercenary Kings (HKLM-x32\...\Steam App 218820) (Version: - Tribute Games Inc.) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MP4 To MP3 Converter V3.0.5 (HKLM-x32\...\MP4 To MP3 Converter_is1) (Version: - hxxp://www.MP4ToMP3Converter.net) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Mutant Mudds Deluxe (HKLM-x32\...\Steam App 247370) (Version: - Renegade Kid) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team) Offspring Fling! (HKLM-x32\...\Steam App 211360) (Version: - Kyle Pulver) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Optimierte Multimedia-Tastatur-Lösung (HKLM-x32\...\KBD) (Version: - ) Our Darker Purpose (HKLM-x32\...\Steam App 262790) (Version: - Avidly Wild Games) Paragon Backup & Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software) PDF Editor 3 (HKLM-x32\...\PDF Editor 3) (Version: - ) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.212.0 - Tracker Software Products Ltd) Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version: - Vitali Kirpu) Ralink RT5390R 802.11b/g/n Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29069 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek) Renegade Ops (HKLM-x32\...\Steam App 99300) (Version: - Avalanche Studios) Reus (HKLM-x32\...\Steam App 222730) (Version: - Abbey Games) Revo Uninstaller Pro 3.0.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.5 - VS Revo Group, Ltd.) SCR3xxx Smart Card Reader (HKLM-x32\...\{17B0906A-26ED-45D0-B51B-83EF1AADCCFE}) (Version: 8.51 - Identive) Skype™ 6.10 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.10.104 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated) Teleglitch: Die More Edition (HKLM-x32\...\Steam App 234390) (Version: - Test3 Projects) Teslagrad (HKLM-x32\...\Steam App 249590) (Version: - Rain Games) The Night of the Rabbit (HKLM-x32\...\Steam App 230820) (Version: - Daedalic Entertainment) The Pit (HKLM-x32\...\Kerberos Productions The Pit) (Version: 1.2.4 - Kerberos Productions) The Plan (HKLM-x32\...\Steam App 250600) (Version: - Krillbite Studio) Total Recorder 8.4 Standard Edition (HKLM-x32\...\TotalRecorder) (Version: - ) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VideoMakerFX (HKLM-x32\...\VideoMakerFX 1.04) (Version: 1.04 - Webvati) VideoMakerFX (x32 Version: 1.04 - Webvati) Hidden VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN) VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.44 - VSO-Software SARL) Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton) Web-Recherche 3 (HKLM-x32\...\{C081C7BF-86B9-453D-A91B-1DDC8204E9FA}) (Version: 3.10.4913 - macropool GmbH) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation) Windows-Treiberpaket - HP (PS2) Keyboard (09/07/2006 1.0.7.1) (HKLM\...\08630B5B6CAC87B8B18955EF30FE18A0C42D5C77) (Version: 09/07/2006 1.0.7.1 - HP) Windows-Treiberpaket - Synaptics (SmbDrv) System (07/02/2013 17.0.2.4) (HKLM\...\926AA7CC0DFD17250AFB184CD11158A573FA33F0) (Version: 07/02/2013 17.0.2.4 - Synaptics) Windows-Treiberpaket - Synaptics (SynTP) Mouse (05/07/2013 16.6.1.3) (HKLM\...\C01AFE7A44526A45D33D2D43AA2F72738FEEA339) (Version: 05/07/2013 16.6.1.3 - Synaptics) WinSCP 5.1.7 (HKLM-x32\...\winscp3_is1) (Version: 5.1.7 - Martin Prikryl) XAMPP (HKLM-x32\...\xampp) (Version: 1.8.2-2 - BitNami) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2452044598-799071972-457528600-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2452044598-799071972-457528600-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2452044598-799071972-457528600-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2452044598-799071972-457528600-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2452044598-799071972-457528600-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-2452044598-799071972-457528600-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2452044598-799071972-457528600-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) ==================== Restore Points ========================= 03-10-2014 12:40:31 avast! antivirus system restore point 07-10-2014 10:44:42 Windows Update 10-10-2014 20:22:20 Windows Update 17-10-2014 13:50:11 Windows Update 18-10-2014 00:04:55 Windows Update 18-10-2014 06:04:04 Windows Update 24-10-2014 13:32:58 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1CAC6ACB-6EE3-4D03-BA33-96DDB86546C1} - System32\Tasks\G2MUpdateTask-S-1-5-21-2452044598-799071972-457528600-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\1767\g2mupdate.exe [2014-10-03] (Citrix Online, a division of Citrix Systems, Inc.) Task: {5B67A539-29FC-4AB4-A0EA-7C3F338B7D72} - System32\Tasks\RegistryDr_Start => C:\Program Files (x86)\Registry Dr\RegistryDr.exe <==== ATTENTION Task: {8FA4B8E6-2156-47C5-B2A4-A6153D5D4960} - System32\Tasks\RegistryDr_Popup => C:\Program Files (x86)\Registry Dr\Splash.exe <==== ATTENTION Task: {9373F4DE-8DD6-42B4-98F0-8BCEFCFE4AEB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-03] (AVAST Software) Task: {A82B081F-10F3-41D8-8CBF-54E12BCB4F2C} - System32\Tasks\fsupdate => C:\Program Task: {BD4211B2-7171-4BF0-B3D5-686A8B898486} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-24] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2452044598-799071972-457528600-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\1767\g2mupdate.exe ==================== Loaded Modules (whitelisted) ============= 2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\AAVUpdateManager\aavus.exe 2014-10-03 13:43 - 2014-10-03 13:43 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-10-25 15:36 - 2014-10-25 15:36 - 02897920 _____ () C:\Program Files\AVAST Software\Avast\defs\14102500\algo.dll 2014-10-26 14:15 - 2014-10-26 14:15 - 02897920 _____ () C:\Program Files\AVAST Software\Avast\defs\14102501\algo.dll 2014-10-03 13:43 - 2014-10-03 13:43 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-02-05 15:39 - 2013-11-25 01:10 - 00025600 _____ () C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll 2014-02-05 15:39 - 2011-08-23 10:04 - 00057344 _____ () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll 2014-10-03 14:28 - 2014-10-03 14:28 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2008-10-26 04:42 - 