Windows 8.1: Rootkit-gen, SupTab, Sweet Page

Tailtinn · 11.11.2014, 23:28

Und Teil 2.

Danke!

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Heiko at 2014-11-11 20:44:30
Running from C:\Users\Heiko\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis Backup & Recovery 11 Agent Core (HKLM-x32\...\{8409C3AB-28D8-492C-9DE0-0ECEE768F693}) (Version: 11.0.17440 - Acronis)
Acronis Backup & Recovery 11 Bootable Media Builder (HKLM-x32\...\{EEB5BA23-5E3C-4154-AEF5-9983156BEA54}) (Version: 11.0.17440 - Acronis)
Acronis Backup & Recovery 11 Command-Line Tool (HKLM-x32\...\{BE43E96D-8614-4540-BD12-964D4388CD8B}) (Version: 11.0.17440 - Acronis)
Acronis Backup & Recovery 11 Management Console (HKLM-x32\...\{45912030-810C-40D3-9C09-5568B22E3297}) (Version: 11.0.17440 - Acronis)
Acronis Backup & Recovery 11 Tray Monitor (HKLM-x32\...\{A9603008-CF47-44E5-8002-C79F4DF656D5}) (Version: 11.0.17440 - Acronis)
Acronis Backup & Recovery 11*Agent für Windows (HKLM-x32\...\{659113DB-3916-4038-948A-8A7034FBAA17}) (Version: 11.0.17440 - Acronis)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boxcryptor 2.0 (HKLM-x32\...\{0511514A-A672-4F79-8151-D70CA84BF044}) (Version: 2.0.437.408 - Secomba GmbH)
Bria 4 (HKLM-x32\...\{024FE775-8EC5-4B0B-9A64-E4AD515959CA}) (Version: 41.7.4246 - CounterPath Corporation)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.45 - Creative Technology Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT)
dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 15.1 - Illustrate)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 11 - Illustrate)
Dropbox (HKU\S-1-5-21-3172040616-1078018660-4015173888-1001\...\Dropbox) (Version: 2.10.46 - Dropbox, Inc.)
Evernote v. 5.7.1 (HKLM-x32\...\{6EE04364-6568-11E4-B696-00163E98E7D6}) (Version: 5.7.1.5586 - Evernote Corp.)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Git version 1.9.4-preview20140929 (HKLM-x32\...\Git_is1) (Version: 1.9.4-preview20140929 - The Git Development Community)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.9.10.5 - Siber Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel(R) Network Connections 19.5.303.0 (HKLM\...\PROSetDX) (Version: 19.5.303.0 - Intel)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JetBrains PyCharm Community Edition 3.4.1 (HKLM-x32\...\PyCharm Community Edition 3.4.1) (Version: 135.1057 - JetBrains s.r.o.)
LINQPad 4 (HKLM-x32\...\{758485A7-8E93-4864-A3A8-D628C093B639}_is1) (Version:  - Joseph Albahari)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
MakeMKV v1.8.14 (HKLM-x32\...\MakeMKV) (Version: v1.8.14 - GuinpinSoft inc)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3172040616-1078018660-4015173888-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mp3tag v2.65a (HKLM-x32\...\Mp3tag) (Version: v2.65a - Florian Heidenreich)
mSecure (HKLM-x32\...\{84C0F28E-47F9-446E-B1F2-DFF746B80B54}) (Version: 3.157 - mSeven Software LLC)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PerfectTUNES (HKLM-x32\...\PerfectTUNES) (Version: Release 1.7 Registered - Resolute)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Python 3.4.2 (64-bit) (HKLM\...\{cd723946-09c1-38d3-8542-732ba931e9ef}) (Version: 3.4.2150 - Python Software Foundation)
RegexBuddy 3 v.3.6.3 (HKLM-x32\...\RegexBuddy 3) (Version: v.3.6.3 - Just Great Software)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.)
smtp4dev 2.0.9 (HKLM-x32\...\{43AD107F-E1A8-4B34-BCF5-22055F81FAAB}) (Version: 2.0.9 - Robert Wood)
SourceTree (HKLM-x32\...\SourceTree 1.6.8) (Version: 1.6.8 - Atlassian)
SourceTree (x32 Version: 1.6.8 - Atlassian) Hidden
sweet-page uninstall (HKLM-x32\...\sweet-page uninstall) (Version:  - sweet-page) <==== ATTENTION
Synergy (64-bit) (HKLM\...\{C3BFE48C-F381-4D22-BB45-8205DE7A06F1}) (Version: 1.5.1 - The Synergy Project)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WISO Mein Geld 2015 Professional .NET (HKLM-x32\...\WISO Mein Geld 2015 Professional .NET) (Version:  - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional .NET (x32 Version: 20.0.0.0 - Buhl Data Service GmbH) Hidden
WISO Steuer 2011 (HKLM-x32\...\{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}) (Version: 18.13.7477 - Buhl Data Service GmbH)
WISO Steuer 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.05.7368 - Buhl Data Service GmbH)
WISO Steuer 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer 2014 (HKLM-x32\...\{C8C9F247-4784-48EC-93C5-C567E055E759}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3172040616-1078018660-4015173888-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {185391C4-9468-D082-9201-22E985889A47} No File
CustomCLSID: HKU\S-1-5-21-3172040616-1078018660-4015173888-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Heiko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3172040616-1078018660-4015173888-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-3172040616-1078018660-4015173888-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {585F9B36-9468-D082-600B-2EA985889A47} No File
CustomCLSID: HKU\S-1-5-21-3172040616-1078018660-4015173888-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Heiko\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3172040616-1078018660-4015173888-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3172040616-1078018660-4015173888-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3172040616-1078018660-4015173888-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3172040616-1078018660-4015173888-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3172040616-1078018660-4015173888-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3172040616-1078018660-4015173888-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3172040616-1078018660-4015173888-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3172040616-1078018660-4015173888-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

