Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Probleme mit Yourfile Downloader

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.05.2014, 00:58   #1
MacMalim
 
Probleme mit Yourfile Downloader - Standard

Probleme mit Yourfile Downloader



Hallo zusammen,

ein Kumpel hatte mir auf Fileupload.net paar Dateien zur Verfügung gestellt. Als ich diese runterladen wollte, bekam ich nur so ne komische .exe Datei, auf die ich dann draufgeklickt habe (ich kenn mich mit dieser Seite leider null aus). Dann wurde mir dieser Yourfile Downloader angedreht. Ich habe gedacht, dieser wäre für den Tausch der Dateien notwendig und habe ihn installiert. Sofort danach ist mein AVG Virenprogramm ausgerastet und hat mir paar Bedrohungen angezeigt, die ich dann in die Quarantäne verschoben habe. Im Zuge der Installation von diesem Yourfile-Mist, haben sich auf einmal noch 2/3 andere Programme auf einmal installiert, die angeblich was mit verbesserter PC-Performance zu tun haben sollen. Allerdings ist auch da mein Virenprogramm angestoßen, und ich habe sofort alle Prozesse beendet und den ganzen Scheiss wieder deinstalliert. Daraufhin habe ich mir noch den Malwarebytes AntiMalware runtergeladen und ihn meinen PC durchsuchen lassen, woraufhin er noch ein paar Bedrohungen gefunden hatte und diese löschte.

Jetzt scheint alles wieder sauber zu sein, meine Frage ist jedoch ob ich mir trotzdem noch Sorgen um Passwörter oder ähnliches machen muss. Und hat vllt jemand hier auch schon mal Erfahrung mit diesem dubiosen Programm gesammelt und kann mich aufklären, was es damit auf sich hat?


Gruß Marvin

Alt 02.05.2014, 06:19   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme mit Yourfile Downloader - Standard

Probleme mit Yourfile Downloader



hi,

erstmal schauen ob auch wirklich alles sauber ist.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 02.05.2014, 10:39   #3
MacMalim
 
