Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem

C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem


Log-Analyse und Auswertung: C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 06.09.2014, 05:45   #1
blizzard154
 
C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem - Beitrag

C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem


Hallo ich bin auf dieses Forum gestößen weil ich auf der suche nach Hilfe war.
Ich habe heute abend einfach mal mein Virenprogramm Avast-Free Durchlaufen lassen und es
wurde Malware entdeckt. Avast fordere mich danach mit einem Neustart auf.
Dort wurde nocheinmal mein pc Gecheckt und ich wurde gefragt was ich mit der malware tun soll.zur auswahl standen mehrer sachen doch Hinter Automatisch Korrigieren (standard)
Dies habe ich dann gedrückt und "alle" Maleware wurde in den Container von avast verschoben.Doch nach meinem Neustart wird mir angezeigt das ein Pfad für Avast fehlen würde und es sich nicht mehr starten lässt.
Wenn ich es versuche über die exe. zu starten steht dort das eine Grupenrichtlinie das Programm Blockieren würde.Habe dies gegoogelt und versucht es aus den gruppenrichtlinien raus zu nehmen jedoch ohne erfolg.
Habe hier im Forum ähnliche beiträge gefunden und habe mir schonmal FRST64 gedownloadet
Ich stelle die FRST.txt datei und Addition.txt gleich in den anhang rein

Danke schonmal im Vorraus
lg blizzard154

Alt 06.09.2014, 10:56   #2
schrauber
/// the machine
/// TB-Ausbilder
 
C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem - Standard

C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem


Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 06.09.2014, 11:46   #3
blizzard154
 
