|
Plagegeister aller Art und deren Bekämpfung: Infiziert mit MultiPlug.Gen4Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.01.2015, 01:01 | #1 |
| Infiziert mit MultiPlug.Gen4 Hallo, ich habe dasselbe Problem wie hier: http://www.trojaner-board.de/161918-...plug-gen4.html (nur mit Win8.1 64bit) Obwohl man es sich nie zutrauen würde, war ich dieses mal voreilig und habe eine Datei heruntergeladen, und geöffnet bevor ich die Endung checkte. Hier der Bericht auf Virustotal: https://www.virustotal.com/de/file/5870fd84c74a20c76252ad3f6004dbe21c9db7a94cc9b182288e500d4db54846/analysis/1422401881/ Ich bin bereits alle Schritte bis ESET Online Scanner abgeklappert und habe zuvor per Hand aus C:\ProgramData ein Verzeichnis gelöscht, das im Autostart war. Hier der letzte FRST: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by Sebastian (administrator) on DIRAC on 28-01-2015 01:18:10 Running from C:\Users\Sebastian\Downloads Loaded Profiles: Sebastian (Available profiles: Sebastian) Platform: Windows 8.1 Pro N (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software) HKU\S-1-5-21-4268585155-477541547-2403888294-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-4268585155-477541547-2403888294-1001\...\MountPoints2: {5ed287f3-a0e1-11e4-9c06-14dae9ec0df6} - "H:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-4268585155-477541547-2403888294-1001\...\MountPoints2: {5ed28943-a0e1-11e4-9c06-14dae9ec0df6} - "H:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-4268585155-477541547-2403888294-1001\...\MountPoints2: {d9bc5bcb-8f75-11e4-9bfc-14dae9ec0df6} - "H:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-4268585155-477541547-2403888294-1001\...\MountPoints2: {d9bc5bd3-8f75-11e4-9bfc-14dae9ec0df6} - "I:\HTC_Sync_Manager_PC.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4268585155-477541547-2403888294-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.3 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.0.2.5203600\npmathplugin.dll (Wolfram Research, Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-05] Chrome: ======= CHR HomePage: Default -> hxxp://start.facemoods.com/?a=ddrnw CHR StartupUrls: Default -> "hxxp://facebook.com/", "hxxp://www.golem.de/" CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29] CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29] CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-29] CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29] CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-29] CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29] CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejcnhmeicafddjdaeecddemnhnomiaai [2014-12-29] CHR Extension: (SciLor's Grooveshark(tm) Unlocker) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegenemlbjkbnfpgdmjddbeiecdbpob [2014-12-29] CHR Extension: (Google Tabellen) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29] CHR Extension: (AdBlock) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-29] CHR Extension: (Avast Online Security) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-29] CHR Extension: (Wolfram Alpha (Official)) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2014-12-29] CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29] CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-05] (AVAST Software) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed] S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-05] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-05] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-05] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-05] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-05] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-05] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-05] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-05] () R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.) R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-28 01:15 - 2015-01-28 01:15 - 00852573 _____ () C:\Users\Sebastian\Desktop\SecurityCheck.exe 2015-01-28 00:25 - 2015-01-28 00:25 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-28 00:24 - 2015-01-28 00:24 - 02347384 _____ (ESET) C:\Users\Sebastian\Downloads\esetsmartinstaller_deu.exe 2015-01-28 00:11 - 2015-01-28 00:11 - 00000000 ____D () C:\Windows\ERUNT 2015-01-28 00:07 - 2015-01-28 00:07 - 01707939 _____ (Thisisu) C:\Users\Sebastian\Downloads\JRT.exe 2015-01-28 00:01 - 2015-01-28 00:04 - 00000000 ____D () C:\AdwCleaner 2015-01-28 00:00 - 2015-01-28 00:01 - 02194432 _____ () C:\Users\Sebastian\Downloads\AdwCleaner_4.109.exe 2015-01-27 23:52 - 2015-01-28 00:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-27 23:52 - 2015-01-27 23:52 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-27 23:52 - 2015-01-27 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-27 23:52 - 2015-01-27 23:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-27 23:52 - 2015-01-27 23:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-27 23:52 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-27 23:52 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-27 23:52 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-27 23:51 - 2015-01-27 23:52 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Sebastian\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-27 