Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Infizierte Datei "trojan.msil" gefunden ! (https://www.trojaner-board.de/148120-infizierte-datei-trojan-msil-gefunden.html)

Logiso 17.01.2014 21:21
Infizierte Datei "trojan.msil" gefunden !
 
Hallo,
nach einem quickscan mit Malwarebytes hat das Programm folgende Infizierung entdeckt:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.17.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Timo :: TIMO-PC [Administrator]

17.01.2014 18:49:23
mbam-log-2014-01-17 (18-49-23).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 215259
Laufzeit: 6 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Timo\Downloads\InstallIW4M.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Ich habe die Datei anschließend mit Malwarebytes von dort aus gelöscht
Anschließend bin ich mit dem Junkware Removal Tool drüber, der hat ein "bösartiges Modul" entdeckt und nach einem Pc-Neustart gelöscht. Komischerweiße lies sich danach kein Scan mehr mit Malwarebytes mehr durchführen , erst als ich den Pc erneut neugestartet habe.
Zur Sicherheit habe ich dann nochmal mit Malwarbytes und Avast gescannt (jeweils quickscans)
Beide haben nichts mehr gefunden.
Sonst scheint alles in Ordnung zu sein allerdings könnte doch trotzdem noch irgendetwas auf meinem Pc sein , oder nicht ? Ich bin mir auch nicht sicher ob Malwarebytes alles gelöscht hat oder überhaupt alles gefunden hat..

Daher brauch ich Hilfe um sicher zu gehen, dass auch wieder alles ok ist bzw. um die Reste zu entfernen

Danke im voraus

Edit: Mir ist aufgefallen das Youtube-Videos nicht immer funktionieren mit der Begründung "Es ist ein Fehler aufgetreten" , einmal stand da ich müsste die neuste version des adobe-flashplayers haben, die habe ich allerdings.#
Außerdem hat Youtube vor ein paar Stunden noch einwandfrei funktioniert (also vor dem ersten Scan)

schrauber 18.01.2014 06:49
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Logiso 18.01.2014 11:22
FRST :

