| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Malware - Problem mit Bing Toolbar, Tune Up, OperaWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.08.2015, 18:22
| #3 |
 |  Windows 7 Malware - Problem mit Bing Toolbar, Tune Up, Opera Hallo schrauber,
__________________danke für deine erneute Hilfe.  Hoffe das passt so. AdwCleaner Log: Code:
ATTFilter # AdwCleaner v5.000 - Logfile created 17/08/2015 at 18:58:06
# Updated 14/08/2015 by Xplode
# Database : 2015-08-16.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Purpurwoelfin - YATAGARASU
# Running from : C:\Users\Purpurwoelfin\Desktop\Downloads\AdwCleaner_5.000.exe
# Option : Scan
***** [ Services ] *****
***** [ Folders ] *****
Folder Found : C:\Users\Purpurwoelfin\AppData\Roaming\RPEng
***** [ Files ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
*************************
C:\AdwCleaner[S1].txt - [619 octets] - [17/08/2015 18:58:06]
########## EOF - C:\AdwCleaner[S1].txt - [681 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.6 (08.10.2015:1)
OS: Windows 8.1 x64
Ran by Purpurwoelfin on 17.08.2015 at 19:06:40,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Disk Space Explorer Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension
~~~ Files
Successfully deleted: [File] C:\Users\Purpurwoelfin\AppData\Roaming\sp_data.sys
Successfully deleted: [File] C:\Users\Public\Desktop\tuneup utilities 2014.lnk
~~~ Folders
Successfully deleted: [Folder] C:\Program Files (x86)\lavasoft\web companion
Successfully deleted: [Folder] C:\ProgramData\lavasoft\web companion
Successfully deleted: [Folder] C:\Users\Purpurwoelfin\AppData\Roaming\lavasoft\web companion
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.08.2015 at 19:11:25,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015
durchgeführt von Purpurwoelfin (Administrator) auf YATAGARASU (17-08-2015 19:12:58)
Gestartet von C:\Users\Purpurwoelfin\Desktop
Geladene Profile: Purpurwoelfin (Verfügbare Profile: UpdatusUser & Purpurwoelfin)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-07-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1693926620-3961519549-1840115224-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-1693926620-3961519549-1840115224-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-04-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-04-12] (IvoSoft)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
HKU\S-1-5-21-1693926620-3961519549-1840115224-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-1693926620-3961519549-1840115224-1002\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1693926620-3961519549-1840115224-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-04-12] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-12] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-12] (Oracle Corporation)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll [2013-04-12] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-04-12] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-12] (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll [2013-04-12] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-04-12] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-04-12] (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5C2045A5-73C6-4F7A-AC33-7A2A36BF597F}: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Purpurwoelfin\AppData\Roaming\Mozilla\Firefox\Profiles\8ls0a7ox.default
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D081215-A031ED942673F4864B9F&form=CONMHP&conlogo=CT3329380
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-17] ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-02-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-17] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1693926620-3961519549-1840115224-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Purpurwoelfin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-04] (Unity Technologies ApS)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-1693926620-3961519549-1840115224-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-07-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-07-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-07-24] (Avira Operations GmbH & Co. KG)
S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [218816 2015-07-02] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft) [Datei ist nicht signiert]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [Datei ist nicht signiert]
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X]
S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [X]
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-07-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-07-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-12] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [31144 2015-06-04] (TuneUp Software)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-17 19:12 - 2015-08-17 19:13 - 00014221 _____ C:\Users\Purpurwoelfin\Desktop\FRST.txt
2015-08-17 19:11 - 2015-08-17 19:11 - 00001881 _____ C:\Users\Purpurwoelfin\Desktop\JRT.txt
2015-08-17 19:00 - 2015-08-17 19:00 - 00000993 _____ C:\AdwCleaner[C1].txt
2015-08-17 19:00 - 2015-08-17 19:00 - 00000127 ____H C:\.~lock.AdwCleaner[S1].txt#
2015-08-17 18:58 - 2015-08-17 19:00 - 00000000 ____D C:\AdwCleaner
2015-08-17 18:58 - 2015-08-17 18:59 - 00000749 _____ C:\AdwCleaner[S1].txt
