Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
PC Routineuntersuchung

PC Routineuntersuchung


Log-Analyse und Auswertung: PC Routineuntersuchung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 17.06.2014, 21:17   #1
Softwehr
 
PC Routineuntersuchung - Standard

PC Routineuntersuchung


Hi liebes TB-Team,

ich wollte gerne mal jemand routiniertes hier drüberschauen lassen, da mein Rechner beim Herunterfahren manchmal ein Programm schließen möchte, welches ich nicht sehen kann.

Wenn Fragen zur Herkunft von Dateien aufkommen immer her damit

Die Scans verliefen ziemlich normal, bis auf einen Bluescreen kurze Zeit nach dem Schließen von GMER (~30 Sekunden)
Den Minidump kann ich gerne hochladen, ansonsten hier vorab ein paar Infos die der Rechner ausgespuckt hat:


Problemsignatur:
Problemereignisname: BlueScreen
Betriebsystemversion: 6.1.7601.2.1.0.768.3
Gebietsschema-ID: 1031

Zusatzinformationen zum Problem:
BCCode: 3b
BCP1: 00000000C0000005
BCP2: FFFFF8000331BBC9
BCP3: FFFFF880083A4EE0
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1


Dann gäbe es da noch die anderen Scans:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:36 on 17/06/2014 (User)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:AlcoholAutomount -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by User (administrator) on User on 17-06-2014 18:40:04
Running from C:\Users\User\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\.DEFAULT\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-2122333257-317490234-2083073521-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2122333257-317490234-2083073521-1000\...\MountPoints2: {ba820c53-74be-11e3-8646-047d7b128e60} - F:\AutoRun.exe
IFEO\utilman.exe: [Debugger] cmd.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iwmoqdgs.default-1396815524608
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iwmoqdgs.default-1396815524608\Extensions\youtubeunblocker@unblocker.yt [2014-04-26]
FF Extension: Live HTTP Headers - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iwmoqdgs.default-1396815524608\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2014-04-16]
FF Extension: WOT - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iwmoqdgs.default-1396815524608\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-04-06]
FF Extension: ClipConverter - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iwmoqdgs.default-1396815524608\Extensions\clipconverter@clipconverter.cc.xpi [2014-04-06]
FF Extension: {230185af-929d-467b-ba46-08816dc2feeb} - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iwmoqdgs.default-1396815524608\Extensions\{230185af-929d-467b-ba46-08816dc2feeb}.xpi [2014-04-26]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\iwmoqdgs.default-1396815524608\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-06]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