09-11-2014 22:36:05 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
10-11-2014 23:01:08 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0BA7C1AF-F79B-4303-AE1F-E7238F0C072D} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3172040616-1078018660-4015173888-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {0DB74D06-3C1B-4041-B401-65DE22933969} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10] (Google Inc.)
Task: {2487934E-9779-4A81-A115-B9CB0B407859} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-03] (Microsoft Corporation)
Task: {2852F809-73F0-41B9-AB58-D5E9944B3FDB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-11] (AVAST Software)
Task: {51BCC15B-9100-4D92-9032-5AC27526EEB7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-10] (Microsoft Corporation)
Task: {564634B0-C62E-4254-A47D-B7751B029674} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {61E8C913-32F3-44D0-94EB-80465CF2BDAC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10] (Google Inc.)
Task: {76C83FFB-FE3E-4682-87F5-3CA467245FE4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {77C49114-6876-43CB-A011-728E5367C31C} - System32\Tasks\Microsoft Office 15 Sync Maintenance for TAILTINN-Heiko Tailtinn => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-10] (Microsoft Corporation)
Task: {E1A51930-75F5-4252-861D-9CAAAEA6DCD2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-11-10 21:38 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-10-31 16:29 - 2014-10-31 16:29 - 08274576 _____ () C:\Program Files\Siber Systems\GoodSync\gs-server.exe
2014-08-21 18:20 - 2014-08-21 18:20 - 00298496 _____ () C:\Program Files\Synergy\synergyd.exe
2014-11-11 00:02 - 2014-11-11 00:02 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-11 00:02 - 2014-11-11 00:02 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-11-10 20:29 - 2014-09-30 00:15 - 00737986 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-10-23 20:19 - 2014-10-23 20:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-09-15 18:13 - 2014-09-15 18:13 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-11-11 09:41 - 2014-11-11 09:41 - 02902016 _____ () C:\Program Files\AVAST Software\Avast\defs\14111100\algo.dll
2014-11-11 00:02 - 2014-11-11 00:02 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-17 13:00 - 2012-07-17 13:00 - 00292320 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\fnls.dll
2012-07-17 13:00 - 2012-07-17 13:00 - 00326336 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\events_trace.dll
2012-07-17 13:00 - 2012-07-17 13:00 - 00441232 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\FileTrace.dll
2014-11-09 23:46 - 2006-06-09 15:20 - 00003072 _____ () C:\Windows\system32\CTXFIGER.DLL
2014-11-11 20:41 - 2014-11-11 20:41 - 00043008 _____ () c:\users\heiko\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgot6m3.dll
2014-11-10 00:15 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Heiko\AppData\Roaming\Dropbox\bin\libcef.dll
2014-11-11 00:02 - 2014-11-11 00:02 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-05 21:40 - 2014-11-05 21:40 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-11-05 21:40 - 2014-11-05 21:40 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-11-05 21:40 - 2014-11-05 21:40 - 21118304 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2014-11-05 21:39 - 2014-11-05 21:39 - 00985968 _____ () C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll
2014-11-05 21:39 - 2014-11-05 21:39 - 00136048 _____ () C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll
2014-11-05 21:39 - 2014-11-05 21:39 - 00192368 _____ () C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll
2014-11-10 21:39 - 2014-11-10 21:39 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Heiko\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Acronis Agent User (S-1-5-21-3172040616-1078018660-4015173888-1007 - Administrator - Enabled)
Administrator (S-1-5-21-3172040616-1078018660-4015173888-500 - Administrator - Disabled)
Gast (S-1-5-21-3172040616-1078018660-4015173888-501 - Limited - Disabled)
Heiko (S-1-5-21-3172040616-1078018660-4015173888-1001 - Administrator - Enabled) => C:\Users\Heiko
HomeGroupUser$ (S-1-5-21-3172040616-1078018660-4015173888-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2014 08:41:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0dcc
Name des fehlerhaften Moduls: amdmantle64.dll, Version: 9.1.10.34, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000040cfa6
ID des fehlerhaften Prozesses: 0x1418
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3
Vollständiger Name des fehlerhaften Pakets: CCC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCC.exe5

Error: (11/11/2014 09:28:59 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (11/11/2014 09:11:42 AM) (Source: MsiInstaller) (EventID: 11316) (User: TAILTINN)
Description: Produkt: Bonjour -- Fehler 1316. Das angegebene Konto ist bereits vorhanden.