2008-10-26 04:42 - 00065376 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll 2006-10-27 14:35 - 2006-10-27 14:35 - 00436512 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll 2009-02-14 04:04 - 2009-02-14 04:04 - 00756040 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL 2014-10-24 22:39 - 2014-10-24 22:39 - 16832176 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:B801D4E2 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2452044598-799071972-457528600-500 - Administrator - Disabled) Daniel (S-1-5-21-2452044598-799071972-457528600-1000 - Administrator - Enabled) => C:\Users\Daniel Gast (S-1-5-21-2452044598-799071972-457528600-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/26/2014 02:35:56 PM) (Source: ATIeRecord) (EventID: 16386) (User: ) Description: ATI EEU Client has failed to start Error: (10/26/2014 02:34:56 PM) (Source: ATIeRecord) (EventID: 16386) (User: ) Description: ATI EEU Client has failed to start Error: (10/26/2014 02:33:56 PM) (Source: ATIeRecord) (EventID: 16386) (User: ) Description: ATI EEU Client has failed to start Error: (10/26/2014 02:32:56 PM) (Source: ATIeRecord) (EventID: 16386) (User: ) Description: ATI EEU Client has failed to start Error: (10/26/2014 02:31:56 PM) (Source: ATIeRecord) (EventID: 16386) (User: ) Description: ATI EEU Client has failed to start Error: (10/26/2014 02:30:56 PM) (Source: ATIeRecord) (EventID: 16386) (User: ) Description: ATI EEU Client has failed to start Error: (10/26/2014 02:29:56 PM) (Source: ATIeRecord) (EventID: 16386) (User: ) Description: ATI EEU Client has failed to start Error: (10/26/2014 02:28:55 PM) (Source: ATIeRecord) (EventID: 16386) (User: ) Description: ATI EEU Client has failed to start Error: (10/26/2014 02:27:55 PM) (Source: ATIeRecord) (EventID: 16386) (User: ) Description: ATI EEU Client has failed to start Error: (10/26/2014 02:26:55 PM) (Source: ATIeRecord) (EventID: 16386) (User: ) Description: ATI EEU Client has failed to start System errors: ============= Error: (10/26/2014 02:23:22 PM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Ein an das System angeschlossenes Gerät funktioniert nicht.SCM Microsystems Inc. SCR35xx USB Smart Card Reader 00x3136b012 XX XX XX Error: (10/26/2014 02:23:22 PM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Die Anforderung wird nicht unterstützt.SCM Microsystems Inc. SCR35xx USB Smart Card Reader 0GET_ATTRIBUTE03 01 01 00 Error: (10/25/2014 05:27:31 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (10/25/2014 04:24:01 PM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Ein an das System angeschlossenes Gerät funktioniert nicht.SCM Microsystems Inc. SCR35xx USB Smart Card Reader 00x3136b012 XX XX XX Error: (10/25/2014 04:24:01 PM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Die Anforderung wird nicht unterstützt.SCM Microsystems Inc. SCR35xx USB Smart Card Reader 0GET_ATTRIBUTE03 01 01 00 Error: (10/25/2014 00:08:30 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (10/25/2014 00:08:23 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (10/18/2014 07:27:48 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (10/18/2014 06:59:24 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 18.10.2014 um 02:30:33 unerwartet heruntergefahren. Error: (10/18/2014 01:05:07 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Microsoft Office Sessions: ========================= Error: (07/03/2014 10:07:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 76 seconds with 60 seconds of active time. This session ended with a crash. Error: (03/17/2014 08:39:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1818 seconds with 60 seconds of active time. This session ended with a crash. Error: (01/29/2014 06:16:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/29/2014 05:36:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/24/2014 01:48:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error: (12/29/2013 09:34:45 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 97 seconds with 0 seconds of active time. This session ended with a crash. Error: (10/24/2013 09:55:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-10-26 14:34:48.226 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EEL64A.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-26 14:34:12.373 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EEL64A.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-26 14:32:21.644 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EEL64A.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-26 14:30:32.999 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EEL64A.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-26 14:29:44.570 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EEL64A.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-26 14:28:57.421 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EEL64A.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-26 14:28:34.190 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EEL64A.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-26 14:27:44.883 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EEL64A.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-26 14:19:54.808 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EEL64A.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-10-26 14:17:30.451 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EEL64A.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz Percentage of memory in use: 30% Total physical RAM: 8090.36 MB Available physical RAM: 5642.21 MB Total Pagefile: 16178.9 MB Available Pagefile: 13596.21 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:698.54 GB) (Free:357.13 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 8BB977FD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
27.10.2014, 09:39 | #4 |
/// the machine /// TB-Ausbilder | Rechner mit Malware befallen? hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Rechner mit Malware befallen? |
auf einmal, bedrohung, befallen, befreien, blockiert, gepostet, gesuch, hoffe, laptop, laufe, laufen, lauter, link, lüfter, malware, meldung, problem, rechner, seite, würde |