23:35 - 2015-01-28 01:18 - 00016666 _____ () C:\Users\Sebastian\Downloads\FRST.txt 2015-01-27 23:35 - 2015-01-28 01:18 - 00000000 ____D () C:\FRST 2015-01-27 23:35 - 2015-01-27 23:36 - 00033357 _____ () C:\Users\Sebastian\Downloads\Addition.txt 2015-01-27 23:34 - 2015-01-27 23:35 - 02129920 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe 2015-01-27 23:22 - 2015-01-27 23:22 - 01978007 _____ () C:\Users\Sebastian\Downloads\mp3gain-win-full-1_2_5.exe 2015-01-27 23:21 - 2015-01-27 23:23 - 00000000 ____D () C:\Program Files (x86)\MP3Gain 2015-01-27 23:21 - 2015-01-27 23:21 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain 2015-01-27 23:21 - 2015-01-27 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain 2015-01-27 10:11 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2015-01-27 10:11 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2015-01-26 22:41 - 2014-11-05 22:46 - 00000220 _____ () C:\Users\Sebastian\Desktop\BioShock.url 2015-01-26 22:35 - 2015-01-26 22:35 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer 2015-01-26 22:35 - 2015-01-26 22:35 - 00000000 ____D () C:\Program Files\Reference Assemblies 2015-01-26 22:35 - 2015-01-26 22:35 - 00000000 ____D () C:\Program Files\MSBuild 2015-01-26 22:35 - 2015-01-26 22:35 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies 2015-01-26 22:35 - 2015-01-26 22:35 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-01-26 22:34 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll 2015-01-26 22:34 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-01-26 22:34 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll 2015-01-26 22:34 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-01-26 22:32 - 2015-01-26 23:50 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Bioshock 2015-01-26 22:32 - 2015-01-26 22:44 - 00000000 ____D () C:\Users\Sebastian\Documents\Bioshock 2015-01-26 22:32 - 2015-01-26 22:32 - 00146032 _____ () C:\Windows\DirectX.log 2015-01-26 22:32 - 2015-01-26 22:32 - 00000175 _____ () C:\Windows\DXError.log 2015-01-26 22:32 - 2007-05-31 19:30 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2015-01-26 22:32 - 2007-05-31 19:30 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2015-01-26 22:32 - 2007-05-31 19:29 - 00021352 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_2.dll 2015-01-26 22:32 - 2007-05-31 19:29 - 00018280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_2.dll 2015-01-26 22:32 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2015-01-26 22:32 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2015-01-26 22:32 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2015-01-26 22:32 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2015-01-26 22:32 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2015-01-26 22:32 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2015-01-26 22:32 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2015-01-26 22:32 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2015-01-26 22:32 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2015-01-26 22:32 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2015-01-26 22:32 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2015-01-26 22:32 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2015-01-26 22:32 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2015-01-26 22:32 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2015-01-26 22:32 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2015-01-26 22:32 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2015-01-26 22:32 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2015-01-26 22:32 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2015-01-26 22:32 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2015-01-26 22:32 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2015-01-26 22:32 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2015-01-26 22:32 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2015-01-26 22:32 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2015-01-26 22:32 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2015-01-26 22:32 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2015-01-26 22:32 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2015-01-26 22:32 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2015-01-26 22:32 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2015-01-26 22:32 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2015-01-26 22:32 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2015-01-26 22:32 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2015-01-26 22:32 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2015-01-26 22:32 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2015-01-26 22:32 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2015-01-26 22:32 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2015-01-26 22:32 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2015-01-26 22:32 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2015-01-26 22:32 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2015-01-26 22:32 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2015-01-26 22:32 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2015-01-26 22:32 