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2014 03
Ran by Timo (administrator) on TIMO-PC on 18-01-2014 11:16:59
Running from C:\Users\Timo\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5119600 2012-05-11] (VIA)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-27] (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3119879F5152CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome:
=======
CHR HomePage: https://www.google.com/
CHR Extension: (Adblock Plus) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-17]
CHR Extension: (Google Wallet) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-26]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-27] (AVAST Software)
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-27] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-27] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce))
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [107384 2007-02-08] (Protection Technology (StarForce))
S3 athr; system32\DRIVERS\athrx.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-18 11:16 - 2014-01-18 11:17 - 00008538 _____ C:\Users\Timo\Downloads\FRST.txt
2014-01-18 11:16 - 2014-01-18 11:16 - 02076160 _____ (Farbar) C:\Users\Timo\Downloads\FRST64.exe
2014-01-18 11:16 - 2014-01-18 11:16 - 00000000 ____D C:\FRST
2014-01-17 21:02 - 2014-01-17 21:04 - 00000032 _____ C:\Users\Timo\Desktop\Trojanerboard-Daten.txt
2014-01-17 19:21 - 2014-01-17 19:21 - 01037068 _____ (Thisisu) C:\Users\Timo\Downloads\JRT.exe
2014-01-17 19:21 - 2014-01-17 19:21 - 00000000 ____D C:\Windows\ERUNT
2014-01-17 19:08 - 2014-01-17 19:08 - 01236282 _____ C:\Users\Timo\Downloads\adwcleaner_3.017.exe
2014-01-17 18:59 - 2014-01-18 11:14 - 00000336 _____ C:\Windows\setupact.log
2014-01-17 18:59 - 2014-01-17 18:59 - 00000326 _____ C:\Windows\PFRO.log
2014-01-17 18:59 - 2014-01-17 18:59 - 00000000 _____ C:\Windows\setuperr.log
2014-01-15 12:19 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 12:19 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 12:19 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 12:19 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 12:19 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 12:19 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 12:19 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 12:19 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 14:39 - 2014-01-12 14:39 - 00016626 _____ C:\Users\Timo\Downloads\TMM-Pole-dancing¬TC13.Challenge.Gbx
2014-01-12 14:39 - 2014-01-12 14:39 - 00015107 _____ C:\Users\Timo\Downloads\TMM-Aust_om_elvo¬TC13..Challenge.Gbx
2014-01-12 14:39 - 2014-01-12 14:39 - 00012525 _____ C:\Users\Timo\Downloads\TMM-Tom-a-hawk¬TC13.Challenge.Gbx
2014-01-12 14:37 - 2014-01-12 14:37 - 00020159 _____ C:\Users\Timo\Downloads\TMM-Kally¬TC13..Challenge.Gbx
2014-01-12 14:37 - 2014-01-12 14:37 - 00018170 _____ C:\Users\Timo\Downloads\TMM-Holy_Hias_Loves_Cake¬TC13..Challenge.Gbx
2014-01-12 14:37 - 2014-01-12 14:37 - 00016390 _____ C:\Users\Timo\Downloads\TMM-VorNakky²¬TC13..Challenge.Gbx
2014-01-09 18:55 - 2014-01-09 18:55 - 00000000 ____D C:\Program Files (x86)\ParentsFriend8
2014-01-09 18:55 - 2010-09-07 06:47 - 00192512 _____ (-) C:\Windows\SysWOW64\pfadmin.exe
2014-01-09 18:55 - 2010-03-15 14:11 - 00000394 _____ C:\Windows\SysWOW64\pfadmin.exe.manifest
2014-01-09 18:55 - 2005-11-27 20:08 - 00372736 _____ C:\Windows\SysWOW64\CoolXPCheck.ocx