==================== Services (Whitelisted) =================

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [543424 2014-05-29] (Valve Corporation) [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2013-10-03] (Duplex Secure Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-17 18:40 - 2014-06-17 18:41 - 00012018 _____ () C:\Users\User\Desktop\FRST.txt
2014-06-17 18:39 - 2014-06-17 18:40 - 00000000 ____D () C:\FRST
2014-06-17 18:36 - 2014-06-17 18:36 - 00000668 _____ () C:\Users\User\Desktop\defogger_disable.log
2014-06-17 18:36 - 2014-06-17 18:36 - 00000202 _____ () C:\Users\User\defogger_reenable
2014-06-16 23:24 - 2014-06-16 23:24 - 02081280 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-06-16 23:24 - 2014-06-16 23:24 - 00050477 _____ () C:\Users\User\Downloads\Defogger(1).exe
2014-06-16 23:23 - 2014-06-16 23:23 - 00380416 _____ () C:\Users\User\Downloads\Gmer-19357.exe
2014-06-16 23:23 - 2014-06-16 23:23 - 00058258 _____ () C:\Users\User\Desktop\anleitung.htm
2014-06-16 23:23 - 2014-06-16 23:23 - 00000000 ____D () C:\Users\User\Desktop\anleitung-Dateien
2014-06-13 16:10 - 2014-06-17 18:37 - 00000560 _____ () C:\Windows\setupact.log
2014-06-13 16:10 - 2014-06-13 16:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-11 22:39 - 2014-06-11 22:41 - 16084486 _____ () C:\Users\User\Downloads\Greatest freak out ever 9 (ORIGINAL VIDEO).mp4
2014-06-11 22:21 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 22:21 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 22:21 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 22:21 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 22:21 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 22:21 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 22:21 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 22:21 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 22:21 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 22:21 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 22:21 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 22:21 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 22:21 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 22:21 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 22:21 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 22:21 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 22:21 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 22:21 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 22:21 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 22:21 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 22:21 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 22:21 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 22:21 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 22:21 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 22:21 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 22:21 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 22:21 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 22:21 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 22:21 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 22:21 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 22:21 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 22:21 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 22:21 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 22:21 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 22:21 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 22:21 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 22:21 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 22:21 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 22:21 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 22:21 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 22:21 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 22:21 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 22:21 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 22:21 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 22:21 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 22:21 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 22:21 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 22:21 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 22:21 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 22:21 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 22:21 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 22:21 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 22:21 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 22:21 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 22:21 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 22:21 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 22:21 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 22:21 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 22:21 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 22:21 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 22:21 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 22:21 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 22:21 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 22:21 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 22:21 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-07 18:50 - 2014-06-01 00:32 - 54177270 _____ () C:\Users\User\Desktop\part.mp4
2014-06-05 19:53 - 2014-06-05 19:53 - 00000000 ____D () C:\Users\User\Documents\Facepalm Games
2014-06-05 19:52 - 2014-06-08 00:46 - 01591306 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-04 21:14 - 2014-06-04 21:14 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-06-04 21:14 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-06-04 21:14 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-06-04 21:13 - 2014-06-07 20:41 - 00000000 ____D () C:\Users\User\AppData\Local\PMB Files
2014-06-04 21:13 - 2014-06-04 21:13 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-04 21:13 - 2014-06-04 21:13 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-06-04 21:12 - 2014-06-04 21:13 - 00000000 ____D () C:\Users\User\AppData\Roaming\Riot Games
2014-06-04 21:11 - 2014-06-04 21:11 - 34888568 _____ (Riot Games) C:\Users\User\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2014-05-25 16:15 - 2014-05-25 16:15 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-05-25 16:15 - 2014-05-25 16:15 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-05-23 23:07 - 2014-05-23 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-05-23 01:57 - 2014-05-23 01:57 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-23 01:57 - 2014-05-23 01:57 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-23 01:57 - 2014-05-23 01:57 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-23 01:57 - 2014-05-23 01:57 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-23 01:57 - 2014-05-23 01:57 - 00000000 ____D () C:\Program Files\Java
2014-05-23 01:56 - 2014-05-23 01:56 - 30818216 _____ (Oracle Corporation) C:\Users\User\Downloads\jre-7u55-windows-x64.exe
2014-05-22 12:22 - 2014-05-22 12:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\TeamViewer
2014-05-22 12:22 - 2014-05-22 12:22 - 06209136 _____ (TeamViewer GmbH) C:\Users\User\Downloads\TeamViewer_Setup_de.exe
2014-05-22 12:21 - 2014-05-22 12:22 - 04617648 _____ (TeamViewer) C:\Users\User\Downloads\TeamViewerQS_de.exe
2014-05-19 23:52 - 2014-05-19 23:56 - 445059019 _____ () C:\Users\User\Downloads\Portal2-OST-Complete.zip
2014-05-19 16:29 - 2014-05-19 16:29 - 00056375 _____ () C:\Users\User\Downloads\sunburn.mid
2014-05-18 23:33 - 2014-05-18 23:33 - 00537699 _____ () C:\Users\User\Downloads\amip_winamp.zip
2014-05-18 23:33 - 2014-05-18 23:33 - 00000000 ____D () C:\Users\User\Downloads\amip_winamp
2014-05-18 23:07 - 2014-05-18 23:07 - 04262896 _____ (Krzysztof Kowalczyk) C:\Users\User\Downloads\SumatraPDF-2.5.2-install.exe
2014-05-18 16:12 - 2014-05-18 16:12 - 00000000 ____D () C:\Users\User\AppData\Local\Conexant
2014-05-18 16:12 - 2014-05-18 16:12 - 00000000 ____D () C:\ProgramData\Conexant

