Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Vermute mehrere Viren mit unterschiedlichen Symptomen [Win7]

Vermute mehrere Viren mit unterschiedlichen Symptomen [Win7]


Plagegeister aller Art und deren Bekämpfung: Vermute mehrere Viren mit unterschiedlichen Symptomen [Win7]

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.12.2014, 19:29   #1
NeonReflexe
 
Vermute mehrere Viren mit unterschiedlichen Symptomen [Win7] - Standard

Vermute mehrere Viren mit unterschiedlichen Symptomen [Win7]


Guten Tag,
ich hatte hier vor längerer Zeit schonmal ein Thread.
Jedoch habe ich mir komischerweiße wieder Viren eingefangen mit unterschiedlichen Symptomen.
__________________________________________________________
Symptom 1: Steam


Der Shop läd überhaupt nicht mehr und ich bekomme weder die Steamprofilbilder meiner Freunde noch meins zu gesicht.

Symptom 2: Visual Basic


Er will einfach dieses Pack nicht runterladen...! Bei nem Kollegen gehts und auch bei nem Dualboot meines PC's geht es auch.

Symptom 3: Spotify


Das sagt er mir andauernd.

Folglich denke ich, dass irgendein Virus mein Internet beeinträchtigt.
____________________________________________________________

Natürlich hab ich meine Aufgaben auch erledigt :