2014-01-09 18:55 - 2005-11-27 20:07 - 00491520 _____ C:\Windows\SysWOW64\CoolXPButton.ocx
2014-01-09 18:55 - 2005-11-27 20:07 - 00417792 _____ C:\Windows\SysWOW64\CoolXPCombo.ocx
2014-01-09 18:55 - 2005-11-27 20:07 - 00262144 _____ C:\Windows\SysWOW64\CoolXPFrame.ocx
2014-01-09 18:55 - 2005-11-27 20:06 - 00360448 _____ C:\Windows\SysWOW64\CoolXPLabel.ocx
2014-01-09 18:55 - 2005-02-05 11:41 - 00024576 _____ (Text & Redaktion) C:\Windows\SysWOW64\ScreenShotOCX.ocx
2014-01-09 18:55 - 2004-03-08 23:00 - 00260880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msflxgrd.ocx
2014-01-09 18:55 - 2003-02-07 00:02 - 00424448 _____ ( Developer Express Inc.) C:\Windows\SysWOW64\dXTList.dll
2014-01-09 18:55 - 2002-04-05 09:32 - 00327680 _____ (DBI Technologies Inc.) C:\Windows\SysWOW64\ctSchedule.ocx
2014-01-09 18:55 - 2001-05-24 10:20 - 00544256 _____ C:\Windows\SysWOW64\janGraphics.dll
2014-01-09 18:55 - 2000-12-21 23:00 - 00699392 _____ (Stinga) C:\Windows\SysWOW64\BEEGD10.ocx
2014-01-09 18:55 - 2000-06-28 00:00 - 00124416 _____ () C:\Windows\SysWOW64\dXCtrls.dll
2014-01-09 18:55 - 1999-05-12 22:00 - 01064456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mscomctl.ocx
2014-01-09 18:55 - 1999-05-06 22:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx
2014-01-09 18:55 - 1998-06-23 23:00 - 00209192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Tabctl32.ocx
2014-01-09 18:55 - 1998-06-23 23:00 - 00115016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msinet.ocx
2014-01-09 18:55 - 1998-06-23 22:00 - 00108336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSWINSCK.OCX
2014-01-09 18:54 - 2014-01-09 18:54 - 04472837 _____ (Michael Müller                                              ) C:\Users\Timo\Downloads\pfsetup8.exe
2014-01-08 14:36 - 2014-01-08 14:36 - 00000000 ____D C:\Program Files (x86)\MSECache
2014-01-08 14:36 - 2014-01-08 14:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2014-01-08 14:35 - 2014-01-08 14:36 - 27066664 _____ (Microsoft Corporation) C:\Users\Timo\Downloads\PowerPointViewer.exe
2014-01-05 22:18 - 2014-01-05 22:18 - 00583251 _____ C:\Users\Timo\Downloads\Snowburger TM2.Map.Gbx
2014-01-05 22:17 - 2014-01-05 22:17 - 00619791 _____ C:\Users\Timo\Downloads\The Conspiracy.Map.Gbx
2014-01-05 22:17 - 2014-01-05 22:17 - 00556306 _____ C:\Users\Timo\Downloads\Supercollider.Map.Gbx
2014-01-05 22:17 - 2014-01-05 22:17 - 00500684 _____ C:\Users\Timo\Downloads\Welcome Friend.Map.Gbx
2014-01-05 22:16 - 2014-01-05 22:16 - 00492357 _____ C:\Users\Timo\Downloads\»T-R« Nascar DA Turbo 3 reloaded.Map.Gbx
2014-01-05 22:16 - 2014-01-05 22:16 - 00384561 _____ C:\Users\Timo\Downloads\City of Dreams.Map.Gbx
2014-01-02 22:06 - 2014-01-02 22:06 - 00000000 ____D C:\Users\Timo\Documents\Remedy
2013-12-29 22:03 - 2013-12-29 22:03 - 00046838 _____ C:\Users\Timo\Desktop\tmmsc12_mappack3.zip
2013-12-29 22:02 - 2013-12-29 22:03 - 00046838 _____ C:\Users\Timo\Downloads\tmmsc12_mappack3.zip
2013-12-29 15:11 - 2013-12-29 15:11 - 00000029 _____ C:\Users\Timo\Desktop\Tunngle..txt
2013-12-28 19:20 - 2013-12-28 19:22 - 04012589 _____ C:\Users\Timo\Desktop\Tunngle_Setup_v4.5.1.4.rar
2013-12-28 13:10 - 2013-12-28 13:10 - 00000049 _____ C:\Users\Timo\Downloads\dfb_01.ram
2013-12-27 18:26 - 2013-12-27 18:27 - 00000000 ____D C:\Users\Timo\Desktop\Deutsch-vorttrag
2013-12-27 14:26 - 2013-12-27 14:26 - 00000000 ___RD C:\Users\Timo\Documents\Ubisoft