C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem - Beitrag

C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Commander (administrator) on COMMANDER-PC on 06-09-2014 12:42:50
Running from C:\FRST64
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\AMD\amdacpusrsvc.exe
() C:\Windows\SysWOW64\ASGT.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Windows\System32\PnkBstrA.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Commander\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(ROCCAT GmbH Co., Ltd.) C:\Program Files (x86)\ROCCAT\Roccat Talk\Roccat Talk.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-15] (Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe [281312 2014-05-19] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IR_SERVER] => C:\PROGRA~2\Realtek\REALTE~1\IR_SERVER.exe
HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2013-10-25] (ROCCAT GmbH)
HKLM-x32\...\Run: [RoccatIsku] => C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE [536576 2013-10-30] (ROCCAT GmbH)
HKU\S-1-5-21-1429639838-2170168530-2516450126-1000\...\Run: [GoogleChromeAutoLaunch_782D2B666E6726822825BF5CC7AAF906] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)
HKU\S-1-5-21-1429639838-2170168530-2516450126-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1429639838-2170168530-2516450126-1000\...\Run: [Spotify Web Helper] => C:\Users\Commander\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-02] (Spotify Ltd)
HKU\S-1-5-21-1429639838-2170168530-2516450126-1000\...\Run: [IgzijIndel] => regsvr32.exe "C:\ProgramData\IgzijIndel\IgzijIndel.dat"
HKU\S-1-5-21-1429639838-2170168530-2516450126-1000\...\MountPoints2: {1224b128-b8b8-11dc-bd25-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Roccat Talk.lnk
ShortcutTarget: Roccat Talk.lnk -> C:\Windows\Installer\{605D671E-1D1E-4840-84D9-BFACE17F160D}\NewShortcut1_38373BA15BEE4DD08E16D3720C304537.exe (Flexera Software LLC)
Startup: C:\Users\Commander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE8DDE88033B4CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ASUM_deDE591
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M0E538102-93FD-4796-A7DC-06AAEBA2A5EB&SearchSource=58&CUI=&UM=6&UP=SP45209F73-BAE6-4218-9A9A-BBC62AE1BADD&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ASUM_deDE591
SearchScopes: HKCU - {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Commander\AppData\Roaming\Mozilla\Firefox\Profiles\vazdcjak.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Commander\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: MEGA - C:\Users\Commander\AppData\Roaming\Mozilla\Firefox\Profiles\vazdcjak.default\Extensions\firefox@mega.co.nz.xpi [2014-08-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2008-01-02]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSearchKeyword: Default -> C5267D5F3AB2A7DA4AE871BE68E9CB7ECF9A000F20597DF5F6CDD3BA4B467C78
CHR DefaultSearchURL: Default -> 0CE716AD10D5B51A09F391E613B33BABEBC0F4479B9B49976FBEAFEA1CF12BFE
CHR Profile: C:\Users\Commander\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Commander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-06-13]
CHR Extension: (Google Drive) - C:\Users\Commander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2008-01-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Commander\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\Commander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2008-01-02]
CHR Extension: (Google-Suche) - C:\Users\Commander\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2008-01-02]
CHR Extension: (SAO Theme 1920x1080) - C:\Users\Commander\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgikfepnnphbmgngmpiflajcbmoomnll [2014-06-03]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Commander\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-06-03]
CHR Extension: (AdBlock) - C:\Users\Commander\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-03]
CHR Extension: (avast! Online Security) - C:\Users\Commander\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2008-01-02]
CHR Extension: (Google Wallet) - C:\Users\Commander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-03]
CHR Extension: (Google Mail) - C:\Users\Commander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2008-01-02]
CHR Extension: (Extutil) - C:\Users\COMMAN~1\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-07-09]