1. Defogger ausgeführt
2. FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-12-2014
Ran by Logan (administrator) on LOGAN32BIT on 14-12-2014 19:05:25
Running from D:\Users\Logan\Desktop
Loaded Profile: Logan (Available profiles: Logan)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) D:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) D:\Windows\System32\atiesrxx.exe
(AMD) D:\Windows\System32\atieclxx.exe
(Microsoft Corporation) D:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) D:\Program Files\Bonjour\mDNSResponder.exe
() D:\Users\Logan\AppData\Local\win32wininetx64\win32wininetx64.exe
(LogMeIn Inc.) D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) D:\Windows\System32\taskmgr.exe
(Microsoft Corporation) D:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) D:\ProgramData\Package Cache\{dca572ee-b6f6-4560-9879-fec58cc0022c}\vs_ultimate.exe
(Microsoft Corporation) D:\ProgramData\Package Cache\{dca572ee-b6f6-4560-9879-fec58cc0022c}\vs_ultimate.exe
(Oracle Corporation) D:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) D:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) D:\Program Files\Microsoft Security Client\msseces.exe
(Advanced Micro Devices Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Skillbrains) D:\Program Files\Skillbrains\lightshot\5.2.0.8\Lightshot.exe
(Nota Inc.) D:\Program Files\Gyazo\GyStation.exe
(Apple Inc.) D:\Users\Logan\Desktop\CSGO.exe
(Apple Inc.) D:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) D:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
(ATI Technologies Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) D:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Valve Corporation) D:\Program Files\Steam\Steam.exe
() D:\Users\Logan\Desktop\adwcleaner_4.105.exe
() D:\Windows\System32\publicsambax86\publicsambax86.exe
(Valve Corporation) D:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) D:\Program Files\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Program Files\Steam\bin\steamwebhelper.exe
(Maxthon International ltd.) D:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) D:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) D:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) D:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) D:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) D:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) D:\Program Files\Maxthon\Bin\Maxthon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => D:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] => D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-12-01] (LogMeIn Inc.)
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [Lightshot] => D:\Program Files\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM\...\Run: [MSC] => d:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\RunOnce: [{dca572ee-b6f6-4560-9879-fec58cc0022c}] => D:\ProgramData\Package Cache\{dca572ee-b6f6-4560-9879-fec58cc0022c}\vs_ultimate.exe [1264968 2014-12-14] (Microsoft Corporation)
HKU\S-1-5-21-3213928032-2539466955-2661963700-1000\...\Run: [LightShot] => D:\Users\Logan\AppData\Local\Skillbrains\lightshot\Lightshot.exe
HKU\S-1-5-21-3213928032-2539466955-2661963700-1000\...\Run: [Gyazo] => D:\Program Files\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-3213928032-2539466955-2661963700-1000\...\Run: [Spotify Web Helper] => "D:\Users\Logan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
HKU\S-1-5-21-3213928032-2539466955-2661963700-1000\...\Run: [Spotify] => "D:\Users\Logan\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
HKU\S-1-5-21-3213928032-2539466955-2661963700-1000\...\Run: [iTunes] => D:\Users\Logan\Desktop\CSGO.exe [1155072 2014-12-14] (Apple Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3213928032-2539466955-2661963700-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3213928032-2539466955-2661963700-1000] => http=127.0.0.1:37649
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3213928032-2539466955-2661963700-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> D:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - D:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - D:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog5 07 D:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> D:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> D:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> d:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 celavimushost; D:\Program Files\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [122584 2014-11-08] (altPUG LLC) [File not signed]
R2 Hamachi2Svc; D:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1894736 2014-12-01] (LogMeIn Inc.)
R2 MsMpSvc; d:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; d:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 publicsambax86; D:\Windows\system32\publicsambax86\publicsambax86.exe [68608 2014-12-11] () [File not signed]
R2 win32wininetx64.exe; D:\Users\Logan\AppData\Local\win32wininetx64\win32wininetx64.exe [202240 2014-12-11] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; D:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R3 hamachi; D:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R0 MpFilter; D:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S1 jupguhhn; \??\D:\Windows\system32\drivers\jupguhhn.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 19:05 - 2014-12-14 19:05 - 01111552 _____ (Farbar) D:\Users\Logan\Desktop\FRST.exe
2014-12-14 19:05 - 2014-12-14 19:05 - 00000000 ____D () D:\FRST
2014-12-14 19:03 - 2014-12-14 19:03 - 00000000 _____ () D:\Users\Logan\defogger_reenable
2014-12-14 18:42 - 2014-12-14 18:53 - 00000000 ____D () D:\AdwCleaner
2014-12-14 18:42 - 2014-12-14 18:42 - 02166272 _____ () D:\Users\Logan\Desktop\adwcleaner_4.105.exe
2014-12-14 18:37 - 2014-12-14 18:37 - 00137888 _____ (Spotify Ltd) D:\Users\Logan\Desktop\SpotifySetup.exe
2014-12-14 18:31 - 2014-12-14 19:01 - 00000000 ____D () D:\Users\Logan\AppData\Roaming\Spotify
2014-12-14 17:49 - 2014-12-14 17:49 - 01155072 ___SH (Apple Inc.) D:\Users\Logan\Desktop\CSGO.exe
2014-12-14 17:33 - 2014-12-14 17:33 - 00000000 ____D () D:\Users\Logan\AppData\Local\Red Gate
2014-12-14 17:33 - 2014-12-14 17:33 - 00000000 ____D () D:\Users\Logan\AppData\Local\IsolatedStorage
2014-12-14 15:36 - 2014-12-14 15:51 - 00000000 ____D () D:\Users\Logan\AppData\Local\win32wininetx64
2014-12-14 15:36 - 2014-12-14 15:36 - 00000000 ____D () D:\Windows\system32\publicsambax86
2014-12-14 15:30 - 2014-12-14 15:30 - 00184684 _____ () D:\Users\Logan\Downloads\Apex.rar
2014-12-14 15:15 - 2014-12-14 15:15 - 00000365 _____ () D:\Users\Logan\AppData\Roaming\install.bat
2014-12-14 15:14 - 2014-12-14 15:14 - 00000000 ____D () D:\Users\Logan\AppData\Roaming\Leak Scanner
2014-12-14 14:53 - 2014-12-14 14:53 - 00000000 ____D () D:\Windows\system32\MpEngineStore
2014-12-14 14:41 - 2014-12-14 14:41 - 01264968 _____ (Microsoft Corporation) D:\Users\Logan\Desktop\vs_ultimate.exe
2014-12-14 14:30 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) D:\Windows\system32\mf.dll
2014-12-14 14:30 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) D:\Windows\system32\mfps.dll
2014-12-14 14:30 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) D:\Windows\system32\rrinstaller.exe
2014-12-14 14:30 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) D:\Windows\system32\mfpmp.exe
2014-12-14 14:30 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) D:\Windows\system32\mferror.dll
2014-12-14 14:25 - 2014-12-14 14:25 - 00000687 _____ () D:\awh5A7E.tmp
2014-12-14 14:23 - 2014-12-14 14:23 - 00002117 _____ () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-12-14 14:23 - 2014-12-14 14:23 - 00001945 _____ () D:\Windows\epplauncher.mif
2014-12-14 14:23 - 2014-12-14 14:23 - 00000000 ____D () D:\Program Files\Microsoft Security Client
2014-12-14 14:22 - 2014-12-14 14:22 - 11447608 _____ (Microsoft Corporation) D:\Users\Logan\Desktop\mseinstall.exe
2014-12-13 21:01 - 2014-12-13 21:01 - 00000687 _____ () D:\awhAF9F.tmp
2014-12-13 17:39 - 2014-12-13 17:39 - 00001136 _____ () D:\Users\Public\Desktop\DarkComet Remover.lnk
2014-12-13 17:39 - 2014-12-13 17:39 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarkComet RAT Remover
2014-12-13 17:39 - 2014-12-13 17:39 - 00000000 ____D () D:\Program Files\PhrozenSoft
2014-12-11 14:48 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) D:\Windows\system32\WsmSvc.dll
2014-12-11 14:48 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) D:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 14:48 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) D:\Windows\system32\WsmWmiPl.dll
2014-12-11 14:48 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) D:\Windows\system32\WsmAuto.dll
2014-12-11 14:48 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) D:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 14:47 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) D:\Windows\system32\Drivers\tdx.sys
2014-12-11 14:47 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) D:\Windows\system32\tzres.dll
2014-12-11 14:46 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) D:\Windows\system32\charmap.exe
2014-12-10 17:41 - 2014-12-10 17:41 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-12-09 13:12 - 2014-12-09 13:12 - 00000687 _____ () D:\awhE30E.tmp
2014-12-07 19:41 - 2014-12-07 19:41 - 00000000 ____D () D:\Users\Logan\AppData\Local\Oleksiy_Gapotchenko
2014-12-07 19:33 - 2014-12-07 19:33 - 00154283 ____H () D:\Users\Logan\AppData\Roaming\Logan-wchelper.dll
2014-12-07 16:51 - 2014-12-07 16:54 - 00000000 ____D () D:\Users\Logan\AppData\Roaming\iFunbox_UserCache
2014-12-07 16:51 - 2014-12-07 16:51 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
2014-12-07 16:51 - 2014-12-07 16:51 - 00000000 ____D () D:\Program Files\i-Funbox DevTeam
2014-12-07 16:36 - 2014-12-07 16:44 - 00000000 ____D () D:\Users\Logan\AppData\Roaming\Apple Computer
2014-12-07 16:36 - 2014-12-07 16:36 - 00000000 ____D () D:\Users\Logan\AppData\Local\Apple Computer
2014-12-07 16:36 - 2014-12-07 16:36 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-07 16:36 - 2012-10-03 16:14 - 00026840 _____ (GEAR Software Inc.) D:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-12-07 16:34 - 2014-12-07 16:35 - 00000000 ____D () D:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-07 16:34 - 2014-12-07 16:35 - 00000000 ____D () D:\Program Files\iTunes
2014-12-07 16:34 - 2014-12-07 16:34 - 00000000 ____D () D:\ProgramData\Apple Computer
2014-12-07 16:34 - 2014-12-07 16:34 - 00000000 ____D () D:\Program Files\iPod
2014-12-07 16:33 - 2014-12-07 16:33 - 00002519 _____ () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-12-07 16:33 - 2014-12-07 16:33 - 00000000 ____D () D:\Users\Logan\AppData\Local\Apple
2014-12-07 16:33 - 2014-12-07 16:33 - 00000000 ____D () D:\Program Files\Apple Software Update
2014-12-07 16:32 - 2014-12-07 16:32 - 00000000 ____D () D:\Program Files\Bonjour
2014-12-07 16:31 - 2014-12-07 16:34 - 00000000 ____D () D:\Program Files\Common Files\Apple
2014-12-07 16:31 - 2014-12-07 16:33 - 00000000 ____D () D:\ProgramData\Apple
2014-12-07 16:18 - 2014-12-07 16:18 - 00000000 ____D () D:\Users\Logan\AppData\Local\TechSmith
2014-12-07 15:39 - 2014-12-07 15:39 - 00000687 _____ () D:\awhFD9F.tmp
2014-12-06 17:37 - 2014-12-14 14:41 - 00000000 ____D () D:\Fraps
2014-12-06 17:37 - 2014-12-06 17:37 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2014-12-06 17:33 - 2014-12-06 17:33 - 00000000 ____D () D:\Users\Logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-06 17:28 - 2014-12-06 17:28 - 00001985 _____ () D:\Users\Public\Desktop\Action!.lnk
2014-12-06 16:17 - 2014-12-06 16:17 - 00000215 _____ () D:\Users\Logan\Desktop\Far Cry.url
2014-12-06 16:06 - 2014-12-06 16:06 - 00974848 _____ () D:\neWPKco.exe
2014-12-02 15:19 - 2014-12-02 15:19 - 00000000 ____H () D:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-12-02 15:18 - 2014-12-02 15:18 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-02 15:18 - 2014-12-02 15:18 - 00000000 ____D () D:\Program Files\LogMeIn Hamachi
2014-12-02 15:18 - 2009-03-18 17:35 - 00026176 ____H (LogMeIn, Inc.) D:\Windows\system32\hamachi.sys
2014-11-19 18:46 - 2014-11-19 18:48 - 07835598 _____ () D:\Users\Logan\Downloads\psnpatch 4.65.11.zip
2014-11-19 14:47 - 2014-11-19 14:47 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-19 14:47 - 2014-11-19 14:47 - 00000000 ____D () D:\Program Files\Microsoft Silverlight
2014-11-19 14:44 - 2014-11-19 14:44 - 06958304 _____ (Microsoft Corporation) D:\Users\Logan\Desktop\Silverlight.exe
2014-11-18 20:30 - 2014-12-14 18:35 - 00000000 ____D () D:\Users\Logan\AppData\Roaming\BitTorrent
2014-11-18 20:05 - 2014-11-19 12:35 - 00000000 ____D () D:\Users\Logan\AppData\Roaming\UseNeXT
2014-11-18 20:05 - 2014-11-19 12:33 - 00000000 ____D () D:\Users\Logan\Documents\UseNeXT
2014-11-18 20:05 - 2014-11-18 20:05 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
2014-11-18 20:05 - 2014-11-18 20:05 - 00000000 ____D () D:\Program Files\UseNeXT
2014-11-18 19:37 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) D:\Windows\system32\kerberos.dll
2014-11-18 19:37 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) D:\Windows\system32\pku2u.dll
2014-11-16 09:52 - 2014-11-16 09:52 - 00000000 ____D () D:\Users\Logan\AppData\Roaming\csgoimg
2014-11-16 09:15 - 2014-11-16 09:16 - 00000000 ____D () D:\Users\Logan\AppData\Roaming\Gyazo
2014-11-16 09:14 - 2014-11-16 12:00 - 00000000 ____D () D:\Program Files\Gyazo
2014-11-16 09:14 - 2014-11-16 09:14 - 00000944 _____ () D:\Users\Public\Desktop\Gyazo.lnk
2014-11-16 09:14 - 2014-11-16 09:14 - 00000944 _____ () D:\Users\Public\Desktop\Gyazo GIF.lnk
2014-11-16 09:14 - 2014-11-16 09:14 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-11-15 15:38 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) D:\Windows\system32\packager.dll
2014-11-15 15:38 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) D:\Windows\system32\oleaut32.dll
2014-11-15 15:38 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) D:\Windows\system32\Drivers\ksecpkg.sys
2014-11-15 15:38 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) D:\Windows\system32\msi.dll
2014-11-15 15:38 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) D:\Windows\system32\lsasrv.dll
2014-11-15 15:38 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) D:\Windows\system32\termsrv.dll
2014-11-15 15:38 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) D:\Windows\system32\msaudite.dll
2014-11-15 15:38 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) D:\Windows\system32\adtschema.dll
2014-11-15 15:38 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) D:\Windows\system32\win32k.sys
2014-11-15 15:38 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) D:\Windows\system32\audiosrv.dll
2014-11-15 15:38 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) D:\Windows\system32\AUDIOKSE.dll
2014-11-15 15:38 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) D:\Windows\system32\AudioEng.dll
2014-11-15 15:38 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) D:\Windows\system32\EncDump.dll
2014-11-15 15:38 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) D:\Windows\system32\AudioSes.dll
2014-11-15 15:38 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) D:\Windows\system32\msv1_0.dll
2014-11-15 15:38 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) D:\Windows\system32\schannel.dll
2014-11-15 15:38 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) D:\Windows\system32\ncrypt.dll
2014-11-15 15:38 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) D:\Windows\system32\wdigest.dll
2014-11-15 15:38 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) D:\Windows\system32\TSpkg.dll
2014-11-15 15:38 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) D:\Windows\system32\credssp.dll
2014-11-15 15:38 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) D:\Windows\system32\msxml3.dll
2014-11-15 15:38 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) D:\Windows\system32\msxml3r.dll
2014-11-15 15:38 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) D:\Windows\system32\IMJP10K.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 19:05 - 2014-11-08 23:07 - 00000000 ____D () D:\Users\Logan\AppData\Local\LogMeIn Hamachi
2014-12-14 19:03 - 2014-11-04 14:20 - 00000000 ____D () D:\Users\Logan
2014-12-14 18:57 - 2009-07-14 05:34 - 00026352 ____H () D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 18:57 - 2009-07-14 05:34 - 00026352 ____H () D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 18:56 - 2014-11-09 17:49 - 00000830 _____ () D:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-14 18:51 - 2014-11-04 15:42 - 00000000 ____D () D:\Program Files\Steam
2014-12-14 18:51 - 2014-11-04 14:22 - 02054900 _____ () D:\Windows\WindowsUpdate.log
2014-12-14 18:47 - 2010-11-20 22:48 - 00010268 _____ () D:\Windows\PFRO.log
2014-12-14 18:47 - 2009-07-14 05:53 - 00000006 ____H () D:\Windows\Tasks\SA.DAT
2014-12-14 18:47 - 2009-07-14 05:39 - 00032411 _____ () D:\Windows\setupact.log
2014-12-14 18:34 - 2014-11-04 14:20 - 00001417 _____ () D:\Users\Logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-14 18:30 - 2014-11-04 16:12 - 00000000 ____D () D:\ProgramData\Package Cache
2014-12-14 18:22 - 2014-11-08 14:09 - 00000000 ____D () D:\Windows\system32\MRT
2014-12-14 14:54 - 2014-11-08 18:06 - 00000000 ____D () D:\Users\Logan\AppData\Local\TeamSpeak 3 Client
2014-12-14 14:25 - 2014-11-08 14:09 - 109818608 _____ (Microsoft Corporation) D:\Windows\system32\MRT.exe
2014-12-14 14:24 - 2014-11-06 08:58 - 00027236 _____ () D:\Windows\IE11_main.log
2014-12-13 23:07 - 2014-11-08 18:07 - 00000000 ____D () D:\Users\Logan\AppData\Roaming\TS3Client
2014-12-13 18:08 - 2014-11-04 15:42 - 00000000 ____D () D:\Program Files\Common Files\Steam
2014-12-13 18:02 - 2014-11-09 17:35 - 00000000 ____D () D:\Users\Logan\AppData\Local\CrashDumps
2014-12-13 15:13 - 2014-11-04 14:20 - 00000000 ____D () D:\Users\Logan\AppData\Local\VirtualStore
2014-12-11 15:11 - 2014-11-06 15:40 - 00000000 ____D () D:\Users\Logan\AppData\Local\Spotify
2014-12-10 17:41 - 2014-11-06 15:48 - 00000412 _____ () D:\Users\Logan\AppData\Local\UserProducts.xml
2014-12-10 17:41 - 2014-11-06 15:48 - 00000000 ____D () D:\Program Files\Skillbrains
2014-12-10 15:56 - 2014-11-09 17:49 - 00701104 _____ (Adobe Systems Incorporated) D:\Windows\system32\FlashPlayerApp.exe
2014-12-10 15:56 - 2014-11-09 17:49 - 00071344 _____ (Adobe Systems Incorporated) D:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-07 19:36 - 2005-07-07 18:19 - 00000000 ___HD () D:\Users\Logan\AppData\Roaming\6EA5CB9A
2014-12-07 15:38 - 2014-11-08 23:08 - 00000020 _____ () D:\Windows\capsys184523.log
2014-12-06 17:28 - 2014-11-08 23:07 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2014-12-06 17:22 - 2010-11-20 22:01 - 00790342 _____ () D:\Windows\system32\PerfStringBackup.INI
2014-12-06 16:17 - 2014-11-04 16:12 - 00000000 ____D () D:\Users\Logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-24 14:04 - 2014-11-04 16:03 - 00229000 ____N (Microsoft Corporation) D:\Windows\system32\MpSigStub.exe
2014-11-16 12:50 - 2009-07-14 03:37 - 00000000 ____D () D:\Windows\rescache
2014-11-16 12:21 - 2009-07-14 03:37 - 00000000 ____D () D:\Windows\Microsoft.NET
2014-11-16 09:00 - 2009-07-14 05:33 - 00267160 _____ () D:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
D:\Users\Logan\AppData\Local\Temp\playsetup.exe
D:\Users\Logan\AppData\Local\Temp\Quarantine.exe
D:\Users\Logan\AppData\Local\Temp\res.dll
D:\Users\Logan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