2013-12-27 14:20 - 2013-12-27 14:20 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-26 22:00 - 2014-01-18 11:12 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-26 21:56 - 2013-12-26 21:56 - 00000000 ____D C:\Users\Timo\AppData\Roaming\AVAST Software
2013-12-26 21:55 - 2013-12-27 14:20 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-26 21:55 - 2013-12-27 14:20 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2013-12-26 21:55 - 2013-12-27 14:20 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-26 21:55 - 2013-12-27 14:20 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-26 21:55 - 2013-12-27 14:20 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-26 21:55 - 2013-12-26 21:54 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-26 21:55 - 2013-12-26 21:54 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-26 21:54 - 2013-12-27 14:20 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-26 21:54 - 2013-12-27 14:20 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-26 21:54 - 2013-12-26 21:54 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-26 21:52 - 2013-12-26 21:52 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-26 21:42 - 2014-01-17 19:09 - 00000000 ____D C:\AdwCleaner
2013-12-26 21:33 - 2013-12-26 21:33 - 85269544 _____ (AVAST Software) C:\Users\Timo\Desktop\avast_free_antivirus_setup_9.0.2006.159.exe
2013-12-26 21:31 - 2013-12-26 21:33 - 85269544 _____ (AVAST Software) C:\Users\Timo\Downloads\avast_free_antivirus_setup_9.0.2006.159.exe
2013-12-26 21:16 - 2013-12-26 21:16 - 00000000 ____D C:\Windows\system32\appmgmt
2013-12-26 15:11 - 2013-12-26 15:11 - 00648109 _____ C:\Users\Timo\Downloads\Dreamer.Map.Gbx
2013-12-26 15:10 - 2013-12-26 15:10 - 00598190 _____ C:\Users\Timo\Downloads\Burn Turn.Map.Gbx
2013-12-26 15:10 - 2013-12-26 15:10 - 00462822 _____ C:\Users\Timo\Downloads\A01-Easy Drift.Map.Gbx
2013-12-26 15:09 - 2013-12-26 15:09 - 00679773 _____ C:\Users\Timo\Downloads\Mind Matters.Map.Gbx
2013-12-26 15:09 - 2013-12-26 15:09 - 00442156 _____ C:\Users\Timo\Downloads\ESL - do0dY.Map.Gbx
2013-12-25 19:47 - 2013-12-25 19:47 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-25 19:47 - 2013-12-25 19:47 - 00000000 ____D C:\Users\Timo\AppData\Roaming\Malwarebytes
2013-12-25 19:47 - 2013-12-25 19:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-25 19:47 - 2013-12-25 19:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 19:47 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-25 19:46 - 2013-12-25 19:47 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Timo\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-22 16:32 - 2013-12-22 16:32 - 00002133 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2013-12-22 16:32 - 2013-12-22 16:32 - 00000000 ____D C:\Program Files (x86)\Grinding Gear Games
2013-12-22 16:29 - 2013-12-22 16:31 - 07434240 _____ C:\Users\Timo\Downloads\PathOfExileInstaller.msi
2013-12-20 15:22 - 2013-12-20 15:22 - 00486524 _____ C:\Users\Timo\Downloads\TrueBlue.Map.Gbx
2013-12-20 15:21 - 2013-12-20 15:21 - 00445277 _____ C:\Users\Timo\Downloads\ESL - KUBINATOR.Map.Gbx
2013-12-20 15:20 - 2013-12-20 15:20 - 00582047 _____ C:\Users\Timo\Downloads\[FS]² Landslide.Map.Gbx
2013-12-20 15:20 - 2013-12-20 15:20 - 00525558 _____ C:\Users\Timo\Downloads\FasTMap TM2.Map.Gbx
2013-12-20 15:20 - 2013-12-20 15:20 - 00480593 _____ C:\Users\Timo\Downloads\---k-- --gi--.Map.Gbx
2013-12-19 17:42 - 2013-12-19 17:45 - 129598176 _____ C:\Users\Timo\Downloads\avira_free_antivirus_de.exe