2015-08-17 16:14 - 2015-08-17 16:15 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-17 16:14 - 2015-08-17 16:14 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-08-17 16:14 - 2015-08-17 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-08-17 16:14 - 2015-08-17 16:14 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-08-17 16:14 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-17 16:14 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-17 16:14 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-17 14:51 - 2015-08-17 19:13 - 00000000 ____D C:\FRST
2015-08-17 14:51 - 2015-08-17 14:51 - 02173440 _____ (Farbar) C:\Users\Purpurwoelfin\Desktop\FRST64.exe
2015-08-17 14:45 - 2015-08-17 14:45 - 00000000 _____ C:\Users\Purpurwoelfin\defogger_reenable
2015-08-12 20:34 - 2015-08-12 20:34 - 00002227 _____ C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
2015-08-12 20:34 - 2015-08-12 20:34 - 00002219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2015-08-12 20:34 - 2015-06-25 07:53 - 00040760 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe
2015-08-12 20:34 - 2015-06-25 07:53 - 00029496 _____ (TuneUp Software) C:\WINDOWS\system32\authuitu.dll
2015-08-12 20:34 - 2015-06-25 07:53 - 00025400 _____ (TuneUp Software) C:\WINDOWS\SysWOW64\authuitu.dll
2015-08-12 20:33 - 2015-08-12 20:34 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2015-08-12 20:32 - 2015-08-12 20:32 - 00003862 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1439404338
2015-08-12 20:32 - 2015-08-12 20:32 - 00001153 _____ C:\Users\Public\Desktop\Opera.lnk
2015-08-12 20:32 - 2015-08-12 20:32 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-08-12 20:32 - 2015-08-12 20:32 - 00000000 ____D C:\Users\Purpurwoelfin\AppData\Roaming\Opera Software
2015-08-12 20:32 - 2015-08-12 20:32 - 00000000 ____D C:\Users\Purpurwoelfin\AppData\Local\Opera Software
2015-08-12 20:31 - 2015-08-12 20:32 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-12 20:29 - 2015-08-17 19:08 - 00000000 ____D C:\Users\Purpurwoelfin\AppData\Roaming\Lavasoft
2015-08-12 20:29 - 2015-08-12 20:29 - 00001554 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-08-12 20:29 - 2015-08-12 20:29 - 00001263 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-08-12 20:29 - 2015-08-12 20:29 - 00000000 ____D C:\Users\Purpurwoelfin\AppData\Local\Lavasoft
2015-08-12 20:29 - 2015-08-12 20:29 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2015-08-12 20:28 - 2015-08-17 19:08 - 00000000 ____D C:\ProgramData\Lavasoft
2015-08-12 20:28 - 2015-08-17 19:08 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-08-12 20:28 - 2015-08-12 20:29 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2015-08-12 16:28 - 2015-07-30 16:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 16:28 - 2015-07-30 15:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 13:46 - 2015-08-12 13:46 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-12 13:46 - 2015-08-12 13:46 - 00001165 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-12 13:46 - 2015-08-12 13:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-12 13:46 - 2015-08-12 13:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-12 13:18 - 2015-08-12 13:19 - 00000817 _____ C:\DelFix.txt
2015-08-12 13:18 - 2015-08-12 13:18 - 00000000 ____D C:\WINDOWS\ERUNT
2015-08-12 13:01 - 2015-08-12 13:01 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-12 12:15 - 2015-08-12 12:15 - 00000000 ___HD C:\$Windows.~BT
2015-08-12 09:27 - 2015-08-12 09:28 - 00000000 ____D C:\Users\Purpurwoelfin\AppData\Roaming\Soda PDF 7
2015-08-12 09:26 - 2015-08-12 09:40 - 00000000 ____D C:\ProgramData\Soda PDF 7
2015-08-12 09:26 - 2015-08-12 09:26 - 00000000 ____D C:\Users\Purpurwoelfin\AppData\Roaming\TuneUp Software
2015-08-12 09:23 - 2015-07-16 02:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-12 09:23 - 2015-07-16 02:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 09:23 - 2015-07-16 02:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 09:23 - 2015-07-16 02:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 09:23 - 2015-07-10 19:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-12 09:23 - 2015-06-09 20:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-12 09:22 - 2015-07-29 01:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-12 09:22 - 2015-07-28 16:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-12 09:22 - 2015-07-28 16:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-12 09:22 - 2015-07-28 16:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-12 09:22 - 2015-07-28 16:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-12 09:22 - 2015-07-28 16:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-12 09:22 - 2015-07-28 16:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-12 09:22 - 2015-07-19 03:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-12 09:22 - 2015-07-18 20:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-12 09:22 - 2015-07-18 20:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-12 09:22 - 2015-07-18 20:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-12 09:22 - 2015-07-18 20:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-12 09:22 - 2015-07-18 20:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-12 09:22 - 2015-07-18 20:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-12 09:22 - 2015-07-18 20:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-12 09:22 - 2015-07-18 20:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-12 09:22 - 2015-07-18 20:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-12 09:22 - 2015-07-18 20:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-12 09:22 - 2015-07-18 20:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-12 