Error: (11/11/2014 09:08:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0dcc
Name des fehlerhaften Moduls: amdmantle64.dll, Version: 9.1.10.34, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000040cfa6
ID des fehlerhaften Prozesses: 0x17ec
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3
Vollständiger Name des fehlerhaften Pakets: CCC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCC.exe5

Error: (11/11/2014 00:40:08 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: CCC.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 00007FF9338ADEE0

Error: (11/11/2014 00:36:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: TAILTINN)
Description: Die App „Microsoft.ZuneMusic_2.2.705.0_x64__8wekyb3d8bbwe+Microsoft.ZuneMusic“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.

Error: (11/11/2014 00:20:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0dcc
Name des fehlerhaften Moduls: amdmantle64.dll, Version: 9.1.10.34, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000040cfa6
ID des fehlerhaften Prozesses: 0x161c
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3
Vollständiger Name des fehlerhaften Pakets: CCC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCC.exe5

Error: (11/11/2014 00:03:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (11/11/2014 00:02:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (11/11/2014 00:01:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.


System errors:
=============
Error: (11/11/2014 08:42:01 PM) (Source: DCOM) (EventID: 10010) (User: TAILTINN)
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}

Error: (11/11/2014 08:40:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/11/2014 08:40:26 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Acronis Managed Machine Service" ist von folgendem Dienst abhängig: ProtectedStorage. Dieser Dienst ist möglicherweise nicht installiert.

Error: (11/11/2014 08:40:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/11/2014 08:40:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎11.‎11.‎2014 um 12:01:29 unerwartet heruntergefahren.

Error: (11/11/2014 08:40:00 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212254874654645038319776

Error: (11/11/2014 00:40:15 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (11/11/2014 00:19:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/11/2014 00:19:30 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Acronis Managed Machine Service" ist von folgendem Dienst abhängig: ProtectedStorage. Dieser Dienst ist möglicherweise nicht installiert.

Error: (11/11/2014 00:19:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (11/11/2014 08:41:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6141801cffde76c0e397bC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\SYSTEM32\amdmantle64.dllad50644a-69da-11e4-8259-00241d18f8a2

Error: (11/11/2014 09:28:59 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (11/11/2014 09:11:42 AM) (Source: MsiInstaller) (EventID: 11316) (User: TAILTINN)
Description: Produkt: Bonjour -- Fehler 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/11/2014 09:08:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa617ec01cffd86b5b5f0d0C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\SYSTEM32\amdmantle64.dllfaf72be4-6979-11e4-8258-00241d18f8a2

Error: (11/11/2014 00:40:08 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: CCC.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 00007FF9338ADEE0

Error: (11/11/2014 00:36:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: TAILTINN)
Description: Microsoft.ZuneMusic_2.2.705.0_x64__8wekyb3d8bbwe+Microsoft.ZuneMusic

Error: (11/11/2014 00:20:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6161c01cffd3cdc659fc7C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\SYSTEM32\amdmantle64.dll20e138be-6930-11e4-8258-00241d18f8a2

Error: (11/11/2014 00:03:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert

Error: (11/11/2014 00:02:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert

Error: (11/11/2014 00:01:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert


CodeIntegrity Errors:
===================================
  Date: 2014-11-10 22:54:42.454
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-10 22:54:41.923
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-10 22:54:40.954
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-10 22:54:40.267
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-10 22:54:39.907
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-10 22:54:08.110
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-10 22:54:07.845
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-10 22:50:46.461
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-10 22:50:46.305
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-10 22:50:45.992
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 810 Processor
Percentage of memory in use: 13%
Total physical RAM: 12285.09 MB
Available physical RAM: 10658.64 MB
Total Pagefile: 14717.09 MB
Available Pagefile: 12993.18 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.9 GB) (Free:71.8 GB) NTFS
Drive d: (Storage) (Fixed) (Total:931.51 GB) (Free:345.61 GB) NTFS
Drive e: (Media) (Fixed) (Total:931.51 GB) (Free:530.49 GB) NTFS
Drive f: (Programs) (Fixed) (Total:298.08 GB) (Free:65.23 GB) NTFS
Drive g: (Junk) (Fixed) (Total:931.32 GB) (Free:511.35 GB) NTFS
Drive i: (Sticker) (Removable) (Total:1.87 GB) (Free:1.86 GB) FAT
Drive x: (Boxcryptor) (Fixed) (Total:1050.41 GB) (Free:417.41 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 34EC2196)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 64FEA616)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 554CC27C)
Partition 1: (Not Active) - (Size=931.3 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 347F99B2)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)

==================== End Of Log ============================

Windows 8.1: Rootkit-gen, SupTab, Sweet Page

Log-Analyse und Auswertung: Windows 8.1: Rootkit-gen, SupTab, Sweet Page

Windows 8.1: Rootkit-gen, SupTab, Sweet Page

Ähnliche Themen: Windows 8.1: Rootkit-gen, SupTab, Sweet Page