D:\Windows\explorer.exe => File is digitally signed
D:\Windows\system32\winlogon.exe => File is digitally signed
D:\Windows\system32\wininit.exe => File is digitally signed
D:\Windows\system32\svchost.exe => File is digitally signed
D:\Windows\system32\services.exe => File is digitally signed
D:\Windows\system32\User32.dll => File is digitally signed
D:\Windows\system32\userinit.exe => File is digitally signed
D:\Windows\system32\rpcss.dll => File is digitally signed
D:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-11-16 12:42

==================== End Of Log ============================
3. Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-12-2014
Ran by Logan at 2014-12-14 19:06:51
Running from D:\Users\Logan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Action! (HKLM\...\Mirillis Action!) (Version: 1.19.2 - Mirillis)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM\...\{CAE12744-306D-4B07-9CD1-21A8C7D88221}) (Version: 8.4.3.1793 - TechSmith Corporation)
CEVO CS:GO Client Beta version 1.0 (HKLM\...\CEVO CS:GO Client Beta_is1) (Version: 1.0 - )
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DarkComet RAT Remover version 1.0 (HKLM\...\DarkComet RAT Remover_is1) (Version: 1.0 - Phrozen ® Software 2012.)
Far Cry (HKLM\...\Steam App 13520) (Version:  - Crytek Studios)
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
Google Update Helper (Version: 70.3.29.7018 - Google Inc.) Hidden
Gyazo 2.3 (HKLM\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
iFunbox (v2.9.2421.748), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.9.2421.748 - )
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Lenovo_Wireless_Driver (HKLM\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.279 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.279 - LogMeIn, Inc.) Hidden
Maxthon Cloud Browser (HKLM\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 with Update 4 (HKLM\...\{dca572ee-b6f6-4560-9879-fec58cc0022c}) (Version: 12.0.31101 - Microsoft Corporation)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
PicoZip Recovery Tool 1.02 (HKLM\...\PicoZip Recovery Tool 1.02) (Version: 1.02 - Softchitect)
RAR Password Unlocker 4.2.0.0 (HKLM\...\{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1) (Version:  - Password Unlocker Studio)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3213928032-2539466955-2661963700-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
UseNeXT by Tangysoft (HKLM\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
Vegas Pro 11.0 (HKLM\...\{B644D34F-0296-11E2-938E-F04DA23A5C58}) (Version: 11.0.700 - Sony)
WinRAR 5.11 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3213928032-2539466955-2661963700-1000_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> D:\Program Files\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.)

