![]() |
|
Plagegeister aller Art und deren Bekämpfung: Infiziert mit MultiPlug.Gen4Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() Infiziert mit MultiPlug.Gen4 Hallo, ich habe dasselbe Problem wie hier: http://www.trojaner-board.de/161918-...plug-gen4.html (nur mit Win8.1 64bit) Obwohl man es sich nie zutrauen würde, war ich dieses mal voreilig und habe eine Datei heruntergeladen, und geöffnet bevor ich die Endung checkte. Hier der Bericht auf Virustotal: https://www.virustotal.com/de/file/5870fd84c74a20c76252ad3f6004dbe21c9db7a94cc9b182288e500d4db54846/analysis/1422401881/ Ich bin bereits alle Schritte bis ESET Online Scanner abgeklappert und habe zuvor per Hand aus C:\ProgramData ein Verzeichnis gelöscht, das im Autostart war. Hier der letzte FRST: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by Sebastian (administrator) on DIRAC on 28-01-2015 01:18:10 Running from C:\Users\Sebastian\Downloads Loaded Profiles: Sebastian (Available profiles: Sebastian) Platform: Windows 8.1 Pro N (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software) HKU\S-1-5-21-4268585155-477541547-2403888294-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-4268585155-477541547-2403888294-1001\...\MountPoints2: {5ed287f3-a0e1-11e4-9c06-14dae9ec0df6} - "H:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-4268585155-477541547-2403888294-1001\...\MountPoints2: {5ed28943-a0e1-11e4-9c06-14dae9ec0df6} - "H:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-4268585155-477541547-2403888294-1001\...\MountPoints2: {d9bc5bcb-8f75-11e4-9bfc-14dae9ec0df6} - "H:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-4268585155-477541547-2403888294-1001\...\MountPoints2: {d9bc5bd3-8f75-11e4-9bfc-14dae9ec0df6} - "I:\HTC_Sync_Manager_PC.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4268585155-477541547-2403888294-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.3 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.0.2.5203600\npmathplugin.dll (Wolfram Research, Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-05] Chrome: ======= CHR HomePage: Default -> hxxp://start.facemoods.com/?a=ddrnw CHR StartupUrls: Default -> "hxxp://facebook.com/", "hxxp://www.golem.de/" CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29] CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29] CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-29] CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29] CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-29] CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29] CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejcnhmeicafddjdaeecddemnhnomiaai [2014-12-29] CHR Extension: (SciLor's Grooveshark(tm) Unlocker) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegenemlbjkbnfpgdmjddbeiecdbpob [2014-12-29] CHR Extension: (Google Tabellen) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29] CHR Extension: (AdBlock) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-29] CHR Extension: (Avast Online Security) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-29] CHR Extension: (Wolfram Alpha (Official)) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2014-12-29] CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29] CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-05] (AVAST Software) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed] S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-05] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-05] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-05] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-05] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-05] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-05] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-05] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-05] () R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.) R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-28 01:15 - 2015-01-28 01:15 - 00852573 _____ () C:\Users\Sebastian\Desktop\SecurityCheck.exe 2015-01-28 00:25 - 2015-01-28 00:25 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-28 00:24 - 2015-01-28 00:24 - 02347384 _____ (ESET) C:\Users\Sebastian\Downloads\esetsmartinstaller_deu.exe 2015-01-28 00:11 - 2015-01-28 00:11 - 00000000 ____D () C:\Windows\ERUNT 2015-01-28 00:07 - 2015-01-28 00:07 - 01707939 _____ (Thisisu) C:\Users\Sebastian\Downloads\JRT.exe 2015-01-28 00:01 - 2015-01-28 00:04 - 00000000 ____D () C:\AdwCleaner 2015-01-28 00:00 - 2015-01-28 00:01 - 02194432 _____ () C:\Users\Sebastian\Downloads\AdwCleaner_4.109.exe 2015-01-27 23:52 - 2015-01-28 00:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-27 23:52 - 2015-01-27 23:52 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-27 23:52 - 2015-01-27 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-27 23:52 - 2015-01-27 23:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-27 23:52 - 2015-01-27 23:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-27 23:52 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-27 23:52 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-27 23:52 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-27 23:51 - 2015-01-27 23:52 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Sebastian\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-27 23:35 - 2015-01-28 01:18 - 00016666 _____ () C:\Users\Sebastian\Downloads\FRST.txt 2015-01-27 23:35 - 2015-01-28 01:18 - 00000000 ____D () C:\FRST 2015-01-27 23:35 - 2015-01-27 23:36 - 00033357 _____ () C:\Users\Sebastian\Downloads\Addition.txt 2015-01-27 23:34 - 2015-01-27 23:35 - 02129920 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe 2015-01-27 23:22 - 2015-01-27 23:22 - 01978007 _____ () C:\Users\Sebastian\Downloads\mp3gain-win-full-1_2_5.exe 2015-01-27 23:21 - 2015-01-27 23:23 - 00000000 ____D () C:\Program Files (x86)\MP3Gain 2015-01-27 23:21 - 2015-01-27 23:21 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain 2015-01-27 23:21 - 2015-01-27 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain 2015-01-27 10:11 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2015-01-27 10:11 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2015-01-26 22:41 - 2014-11-05 22:46 - 00000220 _____ () C:\Users\Sebastian\Desktop\BioShock.url 2015-01-26 22:35 - 2015-01-26 22:35 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer 2015-01-26 22:35 - 2015-01-26 22:35 - 00000000 ____D () C:\Program Files\Reference Assemblies 2015-01-26 22:35 - 2015-01-26 22:35 - 00000000 ____D () C:\Program Files\MSBuild 2015-01-26 22:35 - 2015-01-26 22:35 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies 2015-01-26 22:35 - 2015-01-26 22:35 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-01-26 22:34 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll 2015-01-26 22:34 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-01-26 22:34 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll 2015-01-26 22:34 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-01-26 22:32 - 2015-01-26 23:50 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Bioshock 2015-01-26 22:32 - 2015-01-26 22:44 - 00000000 ____D () C:\Users\Sebastian\Documents\Bioshock 2015-01-26 22:32 - 2015-01-26 22:32 - 00146032 _____ () C:\Windows\DirectX.log 2015-01-26 22:32 - 2015-01-26 22:32 - 00000175 _____ () C:\Windows\DXError.log 2015-01-26 22:32 - 2007-05-31 19:30 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2015-01-26 22:32 - 2007-05-31 19:30 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2015-01-26 22:32 - 2007-05-31 19:29 - 00021352 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_2.dll 2015-01-26 22:32 - 2007-05-31 19:29 - 00018280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_2.dll 2015-01-26 22:32 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2015-01-26 22:32 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2015-01-26 22:32 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2015-01-26 22:32 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2015-01-26 22:32 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2015-01-26 22:32 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2015-01-26 22:32 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2015-01-26 22:32 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2015-01-26 22:32 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2015-01-26 22:32 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2015-01-26 22:32 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2015-01-26 22:32 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2015-01-26 22:32 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2015-01-26 22:32 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2015-01-26 22:32 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2015-01-26 22:32 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2015-01-26 22:32 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2015-01-26 22:32 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2015-01-26 22:32 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2015-01-26 22:32 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2015-01-26 22:32 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2015-01-26 22:32 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2015-01-26 22:32 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2015-01-26 22:32 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2015-01-26 22:32 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2015-01-26 22:32 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2015-01-26 22:32 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2015-01-26 22:32 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2015-01-26 22:32 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2015-01-26 22:32 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2015-01-26 22:32 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2015-01-26 22:32 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2015-01-26 22:32 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2015-01-26 22:32 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2015-01-26 22:32 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2015-01-26 22:32 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2015-01-26 22:32 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2015-01-26 22:32 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2015-01-26 22:32 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2015-01-26 22:32 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2015-01-26 22:32 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2015-01-26 22:32 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2015-01-26 22:32 