09:22 - 2015-07-16 23:14 - 25192448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-12 09:22 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-12 09:22 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-12 09:22 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-12 09:22 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-12 09:22 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-12 09:22 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-12 09:22 - 2015-07-16 22:20 - 19870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-12 09:22 - 2015-07-16 21:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-12 09:22 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-12 09:22 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-12 09:22 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-12 09:22 - 2015-07-16 21:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-12 09:22 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-12 09:22 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-12 09:22 - 2015-07-16 21:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-12 09:22 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-12 09:22 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 09:22 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-12 09:22 - 2015-07-16 21:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-12 09:22 - 2015-07-16 21:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-12 09:22 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-12 09:22 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-12 09:22 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 09:22 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-12 09:22 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-12 09:22 - 2015-07-16 20:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-12 09:22 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-12 09:22 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-12 09:22 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-12 09:22 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-12 09:22 - 2015-07-07 11:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-12 09:22 - 2015-07-07 11:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-12 09:22 - 2015-07-02 00:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-12 09:22 - 2015-07-02 00:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-12 09:22 - 2015-07-01 23:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-12 09:22 - 2015-07-01 23:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-12 09:22 - 2015-06-12 19:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-12 09:22 - 2015-06-12 18:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-12 09:21 - 2015-07-29 16:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 09:21 - 2015-07-29 16:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 09:21 - 2015-07-29 16:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 09:21 - 2015-07-24 20:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-12 09:21 - 2015-07-24 20:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 09:21 - 2015-07-24 20:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-12 09:21 - 2015-07-24 19:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 09:21 - 2015-07-24 19:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-12 09:21 - 2015-07-14 23:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-12 09:21 - 2015-07-14 23:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-12 09:21 - 2015-07-14 23:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-12 09:21 - 2015-07-14 05:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-12 09:21 - 2015-07-14 05:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-12 09:21 - 2015-07-13 21:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-12 09:21 - 2015-07-13 21:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-12 09:21 - 2015-07-10 20:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-12 09:21 - 2015-07-10 19:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-12 09:21 - 2015-07-10 19:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-12 09:21 - 2015-07-10 19:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-12 09:21 - 2015-07-10 18:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-12 09:21 - 2015-07-10 18:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-12 09:21 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 09:21 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 09:21 - 2015-07-09 18:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 09:21 - 2015-07-07 11:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-12 09:21 - 2015-06-11 22:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-12 09:21 - 2015-06-11 22:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-12 09:21 - 2015-05-12 02:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-08-12 09:19 - 2015-08-12 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-08-12 09:18 - 2015-08-12 20:28 - 00422400 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-08-12 09:18 - 2015-08-12 20:28 - 00342016 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-08-12 09:18 - 2015-08-12 20:28 - 00002936 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-08-12 09:18 - 2015-08-12 20:28 - 00002936 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-08-12 09:18 - 2015-08-12 09:18 - 00000000 ____D C:\Users\Purpurwoelfin\AppData\Local\CDex
2015-08-12 09:17 - 2015-08-12 09:50 - 00000000 ____D C:\Program Files (x86)\CDex