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2015-01-26 22:32 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2015-01-26 22:32 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2015-01-26 22:32 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2015-01-26 22:32 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2015-01-26 22:32 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2015-01-26 22:32 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2015-01-26 22:32 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2015-01-26 22:32 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2015-01-26 22:32 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2015-01-26 22:32 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2015-01-26 22:32 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2015-01-26 22:32 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2015-01-26 22:32 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2015-01-26 22:32 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2015-01-26 22:32 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2015-01-26 22:32 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2015-01-26 22:32 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2015-01-22 23:33 - 2015-01-05 16:36 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-01-22 13:32 - 2015-01-22 13:32 - 00011776 ___SH () C:\Users\Sebastian\Downloads\Thumbs.db 2015-01-20 22:54 - 2015-01-20 22:54 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Downloaded Installations 2015-01-20 22:54 - 2015-01-20 22:54 - 00000000 ____D () C:\Program Files (x86)\HTC 2015-01-20 22:53 - 2015-01-20 22:54 - 00010712 _____ () C:\Windows\DPINST.LOG 2015-01-20 22:51 - 2015-01-20 22:55 - 00000000 ____D () C:\Temp 2015-01-20 22:51 - 2015-01-20 22:51 - 00000000 ____D () C:\ProgramData\HTC 2015-01-20 22:51 - 2009-11-02 11:16 - 00033736 _____ (HTC, Corporation) C:\Windows\system32\Drivers\ANDROIDUSB.sys 2015-01-20 22:51 - 2009-06-09 14:41 - 01122664 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll 2015-01-19 02:36 - 2015-01-19 02:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2015-01-15 10:38 - 2015-01-15 10:38 - 00000000 ____D () C:\ProgramData\WEBREG 2015-01-15 10:37 - 2015-01-15 10:38 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\HP 2015-01-15 10:37 - 2015-01-15 10:37 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\HP 2015-01-15 10:34 - 2015-01-15 10:34 - 00001377 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk 2015-01-15 10:34 - 2015-01-15 10:34 - 00001371 _____ () C:\Users\Public\Desktop\HP Solution Center.lnk 2015-01-15 10:34 - 2015-01-15 10:34 - 00000000 ____D () C:\ProgramData\HP Product Assistant 2015-01-15 10:33 - 2015-01-15 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-01-15 10:33 - 2015-01-15 10:34 - 00000000 ____D () C:\Program Files (x86)\HP 2015-01-15 10:33 - 2015-01-15 10:33 - 00002026 _____ () C:\Users\Public\Desktop\HP ePrinterCenter.lnk 2015-01-15 10:33 - 2009-10-21 15:39 - 00138752 _____ (Hewlett-Packard Company) C:\Windows\system32\hpf3l101.dll 2015-01-15 10:31 - 2015-01-15 10:37 - 00250352 _____ () C:\Windows\hpoins47.dat 2015-01-15 10:31 - 2015-01-15 10:37 - 00000836 _____ () C:\ProgramData\hpzinstall.log 2015-01-15 10:31 - 2012-10-15 07:58 - 00000478 ____N () C:\Windows\hpomdl47.dat 2015-01-15 10:30 - 2015-01-15 10:37 - 00000000 ____D () C:\ProgramData\HP 2015-01-15 10:30 - 2012-09-14 23:00 - 01421824 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpost_p04b.dll 2015-01-15 10:30 - 2012-09-14 23:00 - 01175552 _____ (Hewlett-Packard) C:\Windows\system32\hposwia_p04b.dll 2015-01-15 10:30 - 2012-09-14 23:00 - 00643200 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll 2015-01-15 10:30 - 2012-09-14 22:59 - 00521216 _____ (Hewlett-Packard Co.) C:\Windows\system32\hposc_p04a.dll 2015-01-14 14:43 - 2015-01-14 14:43 - 00000000 ____D () C:\Users\Sebastian\Documents\Benutzerdefinierte Office-Vorlagen 2015-01-14 14:32 - 2015-01-14 14:32 - 00000000 __RHD () C:\MSOCache 2015-01-14 07:55 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 07:54 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 07:54 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys 2015-01-14 07:53 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 07:53 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-01-14 07:53 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 07:53 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-01-14 07:53 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 07:52 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2015-01-14 07:52 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-01-14 07:52 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2015-01-14 07:52 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2015-01-14 07:52 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2015-01-14 07:52 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-01-14 07:52 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe 2015-01-14 07:52 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe 2015-01-14 07:52 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2015-01-14 07:52 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2015-01-14 07:52 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2015-01-14 