Probleme mit Yourfile Downloader - Standard

Probleme mit Yourfile Downloader



Moin, ich hoffe ich habe das so richtig gemacht:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014
Ran by Marvin (administrator) on MARVIN-PC on 02-05-2014 11:26:24
Running from C:\Users\Marvin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
(Dropbox, Inc.) C:\Users\Marvin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2557976 2014-04-27] ()
HKU\S-1-5-21-3662816691-269315891-1052379983-1000\...\MountPoints2: {38f2b059-5e8c-11e3-9179-20cf30cadbf8} - X:\Start_Center.exe
Startup: C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series.lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x948BA1134792C101
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={E171920B-6A9B-4842-80D8-A74EEF6AA6CE}&mid=91b4ba161b5f47d3b293f186762e320b-1a4dc8c905b75762f55c2999cb0e4ef5156b0a42&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-19 12:52:26&v=18.0.5.292&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.0.443\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.0.443\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: hxxp://gmx.de/
CHR RestoreOnStartup: "spellcheck"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (Google Drive) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-24]
CHR Extension: (YouTube) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-24]
CHR Extension: (Google-Suche) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-24]
CHR Extension: (Google Wallet) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Google Mail) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-24]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1801240 2014-04-27] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-27] (AVG Technologies)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-02 11:26 - 2014-05-02 11:26 - 00009857 _____ () C:\Users\Marvin\Downloads\FRST.txt
2014-05-02 11:26 - 2014-05-02 11:26 - 00000000 ____D () C:\FRST
2014-05-02 11:25 - 2014-05-02 11:25 - 02062336 _____ (Farbar) C:\Users\Marvin\Downloads\FRST64.exe
2014-05-01 23:33 - 2014-05-02 01:30 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-01 23:33 - 2014-05-01 23:33 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-01 23:33 - 2014-05-01 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-01 23:33 - 2014-05-01 23:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-01 23:33 - 2014-05-01 23:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-01 23:33 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-01 23:33 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-01 23:33 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-01 23:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-01 23:25 - 2014-05-01 23:26 - 00000000 ____D () C:\AdwCleaner
2014-05-01 23:11 - 2014-05-01 23:11 - 00301496 _____ (VuuPC Limited) C:\Users\Marvin\AppData\Local\nsr5823.tmp
2014-05-01 23:09 - 2014-05-01 23:09 - 00000000 ____D () C:\Users\Marvin\AppData\Local\HitsBlender
2014-05-01 23:09 - 2014-05-01 23:09 - 00000000 ____D () C:\Users\Marvin\AppData\Local\cache
2014-05-01 23:09 - 2014-05-01 23:09 - 00000000 ____D () C:\ProgramData\HitsBlender
2014-05-01 23:08 - 2014-05-01 23:11 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Systweak
2014-05-01 23:08 - 2014-05-01 23:09 - 00000004 _____ () C:\end
2014-05-01 23:07 - 2014-05-01 23:08 - 00000320 _____ () C:\Users\Marvin\AppData\Roaming\aps.uninstall.scan.results
2014-05-01 23:07 - 2014-05-01 23:07 - 00003136 _____ () C:\Windows\System32\Tasks\YourFile DownloaderUpdate
2014-05-01 23:07 - 2014-05-01 23:07 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-05-01 23:07 - 2014-05-01 23:07 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-01 23:07 - 2014-05-01 23:07 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\YourFileDownloader
2014-05-01 23:07 - 2014-05-01 23:07 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Macromedia
2014-05-01 23:04 - 2014-05-01 23:04 - 01745872 _____ (AnyProtect.com) C:\Users\Marvin\AppData\Local\nsdD62A.tmp
2014-05-01 23:03 - 2014-05-01 23:13 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-27 12:52 - 2014-04-27 12:52 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-19 12:52 - 2014-04-27 12:51 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-04-19 12:52 - 2014-04-19 20:33 - 00000000 ____D () C:\Users\Marvin\AppData\Local\AVG SafeGuard toolbar
2014-04-19 12:52 - 2014-04-19 12:52 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-04-19 12:51 - 2014-04-27 12:52 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-04-19 12:51 - 2014-04-19 12:52 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-11 10:39 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 10:39 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 10:39 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-11 10:39 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-11 10:39 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-11 10:39 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-11 10:39 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-11 10:39 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-11 10:39 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-11 10:39 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-11 10:39 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-11 10:39 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-11 10:39 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-11 10:39 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-11 10:39 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-11 10:39 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-11 10:39 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-11 10:39 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-11 10:39 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-11 10:39 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-11 10:39 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-11 10:39 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-11 10:39 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-11 10:39 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-11 10:39 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-11 10:39 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-11 10:39 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-11 10:39 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-11 10:39 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-11 10:39 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-11 10:39 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-11 10:39 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-11 10:39 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-11 10:39 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-11 10:39 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-11 10:39 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-11 10:39 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-11 10:39 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-11 10:39 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-11 10:39 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-11 10:39 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-11 10:39 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-11 10:39 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-11 10:39 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-11 10:39 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-11 10:39 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-11 10:39 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-11 10:39 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 17:04 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 17:04 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 17:04 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 17:04 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 17:04 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 17:04 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 17:04 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 17:04 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 17:04 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 17:04 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 17:04 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