CHR Extension: (Managera) - C:\Users\COMMAN~1\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-07-09]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-31]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 amdacpusrsvc; C:\AMD\amdacpusrsvc.exe [82432 2014-04-17] () [File not signed]
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-31] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-08-02] () [File not signed]
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-22] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-22] ()
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27872 2014-05-19] (Samsung Electronics Co., Ltd.)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-08-04] (Microsoft Corporation) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [514856 2012-11-09] (ITETech                  )
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [274656 2014-04-18] (Advanced Micro Devices)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-31] ()
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [225256 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [265952 2014-05-19] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2014-05-19] (Samsung Electronics Co., Ltd.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 GPUZ; \??\C:\Users\COMMAN~1\AppData\Local\Temp\GPUZ.sys [X]
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S3 lvpepf64; system32\DRIVERS\lv302a64.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 LVRS64; system32\DRIVERS\lvrs64.sys [X]
S3 PID_PEPI; system32\DRIVERS\LV302V64.SYS [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 06:17 - 2014-09-06 12:42 - 00000000 ____D () C:\FRST64
2014-09-06 05:52 - 2014-09-06 12:42 - 00000000 ____D () C:\FRST
2014-09-06 05:51 - 2014-09-06 05:51 - 01096704 _____ (Farbar) C:\Users\Commander\Downloads\FRST.exe
2014-09-06 05:36 - 2014-09-06 05:36 - 04862664 _____ (AVAST Software) C:\Users\Commander\Downloads\avast_free_antivirus_setup_online.exe
2014-09-05 23:11 - 2014-09-05 23:11 - 00000000 ____D () C:\ProgramData\IgzijIndel
2014-09-05 20:33 - 2014-09-05 20:33 - 00001395 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-09-05 20:33 - 2014-09-05 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-09-03 21:28 - 2014-09-03 21:28 - 00000000 ____D () C:\Users\Commander\AppData\Roaming\MMFApplications
2014-09-03 21:05 - 2014-09-03 21:05 - 00000000 ____D () C:\Users\Commander\Documents\Respawn
2014-09-03 20:26 - 2014-09-03 20:32 - 00000659 _____ () C:\Users\Public\Desktop\Titanfall.lnk
2014-09-03 20:26 - 2014-09-03 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titanfall
2014-09-03 20:20 - 2014-09-03 20:35 - 00000000 ____D () C:\Users\Commander\AppData\Local\parasite_in_city
2014-09-02 01:15 - 2014-09-02 01:15 - 00000811 _____ () C:\Users\Public\Desktop\Die Sims 4.lnk
2014-09-02 01:15 - 2014-09-02 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4
2014-08-31 01:55 - 2014-08-31 02:18 - 00000000 ____D () C:\Users\Commander\Documents\Diablo III
2014-08-30 23:14 - 2014-08-30 23:14 - 00000810 _____ () C:\Users\Public\Desktop\PVZ Garden Warfare.lnk
2014-08-30 23:14 - 2014-08-30 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVZ Garden Warfare
2014-08-30 22:53 - 2014-08-31 02:21 - 00000673 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-08-30 22:53 - 2014-08-30 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-08-30 22:46 - 2014-08-30 22:46 - 00000000 ____D () C:\Users\Commander\AppData\Local\LogMeIn
2014-08-30 22:46 - 2014-08-30 22:46 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-30 21:56 - 2014-09-04 02:49 - 00000056 _____ () C:\Windows\kgt2k.INI
2014-08-30 17:45 - 2014-08-30 17:45 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-30 17:45 - 2014-08-30 17:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-30 17:45 - 2014-08-30 17:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-30 17:45 - 2014-08-30 17:45 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-08-30 17:45 - 2014-08-30 17:45 - 00000000 ____D () C:\Program Files\Java
2014-08-30 17:44 - 2014-08-30 17:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-30 17:44 - 2014-08-30 17:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-30 17:44 - 2014-08-30 17:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-30 17:44 - 2014-08-30 17:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-30 17:43 - 2014-08-30 17:43 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-30 05:08 - 2014-08-30 05:08 - 00000222 _____ () C:\Users\Commander\Desktop\Wolfenstein The New Order German Edition.url