07:52 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-01-14 07:52 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-01-14 07:52 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-01-14 07:52 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-01-14 07:52 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2015-01-14 07:52 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2015-01-14 07:52 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-01-14 07:52 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-01-14 07:52 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-01-14 07:52 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2015-01-14 07:52 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll 2015-01-14 07:52 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-01-10 16:12 - 2015-01-10 16:12 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2015-01-08 06:51 - 2015-01-08 06:51 - 00000000 ___HD () C:\ProgramData\CanonBJ 2015-01-08 06:51 - 2012-04-16 05:00 - 00389120 _____ (CANON INC.) C:\Windows\system32\CNMLMBA.DLL 2015-01-05 16:44 - 2015-01-05 16:44 - 00001494 _____ () C:\Users\Sebastian\Desktop\JDownloader.lnk 2015-01-05 16:42 - 2015-01-05 16:42 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Logitech 2015-01-05 16:42 - 2015-01-05 16:42 - 00000000 ____D () C:\ProgramData\LogiShrd 2015-01-05 16:41 - 2015-01-05 16:41 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2015-01-05 16:41 - 2015-01-05 16:41 - 00000388 _____ () C:\Windows\LkmdfCoInst.log 2015-01-05 16:41 - 2015-01-05 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-01-05 16:41 - 2015-01-05 16:41 - 00000000 ____D () C:\ProgramData\Apple 2015-01-05 16:41 - 2015-01-05 16:41 - 00000000 ____D () C:\Program Files\Logitech Gaming Software 2015-01-05 16:41 - 2015-01-05 16:41 - 00000000 ____D () C:\Program Files\Bonjour 2015-01-05 16:41 - 2015-01-05 16:41 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2015-01-05 16:40 - 2015-01-05 16:40 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Logitech 2015-01-05 16:40 - 2015-01-05 16:40 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Logishrd 2015-01-05 16:39 - 2015-01-05 16:39 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\WinRAR 2015-01-05 16:36 - 2015-01-05 16:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-01-05 16:32 - 2015-01-05 16:32 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\AVAST Software 2015-01-05 16:26 - 2015-01-28 00:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-01-05 16:26 - 2015-01-27 23:00 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2015-01-05 16:26 - 2015-01-22 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-01-05 16:26 - 2015-01-05 16:36 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2015-01-05 16:26 - 2015-01-05 16:36 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-01-05 16:26 - 2015-01-05 16:36 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-01-05 16:26 - 2015-01-05 16:36 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-01-05 16:26 - 2015-01-05 16:36 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-01-05 16:26 - 2015-01-05 16:36 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2015-01-05 16:26 - 2015-01-05 16:36 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-01-05 16:26 - 2015-01-05 16:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-01-05 16:26 - 2015-01-05 16:26 - 00000000 ____D () C:\Program Files\AVAST Software 2015-01-05 16:25 - 2015-01-05 16:26 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-01-05 16:08 - 2015-01-27 23:00 - 00000664 _____ () C:\Users\Sebastian\Desktop\egofm.txt 2015-01-02 17:18 - 2015-01-02 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-01-02 17:18 - 2015-01-02 17:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-01-02 17:18 - 2015-01-02 17:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-01-01 05:54 - 2014-02-22 16:41 - 01215832 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll 2015-01-01 05:54 - 2014-02-22 16:41 - 00800552 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll 2015-01-01 05:54 - 2014-02-22 16:41 - 00372360 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll !!!Hier hab ich ein wenig gekürzt - wäre sonst zu voll geworden!!!! ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-28 01:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2015-01-28 00:09 - 2014-03-18 11:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-28 00:09 - 2014-03-18 10:29 - 00764340 _____ () C:\Windows\system32\perfh007.dat 2015-01-28 00:09 - 2014-03-18 10:29 - 00159160 _____ () C:\Windows\system32\perfc007.dat 2015-01-28 00:05 - 2013-08-22 15:45 - 00053289 _____ () C:\Windows\setupact.log 2015-01-28 00:05 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-28 00:04 - 2014-03-18 02:53 - 00053264 _____ () C:\Windows\PFRO.log 2015-01-28 00:04 - 2013-08-22 15:44 - 00484376 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-28 00:04 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-01-27 10:52 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-01-26 22:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI 2015-01-26 22:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\MUI 2015-01-19 22:32 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-19 22:32 