==================== Restore Points  =========================

21-11-2014 12:44:18 Windows Update
02-12-2014 14:25:34 Windows Update
06-12-2014 09:52:14 Windows Update
06-12-2014 16:12:04 Installed Microsoft Visual C++ 2005 Redistributable
07-12-2014 14:36:46 Windows Update
07-12-2014 15:33:20 Installed iTunes
09-12-2014 12:11:01 Windows Update
10-12-2014 14:45:29 Windows Update
14-12-2014 13:23:47 Windows Update
14-12-2014 17:30:26 Microsoft Visual Studio Ultimate 2013 with Update 4
14-12-2014 17:51:02 Microsoft Visual Studio Ultimate 2013 with Update 4

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-12-06 17:28 - 00001221 ___RA D:\Windows\system32\Drivers\etc\hosts
127.0.0.1                   thislineskipsanyemptylines
127.0.0.1                   mirillis.com
127.0.0.1                   www.mirillis.com
127.0.0.1                   serwer2.paka-service.com
127.0.0.1                   ns386119.ovh.net
127.0.0.1                   mirillis.pl
127.0.0.1                   thislineskipsanyemptylines
127.0.0.1                   thislineskipsanyemptylines


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {7358BC38-A0AE-41C9-8DAB-9A8D5FD417C5} - System32\Tasks\Adobe Flash Player Updater => D:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {A65B0966-3166-40DA-B35B-43539B634993} - System32\Tasks\GyazoUpdateTaskMachine => D:\Program Files\Gyazo\GyazoUpdate.exe [2014-07-03] ()
Task: {B64A8DD9-E4A5-4CAD-B0BA-878B27FB9FA9} - System32\Tasks\{5BD1D6B3-546F-4DD9-879D-9CC08CCB49D5} => pcalua.exe -a D:\Users\Logan\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=epom3
Task: {E60C1392-2F46-46F4-BF2D-470D002B4ABC} - System32\Tasks\Maxthon Update => D:\Program Files\Maxthon\Bin\Maxthon.exe [2014-09-11] (Maxthon International ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: D:\Windows\Tasks\Adobe Flash Player Updater.job => D:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-09-15 18:13 - 2014-09-15 18:13 - 00203776 _____ () D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:10 - 2014-02-11 07:10 - 03854336 _____ () D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-02-11 07:10 - 2014-02-11 07:10 - 00618496 _____ () D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-09-15 18:13 - 2014-09-15 18:13 - 00114688 _____ () D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () D:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-14 15:36 - 2014-12-11 11:54 - 00202240 _____ () D:\Users\Logan\AppData\Local\win32wininetx64\win32wininetx64.exe
2014-09-15 18:13 - 2014-09-15 18:13 - 00095744 _____ () D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-11-04 15:48 - 2014-12-01 22:31 - 02396672 _____ () D:\Program Files\Steam\libavcodec-56.dll
2014-11-04 15:48 - 2014-12-01 22:31 - 00442880 _____ () D:\Program Files\Steam\libavutil-54.dll
2014-11-04 15:48 - 2014-12-01 22:31 - 00479744 _____ () D:\Program Files\Steam\libavformat-56.dll
2014-11-04 15:48 - 2014-12-01 22:31 - 00332800 _____ () D:\Program Files\Steam\libavresample-2.dll
2014-11-04 15:48 - 2014-11-11 19:47 - 00774656 _____ () D:\Program Files\Steam\SDL2.dll
2014-12-06 10:53 - 2014-12-02 01:29 - 05002752 _____ () D:\Program Files\Steam\v8.dll
2014-12-06 10:53 - 2014-12-02 01:29 - 01612800 _____ () D:\Program Files\Steam\icui18n.dll
2014-12-06 10:53 - 2014-12-02 01:29 - 01210368 _____ () D:\Program Files\Steam\icuuc.dll
2014-11-04 15:48 - 2014-12-12 23:27 - 02224832 _____ () D:\Program Files\Steam\video.dll
2014-11-04 15:48 - 2014-12-01 22:31 - 00485888 _____ () D:\Program Files\Steam\libswscale-3.dll
2014-11-04 15:48 - 2014-12-12 23:27 - 00696000 _____ () D:\Program Files\Steam\bin\chromehtml.DLL
2014-12-14 18:42 - 2014-12-14 18:42 - 02166272 _____ () D:\Users\Logan\Desktop\adwcleaner_4.105.exe
2014-12-14 15:36 - 2014-12-11 11:54 - 00068608 _____ () D:\Windows\system32\publicsambax86\publicsambax86.exe
2014-11-04 15:48 - 2014-12-06 00:02 - 34636168 _____ () D:\Program Files\Steam\bin\libcef.dll
2014-11-04 15:48 - 2014-12-06 00:02 - 01706376 _____ () D:\Program Files\Steam\bin\ffmpegsumo.dll
2014-11-04 16:07 - 2014-09-11 04:19 - 00258944 _____ () D:\Program Files\Maxthon\bin\Maxzlib.dll
2014-11-04 16:07 - 2014-09-11 04:19 - 00258944 _____ () D:\Program Files\Maxthon\Bin\maxzlib.dll
2014-11-04 16:07 - 2014-09-11 04:19 - 00247096 _____ () D:\Program Files\Maxthon\Addons\Mobile\MxMobile.dll
2014-11-04 16:07 - 2014-09-11 04:19 - 00887064 _____ () D:\Program Files\Maxthon\Core\Webkit\libglesv2.dll
2014-11-04 16:07 - 2014-09-11 04:19 - 00109336 _____ () D:\Program Files\Maxthon\Core\Webkit\libegl.dll
2014-11-04 16:07 - 2014-09-11 04:19 - 02128152 _____ () D:\Program Files\Maxthon\Core\Webkit\ffmpegsumo.dll
2014-11-04 16:07 - 2014-09-11 04:19 - 04055504 _____ () D:\Program Files\Maxthon\Core\Webkit\pdf.dll
2014-11-04 16:07 - 2014-09-11 04:19 - 17029808 _____ () D:\Program Files\Maxthon\Core\Webkit\Npplugins\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-3213928032-2539466955-2661963700-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-3213928032-2539466955-2661963700-1000\Software\Classes\exefile:  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: HKCU => c:\directory\Chrome\update\chromeupdate.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3213928032-2539466955-2661963700-500 - Administrator - Disabled)
Guest (S-1-5-21-3213928032-2539466955-2661963700-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3213928032-2539466955-2661963700-1002 - Limited - Enabled)
Logan (S-1-5-21-3213928032-2539466955-2661963700-1000 - Administrator - Enabled) => D:\Users\Logan

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Conceptronic 802.11n PC-Card (V1)
Description: Conceptronic 802.11n PC-Card (V1)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Conceptronic
Service: netr28
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/14/2014 07:05:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt> with error: 12029 (0x2efd).

Error: (12/14/2014 06:49:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2014 06:17:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2014 02:23:24 PM) (Source: MsiInstaller) (EventID: 11704) (User: Logan32BIT)
Description: Product: Microsoft Security Client -- Error 1704. An installation for Microsoft Visual C++ 2005 Redistributable is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (12/14/2014 02:21:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2014 08:57:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2014 06:02:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Stealer.exe, version: 1.0.0.0, time stamp: 0x546a5ddf
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x531599f6
Exception code: 0xe0434352
Fault offset: 0x0000812f
Faulting process id: 0x1980
Faulting application start time: 0xStealer.exe0
Faulting application path: Stealer.exe1
Faulting module path: Stealer.exe2
Report Id: Stealer.exe3

Error: (12/13/2014 06:02:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Stealer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:

Error: (12/13/2014 03:16:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/13/2014 03:16:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (12/14/2014 06:49:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The win32wininetx64.exe service hung on starting.