2015-08-11 18:07 - 2015-08-11 18:07 - 00000000 ____D C:\Recovery
2015-08-11 16:39 - 2015-08-11 17:39 - 00002330 _____ C:\WINDOWS\comsetup.log
2015-07-28 19:01 - 2015-08-01 20:13 - 00000000 ____D C:\Users\Purpurwoelfin\Desktop\Life is Strange
2015-07-24 08:10 - 2015-08-04 11:22 - 00019325 _____ C:\Users\Purpurwoelfin\Desktop\Anschreiben Schiele.odt
2015-07-24 08:08 - 2015-08-04 11:16 - 00016323 _____ C:\Users\Purpurwoelfin\Desktop\mein lebenslauf Schiele.odt
2015-07-23 18:24 - 2015-07-23 18:24 - 00000000 ____D C:\Users\Purpurwoelfin\AppData\Local\CEF
2015-07-19 18:29 - 2015-06-27 01:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-17 19:06 - 2014-06-16 16:42 - 01380389 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-17 19:05 - 2014-06-16 17:29 - 00000000 ___DO C:\Users\Purpurwoelfin\OneDrive
2015-08-17 19:05 - 2013-09-14 15:04 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-17 19:05 - 2013-07-09 22:18 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-17 19:01 - 2014-08-08 07:23 - 00019231 _____ C:\WINDOWS\setupact.log
2015-08-17 19:01 - 2014-07-31 22:15 - 00247530 _____ C:\WINDOWS\PFRO.log
2015-08-17 19:01 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-17 19:01 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-17 19:01 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-17 17:36 - 2013-01-25 19:30 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1693926620-3961519549-1840115224-1002
2015-08-17 17:24 - 2013-07-09 22:18 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-17 16:01 - 2014-07-31 19:35 - 00003970 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E4E5470F-49A6-4C56-A4A5-7C2B4FB9F145}
2015-08-17 15:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-17 15:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-17 14:45 - 2014-06-16 16:51 - 00000000 ____D C:\Users\Purpurwoelfin
2015-08-17 09:06 - 2013-09-14 15:04 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-17 09:06 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-12 20:29 - 2014-08-19 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-08-12 20:28 - 2013-02-06 19:43 - 00000000 ____D C:\Users\Purpurwoelfin\AppData\Roaming\DVDVideoSoft
2015-08-12 20:27 - 2014-03-18 12:03 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-12 20:27 - 2014-03-18 11:25 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-08-12 20:27 - 2014-03-18 11:25 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-08-12 18:15 - 2013-12-15 21:11 - 00000000 ____D C:\ProgramData\Oracle
2015-08-12 17:14 - 2013-02-03 19:45 - 00000000 ____D C:\Program Files\Java
2015-08-12 17:13 - 2013-02-03 19:45 - 00321632 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-08-12 17:13 - 2013-02-03 19:45 - 00206944 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-08-12 17:13 - 2013-02-03 19:45 - 00206432 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-08-12 17:13 - 2013-02-03 19:45 - 00110688 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-08-12 17:12 - 2014-04-20 20:41 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-08-12 17:12 - 2013-12-15 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-12 17:12 - 2013-07-20 13:38 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-12 16:28 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-12 13:29 - 2013-08-22 16:44 - 00364952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-12 13:27 - 2013-03-14 12:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 13:27 - 2013-03-14 12:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 13:25 - 2014-12-13 18:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-12 13:25 - 2014-07-11 19:06 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-12 13:25 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-12 13:25 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 13:25 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-12 13:25 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 13:25 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-12 13:25 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-12 13:25 - 2013-03-14 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 13:24 - 2013-07-15 21:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-12 13:22 - 2013-01-29 18:24 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-12 12:17 - 2014-06-16 17:37 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-12 12:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Resources
2015-08-12 12:06 - 2014-12-07 23:06 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-12 10:28 - 2014-07-31 19:35 - 00000000 __SHD C:\Users\Purpurwoelfin\AppData\Local\EmieUserList
2015-08-12 10:28 - 2014-07-31 19:35 - 00000000 __SHD C:\Users\Purpurwoelfin\AppData\Local\EmieSiteList
2015-08-12 09:42 - 2012-11-10 19:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-12 09:22 - 2013-03-29 23:41 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-08-12 09:18 - 2014-03-20 23:04 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-11 19:22 - 2015-06-18 12:24 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-08-11 19:22 - 2015-05-14 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-08-11 19:22 - 2015-04-15 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-11 19:22 - 2015-03-02 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kernel EML Viewer