==================== One Month Modified Files and Folders =======

2014-05-02 11:26 - 2014-05-02 11:26 - 00009857 _____ () C:\Users\Marvin\Downloads\FRST.txt
2014-05-02 11:26 - 2014-05-02 11:26 - 00000000 ____D () C:\FRST
2014-05-02 11:25 - 2014-05-02 11:25 - 02062336 _____ (Farbar) C:\Users\Marvin\Downloads\FRST64.exe
2014-05-02 11:25 - 2010-11-21 08:50 - 00643628 _____ () C:\Windows\system32\perfh007.dat
2014-05-02 11:25 - 2010-11-21 08:50 - 00126188 _____ () C:\Windows\system32\perfc007.dat
2014-05-02 11:25 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-02 11:25 - 2002-01-01 00:04 - 01246499 _____ () C:\Windows\WindowsUpdate.log
2014-05-02 11:23 - 2014-02-09 19:27 - 00000000 ___RD () C:\Users\Marvin\Dropbox
2014-05-02 11:23 - 2014-02-09 19:25 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Dropbox
2014-05-02 11:22 - 2013-09-24 19:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-02 11:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-02 11:22 - 2009-07-14 06:51 - 00066810 _____ () C:\Windows\setupact.log
2014-05-02 01:30 - 2014-05-01 23:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-02 01:11 - 2013-09-24 19:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-01 23:52 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-01 23:52 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-01 23:44 - 2010-11-21 05:47 - 00016732 _____ () C:\Windows\PFRO.log
2014-05-01 23:44 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-01 23:33 - 2014-05-01 23:33 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-01 23:33 - 2014-05-01 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-01 23:33 - 2014-05-01 23:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-01 23:33 - 2014-05-01 23:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-01 23:26 - 2014-05-01 23:25 - 00000000 ____D () C:\AdwCleaner
2014-05-01 23:13 - 2014-05-01 23:03 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-05-01 23:11 - 2014-05-01 23:11 - 00301496 _____ (VuuPC Limited) C:\Users\Marvin\AppData\Local\nsr5823.tmp
2014-05-01 23:11 - 2014-05-01 23:08 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Systweak
2014-05-01 23:11 - 2013-09-24 16:56 - 00000000 ___RD () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-01 23:09 - 2014-05-01 23:09 - 00000000 ____D () C:\Users\Marvin\AppData\Local\HitsBlender
2014-05-01 23:09 - 2014-05-01 23:09 - 00000000 ____D () C:\Users\Marvin\AppData\Local\cache
2014-05-01 23:09 - 2014-05-01 23:09 - 00000000 ____D () C:\ProgramData\HitsBlender
2014-05-01 23:09 - 2014-05-01 23:08 - 00000004 _____ () C:\end
2014-05-01 23:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-01 23:08 - 2014-05-01 23:07 - 00000320 _____ () C:\Users\Marvin\AppData\Roaming\aps.uninstall.scan.results
2014-05-01 23:07 - 2014-05-01 23:07 - 00003136 _____ () C:\Windows\System32\Tasks\YourFile DownloaderUpdate
2014-05-01 23:07 - 2014-05-01 23:07 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-05-01 23:07 - 2014-05-01 23:07 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-01 23:07 - 2014-05-01 23:07 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\YourFileDownloader
2014-05-01 23:07 - 2014-05-01 23:07 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Macromedia
2014-05-01 23:04 - 2014-05-01 23:04 - 01745872 _____ (AnyProtect.com) C:\Users\Marvin\AppData\Local\nsdD62A.tmp
2014-05-01 23:04 - 2013-09-24 20:30 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-01 23:03 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-01 23:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-05-01 23:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-01 17:38 - 2013-09-24 20:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-01 10:41 - 2014-03-31 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-01 10:41 - 2013-09-24 20:30 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-29 11:13 - 2014-02-09 19:27 - 00001021 _____ () C:\Users\Marvin\Desktop\Dropbox.lnk
2014-04-29 11:13 - 2014-02-09 19:26 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-27 12:52 - 2014-04-27 12:52 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-27 12:52 - 2014-04-19 12:51 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-04-27 12:51 - 2014-04-19 12:52 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-04-25 11:16 - 2013-09-24 19:59 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-19 20:33 - 2014-04-19 12:52 - 00000000 ____D () C:\Users\Marvin\AppData\Local\AVG SafeGuard toolbar
2014-04-19 12:52 - 2014-04-19 12:52 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-04-19 12:52 - 2014-04-19 12:51 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-15 16:22 - 2013-12-05 01:51 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Audacity
2014-04-15 16:09 - 2013-12-14 15:18 - 00000000 ____D () C:\Users\Marvin\Documents\Cubase LE AI Elements Projects
2014-04-13 11:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-11 14:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-10 10:15 - 2013-09-24 16:54 - 00000000 ____D () C:\Users\Marvin
2014-04-09 22:55 - 2013-09-25 13:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 22:54 - 2013-09-25 13:32 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-03 09:51 - 2014-05-01 23:33 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-05-01 23:33 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-05-01 23:33 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Marvin\AppData\Local\Temp\BackupSetup.exe
C:\Users\Marvin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprmcdc6.dll
C:\Users\Marvin\AppData\Local\Temp\htmlayout.dll
C:\Users\Marvin\AppData\Local\Temp\toolbar41947186.exe
C:\Users\Marvin\AppData\Local\Temp\toolbar41950010.exe
C:\Users\Marvin\AppData\Local\Temp\toolbar42192439.exe
C:\Users\Marvin\AppData\Local\Temp\uninstallf8dy0G6E8R.exe
C:\Users\Marvin\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Marvin\AppData\Local\Temp\vp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 12:14

==================== End Of Log ============================
         
--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2014
Ran by Marvin at 2014-05-02 11:27:11
Running from C:\Users\Marvin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4577 - AVG Technologies)
AVG 2014 (Version: 14.0.3931 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4577 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.0.443 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.6.6.2137 - Steinberg Media Technologies GmbH)
Free YouTube to MP3 Converter version 3.12.13.925 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.13.925 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{48DF59F8-2ACD-4F1F-87F3-D820FE7A6178}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Steinberg Cubase LE AI Elements 6 64bit (HKLM\...\{8EEEB23E-A3EB-44A4-AEE9-D2FD6F96E4A0}) (Version: 6.0.2 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 1.5.2 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content for Cubase LE AI Elements (HKLM-x32\...\{CF45002F-2205-4116-BB51-2D015F436CAC}) (Version: 1.5.2.000 - Steinberg Media Technologies GmbH)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Restore Points  =========================