2014-08-29 21:51 - 2014-08-29 21:51 - 00000000 ____D () C:\Users\Commander\Documents\Ghost Games
2014-08-27 00:15 - 2014-09-04 00:02 - 00000000 ____D () C:\Users\Commander\Documents\Electronic Arts
2014-08-27 00:14 - 2011-02-18 15:07 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-08-26 03:32 - 2014-08-26 03:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-26 03:32 - 2014-08-26 03:32 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-26 03:27 - 2014-08-26 03:27 - 00000000 ____D () C:\Users\Commander\AppData\Roaming\SIX Networks
2014-08-26 03:27 - 2014-08-26 03:27 - 00000000 ____D () C:\Users\Commander\AppData\Local\SIX Networks
2014-08-26 03:27 - 2014-08-26 03:27 - 00000000 ____D () C:\Users\Commander\AppData\Local\IsolatedStorage
2014-08-26 03:27 - 2014-08-26 03:27 - 00000000 ____D () C:\ProgramData\SIX Networks
2014-08-22 16:15 - 2014-09-06 05:32 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-08-22 16:15 - 2014-08-22 16:15 - 00000671 _____ () C:\Users\Public\Desktop\Battlefield 4.lnk
2014-08-22 16:15 - 2014-08-22 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
2014-08-21 22:29 - 2014-09-05 20:30 - 00000000 ____D () C:\Users\Commander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-21 22:29 - 2014-08-21 22:29 - 00000222 _____ () C:\Users\Commander\Desktop\Arma 3.url
2014-08-21 14:51 - 2014-08-21 14:51 - 00000743 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-08-21 14:51 - 2014-08-21 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-08-21 03:30 - 2014-08-21 03:30 - 00000000 ____D () C:\Users\Commander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Illusion
2014-08-21 03:30 - 2014-08-21 03:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Illusion
2014-08-21 03:29 - 2014-08-21 03:37 - 00000000 ____D () C:\Program Files (x86)\Illusion
2014-08-20 04:44 - 2014-09-05 00:00 - 2068666377 _____ () C:\Windows\MEMORY.DMP
2014-08-19 07:03 - 2014-08-21 02:23 - 00000022 _____ () C:\Windows\GPU-Z.INI
2014-08-19 07:01 - 2014-08-19 07:01 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-19 07:01 - 2014-08-19 07:01 - 00000000 ____D () C:\Users\Commander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS
2014-08-19 07:01 - 2014-08-19 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-08-19 07:01 - 2014-08-19 07:01 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-08-19 06:34 - 2014-08-19 06:35 - 00000000 ____D () C:\Program Files (x86)\RAPID
2014-08-19 06:34 - 2014-08-19 06:34 - 00000000 ____D () C:\Windows\system32\RAPID
2014-08-19 06:34 - 2014-05-19 19:55 - 00265952 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\SamsungRapidDiskFltr.sys
2014-08-19 06:22 - 2014-08-19 06:22 - 00000000 ____D () C:\Users\Commander\Documents\Add-in Express
2014-08-18 04:16 - 2014-08-30 05:06 - 00000000 ____D () C:\Users\Commander\AppData\Roaming\Tunngle
2014-08-18 04:16 - 2014-08-30 05:06 - 00000000 ____D () C:\ProgramData\Tunngle
2014-08-18 04:16 - 2014-08-18 04:17 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-08-18 04:16 - 2014-08-18 04:16 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-08-18 04:16 - 2014-08-18 04:16 - 00000000 ____D () C:\Users\Commander\Documents\Tunngle
2014-08-18 04:16 - 2014-08-18 04:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-08-18 04:16 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2014-08-18 02:19 - 2014-08-18 02:19 - 00000000 ____D () C:\Users\Public\Documents\EA Games
2014-08-17 00:20 - 2014-08-17 00:20 - 00000000 ____D () C:\Users\Commander\Documents\PVZ Garden Warfare
2014-08-14 11:44 - 2014-09-05 00:00 - 00000000 ____D () C:\Windows\Minidump
2014-08-14 11:43 - 2014-08-14 11:43 - 00337831 ____N () C:\Windows\Minidump\081414-11466-01.dmp
2014-08-10 03:53 - 2014-08-19 06:20 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-10 02:47 - 2014-08-10 02:47 - 00000000 ____D () C:\Users\Commander\AppData\Local\Macromedia
2014-08-10 02:40 - 2014-08-10 02:40 - 00000000 ____D () C:\Users\Commander\AppData\Roaming\Mozilla
2014-08-10 02:40 - 2014-08-10 02:40 - 00000000 ____D () C:\Users\Commander\AppData\Local\Mozilla
2014-08-10 02:39 - 2014-08-10 02:39 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-10 02:39 - 2014-08-10 02:39 - 00000000 ____D () C:\ProgramData\Mozilla