==================== One Month Modified Files and Folders =======

2014-06-17 18:41 - 2014-06-17 18:40 - 00012018 _____ () C:\Users\User\Desktop\FRST.txt
2014-06-17 18:41 - 2013-04-08 14:47 - 00000000 ____D () C:\Users\User\AppData\Local\Temp
2014-06-17 18:41 - 2013-04-08 13:59 - 01287580 _____ () C:\Windows\WindowsUpdate.log
2014-06-17 18:40 - 2014-06-17 18:39 - 00000000 ____D () C:\FRST
2014-06-17 18:37 - 2014-06-13 16:10 - 00000560 _____ () C:\Windows\setupact.log
2014-06-17 18:37 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-17 18:36 - 2014-06-17 18:36 - 00000668 _____ () C:\Users\User\Desktop\defogger_disable.log
2014-06-17 18:36 - 2014-06-17 18:36 - 00000202 _____ () C:\Users\User\defogger_reenable
2014-06-17 18:36 - 2013-04-08 14:47 - 00000000 ____D () C:\Users\User
2014-06-17 18:32 - 2011-02-11 10:21 - 00697098 _____ () C:\Windows\system32\perfh007.dat
2014-06-17 18:32 - 2011-02-11 10:21 - 00148362 _____ () C:\Windows\system32\perfc007.dat
2014-06-17 18:32 - 2009-07-14 07:13 - 01613412 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-17 17:53 - 2013-04-08 18:48 - 00002712 _____ () C:\Windows\Sandboxie.ini
2014-06-17 17:49 - 2009-07-14 06:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-17 17:49 - 2009-07-14 06:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-17 17:48 - 2013-04-08 22:58 - 00000000 ____D () C:\Users\User\AppData\Local\Paint.NET
2014-06-16 23:40 - 2013-04-08 15:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-06-16 23:24 - 2014-06-16 23:24 - 02081280 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-06-16 23:24 - 2014-06-16 23:24 - 00050477 _____ () C:\Users\User\Downloads\Defogger(1).exe
2014-06-16 23:23 - 2014-06-16 23:23 - 00380416 _____ () C:\Users\User\Downloads\Gmer-19357.exe
2014-06-16 23:23 - 2014-06-16 23:23 - 00058258 _____ () C:\Users\User\Desktop\anleitung.htm
2014-06-16 23:23 - 2014-06-16 23:23 - 00000000 ____D () C:\Users\User\Desktop\anleitung-Dateien
2014-06-13 19:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-13 19:03 - 2014-04-06 19:43 - 00000000 ____D () C:\temp
2014-06-13 16:10 - 2014-06-13 16:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-12 22:46 - 2014-01-09 00:05 - 00000641 _____ () C:\Users\User\Desktop\CV.txt
2014-06-12 22:44 - 2013-07-01 20:55 - 00000000 ____D () C:\Windows\Minidump
2014-06-12 08:54 - 2014-02-26 22:54 - 00252928 ___SH () C:\Users\User\Desktop\Thumbs.db
2014-06-12 08:54 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-12 01:56 - 2013-09-04 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 01:55 - 2013-09-04 03:00 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 22:41 - 2014-06-11 22:39 - 16084486 _____ () C:\Users\User\Downloads\Greatest freak out ever 9 (ORIGINAL VIDEO).mp4
2014-06-08 00:46 - 2014-06-05 19:52 - 01591306 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-07 20:41 - 2014-06-04 21:13 - 00000000 ____D () C:\Users\User\AppData\Local\PMB Files
2014-06-05 19:53 - 2014-06-05 19:53 - 00000000 ____D () C:\Users\User\Documents\Facepalm Games
2014-06-05 19:53 - 2013-10-04 22:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-05 00:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-04 21:14 - 2014-06-04 21:14 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-06-04 21:13 - 2014-06-04 21:13 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-04 21:13 - 2014-06-04 21:13 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-06-04 21:13 - 2014-06-04 21:12 - 00000000 ____D () C:\Users\User\AppData\Roaming\Riot Games
2014-06-04 21:11 - 2014-06-04 21:11 - 34888568 _____ (Riot Games) C:\Users\User\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2014-06-01 00:32 - 2014-06-07 18:50 - 54177270 _____ () C:\Users\User\Desktop\part.mp4
2014-05-30 12:21 - 2014-06-11 22:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 22:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 22:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 22:21 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 22:21 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 22:21 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 22:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 22:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 22:21 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 22:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 22:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 22:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 22:21 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 22:21 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 22:21 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 22:21 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 22:21 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 22:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 22:21 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 22:21 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 22:21 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 22:21 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 22:21 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 22:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 22:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 22:21 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 22:21 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 22:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 22:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 22:21 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 22:21 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 22:21 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 22:21 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 22:21 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 22:21 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 22:21 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 22:21 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 22:21 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 22:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 22:21 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 22:21 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 22:21 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 22:21 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 22:21 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 22:21 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 22:21 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 22:21 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 22:21 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 22:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 22:21 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 22:21 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 22:21 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-27 00:34 - 2013-12-04 01:50 - 00000000 ___RD () C:\Users\User\Desktop\*
2014-05-27 00:25 - 2013-09-17 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2014-05-26 19:27 - 2014-01-18 16:04 - 00000000 ____D () C:\Users\User\AppData\Local\Battle.net
2014-05-25 16:15 - 2014-05-25 16:15 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-05-25 16:15 - 2014-05-25 16:15 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-05-23 23:07 - 2014-05-23 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-05-23 23:07 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-23 02:49 - 2013-08-18 15:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\.minecraft
2014-05-23 01:57 - 2014-05-23 01:57 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-23 01:57 - 2014-05-23 01:57 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-23 01:57 - 2014-05-23 01:57 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-23 01:57 - 2014-05-23 01:57 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-23 01:57 - 2014-05-23 01:57 - 00000000 ____D () C:\Program Files\Java
2014-05-23 01:56 - 2014-05-23 01:56 - 30818216 _____ (Oracle Corporation) C:\Users\User\Downloads\jre-7u55-windows-x64.exe
2014-05-23 00:31 - 2014-03-26 01:44 - 00000198 _____ () C:\Users\User\Desktop\Niko Pool.txt
2014-05-22 23:48 - 2014-02-25 16:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Audacity
2014-05-22 13:33 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-22 12:29 - 2014-05-22 12:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\TeamViewer
2014-05-22 12:22 - 2014-05-22 12:22 - 06209136 _____ (TeamViewer GmbH) C:\Users\User\Downloads\TeamViewer_Setup_de.exe
2014-05-22 12:22 - 2014-05-22 12:21 - 04617648 _____ (TeamViewer) C:\Users\User\Downloads\TeamViewerQS_de.exe
2014-05-21 20:42 - 2011-08-03 12:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-21 20:42 - 2011-08-03 12:05 - 00000000 ____D () C:\ProgramData\Skype
2014-05-19 23:56 - 2014-05-19 23:52 - 445059019 _____ () C:\Users\User\Downloads\Portal2-OST-Complete.zip
2014-05-19 16:29 - 2014-05-19 16:29 - 00056375 _____ () C:\Users\User\Downloads\sunburn.mid
2014-05-18 23:33 - 2014-05-18 23:33 - 00537699 _____ () C:\Users\User\Downloads\amip_winamp.zip
2014-05-18 23:33 - 2014-05-18 23:33 - 00000000 ____D () C:\Users\User\Downloads\amip_winamp
2014-05-18 23:07 - 2014-05-18 23:07 - 04262896 _____ (Krzysztof Kowalczyk) C:\Users\User\Downloads\SumatraPDF-2.5.2-install.exe
2014-05-18 23:07 - 2013-04-11 17:43 - 00001936 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2014-05-18 16:12 - 2014-05-18 16:12 - 00000000 ____D () C:\Users\User\AppData\Local\Conexant
2014-05-18 16:12 - 2014-05-18 16:12 - 00000000 ____D () C:\ProgramData\Conexant