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2015-01-26 22:32 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2015-01-26 22:32 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2015-01-26 22:32 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2015-01-26 22:32 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2015-01-26 22:32 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2015-01-26 22:32 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2015-01-26 22:32 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2015-01-26 22:32 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2015-01-26 22:32 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2015-01-26 22:32 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2015-01-26 22:32 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2015-01-26 22:32 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2015-01-26 22:32 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2015-01-26 22:32 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2015-01-26 22:32 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2015-01-22 23:33 - 2015-01-05 16:36 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-01-22 13:32 - 2015-01-22 13:32 - 00011776 ___SH () C:\Users\Sebastian\Downloads\Thumbs.db 2015-01-20 22:54 - 2015-01-20 22:54 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Downloaded Installations 2015-01-20 22:54 - 2015-01-20 22:54 - 00000000 ____D () C:\Program Files (x86)\HTC 2015-01-20 22:53 - 2015-01-20 22:54 - 00010712 _____ () C:\Windows\DPINST.LOG 2015-01-20 22:51 - 2015-01-20 22:55 - 00000000 ____D () C:\Temp 2015-01-20 22:51 - 2015-01-20 22:51 - 00000000 ____D () C:\ProgramData\HTC 2015-01-20 22:51 - 2009-11-02 11:16 - 00033736 _____ (HTC, Corporation) C:\Windows\system32\Drivers\ANDROIDUSB.sys 2015-01-20 22:51 - 2009-06-09 14:41 - 01122664 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll 2015-01-19 02:36 - 2015-01-19 02:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2015-01-15 10:38 - 2015-01-15 10:38 - 00000000 ____D () C:\ProgramData\WEBREG 2015-01-15 10:37 - 2015-01-15 10:38 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\HP 2015-01-15 10:37 - 2015-01-15 10:37 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\HP 2015-01-15 10:34 - 2015-01-15 10:34 - 00001377 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk 2015-01-15 10:34 - 2015-01-15 10:34 - 00001371 _____ () C:\Users\Public\Desktop\HP Solution Center.lnk 2015-01-15 10:34 - 2015-01-15 10:34 - 00000000 ____D () C:\ProgramData\HP Product Assistant 2015-01-15 10:33 - 2015-01-15 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-01-15 10:33 - 2015-01-15 10:34 - 00000000 ____D () C:\Program Files (x86)\HP 2015-01-15 10:33 - 2015-01-15 10:33 - 00002026 _____ () C:\Users\Public\Desktop\HP ePrinterCenter.lnk 2015-01-15 10:33 - 2009-10-21 15:39 - 00138752 _____ (Hewlett-Packard Company) C:\Windows\system32\hpf3l101.dll 2015-01-15 10:31 - 2015-01-15 10:37 - 00250352 _____ () C:\Windows\hpoins47.dat 2015-01-15 10:31 - 2015-01-15 10:37 - 00000836 _____ () C:\ProgramData\hpzinstall.log 2015-01-15 10:31 - 2012-10-15 07:58 - 00000478 ____N () C:\Windows\hpomdl47.dat 2015-01-15 10:30 - 2015-01-15 10:37 - 00000000 ____D () C:\ProgramData\HP 2015-01-15 10:30 - 2012-09-14 23:00 - 01421824 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpost_p04b.dll 2015-01-15 10:30 - 2012-09-14 23:00 - 01175552 _____ (Hewlett-Packard) C:\Windows\system32\hposwia_p04b.dll 2015-01-15 10:30 - 2012-09-14 23:00 - 00643200 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll 2015-01-15 10:30 - 2012-09-14 22:59 - 00521216 _____ (Hewlett-Packard Co.) C:\Windows\system32\hposc_p04a.dll 2015-01-14 14:43 - 2015-01-14 14:43 - 00000000 ____D () C:\Users\Sebastian\Documents\Benutzerdefinierte Office-Vorlagen 2015-01-14 14:32 - 2015-01-14 14:32 - 00000000 __RHD () C:\MSOCache 2015-01-14 07:55 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 07:54 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 07:54 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys 2015-01-14 07:53 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 07:53 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-01-14 07:53 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 07:53 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-01-14 07:53 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 07:52 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2015-01-14 07:52 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-01-14 07:52 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2015-01-14 07:52 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2015-01-14 07:52 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2015-01-14 07:52 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-01-14 07:52 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe 2015-01-14 07:52 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe 2015-01-14 07:52 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2015-01-14 07:52 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2015-01-14 07:52 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2015-01-14 07:52 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-01-14 07:52 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-01-14 07:52 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-01-14 07:52 