Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Infiziert mit MultiPlug.Gen4

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 28.01.2015, 01:01   #1
Buembel
 
Infiziert mit MultiPlug.Gen4 - Standard

Infiziert mit MultiPlug.Gen4



Hallo,

ich habe dasselbe Problem wie hier:
http://www.trojaner-board.de/161918-...plug-gen4.html
(nur mit Win8.1 64bit)

Obwohl man es sich nie zutrauen würde, war ich dieses mal voreilig und habe eine Datei heruntergeladen, und geöffnet bevor ich die Endung checkte. Hier der Bericht auf Virustotal:

https://www.virustotal.com/de/file/5870fd84c74a20c76252ad3f6004dbe21c9db7a94cc9b182288e500d4db54846/analysis/1422401881/


Ich bin bereits alle Schritte bis ESET Online Scanner abgeklappert und habe zuvor per Hand aus C:\ProgramData ein Verzeichnis gelöscht, das im Autostart war. Hier der letzte FRST:


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Sebastian (administrator) on DIRAC on 28-01-2015 01:18:10
Running from C:\Users\Sebastian\Downloads
Loaded Profiles: Sebastian (Available profiles: Sebastian)
Platform: Windows 8.1 Pro N (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKU\S-1-5-21-4268585155-477541547-2403888294-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4268585155-477541547-2403888294-1001\...\MountPoints2: {5ed287f3-a0e1-11e4-9c06-14dae9ec0df6} - "H:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-4268585155-477541547-2403888294-1001\...\MountPoints2: {5ed28943-a0e1-11e4-9c06-14dae9ec0df6} - "H:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-4268585155-477541547-2403888294-1001\...\MountPoints2: {d9bc5bcb-8f75-11e4-9bfc-14dae9ec0df6} - "H:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-4268585155-477541547-2403888294-1001\...\MountPoints2: {d9bc5bd3-8f75-11e4-9bfc-14dae9ec0df6} - "I:\HTC_Sync_Manager_PC.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4268585155-477541547-2403888294-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.3

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.0.2.5203600\npmathplugin.dll (Wolfram Research, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-05]