2014-08-10 02:39 - 2014-08-10 02:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-10 02:39 - 2014-08-10 02:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-10 01:42 - 2014-08-10 01:42 - 00000000 ____D () C:\Users\Commander\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 12:42 - 2014-09-06 06:17 - 00000000 ____D () C:\FRST64
2014-09-06 12:42 - 2014-09-06 05:52 - 00000000 ____D () C:\FRST
2014-09-06 12:41 - 2009-07-14 06:51 - 00061931 _____ () C:\Windows\setupact.log
2014-09-06 12:39 - 2014-06-21 13:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-06 12:39 - 2014-06-03 22:21 - 00000000 ____D () C:\Users\Commander\AppData\Roaming\Skype
2014-09-06 12:39 - 2008-01-02 00:31 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-06 06:22 - 2009-07-14 06:45 - 00016624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-06 06:22 - 2009-07-14 06:45 - 00016624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-06 06:19 - 2009-07-14 19:58 - 00699162 _____ () C:\Windows\system32\perfh007.dat
2014-09-06 06:19 - 2009-07-14 19:58 - 00149302 _____ () C:\Windows\system32\perfc007.dat
2014-09-06 06:19 - 2009-07-14 07:13 - 01619560 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-06 06:16 - 2014-06-03 22:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-06 06:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-06 06:15 - 2008-01-02 00:31 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-06 06:14 - 2014-06-08 11:30 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-09-06 06:14 - 2008-01-02 00:26 - 01736390 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 05:51 - 2014-09-06 05:51 - 01096704 _____ (Farbar) C:\Users\Commander\Downloads\FRST.exe
2014-09-06 05:41 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-06 05:36 - 2014-09-06 05:36 - 04862664 _____ (AVAST Software) C:\Users\Commander\Downloads\avast_free_antivirus_setup_online.exe
2014-09-06 05:32 - 2014-08-22 16:15 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-09-06 05:32 - 2008-01-02 00:25 - 00058154 _____ () C:\Windows\PFRO.log
2014-09-06 04:13 - 2014-06-14 00:28 - 00000000 ____D () C:\Users\Commander\AppData\Local\Battle.net
2014-09-06 02:54 - 2014-06-26 20:58 - 00000000 ____D () C:\Users\Commander\AppData\Local\Deployment
2014-09-06 01:29 - 2014-06-03 22:10 - 00000000 ____D () C:\ProgramData\Origin
2014-09-05 23:44 - 2014-06-04 00:44 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-09-05 23:33 - 2014-06-04 00:44 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-09-05 23:32 - 2014-06-03 22:10 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-05 23:11 - 2014-09-05 23:11 - 00000000 ____D () C:\ProgramData\IgzijIndel
2014-09-05 21:04 - 2014-06-03 22:13 - 00000000 ____D () C:\Users\Commander\AppData\Local\PMB Files
2014-09-05 20:33 - 2014-09-05 20:33 - 00001395 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-09-05 20:33 - 2014-09-05 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-09-05 20:33 - 2014-06-03 22:14 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-09-05 20:31 - 2014-06-03 22:07 - 00000000 ____D () C:\Users\Commander\AppData\Roaming\TS3Client
2014-09-05 20:30 - 2014-08-21 22:29 - 00000000 ____D () C:\Users\Commander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-05 20:30 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-05 13:26 - 2008-01-02 01:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-05 00:00 - 2014-08-20 04:44 - 2068666377 _____ () C:\Windows\MEMORY.DMP
2014-09-05 00:00 - 2014-08-14 11:44 - 00000000 ____D () C:\Windows\Minidump
2014-09-04 02:49 - 2014-08-30 21:56 - 00000056 _____ () C:\Windows\kgt2k.INI
2014-09-04 00:02 - 2014-08-27 00:15 - 00000000 ____D () C:\Users\Commander\Documents\Electronic Arts
2014-09-03 21:28 - 2014-09-03 21:28 - 00000000 ____D () C:\Users\Commander\AppData\Roaming\MMFApplications
2014-09-03 21:05 - 2014-09-03 21:05 - 00000000 ____D () C:\Users\Commander\Documents\Respawn
2014-09-03 20:35 - 2014-09-03 20:20 - 00000000 ____D () C:\Users\Commander\AppData\Local\parasite_in_city
2014-09-03 20:32 - 2014-09-03 20:26 - 00000659 _____ () C:\Users\Public\Desktop\Titanfall.lnk
2014-09-03 20:31 - 2014-06-03 23:13 - 00376693 _____ () C:\Windows\DirectX.log
2014-09-03 20:26 - 2014-09-03 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titanfall
2014-09-02 19:58 - 2014-08-04 22:16 - 00000000 ____D () C:\Users\Commander\AppData\Roaming\Spotify
2014-09-02 18:53 - 2014-08-04 22:16 - 00000000 ____D () C:\Users\Commander\AppData\Local\Spotify