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-15 10:37 - 2013-08-22 14:25 - 00000127 _____ () C:\Windows\win.ini 2015-01-14 14:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-01-08 06:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\FxsTmp 2015-01-02 14:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2015-01-01 07:13 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-01-01 05:43 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-01 05:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-31 14:40 - 2014-03-18 10:45 - 00000000 ____D () C:\Program Files\Windows Journal 2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\setup 2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod 2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\setup 2014-12-31 14:40 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\oobe 2014-12-31 13:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates 2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore 2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS 2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer 2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager 2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera 2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-12-30 19:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-12-29 16:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\restore 2014-12-29 16:31 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help 2014-12-29 16:13 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT 2014-12-29 16:13 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default 2014-12-29 16:12 - 2013-08-22 16:37 - 00002664 _____ () C:\Windows\DtcInstall.log 2014-12-29 16:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\Recovery 2014-12-29 16:11 - 2013-08-22 16:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template ==================== Files in the root of some directories ======= 2015-01-15 10:31 - 2015-01-15 10:37 - 0000836 _____ () C:\ProgramData\hpzinstall.log Some content of TEMP: ==================== C:\Users\Sebastian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzv2unl.dll C:\Users\Sebastian\AppData\Local\Temp\Quarantine.exe C:\Users\Sebastian\AppData\Local\Temp\Samsung_Magician_Setup_v45.exe C:\Users\Sebastian\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-21 08:09 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Mbam war sauber, das ist AdwCleaner: Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 28/01/2015 um 00:04:10 # Aktualisiert 24/01/2015 von Xplode # Database : 2015-01-24.3 [Local] # Betriebssystem : Windows 8.1 Pro N (64 bits) # Benutzername : Sebastian - DIRAC # Gestartet von : C:\Users\Sebastian\Downloads\AdwCleaner_4.109.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\Sebastian\AppData\Local\CrashRpt Datei Gelöscht : C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Google Chrome v40.0.2214.93 [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms} [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN16122923552693110&ctid=CT3281675&UM=2 [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN16122923552693110&ctid=CT3281675&UM=2 [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://en.softonic.com/s/{searchTerms} [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms} ************************* AdwCleaner[R0].txt - [2128 octets] - [28/01/2015 00:02:30] AdwCleaner[S0].txt - [2049 octets] - [28/01/2015 00:04:10] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2109 octets] ########## ESET läuft gerade, hat aber bereits 5 Bedrohungen erkannt - 4 davon MultiPlug.EL... \edit: habe ESET jetzt mal beendet, nachdem es mit C:\ durch war (Einzige benutzte Partition in der Zeit...) Ergebnis: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=a4ef6f8110d68c45a01299d11902f4e8 # engine=22179 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-01-28 12:08:42 # local_time=2015-01-28 01:08:42 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 71 94 3828 1935732 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 198902 12708041 0 0 # scanned=240336 # found=5 # cleaned=0 # scan_time=2354 sh=ED4A7763761C347B2B3E5EE4E5B1B71F9F79324D ft=1 fh=20ae4f40e7c865e2 vn="Variante von Win32/Adware.MultiPlug.EL Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-4268585155-477541547-2403888294-1001\$R4UK6GG.exe" sh=DE1EFD1178B792DE468335BE0696F532736C8582 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.MultiPlug.EL Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-4268585155-477541547-2403888294-1001\$RXX0I0H.rar" sh=E709F0CDAE1258A8BEC672F733492CDE404CB81C ft=1 fh=a523d5667a4187e0 vn="Win32/Somoto.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sebastian\AppData\Local\Microsoft\Windows\INetCache\IE\BMSQD2JS\BiTool[1].dll" sh=ED4A7763761C347B2B3E5EE4E5B1B71F9F79324D ft=1 fh=20ae4f40e7c865e2 vn="Variante von Win32/Adware.MultiPlug.EL Anwendung" ac=I fn="C:\Users\Sebastian\AppData\Local\Temp\1711e9\temp\Mystery Skulls - -Ghost- (Official Music Video).mp3.exe" sh=9F91096A506A0FCBADC5CF24E1F180709A55E671 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.MultiPlug.EL Anwendung" ac=I fn="C:\Users\Sebastian\Desktop\{23a62013-36fe-2597-23a6-6201336f804c}.zip" Buembel Geändert von Buembel (28.01.2015 um 01:21 Uhr) |