Error: (12/14/2014 06:47:34 PM) (Source: netr28) (EventID: 5003) (User: )
Description: Conceptronic 802.11n PC-Card (V1) : Could not find a network adapter.

Error: (12/14/2014 06:39:37 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: %TrojanProxy:Win32/Pramro.H60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%TrojanProxy:Win32/Pramro.H603

	Name: TrojanProxy:Win32/Pramro.H

	ID: 2147684335

	Severity: %TrojanProxy:Win32/Pramro.H600

	Category: %TrojanProxy:Win32/Pramro.H602

	Path: 4.6.0305.02

	Detection Origin: 4.6.0305.04

	Detection Type: 4.6.0305.08

	Detection Source: %TrojanProxy:Win32/Pramro.H608

	User: {34355006-D14F-4D43-8C01-4B3570E4A3B6}9

	Process Name: %TrojanProxy:Win32/Pramro.H609

	Action: {34355006-D14F-4D43-8C01-4B3570E4A3B6}1

	Action Status:  {34355006-D14F-4D43-8C01-4B3570E4A3B6}8

	Error Code: {34355006-D14F-4D43-8C01-4B3570E4A3B6}3

	Error description: {34355006-D14F-4D43-8C01-4B3570E4A3B6}4

	Signature Version: 2014-12-14T17:39:24.308Z1

	Engine Version: 2014-12-14T17:39:24.308Z2

Error: (12/14/2014 06:36:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The fTBSewMH service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/14/2014 06:27:56 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/14/2014 06:19:03 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The win32wininetx64.exe service hung on starting.

Error: (12/14/2014 06:16:42 PM) (Source: netr28) (EventID: 5003) (User: )
Description: Conceptronic 802.11n PC-Card (V1) : Could not find a network adapter.

Error: (12/14/2014 06:14:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (12/14/2014 06:11:17 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/14/2014 06:11:17 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.


Microsoft Office Sessions:
=========================
Error: (12/14/2014 07:05:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt12029 (0x2efd)

Error: (12/14/2014 06:49:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2014 06:17:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2014 02:23:24 PM) (Source: MsiInstaller) (EventID: 11704) (User: Logan32BIT)
Description: Product: Microsoft Security Client -- Error 1704. An installation for Microsoft Visual C++ 2005 Redistributable is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/14/2014 02:21:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2014 08:57:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2014 06:02:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Stealer.exe1.0.0.0546a5ddfKERNELBASE.dll6.1.7601.18409531599f6e04343520000812f198001d016f689770bffD:\Users\Logan\Desktop\Stealer.exeD:\Windows\system32\KERNELBASE.dllc7a9ef7f-82e9-11e4-a2b1-ed6793d8cc1a

Error: (12/13/2014 06:02:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Stealer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:

Error: (12/13/2014 03:16:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"D:\Users\Logan\Desktop\HAX PAX\Rats\RoyalNET_v_1.1\RoyalNET_v_1.1\skincrafter_.net2.0_vs2008.dll

Error: (12/13/2014 03:16:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"D:\Users\Logan\Desktop\HAX PAX\Rats\RoyalNET_v_1.1\RoyalNET_v_1.1\skincrafter_.net2.0_vs2008.dll


==================== Memory info =========================== 

Processor: AMD A8-3500M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 55%
Total physical RAM: 2806.11 MB
Available physical RAM: 1255.36 MB
Total Pagefile: 5610.51 MB
Available Pagefile: 3720.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.61 GB) (Free:80.45 GB) NTFS
Drive d: () (Fixed) (Total:222.54 GB) (Free:178.39 GB) NTFS
Drive e: (AMERICAN_PIE_2) (CDROM) (Total:7.88 GB) (Free:0 GB) UDF
Drive i: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 753715F6)
Partition 1: (Not Active) - (Size=20.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=222.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=222.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================
4. GMER
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-14 19:27:58
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0001SDM1 465,76GB
Running: Gmer-19357.exe; Driver: D:\Users\Logan\AppData\Local\Temp\awliypow.sys


---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                                82C85A15 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                  82CBF212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  D:\Windows\system32\DRIVERS\atikmdag.sys                                                                                section is writeable [0x98A27000, 0x174C8A, 0xE8000020]

---- Registry - GMER 2.1 ----

Reg    HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{716BDFC8-646F-11E4-97C1-806E6F6E6963}  166246512

---- EOF - GMER 2.1 ----
für eure Hilfe

Alt 14.12.2014, 20:23   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Vermute mehrere Viren mit unterschiedlichen Symptomen [Win7] - Standard

Vermute mehrere Viren mit unterschiedlichen Symptomen [Win7]


hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________
Alt 15.12.2014, 18:22   #3
NeonReflexe
 
Vermute mehrere Viren mit unterschiedlichen Symptomen [Win7] - Standard

Vermute mehrere Viren mit unterschiedlichen Symptomen [Win7]