03-04-2014 12:54:29 Geplanter Prüfpunkt
09-04-2014 20:53:47 Windows Update
11-04-2014 08:38:40 Windows Update
19-04-2014 11:39:05 Geplanter Prüfpunkt
27-04-2014 12:24:51 Geplanter Prüfpunkt
01-05-2014 08:39:45 Installed AVG 2014
01-05-2014 21:13:26 Removed Adobe Flash Player 11 ActiveX.

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {01B6E72A-5447-41F8-8A9A-517358CB1EED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-24] (Google Inc.)
Task: {2561E2CE-AC14-4866-87A1-5FA2D13F11DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {300DE3A9-0487-4658-8C42-0DFF285277BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-24] (Google Inc.)
Task: {3CCB3E41-A69B-4779-9995-E4B19DE8984D} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader Updater\YourFileUpdater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-27 12:52 - 2014-04-27 12:51 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
2014-04-19 12:51 - 2014-04-27 12:51 - 02557976 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-27 12:52 - 2014-04-27 12:51 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll
2014-05-02 11:23 - 2014-05-02 11:23 - 00041984 _____ () c:\users\marvin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprmcdc6.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Marvin\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-19 12:51 - 2014-04-19 12:51 - 01603608 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll
2014-04-25 11:16 - 2014-04-24 02:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-25 11:16 - 2014-04-24 02:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-25 11:16 - 2014-04-24 02:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-25 11:16 - 2014-04-24 02:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-25 11:16 - 2014-04-24 02:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-25 11:16 - 2014-04-24 02:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: CDC Abstract Control Model (ACM)
Description: CDC Abstract Control Model (ACM)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: CDC ACM Data
Description: CDC ACM Data
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/02/2014 11:23:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2014 11:46:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2014 11:26:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2014 10:24:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2014 10:58:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 11:12:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2014 10:27:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2014 00:51:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2014 03:34:10 AM) (Source: Application Hang) (User: )
Description: Programm iTunes.exe, Version 11.1.5.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1050

Startzeit: 01cf61b85e8b3045

Endzeit: 12964

Anwendungspfad: C:\Program Files (x86)\iTunes\iTunes.exe

Berichts-ID:

Error: (04/27/2014 03:21:44 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iTunes.exe, Version: 11.1.5.5, Zeitstempel: 0x53073d6a
Name des fehlerhaften Moduls: iTunes.dll, Version: 11.1.5.5, Zeitstempel: 0x53073d58
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00393319
ID des fehlerhaften Prozesses: 0x668
Startzeit der fehlerhaften Anwendung: 0xiTunes.exe0
Pfad der fehlerhaften Anwendung: iTunes.exe1
Pfad des fehlerhaften Moduls: iTunes.exe2
Berichtskennung: iTunes.exe3


System errors:
=============
Error: (05/01/2014 10:22:44 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎01.‎05.‎2014 um 01:44:56 unerwartet heruntergefahren.

Error: (04/27/2014 01:02:43 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (04/27/2014 01:02:28 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (04/27/2014 01:02:12 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (04/27/2014 01:01:56 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (04/27/2014 01:01:40 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (04/27/2014 01:01:25 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (04/27/2014 01:01:09 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (04/27/2014 01:00:53 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (04/27/2014 01:00:37 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.


Microsoft Office Sessions:
=========================
Error: (05/02/2014 11:23:40 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2014 11:46:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2014 11:26:43 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2014 10:24:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2014 10:58:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 11:12:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2014 10:27:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2014 00:51:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2014 03:34:10 AM) (Source: Application Hang)(User: )
Description: iTunes.exe11.1.5.5105001cf61b85e8b304512964C:\Program Files (x86)\iTunes\iTunes.exe

Error: (04/27/2014 03:21:44 AM) (Source: Application Error)(User: )
Description: iTunes.exe11.1.5.553073d6aiTunes.dll11.1.5.553073d58c00000050039331966801cf61b6f205a1f7C:\Program Files (x86)\iTunes\iTunes.exeC:\Program Files (x86)\iTunes\iTunes.dll4a9abcb4-cdaa-11e3-9f3f-20cf30cadbf8