28.01.2015, 07:14 | #2 |
/// the machine /// TB-Ausbilder | Infiziert mit MultiPlug.Gen4 hi,
__________________Addition.txt fehlt noch.
__________________ |
28.01.2015, 08:10 | #3 |
| Infiziert mit MultiPlug.Gen4 Moin,
__________________jo sorry, bitteschön: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01 Ran by Sebastian at 2015-01-27 23:35:52 Running from C:\Users\Sebastian\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software) B110 (x32 Version: 140.0.353.000 - Hewlett-Packard) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Dropbox (HKU\S-1-5-21-4268585155-477541547-2403888294-1001\...\Dropbox) (Version: 3.0.4 - Dropbox, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{C63184F3-8343-408F-A948-DDB0AC969A99}) (Version: 14.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Inkscape 0.91pre3 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) JabRef 2.10 (HKLM-x32\...\JabRef 2.10) (Version: 2.10 - JabRef Team) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.) Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org) Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden Office 15 Click-to-Run Extensibility Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Origin 2015 (HKLM-x32\...\{919C759D-DA8F-4B02-A9F1-75CE8B31CBDB}) (Version: 9.20.00 - OriginLab Corporation) PS_AIO_07_B110_SW_Min (x32 Version: 140.0.365.000 - Hewlett-Packard) Hidden QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics) Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk) TeXstudio 2.8.8 (HKLM-x32\...\TeXstudio_is1) (Version: 2.8.8 - Benito van der Zander) Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) Wolfram Extras 10.0 (5203600) (HKLM\...\A-WIN-Extras 10.0.2 5203600_is1) (Version: 10.0.2 - Wolfram Research, Inc.) Wolfram Mathematica 10 (M-WIN-L 10.0.2 5206639) (HKLM\...\M-WIN-L 10.0.2 5206639_is1) (Version: 10.0.2 - Wolfram Research, Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4268585155-477541547-2403888294-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4268585155-477541547-2403888294-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4268585155-477541547-2403888294-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4268585155-477541547-2403888294-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4268585155-477541547-2403888294-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4268585155-477541547-2403888294-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4268585155-477541547-2403888294-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4268585155-477541547-2403888294-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4268585155-477541547-2403888294-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 13-01-2015 20:50:55 Geplanter Prüfpunkt 21-01-2015 08:14:16 Geplanter Prüfpunkt 22-01-2015 23:33:26 avast! antivirus system restore point 26-01-2015 22:31:48 Microsoft Visual C++ 2005 Redistributable wird installiert ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {4B2D936D-15D1-49E2-B77B-881BB9992FAF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-12-29] (Microsoft Corporation) Task: {575FB674-9234-4E15-92DC-F910E40DF8F9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {75B158E4-51D9-4F30-A44C-F17F46B3A418} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-12-29] (Microsoft Corporation) Task: {86D2FC36-57CE-4C26-980E-21F4FAC3D9A9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-15] (Microsoft Corporation) Task: {ACB2B8B2-DF7A-45E1-8DA8-5EDCBF32459F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-29] (Google Inc.) Task: {BB7579D2-D407-4B57-A98E-85AB8FE889D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-29] (Google Inc.) Task: {CB057A61-CBE2-4676-BEF6-4933AC048FBA} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.) Task: {E09A3C26-1E97-4E3B-94DA-6DD987941BA9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-05] (AVAST Software) Task: {E7582317-E766-47E4-8799-C539695DF5CD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-12-29] (Microsoft Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-12-29 17:49 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2014-12-29 16:31 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2015-01-13 19:44 - 2015-01-13 19:44 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011302\algo.dll 2015-01-14 13:19 - 2015-01-14 13:19 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011400\algo.dll 2015-01-27 23:31 - 2015-01-27 23:31 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012701\algo.dll 2015-01-05 16:36 - 2015-01-05 16:36 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-12-29 17:27 - 2014-12-16 23:22 - 00750080 _____ () C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-01-27 20:19 - 2015-01-27 20:19 - 00043008 _____ () c:\Users\Sebastian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_rcjzr.dll 2014-12-29 17:27 - 2014-12-16 23:22 - 00047616 _____ () C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\libEGL.dll 2014-12-29 17:27 - 2014-12-16 23:22 - 00863744 _____ () C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2014-12-29 17:27 - 2014-12-16 23:22 - 00200704 _____ () C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2014-12-29 16:26 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll 2015-01-27 10:53 - 2015-01-25 07:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll 2015-01-27 10:53 - 2015-01-25 07:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll 2015-01-27 10:53 - 2015-01-25 07:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll 2015-01-27 10:53 - 2015-01-25 07:08 