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-01-14 07:52 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2015-01-14 07:52 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2015-01-14 07:52 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-01-14 07:52 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-01-14 07:52 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-01-14 07:52 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2015-01-14 07:52 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll 2015-01-14 07:52 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-01-10 16:12 - 2015-01-10 16:12 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2015-01-08 06:51 - 2015-01-08 06:51 - 00000000 ___HD () C:\ProgramData\CanonBJ 2015-01-08 06:51 - 2012-04-16 05:00 - 00389120 _____ (CANON INC.) C:\Windows\system32\CNMLMBA.DLL 2015-01-05 16:44 - 2015-01-05 16:44 - 00001494 _____ () C:\Users\Sebastian\Desktop\JDownloader.lnk 2015-01-05 16:42 - 2015-01-05 16:42 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Logitech 2015-01-05 16:42 - 2015-01-05 16:42 - 00000000 ____D () C:\ProgramData\LogiShrd 2015-01-05 16:41 - 2015-01-05 16:41 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2015-01-05 16:41 - 2015-01-05 16:41 - 00000388 _____ () C:\Windows\LkmdfCoInst.log 2015-01-05 16:41 - 2015-01-05 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-01-05 16:41 - 2015-01-05 16:41 - 00000000 ____D () C:\ProgramData\Apple 2015-01-05 16:41 - 2015-01-05 16:41 - 00000000 ____D () C:\Program Files\Logitech Gaming Software 2015-01-05 16:41 - 2015-01-05 16:41 - 00000000 ____D () C:\Program Files\Bonjour 2015-01-05 16:41 - 2015-01-05 16:41 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2015-01-05 16:40 - 2015-01-05 16:40 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Logitech 2015-01-05 16:40 - 2015-01-05 16:40 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Logishrd 2015-01-05 16:39 - 2015-01-05 16:39 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\WinRAR 2015-01-05 16:36 - 2015-01-05 16:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-01-05 16:32 - 2015-01-05 16:32 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\AVAST Software 2015-01-05 16:26 - 2015-01-28 00:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-01-05 16:26 - 2015-01-27 23:00 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2015-01-05 16:26 - 2015-01-22 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-01-05 16:26 - 2015-01-05 16:36 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2015-01-05 16:26 - 2015-01-05 16:36 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-01-05 16:26 - 2015-01-05 16:36 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-01-05 16:26 - 2015-01-05 16:36 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-01-05 16:26 - 2015-01-05 16:36 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-01-05 16:26 - 2015-01-05 16:36 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2015-01-05 16:26 - 2015-01-05 16:36 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-01-05 16:26 - 2015-01-05 16:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-01-05 16:26 - 2015-01-05 16:26 - 00000000 ____D () C:\Program Files\AVAST Software 2015-01-05 16:25 - 2015-01-05 16:26 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-01-05 16:08 - 2015-01-27 23:00 - 00000664 _____ () C:\Users\Sebastian\Desktop\egofm.txt 2015-01-02 17:18 - 2015-01-02 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-01-02 17:18 - 2015-01-02 17:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-01-02 17:18 - 2015-01-02 17:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-01-01 05:54 - 2014-02-22 16:41 - 01215832 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll 2015-01-01 05:54 - 2014-02-22 16:41 - 00800552 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll 2015-01-01 05:54 - 2014-02-22 16:41 - 00372360 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll !!!Hier hab ich ein wenig gekürzt - wäre sonst zu voll geworden!!!! ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-28 01:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2015-01-28 00:09 - 2014-03-18 11:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-28 00:09 - 2014-03-18 10:29 - 00764340 _____ () C:\Windows\system32\perfh007.dat 2015-01-28 00:09 - 2014-03-18 10:29 - 00159160 _____ () C:\Windows\system32\perfc007.dat 2015-01-28 00:05 - 2013-08-22 15:45 - 00053289 _____ () C:\Windows\setupact.log 2015-01-28 00:05 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-28 00:04 - 2014-03-18 02:53 - 00053264 _____ () C:\Windows\PFRO.log 2015-01-28 00:04 - 2013-08-22 15:44 - 00484376 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-28 00:04 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-01-27 10:52 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-01-26 22:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI 2015-01-26 22:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\MUI 2015-01-19 22:32 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-19 22:32 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-15 10:37 - 2013-08-22 14:25 - 00000127 _____ () C:\Windows\win.ini 2015-01-14 14:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-01-08 06:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\FxsTmp 2015-01-02 14:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2015-01-01 