==================== Memory info =========================== 

Percentage of memory in use: 59%
Total physical RAM: 2047.12 MB
Available physical RAM: 834.13 MB
Total Pagefile: 4094.23 MB
Available Pagefile: 2535.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:149.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 6049D661)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 03.05.2014, 07:26   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme mit Yourfile Downloader - Standard

Probleme mit Yourfile Downloader



Nutzt du die AVG Toolbar mit Absicht? Ansonsten sieht das eigentlich gut aus. Passwörter ändern ist nicht notwendig.,
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.05.2014, 11:21   #5
MacMalim
 
Probleme mit Yourfile Downloader - Standard

Probleme mit Yourfile Downloader



Die Toolbar habe ich eigentlich deaktiviert und wird mir auch nicht angezeigt.


Alt 04.05.2014, 07:37   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme mit Yourfile Downloader - Standard

Probleme mit Yourfile Downloader



Ich sehe nur dass sie installiert ist
__________________
--> Probleme mit Yourfile Downloader

Alt 04.05.2014, 21:31   #7
MacMalim
 
Probleme mit Yourfile Downloader - Standard

Probleme mit Yourfile Downloader



Alles klar, danke dir für deine Zeit und Hilfe! Super Forum!

Alt 05.05.2014, 16:38   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme mit Yourfile Downloader - Standard

Probleme mit Yourfile Downloader



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Probleme mit Yourfile Downloader
angeblich, angezeigt, antimalware, avg, beendet, dateien, downloader, frage, gen, hallo zusammen, installation, komische, kumpel, malwarebytes, malwarebytes antimalware, passwörter, probleme, programm, programme, prozesse, quarantäne, seite, sorge, yourfile downloader, zusammen, ähnliches



Ähnliche Themen: Probleme mit Yourfile Downloader


  1. Malware durch dubiosen Downloader (Lightning Downloader)
    Log-Analyse und Auswertung - 10.07.2015 (9)
  2. Yourfile Downloader Befall, wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 22.09.2014 (23)
  3. Yourfile Downloader - Troyaner - wie entfernt man den Mist?
    Plagegeister aller Art und deren Bekämpfung - 25.08.2014 (20)
  4. Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?
    Plagegeister aller Art und deren Bekämpfung - 24.08.2014 (17)
  5. Yourfile Downloader Malware
    Plagegeister aller Art und deren Bekämpfung - 31.07.2014 (7)
  6. yourfile downloader. Virus oder Adware?
    Plagegeister aller Art und deren Bekämpfung - 25.07.2014 (19)
  7. yourfile downloader
    Plagegeister aller Art und deren Bekämpfung - 30.04.2014 (11)
  8. Win 7 64bit: Internet / Performance / Downstream probleme durch angebliche port probleme !
    Log-Analyse und Auswertung - 26.04.2014 (19)
  9. Windows 7: Verdacht auf Trojaner (Probleme über Probleme)
    Log-Analyse und Auswertung - 18.03.2014 (10)
  10. Probleme mit FRST gemäß Anleitung AW:Probleme mit static.australianbrewingcompany.com
    Plagegeister aller Art und deren Bekämpfung - 19.01.2014 (41)
  11. SweetPacks IM , Yourfile Downloader
    Log-Analyse und Auswertung - 11.10.2012 (35)
  12. Ständig Probleme mit Avast (findet win32 Downloader)
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (13)
  13. Probleme trotz beseitigung von trojan.Zbot und Trojan.Downloader, OTL Logfile, MalwareByte Logfile!
    Plagegeister aller Art und deren Bekämpfung - 28.07.2010 (10)
  14. TR/Downloader gelöscht aber weitere probleme...wie fixen?
    Plagegeister aller Art und deren Bekämpfung - 02.03.2010 (5)
  15. Probleme mit Downloader und Log-File
    Log-Analyse und Auswertung - 04.08.2007 (12)
  16. HILFEEEE!!!trojan-downloader-ruin, trojan-downloader-wareout
    Log-Analyse und Auswertung - 16.09.2005 (1)
  17. Habe Probleme mit Trojan.Downloader.Agent.bh (incl. Log)
    Log-Analyse und Auswertung - 08.01.2005 (12)

Zum Thema Probleme mit Yourfile Downloader - Hallo zusammen, ein Kumpel hatte mir auf Fileupload.net paar Dateien zur Verfügung gestellt. Als ich diese runterladen wollte, bekam ich nur so ne komische .exe Datei, auf die ich dann - Probleme mit Yourfile Downloader...
Archiv
Du betrachtest: Probleme mit Yourfile Downloader auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.