==================== One Month Modified Files and Folders =======

2014-01-18 11:17 - 2014-01-18 11:16 - 00008538 _____ C:\Users\Timo\Downloads\FRST.txt
2014-01-18 11:16 - 2014-01-18 11:16 - 02076160 _____ (Farbar) C:\Users\Timo\Downloads\FRST64.exe
2014-01-18 11:16 - 2014-01-18 11:16 - 00000000 ____D C:\FRST
2014-01-18 11:16 - 2013-05-15 19:47 - 01814470 _____ C:\Windows\WindowsUpdate.log
2014-01-18 11:14 - 2014-01-17 18:59 - 00000336 _____ C:\Windows\setupact.log
2014-01-18 11:12 - 2013-12-26 22:00 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-18 11:11 - 2013-05-16 20:58 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-18 11:11 - 2013-05-16 15:27 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-01-18 11:11 - 2013-05-16 15:19 - 00000144 _____ C:\service.log
2014-01-18 11:11 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-17 22:15 - 2009-07-14 05:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-17 22:15 - 2009-07-14 05:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-17 21:42 - 2013-06-08 13:29 - 00000000 ____D C:\Users\Timo\AppData\Roaming\Skype
2014-01-17 21:28 - 2013-05-17 11:19 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-17 21:26 - 2013-05-16 20:58 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-17 21:04 - 2014-01-17 21:02 - 00000032 _____ C:\Users\Timo\Desktop\Trojanerboard-Daten.txt
2014-01-17 19:50 - 2013-05-15 19:55 - 00000000 ____D C:\Users\Timo
2014-01-17 19:21 - 2014-01-17 19:21 - 01037068 _____ (Thisisu) C:\Users\Timo\Downloads\JRT.exe
2014-01-17 19:21 - 2014-01-17 19:21 - 00000000 ____D C:\Windows\ERUNT
2014-01-17 19:09 - 2013-12-26 21:42 - 00000000 ____D C:\AdwCleaner
2014-01-17 19:08 - 2014-01-17 19:08 - 01236282 _____ C:\Users\Timo\Downloads\adwcleaner_3.017.exe
2014-01-17 18:59 - 2014-01-17 18:59 - 00000326 _____ C:\Windows\PFRO.log
2014-01-17 18:59 - 2014-01-17 18:59 - 00000000 _____ C:\Windows\setuperr.log
2014-01-17 14:46 - 2013-05-15 20:09 - 00058016 _____ C:\Users\Timo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-17 14:45 - 2009-07-14 05:45 - 00275856 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 19:28 - 2013-05-16 20:59 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-16 18:57 - 2013-12-05 18:01 - 00000000 ____D C:\Users\Timo\AppData\Roaming\Tunngle
2014-01-16 17:24 - 2013-05-17 18:52 - 00000000 ____D C:\Users\Timo\Documents\ManiaPlanet
2014-01-16 16:19 - 2013-05-17 18:51 - 00000000 ____D C:\ProgramData\ManiaPlanet
2014-01-15 21:08 - 2013-05-30 16:06 - 00000000 ____D C:\Users\Timo\Documents\TrackMania
2014-01-12 19:13 - 2013-08-22 22:35 - 00000372 _____ C:\Users\Timo\d3d_antilag.log
2014-01-12 14:39 - 2014-01-12 14:39 - 00016626 _____ C:\Users\Timo\Downloads\TMM-Pole-dancing¬TC13.Challenge.Gbx
2014-01-12 14:39 - 2014-01-12 14:39 - 00015107 _____ C:\Users\Timo\Downloads\TMM-Aust_om_elvo¬TC13..Challenge.Gbx
2014-01-12 14:39 - 2014-01-12 14:39 - 00012525 _____ C:\Users\Timo\Downloads\TMM-Tom-a-hawk¬TC13.Challenge.Gbx
2014-01-12 14:37 - 2014-01-12 14:37 - 00020159 _____ C:\Users\Timo\Downloads\TMM-Kally¬TC13..Challenge.Gbx
2014-01-12 14:37 - 2014-01-12 14:37 - 00018170 _____ C:\Users\Timo\Downloads\TMM-Holy_Hias_Loves_Cake¬TC13..Challenge.Gbx
2014-01-12 14:37 - 2014-01-12 14:37 - 00016390 _____ C:\Users\Timo\Downloads\TMM-VorNakky²¬TC13..Challenge.Gbx
2014-01-11 23:00 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-10 15:05 - 2011-04-12 08:43 - 00653928 _____ C:\Windows\system32\perfh007.dat
2014-01-10 15:05 - 2011-04-12 08:43 - 00129800 _____ C:\Windows\system32\perfc007.dat
2014-01-10 15:05 - 2009-07-14 06:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 18:55 - 2014-01-09 18:55 - 00000000 ____D C:\Program Files (x86)\ParentsFriend8
2014-01-09 18:54 - 2014-01-09 18:54 - 04472837 _____ (Michael Müller                                              ) C:\Users\Timo\Downloads\pfsetup8.exe
2014-01-08 14:36 - 2014-01-08 14:36 - 00000000 ____D C:\Program Files (x86)\MSECache
2014-01-08 14:36 - 2014-01-08 14:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2014-01-08 14:36 - 2014-01-08 14:35 - 27066664 _____ (Microsoft Corporation) C:\Users\Timo\Downloads\PowerPointViewer.exe
2014-01-05 22:18 - 2014-01-05 22:18 - 00583251 _____ C:\Users\Timo\Downloads\Snowburger TM2.Map.Gbx
2014-01-05 22:17 - 2014-01-05 22:17 - 00619791 _____ C:\Users\Timo\Downloads\The Conspiracy.Map.Gbx
2014-01-05 22:17 - 2014-01-05 22:17 - 00556306 _____ C:\Users\Timo\Downloads\Supercollider.Map.Gbx
2014-01-05 22:17 - 2014-01-05 22:17 - 00500684 _____ C:\Users\Timo\Downloads\Welcome Friend.Map.Gbx
2014-01-05 22:16 - 2014-01-05 22:16 - 00492357 _____ C:\Users\Timo\Downloads\»T-R« Nascar DA Turbo 3 reloaded.Map.Gbx