07:13 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-01-01 05:43 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-01 05:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-31 14:40 - 2014-03-18 10:45 - 00000000 ____D () C:\Program Files\Windows Journal 2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\setup 2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod 2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\setup 2014-12-31 14:40 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\oobe 2014-12-31 13:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates 2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore 2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS 2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer 2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager 2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera 2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-12-30 19:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-12-29 16:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\restore 2014-12-29 16:31 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help 2014-12-29 16:13 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT 2014-12-29 16:13 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default 2014-12-29 16:12 - 2013-08-22 16:37 - 00002664 _____ () C:\Windows\DtcInstall.log 2014-12-29 16:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\Recovery 2014-12-29 16:11 - 2013-08-22 16:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template ==================== Files in the root of some directories ======= 2015-01-15 10:31 - 2015-01-15 10:37 - 0000836 _____ () C:\ProgramData\hpzinstall.log Some content of TEMP: ==================== C:\Users\Sebastian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzv2unl.dll C:\Users\Sebastian\AppData\Local\Temp\Quarantine.exe C:\Users\Sebastian\AppData\Local\Temp\Samsung_Magician_Setup_v45.exe C:\Users\Sebastian\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-21 08:09 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Mbam war sauber, das ist AdwCleaner: Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 28/01/2015 um 00:04:10 # Aktualisiert 24/01/2015 von Xplode # Database : 2015-01-24.3 [Local] # Betriebssystem : Windows 8.1 Pro N (64 bits) # Benutzername : Sebastian - DIRAC # Gestartet von : C:\Users\Sebastian\Downloads\AdwCleaner_4.109.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\Sebastian\AppData\Local\CrashRpt Datei Gelöscht : C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Google Chrome v40.0.2214.93 [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms} [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN16122923552693110&ctid=CT3281675&UM=2 [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN16122923552693110&ctid=CT3281675&UM=2 [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://en.softonic.com/s/{searchTerms} [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 [C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms} ************************* AdwCleaner[R0].txt - [2128 octets] - [28/01/2015 00:02:30] AdwCleaner[S0].txt - [2049 octets] - [28/01/2015 00:04:10] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2109 octets] ########## ESET läuft gerade, hat aber bereits 5 Bedrohungen erkannt - 4 davon MultiPlug.EL... \edit: habe ESET jetzt mal beendet, nachdem es mit C:\ durch war (Einzige benutzte Partition in der Zeit...) Ergebnis: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=a4ef6f8110d68c45a01299d11902f4e8 # engine=22179 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-01-28 12:08:42 # local_time=2015-01-28 01:08:42 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 71 94 3828 1935732 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 198902 12708041 0 0 # scanned=240336 # found=5 # cleaned=0 # scan_time=2354 sh=ED4A7763761C347B2B3E5EE4E5B1B71F9F79324D ft=1 fh=20ae4f40e7c865e2 vn="Variante von Win32/Adware.MultiPlug.EL Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-4268585155-477541547-2403888294-1001\$R4UK6GG.exe" sh=DE1EFD1178B792DE468335BE0696F532736C8582 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.MultiPlug.EL Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-4268585155-477541547-2403888294-1001\$RXX0I0H.rar" sh=E709F0CDAE1258A8BEC672F733492CDE404CB81C ft=1 fh=a523d5667a4187e0 vn="Win32/Somoto.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sebastian\AppData\Local\Microsoft\Windows\INetCache\IE\BMSQD2JS\BiTool[1].dll" sh=ED4A7763761C347B2B3E5EE4E5B1B71F9F79324D ft=1 fh=20ae4f40e7c865e2 vn="Variante von Win32/Adware.MultiPlug.EL Anwendung" ac=I fn="C:\Users\Sebastian\AppData\Local\Temp\1711e9\temp\Mystery Skulls - -Ghost- (Official Music Video).mp3.exe" sh=9F91096A506A0FCBADC5CF24E1F180709A55E671 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.MultiPlug.EL Anwendung" ac=I fn="C:\Users\Sebastian\Desktop\{23a62013-36fe-2597-23a6-6201336f804c}.zip" Buembel Geändert von Buembel (28.01.2015 um 01:21 Uhr) |
Themen zu Infiziert mit MultiPlug.Gen4 |
administrator, adware/multiplug.gen4, antivirus, bonjour, browser, defender, desktop, explorer, google, helper, homepage, launch, mozilla, multiplug.gen4, nvidia, problem, registry, rundll, security, services.exe, software, system, win8.1, windows, winlogon.exe |