Chrome: 
=======
CHR HomePage: Default -> hxxp://start.facemoods.com/?a=ddrnw
CHR StartupUrls: Default -> "hxxp://facebook.com/", "hxxp://www.golem.de/"
CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29]
CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]
CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-29]
CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29]
CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-29]
CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29]
CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejcnhmeicafddjdaeecddemnhnomiaai [2014-12-29]
CHR Extension: (SciLor's Grooveshark(tm) Unlocker) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegenemlbjkbnfpgdmjddbeiecdbpob [2014-12-29]
CHR Extension: (Google Tabellen) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29]
CHR Extension: (AdBlock) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-29]
CHR Extension: (Avast Online Security) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-29]
CHR Extension: (Wolfram
Alpha (Official)) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2014-12-29]
CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]
CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-05] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-05] ()
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 01:15 - 2015-01-28 01:15 - 00852573 _____ () C:\Users\Sebastian\Desktop\SecurityCheck.exe
2015-01-28 00:25 - 2015-01-28 00:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-28 00:24 - 2015-01-28 00:24 - 02347384 _____ (ESET) C:\Users\Sebastian\Downloads\esetsmartinstaller_deu.exe
2015-01-28 00:11 - 2015-01-28 00:11 - 00000000 ____D () C:\Windows\ERUNT
2015-01-28 00:07 - 2015-01-28 00:07 - 01707939 _____ (Thisisu) C:\Users\Sebastian\Downloads\JRT.exe
2015-01-28 00:01 - 2015-01-28 00:04 - 00000000 ____D () C:\AdwCleaner
2015-01-28 00:00 - 2015-01-28 00:01 - 02194432 _____ () C:\Users\Sebastian\Downloads\AdwCleaner_4.109.exe
2015-01-27 23:52 - 2015-01-28 00:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 23:52 - 2015-01-27 23:52 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-27 23:52 - 2015-01-27 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-27 23:52 - 2015-01-27 23:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-27 23:52 - 2015-01-27 23:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-27 23:52 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-27 23:52 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-27 23:52 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-27 23:51 - 2015-01-27 23:52 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Sebastian\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-27 23:35 - 2015-01-28 01:18 - 00016666 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2015-01-27 23:35 - 2015-01-28 01:18 - 00000000 ____D () C:\FRST
2015-01-27 23:35 - 2015-01-27 23:36 - 00033357 _____ () C:\Users\Sebastian\Downloads\Addition.txt
2015-01-27 23:34 - 2015-01-27 23:35 - 02129920 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe
2015-01-27 23:22 - 2015-01-27 23:22 - 01978007 _____ () C:\Users\Sebastian\Downloads\mp3gain-win-full-1_2_5.exe
2015-01-27 23:21 - 2015-01-27 23:23 - 00000000 ____D () C:\Program Files (x86)\MP3Gain
2015-01-27 23:21 - 2015-01-27 23:21 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-01-27 23:21 - 2015-01-27 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-01-27 10:11 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-01-27 10:11 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-01-26 22:41 - 2014-11-05 22:46 - 00000220 _____ () C:\Users\Sebastian\Desktop\BioShock.url
2015-01-26 22:35 - 2015-01-26 22:35 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-01-26 22:35 - 2015-01-26 22:35 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-01-26 22:35 - 2015-01-26 22:35 - 00000000 ____D () C:\Program Files\MSBuild
2015-01-26 22:35 - 2015-01-26 22:35 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-01-26 22:35 - 2015-01-26 22:35 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-26 22:34 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2015-01-26 22:34 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-01-26 22:34 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2015-01-26 22:34 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-01-26 22:32 - 2015-01-26 23:50 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Bioshock
2015-01-26 22:32 - 2015-01-26 22:44 - 00000000 ____D () C:\Users\Sebastian\Documents\Bioshock
2015-01-26 22:32 - 2015-01-26 22:32 - 00146032 _____ () C:\Windows\DirectX.log
2015-01-26 22:32 - 2015-01-26 22:32 - 00000175 _____ () C:\Windows\DXError.log
2015-01-26 22:32 - 2007-05-31 19:30 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-01-26 22:32 - 2007-05-31 19:30 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-01-26 22:32 - 2007-05-31 19:29 - 00021352 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_2.dll
2015-01-26 22:32 - 2007-05-31 19:29 - 00018280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_2.dll
2015-01-26 22:32 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-01-26 22:32 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-01-26 22:32 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-01-26 22:32 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-01-26 22:32 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-01-26 22:32 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-01-26 22:32 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-01-26 22:32 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-01-26 22:32 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-01-26 22:32 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-01-26 22:32 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-01-26 22:32 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-01-26 22:32 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-01-26 22:32 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-01-26 22:32 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-01-26 22:32 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-01-26 22:32 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-01-26 22:32 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-01-26 22:32 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-01-26 22:32 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-01-26 22:32 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-01-26 22:32 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-01-26 22:32 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-01-26 22:32 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-01-26 22:32 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-01-26 22:32 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-01-26 22:32 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-01-26 22:32 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-01-26 22:32 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-01-26 22:32 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-01-26 22:32 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-01-26 22:32 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-01-26 22:32 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-01-26 22:32 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-01-26 22:32 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-01-26 22:32 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-01-26 22:32 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-01-26 22:32 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-01-26 22:32 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-01-26 22:32 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-01-26 22:32 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-01-26 22:32 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-01-26 22:32 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-01-26 22:32 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-01-26 22:32 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-01-26 22:32 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-01-26 22:32 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-01-26 22:32 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-01-26 22:32 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-01-26 22:32 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-01-26 22:32 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-01-26 22:32 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-01-26 22:32 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-01-26 22:32 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-01-26 22:32 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-01-26 22:32 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-01-26 22:32 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-01-26 22:32 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-01-22 23:33 - 2015-01-05 16:36 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-22 13:32 - 2015-01-22 13:32 - 00011776 ___SH () C:\Users\Sebastian\Downloads\Thumbs.db
2015-01-20 22:54 - 2015-01-20 22:54 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Downloaded Installations
2015-01-20 22:54 - 2015-01-20 22:54 - 00000000 ____D () C:\Program Files (x86)\HTC
2015-01-20 22:53 - 2015-01-20 22:54 - 00010712 _____ () C:\Windows\DPINST.LOG
2015-01-20 22:51 - 2015-01-20 22:55 - 00000000 ____D () C:\Temp
2015-01-20 22:51 - 2015-01-20 22:51 - 00000000 ____D () C:\ProgramData\HTC
2015-01-20 22:51 - 2009-11-02 11:16 - 00033736 _____ (HTC, Corporation) C:\Windows\system32\Drivers\ANDROIDUSB.sys
2015-01-20 22:51 - 2009-06-09 14:41 - 01122664 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2015-01-19 02:36 - 2015-01-19 02:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-01-15 10:38 - 2015-01-15 10:38 - 00000000 ____D () C:\ProgramData\WEBREG
2015-01-15 10:37 - 2015-01-15 10:38 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\HP
2015-01-15 10:37 - 2015-01-15 10:37 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\HP
2015-01-15 10:34 - 2015-01-15 10:34 - 00001377 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2015-01-15 10:34 - 2015-01-15 10:34 - 00001371 _____ () C:\Users\Public\Desktop\HP Solution Center.lnk
2015-01-15 10:34 - 2015-01-15 10:34 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2015-01-15 10:33 - 2015-01-15 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-15 10:33 - 2015-01-15 10:34 - 00000000 ____D () C:\Program Files (x86)\HP
2015-01-15 10:33 - 2015-01-15 10:33 - 00002026 _____ () C:\Users\Public\Desktop\HP ePrinterCenter.lnk
2015-01-15 10:33 - 2009-10-21 15:39 - 00138752 _____ (Hewlett-Packard Company) C:\Windows\system32\hpf3l101.dll
2015-01-15 10:31 - 2015-01-15 10:37 - 00250352 _____ () C:\Windows\hpoins47.dat
2015-01-15 10:31 - 2015-01-15 10:37 - 00000836 _____ () C:\ProgramData\hpzinstall.log
2015-01-15 10:31 - 2012-10-15 07:58 - 00000478 ____N () C:\Windows\hpomdl47.dat
2015-01-15 10:30 - 2015-01-15 10:37 - 00000000 ____D () C:\ProgramData\HP
2015-01-15 10:30 - 2012-09-14 23:00 - 01421824 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpost_p04b.dll
2015-01-15 10:30 - 2012-09-14 23:00 - 01175552 _____ (Hewlett-Packard) C:\Windows\system32\hposwia_p04b.dll
2015-01-15 10:30 - 2012-09-14 23:00 - 00643200 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2015-01-15 10:30 - 2012-09-14 22:59 - 00521216 _____ (Hewlett-Packard Co.) C:\Windows\system32\hposc_p04a.dll
2015-01-14 14:43 - 2015-01-14 14:43 - 00000000 ____D () C:\Users\Sebastian\Documents\Benutzerdefinierte Office-Vorlagen
2015-01-14 14:32 - 2015-01-14 14:32 - 00000000 __RHD () C:\MSOCache
2015-01-14 07:55 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:54 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:54 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 07:53 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:53 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 07:53 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:53 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 07:53 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 07:52 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 07:52 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 07:52 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 07:52 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 07:52 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 07:52 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 07:52 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 07:52 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 07:52 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 07:52 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 07:52 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 07:52 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 07:52 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 07:52 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 07:52 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 07:52 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 07:52 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 07:52 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 07:52 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 07:52 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 07:52 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 07:52 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 07:52 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-10 16:12 - 2015-01-10 16:12 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-08 06:51 - 2015-01-08 06:51 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-01-08 06:51 - 2012-04-16 05:00 - 00389120 _____ (CANON INC.) C:\Windows\system32\CNMLMBA.DLL
2015-01-05 16:44 - 2015-01-05 16:44 - 00001494 _____ () C:\Users\Sebastian\Desktop\JDownloader.lnk
2015-01-05 16:42 - 2015-01-05 16:42 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Logitech
2015-01-05 16:42 - 2015-01-05 16:42 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-01-05 16:41 - 2015-01-05 16:41 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-01-05 16:41 - 2015-01-05 16:41 - 00000388 _____ () C:\Windows\LkmdfCoInst.log
2015-01-05 16:41 - 2015-01-05 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-01-05 16:41 - 2015-01-05 16:41 - 00000000 ____D () C:\ProgramData\Apple
2015-01-05 16:41 - 2015-01-05 16:41 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2015-01-05 16:41 - 2015-01-05 16:41 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-05 16:41 - 2015-01-05 16:41 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-01-05 16:40 - 2015-01-05 16:40 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Logitech
2015-01-05 16:40 - 2015-01-05 16:40 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Logishrd
2015-01-05 16:39 - 2015-01-05 16:39 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\WinRAR
2015-01-05 16:36 - 2015-01-05 16:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-05 16:32 - 2015-01-05 16:32 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\AVAST Software
2015-01-05 16:26 - 2015-01-28 00:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-05 16:26 - 2015-01-27 23:00 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2015-01-05 16:26 - 2015-01-22 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-05 16:26 - 2015-01-05 16:36 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-05 16:26 - 2015-01-05 16:36 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-05 16:26 - 2015-01-05 16:36 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-05 16:26 - 2015-01-05 16:36 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-05 16:26 - 2015-01-05 16:36 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-05 16:26 - 2015-01-05 16:36 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-05 16:26 - 2015-01-05 16:36 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-05 16:26 - 2015-01-05 16:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-05 16:26 - 2015-01-05 16:26 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-05 16:25 - 2015-01-05 16:26 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-05 16:08 - 2015-01-27 23:00 - 00000664 _____ () C:\Users\Sebastian\Desktop\egofm.txt
2015-01-02 17:18 - 2015-01-02 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-02 17:18 - 2015-01-02 17:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-02 17:18 - 2015-01-02 17:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-01 05:54 - 2014-02-22 16:41 - 01215832 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2015-01-01 05:54 - 2014-02-22 16:41 - 00800552 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2015-01-01 05:54 - 2014-02-22 16:41 - 00372360 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll

!!!Hier hab ich ein wenig gekürzt - wäre sonst zu voll geworden!!!!
==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 01:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-28 00:09 - 2014-03-18 11:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 00:09 - 2014-03-18 10:29 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-01-28 00:09 - 2014-03-18 10:29 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-01-28 00:05 - 2013-08-22 15:45 - 00053289 _____ () C:\Windows\setupact.log
2015-01-28 00:05 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 00:04 - 2014-03-18 02:53 - 00053264 _____ () C:\Windows\PFRO.log
2015-01-28 00:04 - 2013-08-22 15:44 - 00484376 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-28 00:04 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-27 10:52 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-26 22:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-01-26 22:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\MUI
2015-01-19 22:32 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-19 22:32 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 10:37 - 2013-08-22 14:25 - 00000127 _____ () C:\Windows\win.ini
2015-01-14 14:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-08 06:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-02 14:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-01-01 07:13 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-01 05:43 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-01 05:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-31 14:40 - 2014-03-18 10:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod
2014-12-31 14:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\setup
2014-12-31 14:40 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-12-31 13:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager
2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera
2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-30 20:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-12-30 19:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-29 16:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\restore
2014-12-29 16:31 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help
2014-12-29 16:13 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT
2014-12-29 16:13 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default
2014-12-29 16:12 - 2013-08-22 16:37 - 00002664 _____ () C:\Windows\DtcInstall.log
2014-12-29 16:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\Recovery
2014-12-29 16:11 - 2013-08-22 16:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template