2014-09-02 10:46 - 2014-08-02 15:25 - 00000000 ____D () C:\Program Files\WhoCrashed
2014-09-02 01:15 - 2014-09-02 01:15 - 00000811 _____ () C:\Users\Public\Desktop\Die Sims 4.lnk
2014-09-02 01:15 - 2014-09-02 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4
2014-08-31 20:20 - 2014-06-03 22:21 - 00000000 ____D () C:\ProgramData\Skype
2014-08-31 02:21 - 2014-08-30 22:53 - 00000673 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-08-31 02:18 - 2014-08-31 01:55 - 00000000 ____D () C:\Users\Commander\Documents\Diablo III
2014-08-31 00:33 - 2014-08-01 08:29 - 00000000 ____D () C:\Users\Commander\AppData\Local\Arma 3
2014-08-30 23:14 - 2014-08-30 23:14 - 00000810 _____ () C:\Users\Public\Desktop\PVZ Garden Warfare.lnk
2014-08-30 23:14 - 2014-08-30 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVZ Garden Warfare
2014-08-30 23:14 - 2008-01-02 00:54 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-30 22:53 - 2014-08-30 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-08-30 22:46 - 2014-08-30 22:46 - 00000000 ____D () C:\Users\Commander\AppData\Local\LogMeIn
2014-08-30 22:46 - 2014-08-30 22:46 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-30 17:45 - 2014-08-30 17:45 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-30 17:45 - 2014-08-30 17:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-30 17:45 - 2014-08-30 17:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-30 17:45 - 2014-08-30 17:45 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-08-30 17:45 - 2014-08-30 17:45 - 00000000 ____D () C:\Program Files\Java
2014-08-30 17:44 - 2014-08-30 17:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-30 17:44 - 2014-08-30 17:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-30 17:44 - 2014-08-30 17:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-30 17:44 - 2014-08-30 17:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-30 17:43 - 2014-08-30 17:43 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-30 05:08 - 2014-08-30 05:08 - 00000222 _____ () C:\Users\Commander\Desktop\Wolfenstein The New Order German Edition.url
2014-08-30 05:06 - 2014-08-18 04:16 - 00000000 ____D () C:\Users\Commander\AppData\Roaming\Tunngle
2014-08-30 05:06 - 2014-08-18 04:16 - 00000000 ____D () C:\ProgramData\Tunngle
2014-08-29 21:51 - 2014-08-29 21:51 - 00000000 ____D () C:\Users\Commander\Documents\Ghost Games
2014-08-26 03:32 - 2014-08-26 03:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-26 03:32 - 2014-08-26 03:32 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-26 03:27 - 2014-08-26 03:27 - 00000000 ____D () C:\Users\Commander\AppData\Roaming\SIX Networks
2014-08-26 03:27 - 2014-08-26 03:27 - 00000000 ____D () C:\Users\Commander\AppData\Local\SIX Networks
2014-08-26 03:27 - 2014-08-26 03:27 - 00000000 ____D () C:\Users\Commander\AppData\Local\IsolatedStorage
2014-08-26 03:27 - 2014-08-26 03:27 - 00000000 ____D () C:\ProgramData\SIX Networks
2014-08-26 03:26 - 2014-06-26 17:42 - 00000000 ____D () C:\Users\Commander\AppData\Local\Downloaded Installations
2014-08-22 20:08 - 2014-06-29 01:12 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-08-22 16:15 - 2014-08-22 16:15 - 00000671 _____ () C:\Users\Public\Desktop\Battlefield 4.lnk
2014-08-22 16:15 - 2014-08-22 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
2014-08-22 16:15 - 2014-06-04 00:44 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-08-22 02:39 - 2014-06-03 22:15 - 00000000 ____D () C:\Fraps
2014-08-21 23:47 - 2008-01-02 00:35 - 01592224 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-21 22:29 - 2014-08-21 22:29 - 00000222 _____ () C:\Users\Commander\Desktop\Arma 3.url
2014-08-21 14:51 - 2014-08-21 14:51 - 00000743 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-08-21 14:51 - 2014-08-21 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-08-21 03:37 - 2014-08-21 03:29 - 00000000 ____D () C:\Program Files (x86)\Illusion
2014-08-21 03:30 - 2014-08-21 03:30 - 00000000 ____D () C:\Users\Commander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Illusion
2014-08-21 03:30 - 2014-08-21 03:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Illusion
2014-08-21 02:23 - 2014-08-19 07:03 - 00000022 _____ () C:\Windows\GPU-Z.INI
2014-08-19 07:01 - 2014-08-19 07:01 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-19 07:01 - 2014-08-19 07:01 - 00000000 ____D () C:\Users\Commander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS
2014-08-19 07:01 - 2014-08-19 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-08-19 07:01 - 2014-08-19 07:01 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-08-19 07:01 - 2008-01-02 00:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-19 06:35 - 2014-08-19 06:34 - 00000000 ____D () C:\Program Files (x86)\RAPID
2014-08-19 06:34 - 2014-08-19 06:34 - 00000000 ____D () C:\Windows\system32\RAPID
2014-08-19 06:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-19 06:23 - 2008-01-02 01:25 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-08-19 06:22 - 2014-08-19 06:22 - 00000000 ____D () C:\Users\Commander\Documents\Add-in Express
2014-08-19 06:21 - 2014-07-31 03:26 - 00000000 ____D () C:\Program Files\ASUS
2014-08-19 06:20 - 2014-08-10 03:53 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-18 14:34 - 2014-07-27 11:04 - 00057944 _____ () C:\Users\Commander\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-18 14:34 - 2009-07-14 06:45 - 00276704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-18 04:17 - 2014-08-18 04:16 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-08-18 04:16 - 2014-08-18 04:16 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-08-18 04:16 - 2014-08-18 04:16 - 00000000 ____D () C:\Users\Commander\Documents\Tunngle
2014-08-18 04:16 - 2014-08-18 04:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-08-18 02:19 - 2014-08-18 02:19 - 00000000 ____D () C:\Users\Public\Documents\EA Games
2014-08-18 02:19 - 2014-06-22 17:15 - 00000000 ____D () C:\Users\Commander\Documents\EA Games
2014-08-17 00:20 - 2014-08-17 00:20 - 00000000 ____D () C:\Users\Commander\Documents\PVZ Garden Warfare
2014-08-16 04:44 - 2014-06-03 22:13 - 00000000 ____D () C:\ProgramData\PMB Files
2014-08-16 04:41 - 2014-06-21 13:53 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-16 04:41 - 2014-06-21 13:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-16 04:41 - 2014-06-21 13:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-14 11:43 - 2014-08-14 11:43 - 00337831 ____N () C:\Windows\Minidump\081414-11466-01.dmp
2014-08-12 01:09 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-10 02:47 - 2014-08-10 02:47 - 00000000 ____D () C:\Users\Commander\AppData\Local\Macromedia
2014-08-10 02:40 - 2014-08-10 02:40 - 00000000 ____D () C:\Users\Commander\AppData\Roaming\Mozilla
2014-08-10 02:40 - 2014-08-10 02:40 - 00000000 ____D () C:\Users\Commander\AppData\Local\Mozilla
2014-08-10 02:39 - 2014-08-10 02:39 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-10 02:39 - 2014-08-10 02:39 - 00000000 ____D () C:\ProgramData\Mozilla
2014-08-10 02:39 - 2014-08-10 02:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-10 02:39 - 2014-08-10 02:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-10 01:42 - 2014-08-10 01:42 - 00000000 ____D () C:\Users\Commander\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\Commander\AppData\Local\Temp\awesomium_setup.exe
C:\Users\Commander\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Commander\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Commander\AppData\Local\Temp\Gw2.exe
C:\Users\Commander\AppData\Local\Temp\libeay32.dll
C:\Users\Commander\AppData\Local\Temp\nsbCABA.exe
C:\Users\Commander\AppData\Local\Temp\nsi2978.exe
C:\Users\Commander\AppData\Local\Temp\nslA3A5.exe
C:\Users\Commander\AppData\Local\Temp\nslC617.exe
C:\Users\Commander\AppData\Local\Temp\nslE4B5.exe
C:\Users\Commander\AppData\Local\Temp\nsn1E8D.exe
C:\Users\Commander\AppData\Local\Temp\nsnF9F9.exe
C:\Users\Commander\AppData\Local\Temp\nsqA7BB.exe
C:\Users\Commander\AppData\Local\Temp\nsxFE2E.exe
C:\Users\Commander\AppData\Local\Temp\nsy235F.exe
C:\Users\Commander\AppData\Local\Temp\ovi-uninstall.exe
C:\Users\Commander\AppData\Local\Temp\ovisetup-01072014231502.exe
C:\Users\Commander\AppData\Local\Temp\ovisetup-02072014151820.exe
C:\Users\Commander\AppData\Local\Temp\prfhu.dll
C:\Users\Commander\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\Commander\AppData\Local\Temp\Samsung_Magician_Setup_v44.exe
C:\Users\Commander\AppData\Local\Temp\sonarinst.exe
C:\Users\Commander\AppData\Local\Temp\ssleay32.dll
C:\Users\Commander\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Commander\AppData\Local\Temp\Uninstaller-3084.exe
C:\Users\Commander\AppData\Local\Temp\Uninstaller-6428.exe
C:\Users\Commander\AppData\Local\Temp\utt7C2A.tmp.exe
C:\Users\Commander\AppData\Local\Temp\uttD240.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 07:48