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-10 19:23

==================== End Of Log ============================

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-17 19:18:28
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\HOMUNK~1\AppData\Local\Temp\pxddqpoc.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074eb1465 2 bytes {JMP 0x76}
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074eb14bb 2 bytes {JMP 0x76}
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074eb1465 2 bytes {JMP 0x76}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074eb14bb 2 bytes {JMP 0x76}
.text ... * 2

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF9 0xF6 0xD1 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2B 0xC7 0x9F 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x14 0x1C 0x94 0x67 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF9 0xF6 0xD1 0x56 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2B 0xC7 0x9F 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x14 0x1C 0x94 0x67 ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\User\Desktop\\xa0\Stuff\Witchs House\RPGVX_RTP(Needed)\Setup.exe 1

---- EOF - GMER 2.1 ----

Ps.: FF Extension: {230185af-929d-467b-ba46-08816dc2feeb} kenne ich nicht und habe ich auch nie installiert, es sei denn jemand war faul genug, seine Extension nicht zu benennen.

Cheers
__________________
Softwehr

 

Themen zu PC Routineuntersuchung
administrator, bluescreen, download, explorer, firefox, frage, harddisk, herunterfahren, home, homepage, microsoft, mozilla, nvidia, panda usb vaccine, programm, registry, required, routineuntersuchung, schließen, secure, security, sekunden, services.exe, software, svchost.exe, usb, windows, winlogon.exe


« unerwünschte Programme / Adware? in der Taskleiste | A1 Rechnung Email RTF Datei Anhang mit Word geöffnet »


Ähnliche Themen: PC Routineuntersuchung


  1. Routineuntersuchung -> Trojan.BHO, Trojan.Spyeyes
    Log-Analyse und Auswertung - 27.05.2011 (3)
  2. Routineuntersuchung
    Log-Analyse und Auswertung - 21.06.2006 (5)
  3. Routineuntersuchung hjt logfile *büdde*
    Log-Analyse und Auswertung - 31.12.2005 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema PC Routineuntersuchung - Hi liebes TB-Team, ich wollte gerne mal jemand routiniertes hier drüberschauen lassen, da mein Rechner beim Herunterfahren manchmal ein Programm schließen möchte, welches ich nicht sehen kann. Wenn Fragen zur - PC Routineuntersuchung...
Archiv
Du betrachtest: PC Routineuntersuchung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55