==================== Files in the root of some directories =======

2015-01-15 10:31 - 2015-01-15 10:37 - 0000836 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Sebastian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzv2unl.dll
C:\Users\Sebastian\AppData\Local\Temp\Quarantine.exe
C:\Users\Sebastian\AppData\Local\Temp\Samsung_Magician_Setup_v45.exe
C:\Users\Sebastian\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-21 08:09

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---


Mbam war sauber, das ist AdwCleaner:

Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 28/01/2015 um 00:04:10
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-24.3 [Local]
# Betriebssystem : Windows 8.1 Pro N  (64 bits)
# Benutzername : Sebastian - DIRAC
# Gestartet von : C:\Users\Sebastian\Downloads\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Sebastian\AppData\Local\CrashRpt
Datei Gelöscht : C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v40.0.2214.93

[C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN16122923552693110&ctid=CT3281675&UM=2
[C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN16122923552693110&ctid=CT3281675&UM=2
[C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
[C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [2128 octets] - [28/01/2015 00:02:30]
AdwCleaner[S0].txt - [2049 octets] - [28/01/2015 00:04:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2109 octets] ##########
         
JRT war auch sauber.

ESET läuft gerade, hat aber bereits 5 Bedrohungen erkannt - 4 davon MultiPlug.EL...

\edit: habe ESET jetzt mal beendet, nachdem es mit C:\ durch war (Einzige benutzte Partition in der Zeit...)

Ergebnis:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a4ef6f8110d68c45a01299d11902f4e8
# engine=22179
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-28 12:08:42
# local_time=2015-01-28 01:08:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 3828 1935732 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 198902 12708041 0 0
# scanned=240336
# found=5
# cleaned=0
# scan_time=2354
sh=ED4A7763761C347B2B3E5EE4E5B1B71F9F79324D ft=1 fh=20ae4f40e7c865e2 vn="Variante von Win32/Adware.MultiPlug.EL Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-4268585155-477541547-2403888294-1001\$R4UK6GG.exe"
sh=DE1EFD1178B792DE468335BE0696F532736C8582 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.MultiPlug.EL Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-4268585155-477541547-2403888294-1001\$RXX0I0H.rar"
sh=E709F0CDAE1258A8BEC672F733492CDE404CB81C ft=1 fh=a523d5667a4187e0 vn="Win32/Somoto.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sebastian\AppData\Local\Microsoft\Windows\INetCache\IE\BMSQD2JS\BiTool[1].dll"
sh=ED4A7763761C347B2B3E5EE4E5B1B71F9F79324D ft=1 fh=20ae4f40e7c865e2 vn="Variante von Win32/Adware.MultiPlug.EL Anwendung" ac=I fn="C:\Users\Sebastian\AppData\Local\Temp\1711e9\temp\Mystery Skulls - -Ghost- (Official Music Video).mp3.exe"
sh=9F91096A506A0FCBADC5CF24E1F180709A55E671 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.MultiPlug.EL Anwendung" ac=I fn="C:\Users\Sebastian\Desktop\{23a62013-36fe-2597-23a6-6201336f804c}.zip"
         