2015-08-11 19:22 - 2014-12-07 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-11 19:22 - 2014-06-16 16:51 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-11 19:22 - 2014-06-16 16:51 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-11 19:22 - 2014-06-16 16:51 - 00000000 ___RD C:\Users\Purpurwoelfin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-11 19:22 - 2014-06-16 16:51 - 00000000 ___RD C:\Users\Purpurwoelfin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-11 19:22 - 2014-06-16 16:41 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-11 19:22 - 2014-06-16 16:41 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-08-11 19:22 - 2014-03-20 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-11 19:22 - 2014-03-18 11:25 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-08-11 19:22 - 2013-08-22 17:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-08-11 19:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS
2015-08-11 19:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-08-11 19:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-08-11 19:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-08-11 19:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\spool
2015-08-11 19:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-08-11 19:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\IME
2015-08-11 19:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2015-08-11 19:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\IME
2015-08-11 19:22 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-11 19:22 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-11 19:22 - 2013-04-29 11:04 - 00000000 ____D C:\Program Files\Classic Shell
2015-08-11 19:22 - 2013-04-24 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-08-11 19:22 - 2013-03-18 01:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKV Player
2015-08-11 19:22 - 2013-03-14 23:54 - 00000000 ____D C:\Users\Purpurwoelfin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-08-11 19:22 - 2013-03-14 23:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-08-11 19:22 - 2012-11-10 19:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUSDVD
2015-08-11 19:22 - 2012-11-10 19:24 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-11 19:22 - 2012-11-10 19:20 - 00000000 ____D C:\Program Files\Intel
2015-08-11 19:22 - 2012-08-17 02:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-08-11 19:22 - 2012-08-17 02:53 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-08-11 19:22 - 2012-08-02 15:28 - 00000000 ____D C:\ProgramData\PRICache
2015-08-11 19:22 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-11 17:33 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-11 16:43 - 2015-03-17 08:06 - 00001360 _____ C:\WINDOWS\DtcInstall.log
2015-08-11 16:39 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Registration
2015-08-08 15:55 - 2015-03-17 08:09 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 15:55 - 2015-03-17 08:09 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-06 13:23 - 2013-01-25 19:19 - 00000000 ____D C:\Users\Purpurwoelfin\AppData\Local\Packages
2015-07-25 08:50 - 2015-04-15 20:24 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-24 19:29 - 2014-03-20 23:06 - 00148632 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-07-24 19:29 - 2014-03-20 23:06 - 00137288 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-07-24 08:07 - 2015-05-20 12:25 - 01022023 _____ C:\Users\Purpurwoelfin\Desktop\mein lebenslauf.odt
2015-07-23 12:32 - 2015-04-15 20:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-22 08:06 - 2013-02-07 11:59 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-22 08:05 - 2015-01-20 20:14 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-20 11:38 - 2014-03-20 23:04 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-20 09:41 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-20 09:41 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\WinStore
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-05-13 16:35 - 2015-05-13 16:35 - 28684424 _____ (Sony Mobile Communications ) C:\Users\Purpurwoelfin\AppData\Local\pcc.exe
2013-09-09 20:32 - 2013-09-09 20:32 - 0000881 _____ () C:\Users\Purpurwoelfin\AppData\Local\recently-used.xbel
2013-01-29 18:09 - 2013-01-29 18:09 - 4632576 _____ () C:\ProgramData\ClassicShellSetup64_3_6_5.msi
2012-08-17 02:52 - 2012-07-30 08:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-17 02:52 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
Einige Dateien in TEMP:
====================
C:\Users\Purpurwoelfin\AppData\Local\Temp\avgnt.exe
C:\Users\Purpurwoelfin\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Purpurwoelfin\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Purpurwoelfin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Purpurwoelfin\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Purpurwoelfin\AppData\Local\Temp\Quarantine.exe
C:\Users\Purpurwoelfin\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Purpurwoelfin\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Purpurwoelfin\AppData\Local\Temp\SHSetup.exe
C:\Users\Purpurwoelfin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Purpurwoelfin\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-08-17 17:36
==================== Ende von Ergebnis ============================
|
| Themen zu Windows 7 Malware - Problem mit Bing Toolbar, Tune Up, Opera |
| antivir, antivirus, avira, computer, desktop, dnsapi.dll, fehler, firefox, flash player, google, homepage, installation, lavasofttcpservice64.dll, malware, mozilla, mp3, newtab, problem, prozess, realtek, registry, rundll, scan, secur, software, svchost.exe, system, warum, web companion, windows, windowsapps |
Baum-Darstellung