2014-01-05 22:16 - 2014-01-05 22:16 - 00384561 _____ C:\Users\Timo\Downloads\City of Dreams.Map.Gbx
2014-01-02 22:06 - 2014-01-02 22:06 - 00000000 ____D C:\Users\Timo\Documents\Remedy
2013-12-30 00:11 - 2013-06-08 10:59 - 00000000 ____D C:\Users\Timo\AppData\Roaming\TS3Client
2013-12-30 00:10 - 2013-06-22 15:24 - 00000000 ____D C:\Users\Timo\AppData\Local\CrashDumps
2013-12-30 00:10 - 2012-04-11 16:13 - 00000000 ____D C:\Windows\Panther
2013-12-29 22:03 - 2013-12-29 22:03 - 00046838 _____ C:\Users\Timo\Desktop\tmmsc12_mappack3.zip
2013-12-29 22:03 - 2013-12-29 22:02 - 00046838 _____ C:\Users\Timo\Downloads\tmmsc12_mappack3.zip
2013-12-29 15:11 - 2013-12-29 15:11 - 00000029 _____ C:\Users\Timo\Desktop\Tunngle..txt
2013-12-28 19:22 - 2013-12-28 19:20 - 04012589 _____ C:\Users\Timo\Desktop\Tunngle_Setup_v4.5.1.4.rar
2013-12-28 13:10 - 2013-12-28 13:10 - 00000049 _____ C:\Users\Timo\Downloads\dfb_01.ram
2013-12-27 18:27 - 2013-12-27 18:26 - 00000000 ____D C:\Users\Timo\Desktop\Deutsch-vorttrag
2013-12-27 14:26 - 2013-12-27 14:26 - 00000000 ___RD C:\Users\Timo\Documents\Ubisoft
2013-12-27 14:20 - 2013-12-27 14:20 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-27 14:20 - 2013-12-26 21:55 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-27 14:20 - 2013-12-26 21:55 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2013-12-27 14:20 - 2013-12-26 21:55 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-27 14:20 - 2013-12-26 21:55 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-27 14:20 - 2013-12-26 21:55 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-27 14:20 - 2013-12-26 21:54 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-27 14:20 - 2013-12-26 21:54 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-26 21:56 - 2013-12-26 21:56 - 00000000 ____D C:\Users\Timo\AppData\Roaming\AVAST Software
2013-12-26 21:54 - 2013-12-26 21:55 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-26 21:54 - 2013-12-26 21:55 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-26 21:54 - 2013-12-26 21:54 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-26 21:52 - 2013-12-26 21:52 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-26 21:41 - 2013-06-08 22:00 - 00000000 ____D C:\ProgramData\Avira
2013-12-26 21:33 - 2013-12-26 21:33 - 85269544 _____ (AVAST Software) C:\Users\Timo\Desktop\avast_free_antivirus_setup_9.0.2006.159.exe
2013-12-26 21:33 - 2013-12-26 21:31 - 85269544 _____ (AVAST Software) C:\Users\Timo\Downloads\avast_free_antivirus_setup_9.0.2006.159.exe
2013-12-26 21:16 - 2013-12-26 21:16 - 00000000 ____D C:\Windows\system32\appmgmt
2013-12-26 15:11 - 2013-12-26 15:11 - 00648109 _____ C:\Users\Timo\Downloads\Dreamer.Map.Gbx
2013-12-26 15:10 - 2013-12-26 15:10 - 00598190 _____ C:\Users\Timo\Downloads\Burn Turn.Map.Gbx
2013-12-26 15:10 - 2013-12-26 15:10 - 00462822 _____ C:\Users\Timo\Downloads\A01-Easy Drift.Map.Gbx
2013-12-26 15:09 - 2013-12-26 15:09 - 00679773 _____ C:\Users\Timo\Downloads\Mind Matters.Map.Gbx
2013-12-26 15:09 - 2013-12-26 15:09 - 00442156 _____ C:\Users\Timo\Downloads\ESL - do0dY.Map.Gbx
2013-12-25 19:47 - 2013-12-25 19:47 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-25 19:47 - 2013-12-25 19:47 - 00000000 ____D C:\Users\Timo\AppData\Roaming\Malwarebytes
2013-12-25 19:47 - 2013-12-25 19:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-25 19:47 - 2013-12-25 19:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 19:47 - 2013-12-25 19:46 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Timo\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-22 16:33 - 2013-05-18 20:05 - 00000000 ____D C:\Users\Timo\Documents\My Games
2013-12-22 16:32 - 2013-12-22 16:32 - 00002133 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2013-12-22 16:32 - 2013-12-22 16:32 - 00000000 ____D C:\Program Files (x86)\Grinding Gear Games
2013-12-22 16:31 - 2013-12-22 16:29 - 07434240 _____ C:\Users\Timo\Downloads\PathOfExileInstaller.msi
2013-12-20 15:22 - 2013-12-20 15:22 - 00486524 _____ C:\Users\Timo\Downloads\TrueBlue.Map.Gbx
2013-12-20 15:21 - 2013-12-20 15:21 - 00445277 _____ C:\Users\Timo\Downloads\ESL - KUBINATOR.Map.Gbx
2013-12-20 15:20 - 2013-12-20 15:20 - 00582047 _____ C:\Users\Timo\Downloads\[FS]² Landslide.Map.Gbx
2013-12-20 15:20 - 2013-12-20 15:20 - 00525558 _____ C:\Users\Timo\Downloads\FasTMap TM2.Map.Gbx
2013-12-20 15:20 - 2013-12-20 15:20 - 00480593 _____ C:\Users\Timo\Downloads\---k-- --gi--.Map.Gbx
2013-12-19 17:45 - 2013-12-19 17:42 - 129598176 _____ C:\Users\Timo\Downloads\avira_free_antivirus_de.exe
2013-12-19 17:35 - 2013-09-28 23:53 - 00000000 ____D C:\ProgramData\Kaspersky Lab