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00113171 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 02396691 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00268307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00031251 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00066579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 02043411 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00100371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00244243 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00076307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00045587 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00060947 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00531475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00708627 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00114195 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00040467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00133139 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 01512467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00296979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 01248787 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00054291 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00038419 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00036371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 11148307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00116755 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_http_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00383507 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00118803 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00021011 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00017427 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00189971 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00336403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00091667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00016403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00067603 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00146451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00077331 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00733203 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00015891 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00022035 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00021523 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00030739 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00021011 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00063507 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00036883 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00017427 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00024595 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00064531 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00292371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00017939 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 01280019 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00018451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00344595 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00198675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00027155 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 01393171 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00130579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00168979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00058899 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 01496083 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00019475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00013331 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Sebastian\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-4268585155-477541547-2403888294-500 - Administrator - Disabled) Gast (S-1-5-21-4268585155-477541547-2403888294-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4268585155-477541547-2403888294-1003 - Limited - Enabled) Sebastian (S-1-5-21-4268585155-477541547-2403888294-1001 - Administrator - Enabled) => C:\Users\Sebastian ==================== Faulty Device Manager Devices ============= Name: Photosmart B110 series Description: Photosmart B110 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Photosmart B110 series Description: Photosmart B110 series Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: HP Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/27/2015 10:48:23 PM) (Source: Chrome) (EventID: 1) (User: NT-AUTORITÄT) Description: Chrome has encountered a fatal error. ver=40.0.2214.93;lang=;guid=4819C7AF15FB4C6597A739A1BAABFA5C;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0717d699-4bae-4852-9d48-8686aa7837ce.dmp Error: (01/27/2015 11:13:45 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3109 Error: (01/27/2015 11:13:45 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3109 Error: (01/27/2015 11:13:45 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/27/2015 11:13:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2031 Error: (01/27/2015 11:13:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2031 Error: (01/27/2015 11:13:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/27/2015 11:13:43 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1016 Error: (01/27/2015 11:13:43 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1016 Error: (01/27/2015 11:13:43 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (01/26/2015 