Vielen Dank,
Buembel

Geändert von Buembel (28.01.2015 um 01:21 Uhr)

 

Themen zu Infiziert mit MultiPlug.Gen4
administrator, adware/multiplug.gen4, antivirus, bonjour, browser, defender, desktop, explorer, google, helper, homepage, launch, mozilla, multiplug.gen4, nvidia, problem, registry, rundll, security, services.exe, software, system, win8.1, windows, winlogon.exe




Ähnliche Themen: Infiziert mit MultiPlug.Gen4


  1. Windows 8.1: Besuch von WORM/Lodbak.Gen4
    Plagegeister aller Art und deren Bekämpfung - 28.09.2015 (16)
  2. DealPly.Gen, DealPly.Gen4, Agent.70656.1, bprotecotr.MG, BProtector.Gen2 und Delta.O gefunden. Wie entferne ich diese?
    Log-Analyse und Auswertung - 30.08.2015 (13)
  3. Virenfund durch Virenscanner (Adware + TR/CRYPT.ZPACK+PUA/Multiplug)
    Log-Analyse und Auswertung - 21.05.2015 (12)
  4. multiplug.gen4 von Avira gefunden- gelöscht. was habe ich nun zu befürchten?
    Plagegeister aller Art und deren Bekämpfung - 25.03.2015 (3)
  5. MultiPlug-FVQ
    Plagegeister aller Art und deren Bekämpfung - 07.03.2015 (41)
  6. MultiPlug-FVQ
    Lob, Kritik und Wünsche - 06.03.2015 (1)
  7. advare gen4, dealply, browse fox...
    Plagegeister aller Art und deren Bekämpfung - 09.02.2015 (15)
  8. Mein antivir hat folgende virus gefunden:" tr/crypt.zpack.gen4 " kann ihn nicht entfernen.
    Plagegeister aller Art und deren Bekämpfung - 01.02.2015 (7)
  9. Win 7/32 bit - Avira findet adware/multiplug.gen4 + Firefox stürzt immer ab
    Plagegeister aller Art und deren Bekämpfung - 20.01.2015 (13)
  10. PUP.Optional.Multiplug Registrierungsschlüssel 8Elemente
    Log-Analyse und Auswertung - 28.12.2014 (19)
  11. Win7 (64 bit), Avira-Meldung: adware/multiplug.gen4
    Plagegeister aller Art und deren Bekämpfung - 22.12.2014 (9)
  12. Windows 7 Webseiten werden auf Werbung umgeleitet. Avira fund "adware/multiPlug.Gen2" und 2 TR/Crypt.ZPACK.gen2
    Log-Analyse und Auswertung - 16.12.2014 (16)
  13. Windows 7: ADWARE/CrossRider.Gen4, ADWARE/EoRezo.Gen4 und ADWARE/MPlug 6.14 durch AntiVir gefunden
    Log-Analyse und Auswertung - 22.10.2014 (4)
  14. ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen
    Log-Analyse und Auswertung - 26.09.2014 (11)
  15. PUP.Optional.Multiplug und andere Infektionen
    Log-Analyse und Auswertung - 24.09.2014 (32)
  16. PUP.Optional.multiPlug.A Problem
    Log-Analyse und Auswertung - 16.03.2014 (7)
  17. Mozilla Firefox: Win32/Adware.MultiPlug.H application
    Log-Analyse und Auswertung - 19.05.2013 (17)

Zum Thema Infiziert mit MultiPlug.Gen4 - Hallo, ich habe dasselbe Problem wie hier: http://www.trojaner-board.de/161918-...plug-gen4.html (nur mit Win8.1 64bit) Obwohl man es sich nie zutrauen würde, war ich dieses mal voreilig und habe eine Datei heruntergeladen, und - Infiziert mit MultiPlug.Gen4...
Archiv
Du betrachtest: Infiziert mit MultiPlug.Gen4 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.