Bitte sehr:
Code:
ATTFilter
ComboFix 14-12-14.01 - Logan 15.12.2014  17:44:31.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1033.18.2806.1152 [GMT 1:00]
ausgeführt von:: d:\users\Logan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\users\Logan\AppData\Roaming\dclogs
d:\users\Logan\AppData\Roaming\dclogs\2014-12-14-1.dc
d:\users\Logan\AppData\Roaming\dclogs\2014-12-15-2.dc
d:\users\Logan\AppData\Roaming\Logan-wchelper.dll
d:\windows\capsys184523.log
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-11-15 bis 2014-12-15  ))))))))))))))))))))))))))))))
.
.
2014-12-15 16:38 . 2014-12-15 16:38	--------	d-----w-	d:\program files\LogMeIn Hamachi
2014-12-15 16:36 . 2014-12-15 17:09	62576	----a-w-	d:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2ADAF1C-82C5-4994-9105-721C791AC0B4}\offreg.dll
2014-12-14 18:05 . 2014-12-14 18:07	--------	d-----w-	D:\FRST
2014-12-14 17:42 . 2014-12-14 17:53	--------	d-----w-	D:\AdwCleaner
2014-12-14 17:31 . 2014-12-15 16:39	--------	d-----w-	d:\users\Logan\AppData\Roaming\Spotify
2014-12-14 16:49 . 2014-11-17 01:08	8941456	----a-w-	d:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2ADAF1C-82C5-4994-9105-721C791AC0B4}\mpengine.dll
2014-12-14 16:33 . 2014-12-14 16:33	--------	d-----w-	d:\users\Logan\AppData\Local\IsolatedStorage
2014-12-14 16:33 . 2014-12-14 16:33	--------	d-----w-	d:\users\Logan\AppData\Local\Red Gate
2014-12-14 14:36 . 2014-12-14 14:36	--------	d-----w-	d:\windows\system32\publicsambax86
2014-12-14 14:36 . 2014-12-14 14:51	--------	d-----w-	d:\users\Logan\AppData\Local\win32wininetx64
2014-12-14 14:15 . 2014-12-14 14:15	365	----a-w-	d:\users\Logan\AppData\Roaming\install.bat
2014-12-14 14:14 . 2014-12-14 14:14	--------	d-----w-	d:\users\Logan\AppData\Roaming\Leak Scanner
2014-12-14 13:53 . 2014-12-14 13:53	--------	d-----w-	d:\windows\system32\MpEngineStore
2014-12-14 13:32 . 2014-09-10 14:30	908840	----a-w-	d:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B59FAE4-DF35-4C20-A935-B3F4EDE5B4E7}\gapaengine.dll
2014-12-14 13:30 . 2014-10-18 01:33	3209728	----a-w-	d:\windows\system32\mf.dll
2014-12-14 13:30 . 2014-07-07 01:40	103424	----a-w-	d:\windows\system32\mfps.dll
2014-12-14 13:30 . 2014-07-07 01:39	50176	----a-w-	d:\windows\system32\rrinstaller.exe
2014-12-14 13:30 . 2014-07-07 01:39	23040	----a-w-	d:\windows\system32\mfpmp.exe
2014-12-14 13:30 . 2014-07-07 01:37	2048	----a-w-	d:\windows\system32\mferror.dll
2014-12-14 13:25 . 2014-12-14 13:25	687	----a-w-	D:\awh5A7E.tmp
2014-12-14 13:23 . 2014-12-14 13:23	--------	d-----w-	d:\program files\Microsoft Security Client
2014-12-13 20:01 . 2014-12-13 20:01	687	----a-w-	D:\awhAF9F.tmp
2014-12-13 16:39 . 2014-12-13 16:39	--------	d-----w-	d:\program files\PhrozenSoft
2014-12-13 13:27 . 2014-11-02 04:17	8941456	----a-w-	d:\programdata\Microsoft\Windows Defender\Definition Updates\{5CD21049-9672-47DE-9384-0394A9978465}\mpengine.dll
2014-12-11 13:48 . 2014-10-03 01:45	248832	----a-w-	d:\windows\system32\WSManMigrationPlugin.dll
2014-12-11 13:48 . 2014-10-03 01:45	214016	----a-w-	d:\windows\system32\WsmWmiPl.dll
2014-12-11 13:48 . 2014-10-03 01:45	145920	----a-w-	d:\windows\system32\WsmAuto.dll
2014-12-11 13:48 . 2014-10-03 01:45	1177088	----a-w-	d:\windows\system32\WsmSvc.dll
2014-12-11 13:48 . 2014-10-03 01:44	198656	----a-w-	d:\windows\system32\WSManHTTPConfig.exe
2014-12-11 13:47 . 2014-11-11 01:32	74752	----a-w-	d:\windows\system32\drivers\tdx.sys
2014-12-11 13:47 . 2014-11-08 02:45	2048	----a-w-	d:\windows\system32\tzres.dll
2014-12-11 13:46 . 2014-10-30 01:45	155136	----a-w-	d:\windows\system32\charmap.exe
2014-12-10 15:51 . 2014-12-10 15:51	893552	----a-w-	d:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-12-10 15:51 . 2014-12-10 15:51	42168	----a-w-	d:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-12-09 12:12 . 2014-12-09 12:12	687	----a-w-	D:\awhE30E.tmp
2014-12-07 18:41 . 2014-12-07 18:41	--------	d-----w-	d:\users\Logan\AppData\Local\Oleksiy_Gapotchenko
2014-12-07 15:51 . 2014-12-07 15:54	--------	d-----w-	d:\users\Logan\AppData\Roaming\iFunbox_UserCache
2014-12-07 15:51 . 2014-12-07 15:51	--------	d-----w-	d:\program files\i-Funbox DevTeam
2014-12-07 15:36 . 2014-12-07 15:36	--------	d-----w-	d:\users\Logan\AppData\Local\Apple Computer
2014-12-07 15:36 . 2014-12-07 15:44	--------	d-----w-	d:\users\Logan\AppData\Roaming\Apple Computer
2014-12-07 15:36 . 2012-10-03 15:14	26840	----a-w-	d:\windows\system32\drivers\GEARAspiWDM.sys
2014-12-07 15:36 . 2014-12-07 15:36	--------	dc----w-	d:\windows\system32\DRVSTORE
2014-12-07 15:34 . 2014-12-07 15:34	--------	d-----w-	d:\program files\iPod
2014-12-07 15:34 . 2014-12-07 15:35	--------	d-----w-	d:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-07 15:34 . 2014-12-07 15:35	--------	d-----w-	d:\program files\iTunes
2014-12-07 15:34 . 2014-12-07 15:34	--------	d-----w-	d:\programdata\Apple Computer
2014-12-07 15:33 . 2014-12-07 15:33	--------	d-----w-	d:\users\Logan\AppData\Local\Apple
2014-12-07 15:33 . 2014-12-07 15:33	--------	d-----w-	d:\program files\Apple Software Update
2014-12-07 15:32 . 2014-12-07 15:32	--------	d-----w-	d:\program files\Bonjour
2014-12-07 15:31 . 2014-12-07 15:34	--------	d-----w-	d:\program files\Common Files\Apple
2014-12-07 15:31 . 2014-12-07 15:33	--------	d-----w-	d:\programdata\Apple
2014-12-07 15:18 . 2014-12-07 15:18	--------	d-----w-	d:\users\Logan\AppData\Local\TechSmith
2014-12-07 14:39 . 2014-12-07 14:39	687	----a-w-	D:\awhFD9F.tmp
2014-12-07 14:33 . 2014-12-14 17:35	--------	d-----w-	d:\program files\Common Files\Config
2014-12-06 16:37 . 2014-12-14 13:41	--------	d-----w-	D:\Fraps
2014-12-06 15:06 . 2014-12-06 15:06	974848	----a-w-	D:\neWPKco.exe
2014-12-02 14:18 . 2009-03-18 16:35	26176	---ha-w-	d:\windows\system32\hamachi.sys
2014-11-19 13:47 . 2014-11-19 13:47	--------	d-----w-	d:\program files\Microsoft Silverlight
2014-11-18 22:21 . 2014-11-18 22:21	1236816	----a-w-	d:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-11-18 19:30 . 2014-12-14 17:35	--------	d-----w-	d:\users\Logan\AppData\Roaming\BitTorrent
2014-11-18 19:05 . 2014-11-19 11:35	--------	d-----w-	d:\users\Logan\AppData\Roaming\UseNeXT
2014-11-18 19:05 . 2014-11-18 19:05	--------	d-----w-	d:\program files\UseNeXT
2014-11-18 18:37 . 2014-11-11 02:44	186880	----a-w-	d:\windows\system32\pku2u.dll
2014-11-18 18:37 . 2014-11-11 02:44	550912	----a-w-	d:\windows\system32\kerberos.dll
2014-11-16 08:52 . 2014-11-16 08:52	--------	d-----w-	d:\users\Logan\AppData\Roaming\csgoimg
2014-11-16 08:15 . 2014-11-16 08:16	--------	d-----w-	d:\users\Logan\AppData\Roaming\Gyazo
2014-11-16 08:14 . 2014-11-16 11:00	--------	d-----w-	d:\program files\Gyazo
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-10 14:56 . 2014-11-09 16:49	71344	----a-w-	d:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 14:56 . 2014-11-09 16:49	701104	----a-w-	d:\windows\system32\FlashPlayerApp.exe
2014-11-24 13:04 . 2014-11-04 15:03	229000	------w-	d:\windows\system32\MpSigStub.exe
2014-11-08 15:06 . 2014-11-08 15:06	96680	----a-w-	d:\windows\system32\WindowsAccessBridge.dll
2014-11-06 08:05 . 2014-11-06 08:05	646144	----a-w-	d:\windows\system32\MsSpellCheckingFacility.exe
2014-11-06 08:05 . 2014-11-06 08:05	194048	----a-w-	d:\windows\system32\elshyph.dll
2014-11-06 08:05 . 2014-11-06 08:05	645120	----a-w-	d:\windows\system32\jsIntl.dll
2014-11-06 08:05 . 2014-11-06 08:05	71680	----a-w-	d:\windows\system32\RegisterIEPKEYs.exe
2014-11-06 08:05 . 2014-11-06 08:05	62464	----a-w-	d:\windows\system32\tdc.ocx
2014-11-06 08:05 . 2014-11-06 08:05	61952	----a-w-	d:\windows\system32\iesetup.dll
2014-11-06 08:05 . 2014-11-06 08:05	60416	----a-w-	d:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-06 08:05 . 2014-11-06 08:05	337408	----a-w-	d:\windows\system32\html.iec
2014-11-06 08:05 . 2014-11-06 08:05	182272	----a-w-	d:\windows\system32\msls31.dll
2014-11-06 08:05 . 2014-11-06 08:05	1810944	----a-w-	d:\windows\system32\wininet.dll
2014-11-06 08:05 . 2014-11-06 08:05	1068032	----a-w-	d:\windows\system32\mshtmlmedia.dll
2014-11-06 08:05 . 2014-11-06 08:05	454656	----a-w-	d:\windows\system32\vbscript.dll
2014-11-06 08:05 . 2014-11-06 08:05	24576	----a-w-	d:\windows\system32\licmgr10.dll
2014-11-06 08:05 . 2014-11-06 08:05	2017280	----a-w-	d:\windows\system32\inetcpl.cpl
2014-11-06 08:05 . 2014-11-06 08:05	151552	----a-w-	d:\windows\system32\iexpress.exe
2014-11-06 08:05 . 2014-11-06 08:05	139264	----a-w-	d:\windows\system32\wextract.exe
2014-11-06 08:05 . 2014-11-06 08:05	2724864	----a-w-	d:\windows\system32\mshtml.tlb
2014-11-06 08:05 . 2014-11-06 08:05	112128	----a-w-	d:\windows\system32\ieUnatt.exe
2014-11-06 08:05 . 2014-11-06 08:05	61952	----a-w-	d:\windows\system32\MshtmlDac.dll
2014-11-06 08:05 . 2014-11-06 08:05	51200	----a-w-	d:\windows\system32\ieetwproxystub.dll
2014-11-06 08:05 . 2014-11-06 08:05	4096	----a-w-	d:\windows\system32\ieetwcollectorres.dll
2014-11-06 08:05 . 2014-11-06 08:05	36352	----a-w-	d:\windows\system32\imgutil.dll
2014-11-06 08:05 . 2014-11-06 08:05	13312	----a-w-	d:\windows\system32\mshta.exe
2014-11-06 08:05 . 2014-11-06 08:05	108032	----a-w-	d:\windows\system32\ieetwcollector.exe
2014-11-06 08:05 . 2014-11-06 08:05	74240	----a-w-	d:\windows\system32\SetIEInstalledDate.exe
2014-11-06 08:05 . 2014-11-06 08:05	111616	----a-w-	d:\windows\system32\IEAdvpack.dll
2014-11-06 08:05 . 2014-11-06 08:05	597504	----a-w-	d:\windows\system32\jscript9diag.dll