Some content of TEMP:
====================
C:\Users\Timo\AppData\Local\Temp\Quarantine.exe
C:\Users\Timo\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-12 16:33

==================== End Of Log ============================
--- --- ---


und die Addition:FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2014 03
Ran by Timo at 2014-01-18 11:17:29
Running from C:\Users\Timo\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Alan Wake (x32 Version:  - Remedy Entertainment)
Alan Wake's American Nightmare (x32 Version:  - Remedy Entertainment)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.06.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Amnesia: The Dark Descent Demo  (x32 Version:  - Frictional Games)
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
BioShock Infinite (x32 Version:  - Irrational Games)
Borderlands (x32 Version: 1.0.295 - 2K Games)
Borderlands 2 (x32 Version:  - Gearbox Software)
Call of Duty: Modern Warfare 2 - Multiplayer (x32 Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 - Dedicated Server (x32 Version:  - Infinity Ward - Sledgehammer Games)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.02 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls: Prepare to Die Edition (x32 Version:  - FromSoftware)
Darksiders II (x32 Version:  - Vigil Games)
Diablo III (x32 Version:  - Blizzard Entertainment)
Dota 2 (x32 Version:  - Valve)
EasySaver B9.1214.1  (x32 Version: 1.00.0000 - Gigabyte)
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
Far Cry 3 Blood Dragon (x32 Version: 1.00 - Ubisoft)
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Kerbal Space Program Demo (x32 Version:  - )
Left 4 Dead 2 (x32 Version:  - Valve)
Life Goes On Demo (x32 Version:  - )
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.46 (Version: 8.46.27 - Logitech Inc.)
Magicka (x32 Version:  - Arrowhead Game Studios)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
ManiaPlanet (x32 Version:  - Nadeo)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Need For Speed™ World (x32 Version: 1.0.0.1599 - Electronic Arts)
Notepad++ (x32 Version: 6.4.5 - Notepad++ Team)
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation)
ON_OFF Charge B11.1102.1 (x32 Version: 1.00.0001 - GIGABYTE)
Path of Exile (x32 Version: 1.0.3.30451 - Grinding Gear Games)
PAYDAY 2 Demo (x32 Version:  - OVERKILL - a Starbreeze Studio.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Portal 2 (x32 Version:  - Valve)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011 - Realtek)
Sanctum 2 Demo (x32 Version:  - )
Sid Meier's Civilization V (x32 Version:  - 2K Games, Inc.)
Skype™ 6.7 (x32 Version: 6.7.102 - Skype Technologies S.A.)
Space Pirates and Zombies (x32 Version:  - MinMax Games Ltd.)
StarCraft II (x32 Version:  - Blizzard Entertainment)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Team Fortress 2 (x32 Version:  - Valve)
TeamSpeak 3 Client (Version: 3.0.10 - TeamSpeak Systems GmbH)
The Binding of Isaac (x32 Version:  - )
The Elder Scrolls V: Skyrim (x32 Version:  - Bethesda Game Studios)
The Showdown Effect (x32 Version:  - Arrowhead Game Studios)
Tomb Raider (x32 Version:  - Crystal Dynamics)
TrackMania Nations ESWC 0.1.7.5 (x32 Version:  - Nadeo)
TrackMania United (x32 Version:  - Nadeo)
TrackMania² Valley (x32 Version:  - Nadeo)
Trials Evolution Gold Edition (x32 Version:  - Redlynx Ltd)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Uplay (x32 Version: 2.1 - Ubisoft)
VIA Plattform-Geräte-Manager (x32 Version: 1.39 - VIA Technologies, Inc.)
VVVVVV (x32 Version:  - Terry Cavanagh)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