==================== End Of Log ============================
--- --- ---
__________________
Alt 06.09.2014, 12:49   #4
blizzard154
 
C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem - Beitrag

C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem


So sieht übrigens die Meldung aus die nach jedem start auftritt
www.pic-upload.de/view-24511887/Unbenannt.png.html

Alt 06.09.2014, 21:11   #5
schrauber
/// the machine
/// TB-Ausbilder
 
C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem - Standard

C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem


und die Addition.txt?

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.09.2014, 21:14   #6
blizzard154
 
C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem - Beitrag

C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem


Alles cool habe das problem damit behoben das ich einfach system neu aufgespielt habe also alle platten formatiert und alles neu gemacht ging mit 2 ssd platten recht schnell und habe gleich anstatt avast auf Kaspersky gewechselt danke trotzdem das du dir mein problem so weit angehört hast

Alt 07.09.2014, 15:20   #7
schrauber
/// the machine
/// TB-Ausbilder
 
C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem - Standard

C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem


ok

P.S.: ich würde mal Satzzeichen üben
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem
angezeigt, anhang, appdata, automatisch, beiträge, blockieren, datei, einfach, entdeck, fehlen, forum, gruppenrichtlinien, heute, maleware, malware, neustart, nicht mehr, programm, sache, sachen, schonmal, standard, starten, suche, temp


« Windows 7: Google Redirect leitet auf Werbeseite mit Captcha | PUP.Optional.Conduit.A in C:\Users\... »


Ähnliche Themen: C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem


  1. gvu will svchost.exe unter C:\users\user\appdata\local\temp starten
    Log-Analyse und Auswertung - 16.01.2014 (13)
  2. RunDLL: Problem beim Starten von C\Users\user\AppData\Local\Temp\wgsdgsdgdsgsd.exe - das angegebenen Modul wurde nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (1)
  3. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden
    Log-Analyse und Auswertung - 19.12.2012 (2)
  4. RunDLL: Problem beim Starten von C\Users\user\AppData\Local\Temp\wgsdgsdgdsgsd.exe - das angegebenen Modul wurde nicht gefunden
    Log-Analyse und Auswertung - 17.12.2012 (9)
  5. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (11)
  6. Fehlermeldung beim Neustart C:\ Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe
    Log-Analyse und Auswertung - 22.10.2012 (48)
  7. C:/Users/User/AppData/Local/Temp/er_00_0_l.exe
    Log-Analyse und Auswertung - 17.10.2012 (4)
  8. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden - GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (16)
  9. C:/Users/User/AppData/Local/Temp/i4jdel0.exe
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (5)
  10. Start: Problem beim Starten von C:\Users\...\AppData\Local\Temp\wpbt0.dll
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (1)
  11. Fehlermeldung:"Problem beim Starten von C:\Users\user\AppData\Local\Temp\ch810.exe"
    Log-Analyse und Auswertung - 14.05.2012 (27)
  12. Avira findet TR/EyeStye.N.1213 unter C:\User\***\AppData\Local\Temp\203.temp
    Log-Analyse und Auswertung - 31.10.2011 (5)
  13. Malware in C:\Users\***\AppData\Local\Temp\msdump150auro.tmp
    Log-Analyse und Auswertung - 20.10.2011 (3)
  14. Systemprozess in C:\Users\<user>\AppData\Local\Temp\7SDX33Y5VV.exe
    Plagegeister aller Art und deren Bekämpfung - 07.10.2011 (18)
  15. Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX)
    Log-Analyse und Auswertung - 06.06.2011 (44)
  16. "Problem beim starten von C:\Users\******\AppData\Local\Temp\mtststrA.dll - Malware?
    Plagegeister aller Art und deren Bekämpfung - 12.10.2010 (8)
  17. XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx
    Plagegeister aller Art und deren Bekämpfung - 11.05.2010 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem - Hallo ich bin auf dieses Forum gestößen weil ich auf der suche nach Hilfe war. Ich habe heute abend einfach mal mein Virenprogramm Avast-Free Durchlaufen lassen und es wurde Malware - C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem...
Archiv
Du betrachtest: C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129