10:31:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/26/2015 10:31:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (01/15/2015 10:37:05 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (01/15/2015 10:36:57 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (01/15/2015 10:36:57 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (01/15/2015 10:14:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software für Windows 8, 8.1 und Windows Server 2012, 2012 R2 x64 Edition - Januar 2015 (KB890830) Error: (01/14/2015 02:29:32 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105. Error: (01/10/2015 04:10:09 PM) (Source: disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (01/09/2015 04:50:02 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (12/31/2014 01:35:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Windows Defender – KB2267602 (Definition 1.191.1251.0) Microsoft Office Sessions: ========================= Error: (01/27/2015 10:48:23 PM) (Source: Chrome) (EventID: 1) (User: NT-AUTORITÄT) Description: Chrome has encountered a fatal error. ver=40.0.2214.93;lang=;guid=4819C7AF15FB4C6597A739A1BAABFA5C;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0717d699-4bae-4852-9d48-8686aa7837ce.dmp Error: (01/27/2015 11:13:45 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3109 Error: (01/27/2015 11:13:45 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3109 Error: (01/27/2015 11:13:45 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/27/2015 11:13:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2031 Error: (01/27/2015 11:13:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2031 Error: (01/27/2015 11:13:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/27/2015 11:13:43 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1016 Error: (01/27/2015 11:13:43 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1016 Error: (01/27/2015 11:13:43 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz Percentage of memory in use: 88% Total physical RAM: 4078.3 MB Available physical RAM: 462.28 MB Total Pagefile: 6254.3 MB Available Pagefile: 1589.13 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:238.47 GB) (Free:184.67 GB) NTFS Drive d: () (Fixed) (Total:488.28 GB) (Free:167.36 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: () (Fixed) (Total:488.28 GB) (Free:64.39 GB) NTFS Drive g: () (Fixed) (Total:886.45 GB) (Free:692.9 GB) NTFS Drive h: (INTENSO) (Fixed) (Total:931.51 GB) (Free:555.54 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: FEE698B2) Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 9EF08A9A) Partition 1: (Active) - (Size=488.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=886.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 931.5 GB) (Disk ID: 6A520E65) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
28.01.2015, 13:31 | #4 |
/// the machine /// TB-Ausbilder | Infiziert mit MultiPlug.Gen4 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\$Recycle.Bin C:\Users\Sebastian\Desktop\{23a62013-36fe-2597-23a6-6201336f804c}.zip Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
28.01.2015, 13:45 | #5 |
| Infiziert mit MultiPlug.Gen4 Hier das Ergebnis (die Datei auf dem Desktop hatte ich gestern Nacht noch selbst gelöscht & Papierkorb geleert...) Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01 Ran by Sebastian at 2015-01-28 13:35:07 Run:1 Running from C:\Users\Sebastian\Downloads Loaded Profiles: Sebastian (Available profiles: Sebastian) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\$Recycle.Bin C:\Users\Sebastian\Desktop\{23a62013-36fe-2597-23a6-6201336f804c}.zip Emptytemp: ***************** C:\$Recycle.Bin => Moved successfully. "C:\Users\Sebastian\Desktop\{23a62013-36fe-2597-23a6-6201336f804c}.zip" => File/Directory not found. EmptyTemp: => Removed 3 GB temporary data. The system needed a reboot. ==== End of Fixlog 13:35:27 ==== |
28.01.2015, 17:23 | #6 |
/// the machine /// TB-Ausbilder | Infiziert mit MultiPlug.Gen4 Bestehen noch Probleme?
__________________ --> Infiziert mit MultiPlug.Gen4 |
28.01.2015, 20:09 | #7 |
| Infiziert mit MultiPlug.Gen4 Ich bin nicht sicher, ich bin mir über ein eventuelles Restrisiko nicht im Klaren. Soll ich diese letzten Schritte wie Delfix noch machen? Außerdem: Avast hat die Datei nicht als schädlich erkannt. Hast Du Vorschläge für eine bessere (kostenlose) Alternative? Zuletzt: Sollte ich meine Passwörter usw. in Chrome ändern? Alles in allem war die .exe nach dem ersten Starten ca. eine halbe Sekunde im Taskmanager, bevor ich sie rausgeworfen habe - währenddessen war Chrome aktiv. Danach war sie nach einem Neustart leider noch mal ~10sec aktiv, jedoch ohne Chrome nebenher... Vielen Dank für die Hilfe soweit! |
29.01.2015, 07:09 | #8 |
/// the machine /// TB-Ausbilder | Infiziert mit MultiPlug.Gen4 Passwörter auf jeden Fall ändern. Kein AV bietet 100% Schutz. Wenn es unbedingt werbe-behafteter Freeware-Kram sein muss is Avast schon gut. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.01.2015, 23:48 | #9 |
| Infiziert mit MultiPlug.Gen4 Alles klar, passt dann. Vielen Dank, habe euch ein wenig gespendet! =) |
30.01.2015, 09:48 | #10 |
/// the machine /// TB-Ausbilder | Infiziert mit MultiPlug.Gen4 Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Infiziert mit MultiPlug.Gen4 |
administrator, adware/multiplug.gen4, antivirus, bonjour, browser, defender, desktop, explorer, google, helper, homepage, launch, mozilla, multiplug.gen4, nvidia, problem, registry, rundll, security, services.exe, software, system, win8.1, windows, winlogon.exe |