05-01-2014 20:29:51 Geplanter Prüfpunkt
08-01-2014 13:36:37 Microsoft Office PowerPoint Viewer 2007 (German) wird installiert
09-01-2014 15:52:05 Windows Update
10-01-2014 22:30:30 Windows Update
15-01-2014 13:43:44 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A1459-1FF8-4CE3-A06F-8B6FB7D0BD1F} - System32\Tasks\{313747ED-1FFD-4589-B7E5-EF8131A269A9} => Chrome.exe Skype auf Ihren Computer herunterladen ? Mac, Windows, Linux*?*Skype
Task: {0A6E90D2-81AA-43A4-98EA-DA38D300C38D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-16] (Google Inc.)
Task: {0FD6D688-7C00-4EBC-81F0-C83F4E3120EA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {28424A0A-ADF6-412E-A1A1-F3B77B3B0D24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-16] (Google Inc.)
Task: {A1CC8641-05BE-4A77-810B-D5971FE611AA} - System32\Tasks\{828D1458-8B7F-4199-A91C-183FDC6AF015} => Chrome.exe Skype auf Ihren Computer herunterladen ? Mac, Windows, Linux*?*Skype
Task: {AB03A0DB-2276-4861-A705-AA27A5C1F4A0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-27] (AVAST Software)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-05-16 15:22 - 2012-05-11 08:46 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-05-16 15:22 - 2012-05-11 08:46 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-12-19 14:32 - 2012-12-19 14:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-01-17 14:45 - 2014-01-17 10:49 - 02155008 _____ () C:\Program Files\AVAST Software\Avast\defs\14011700\algo.dll
2014-01-18 11:12 - 2014-01-17 22:22 - 02155008 _____ () C:\Program Files\AVAST Software\Avast\defs\14011701\algo.dll
2013-05-16 15:19 - 2009-03-13 10:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2013-12-26 21:54 - 2013-12-26 21:54 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-16 19:28 - 2014-01-11 11:28 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
2014-01-16 19:28 - 2014-01-11 11:28 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
2014-01-16 19:28 - 2014-01-11 11:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-16 19:28 - 2014-01-11 11:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-16 19:28 - 2014-01-11 11:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2014 11:13:31 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2014 07:51:14 PM) (Source: Application Hang) (User: )
Description: Programm mbam.exe, Version 1.75.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 8e4

Startzeit: 01cf13b4ff0f827a

Endzeit: 30

Anwendungspfad: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Berichts-ID: 550b442e-7fa8-11e3-908d-902b34a592dd

Error: (01/17/2014 07:35:18 PM) (Source: Application Hang) (User: )
Description: Programm mbam.exe, Version 1.75.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ec4

Startzeit: 01cf13b2cf11b99e

Endzeit: 10

Anwendungspfad: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Berichts-ID: 1b9661f7-7fa6-11e3-908d-902b34a592dd

Error: (01/17/2014 07:34:48 PM) (Source: Application Hang) (User: )
Description: Programm mbam.exe, Version 1.75.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1168

Startzeit: 01cf13b2a6da9b1b

Endzeit: 20

Anwendungspfad: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Berichts-ID: 099dd9f7-7fa6-11e3-908d-902b34a592dd

Error: (01/17/2014 07:34:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (01/18/2014 11:13:31 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2014 07:51:14 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.18e401cf13b4ff0f827a30C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe550b442e-7fa8-11e3-908d-902b34a592dd

Error: (01/17/2014 07:35:18 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.1ec401cf13b2cf11b99e10C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe1b9661f7-7fa6-11e3-908d-902b34a592dd

Error: (01/17/2014 07:34:48 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.1116801cf13b2a6da9b1b20C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe099dd9f7-7fa6-11e3-908d-902b34a592dd

Error: (01/17/2014 07:34:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-10-09 15:38:06.791
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-09 15:38:06.791
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-09 15:38:06.791
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-09 15:38:06.760
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-09 15:38:06.760
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-09 15:38:06.760
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-06 18:29:50.088
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-06 18:29:50.088
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-06 18:29:50.088
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-06 18:29:50.073
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 8173.24 MB
Available physical RAM: 6059.19 MB
Total Pagefile: 16344.66 MB
Available Pagefile: 13755.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:651.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: FA30C332)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

schrauber 19.01.2014 09:27
Die eine Datei mit MBAM löschen, dann is alles gut :)

Logiso 19.01.2014 11:42
ok hab ich gemacht, danke für die hilfe :)

schrauber 19.01.2014 13:26
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:40 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19