2014-11-06 08:05 . 2014-11-06 08:05	86016	----a-w-	d:\windows\system32\iesysprep.dll
2014-11-06 08:05 . 2014-11-06 08:05	48640	----a-w-	d:\windows\system32\mshtmler.dll
2014-11-06 08:05 . 2014-11-06 08:05	4201472	----a-w-	d:\windows\system32\jscript9.dll
2014-11-06 08:04 . 2014-11-06 08:04	69632	----a-w-	d:\windows\system32\smss.exe
2014-11-06 08:04 . 2014-11-06 08:04	640512	----a-w-	d:\windows\system32\advapi32.dll
2014-11-06 08:04 . 2014-11-06 08:04	619520	----a-w-	d:\windows\system32\tdh.dll
2014-11-06 08:04 . 2014-11-06 08:04	38912	----a-w-	d:\windows\system32\csrsrv.dll
2014-11-06 08:04 . 2014-11-06 08:04	1289096	----a-w-	d:\windows\system32\ntdll.dll
2014-11-06 08:03 . 2014-11-06 08:03	231424	----a-w-	d:\windows\system32\mswsock.dll
2014-11-06 08:03 . 2014-11-06 08:03	49152	----a-w-	d:\windows\system32\taskhost.exe
2014-11-06 08:00 . 2014-11-06 08:00	9728	---ha-w-	d:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-11-06 08:00 . 2014-11-06 08:00	906240	----a-w-	d:\windows\system32\FntCache.dll
2014-11-06 08:00 . 2014-11-06 08:00	604160	----a-w-	d:\windows\system32\d3d10level9.dll
2014-11-06 08:00 . 2014-11-06 08:00	5632	---ha-w-	d:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-11-06 08:00 . 2014-11-06 08:00	5632	---ha-w-	d:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-11-06 08:00 . 2014-11-06 08:00	417792	----a-w-	d:\windows\system32\WMPhoto.dll
2014-11-06 08:00 . 2014-11-06 08:00	4096	---ha-w-	d:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-11-06 08:00 . 2014-11-06 08:00	364544	----a-w-	d:\windows\system32\XpsGdiConverter.dll
2014-11-06 08:00 . 2014-11-06 08:00	3584	---ha-w-	d:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-11-06 08:00 . 2014-11-06 08:00	3419136	----a-w-	d:\windows\system32\d2d1.dll
2014-11-06 08:00 . 2014-11-06 08:00	3072	---ha-w-	d:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-11-06 08:00 . 2014-11-06 08:00	3072	---ha-w-	d:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-11-06 08:00 . 2014-11-06 08:00	293376	----a-w-	d:\windows\system32\dxgi.dll
2014-11-06 08:00 . 2014-11-06 08:00	2560	---ha-w-	d:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-11-06 08:00 . 2014-11-06 08:00	249856	----a-w-	d:\windows\system32\d3d10_1core.dll
2014-11-06 08:00 . 2014-11-06 08:00	2284544	----a-w-	d:\windows\system32\msmpeg2vdec.dll
2014-11-06 08:00 . 2014-11-06 08:00	220160	----a-w-	d:\windows\system32\d3d10core.dll
2014-11-06 08:00 . 2014-11-06 08:00	207872	----a-w-	d:\windows\system32\WindowsCodecsExt.dll
2014-11-06 08:00 . 2014-11-06 08:00	1988096	----a-w-	d:\windows\system32\d3d10warp.dll
2014-11-06 08:00 . 2014-11-06 08:00	187392	----a-w-	d:\windows\system32\UIAnimation.dll
2014-11-06 08:00 . 2014-11-06 08:00	161792	----a-w-	d:\windows\system32\d3d10_1.dll
2014-11-06 08:00 . 2014-11-06 08:00	1247744	----a-w-	d:\windows\system32\DWrite.dll
2014-11-06 08:00 . 2014-11-06 08:00	1230336	----a-w-	d:\windows\system32\WindowsCodecs.dll
2014-11-06 08:00 . 2014-11-06 08:00	1158144	----a-w-	d:\windows\system32\XpsPrint.dll
2014-11-06 08:00 . 2014-11-06 08:00	1080832	----a-w-	d:\windows\system32\d3d10.dll
2014-11-06 08:00 . 2014-11-06 08:00	10752	---ha-w-	d:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-11-06 07:58 . 2014-11-06 07:58	1505280	----a-w-	d:\windows\system32\d3d11.dll
2014-11-04 18:06 . 2014-11-04 18:06	893552	----a-w-	d:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-11-04 18:06 . 2014-11-04 18:06	42168	----a-w-	d:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-11-04 18:06 . 2014-11-04 18:06	1236816	----a-w-	d:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-10-25 01:32 . 2014-11-15 14:38	67584	----a-w-	d:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-15 14:38	571904	----a-w-	d:\windows\system32\oleaut32.dll
2014-10-14 01:56 . 2014-11-15 14:38	136632	----a-w-	d:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50 . 2014-11-15 14:38	523776	----a-w-	d:\windows\system32\termsrv.dll
2014-10-14 01:50 . 2014-11-15 14:38	2363904	----a-w-	d:\windows\system32\msi.dll
2014-10-14 01:50 . 2014-11-15 14:38	1059840	----a-w-	d:\windows\system32\lsasrv.dll
2014-10-14 01:47 . 2014-11-15 14:38	146432	----a-w-	d:\windows\system32\msaudite.dll
2014-10-14 01:46 . 2014-11-15 14:38	681984	----a-w-	d:\windows\system32\adtschema.dll
2014-10-10 00:45 . 2014-11-15 14:38	2379264	----a-w-	d:\windows\system32\win32k.sys
2014-10-03 01:44 . 2014-11-15 14:38	442880	----a-w-	d:\windows\system32\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-15 14:38	275968	----a-w-	d:\windows\system32\EncDump.dll
2014-10-03 01:44 . 2014-11-15 14:38	475136	----a-w-	d:\windows\system32\audiosrv.dll
2014-10-03 01:44 . 2014-11-15 14:38	374784	----a-w-	d:\windows\system32\AudioEng.dll
2014-10-03 01:44 . 2014-11-15 14:38	195584	----a-w-	d:\windows\system32\AudioSes.dll
2014-09-25 01:40 . 2014-11-04 15:10	519680	----a-w-	d:\windows\system32\qdvd.dll
2014-09-19 09:23 . 2014-11-15 14:38	172032	----a-w-	d:\windows\system32\wdigest.dll
2014-09-19 09:23 . 2014-11-15 14:38	65536	----a-w-	d:\windows\system32\TSpkg.dll
2014-09-19 09:23 . 2014-11-15 14:38	248832	----a-w-	d:\windows\system32\schannel.dll
2014-09-19 09:23 . 2014-11-15 14:38	221184	----a-w-	d:\windows\system32\ncrypt.dll
2014-09-19 09:23 . 2014-11-15 14:38	259584	----a-w-	d:\windows\system32\msv1_0.dll
2014-09-19 09:23 . 2014-11-15 14:38	17408	----a-w-	d:\windows\system32\credssp.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gyazo"="d:\program files\Gyazo\GyStation.exe" [2014-10-27 3095840]
"iTunes"="d:\users\Logan\Desktop\CSGO.exe" [2014-12-14 1155072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" [2014-09-15 748256]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"Lightshot"="d:\program files\Skillbrains\lightshot\Lightshot.exe" [2014-11-18 226560]
"MSC"="d:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"LogMeIn Hamachi Ui"="d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-12-13 3838800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 jupguhhn;jupguhhn;d:\windows\system32\drivers\jupguhhn.sys [x]
R3 celavimushost;Celavimus Client Host;d:\program files\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [2014-11-08 122584]
R3 dmvsc;dmvsc;d:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;d:\windows\system32\IEEtwCollector.exe [2014-11-06 108032]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;d:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
R3 netr73;Conceptronic RT73 Wireles Driver for Vista;d:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 NisDrv;Microsoft Network Inspection System;d:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Microsoft Network Inspection;d:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;d:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;d:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;d:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;d:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;d:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;d:\windows\system32\drivers\rdvgkmd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;d:\windows\system32\atiesrxx.exe [2014-09-15 208896]
S2 AMD FUEL Service;AMD FUEL Service;d:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-09-15 276992]
S2 AODDriver4.3;AODDriver4.3;d:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2014-02-11 50400]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files\LogMeIn Hamachi\hamachi-2.exe [2014-12-13 1895760]
S2 publicsambax86;publicsambax86;d:\windows\system32\publicsambax86\publicsambax86.exe [2014-12-11 68608]
S2 win32wininetx64.exe;win32wininetx64.exe;d:\users\Logan\AppData\Local\win32wininetx64\win32wininetx64.exe [2014-12-11 202240]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;d:\windows\system32\drivers\AtihdW73.sys [2014-06-21 77824]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-15 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-09 14:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
uInternet Settings,ProxyServer = http=127.0.0.1:37649
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-LightShot - d:\users\Logan\AppData\Local\Skillbrains\lightshot\Lightshot.exe
HKCU-Run-Spotify Web Helper - d:\users\Logan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
HKCU-Run-Spotify - d:\users\Logan\AppData\Roaming\Spotify\spotify.exe
MSConfigStartUp-HKCU - c:\directory\Chrome\update\chromeupdate.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="d:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
d:\program files\Microsoft Security Client\MsMpEng.exe
d:\windows\system32\atieclxx.exe
d:\windows\system32\WLANExt.exe
d:\windows\system32\conhost.exe
d:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe
d:\windows\system32\taskhost.exe
d:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe
d:\windows\system32\conhost.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\program files\Skillbrains\lightshot\5.2.0.8\Lightshot.exe
d:\program files\Windows Media Player\wmpnetwk.exe
d:\program files\iPod\bin\iPodService.exe
d:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
d:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-12-15  18:14:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-12-15 17:14
.
Vor Suchlauf: 190.847.406.080 bytes free
Nach Suchlauf: 190.756.401.152 bytes free
.
- - End Of File - - 8C04E930ABB12AB14CD3959B2AD8BC44
A36C5E4F47E84449FF07ED3517B43A31
Achja hier mal mein Antivirus Verlauf:






Edit:
Virus scheinbar beseitigt, Steam, Spotify & VB.NET gehen wieder.
Gruß
__________________
Alt 15.12.2014, 21:18   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Vermute mehrere Viren mit unterschiedlichen Symptomen [Win7] - Standard

Vermute mehrere Viren mit unterschiedlichen Symptomen [Win7]


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Vermute mehrere Viren mit unterschiedlichen Symptomen [Win7]
cs:go, darkcomet, defender, explorer, fehlercode 0x5, fehlercode 0xe0434352, fehlercode 28, fehlercode windows, flash player, installation, installmanager.exe, internet, registry, security, services.exe, software, svchost.exe, teamspeak, teredo, this device cannot start. (code10), trojanproxy:win32/pramro.h


« In Ihrem Browser wurde ein unbekannter Schädling(Fingerprint: [23b7a990])entdeckt. (GData15) ? | [Windows 8.1] "Eigene Dateien" verschwunden »


Ähnliche Themen: Vermute mehrere Viren mit unterschiedlichen Symptomen [Win7]


  1. Lenovo Netbook ist sehr langsam und stürtzt ab, vermute diverse Viren
    Log-Analyse und Auswertung - 28.08.2014 (11)
  2. mehrere PUP.optional viren
    Plagegeister aller Art und deren Bekämpfung - 18.03.2014 (10)
  3. Avast! hat mehrere Viren gefunden
    Plagegeister aller Art und deren Bekämpfung - 12.01.2014 (22)
  4. Mehrere Viren, u.a. Dropper.gen
    Log-Analyse und Auswertung - 31.12.2013 (5)
  5. Vermute Fremdzugriff, brauche Hilfe ! Wie sichere ich mich gegen Hacker sicher ab und wie finde ich restlos alle Viren ?
    Plagegeister aller Art und deren Bekämpfung - 30.01.2013 (3)
  6. Ich vermute ich habe Viren, weis aber nicht wie ich sie wegbekomme.
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (8)
  7. mehrere Viren...
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (2)
  8. mehrere Viren gefunden
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (9)
  9. Mehrere Viren! 8Backdoor usw.)
    Plagegeister aller Art und deren Bekämpfung - 14.07.2010 (2)
  10. mehrere Viren!
    Log-Analyse und Auswertung - 01.04.2010 (52)
  11. PC stürzt ab / Vermute Viren
    Log-Analyse und Auswertung - 03.11.2009 (1)
  12. mehrere Viren
    Log-Analyse und Auswertung - 29.04.2009 (0)
  13. Mehrere Viren eingefangen.
    Mülltonne - 06.02.2009 (1)
  14. Hilfe! mehrere Viren eingefangen!
    Log-Analyse und Auswertung - 02.05.2008 (8)
  15. mehrere viren!
    Plagegeister aller Art und deren Bekämpfung - 14.02.2008 (8)
  16. downloads sacken von 120 auf 30 kb/s! vermute viren :/
    Log-Analyse und Auswertung - 25.12.2006 (2)
  17. Mehrere Viren
    Log-Analyse und Auswertung - 13.06.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Vermute mehrere Viren mit unterschiedlichen Symptomen [Win7] - Guten Tag, ich hatte hier vor längerer Zeit schonmal ein Thread. Jedoch habe ich mir komischerweiße wieder Viren eingefangen mit unterschiedlichen Symptomen. __________________________________________________________ Symptom 1: Steam Der Shop läd überhaupt - Vermute mehrere Viren mit unterschiedlichen Symptomen [Win7]...
Archiv
Du betrachtest: Vermute mehrere Viren mit unterschiedlichen Symptomen [Win7] auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130