| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Programme ruckeln stark und laufen instabil.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.07.2014, 11:23
| #1 |
 |  Programme ruckeln stark und laufen instabil. Viele meiner leistungsfordernden Programme wie Computerspiele laufen nach einiger Zeit sehr instabil und fangen an zuruckeln. Auch die Geschwindigkeit beim surfen im Internet ist nicht optimal. Ich habe im Verdacht das sich Schadsoftware auf meinem Rechner befindet und bräuchte Expertenhilfe. Ich habe die Laufwerksemulation mithilfe vom defogger bereits abgeschaltet. Ich werde das addition log als Anhang mit einfügen, da die mail sonst zu lang wird. Gmer.txt Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-13 11:58:39
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\uwdyrpod.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff96000191c00 7 bytes [00, 12, 81, 01, 00, 1B, F2]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 8 fffff96000191c08 7 bytes [01, 18, C0, FF, 00, D7, DA]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\csrss.exe[660] C:\WINDOWS\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\wininit.exe[768] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\csrss.exe[784] C:\WINDOWS\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\winlogon.exe[840] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\services.exe[864] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\lsass.exe[884] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[988] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\nvvsvc.exe[376] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[416] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\System32\svchost.exe[500] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[668] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[788] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\dwm.exe[444] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\dwm.exe[444] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb01bc177a 4 bytes [BC, 01, FB, 07]
.text C:\WINDOWS\system32\dwm.exe[444] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb01bc1782 4 bytes [BC, 01, FB, 07]
.text C:\WINDOWS\System32\svchost.exe[1036] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE[1140] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE[1140] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007faff671532 4 bytes [67, FF, FA, 07]
.text C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE[1140] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007faff67153a 4 bytes [67, FF, FA, 07]
.text C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE[1140] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007faff67165a 4 bytes [67, FF, FA, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[1148] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\nvvsvc.exe[1148] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690 000007faff671532 4 bytes [67, FF, FA, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[1148] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698 000007faff67153a 4 bytes [67, FF, FA, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[1148] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246 000007faff67165a 4 bytes [67, FF, FA, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[1148] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb01bc177a 4 bytes [BC, 01, FB, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[1148] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb01bc1782 4 bytes [BC, 01, FB, 07]
.text C:\WINDOWS\system32\svchost.exe[1296] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\System32\spoolsv.exe[1740] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[672] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector64.exe[2356] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\BtwRSupportService.exe[2404] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\BtwRSupportService.exe[2404] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690 000007faff671532 4 bytes [67, FF, FA, 07]
.text C:\WINDOWS\system32\BtwRSupportService.exe[2404] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698 000007faff67153a 4 bytes [67, FF, FA, 07]
.text C:\WINDOWS\system32\BtwRSupportService.exe[2404] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246 000007faff67165a 4 bytes [67, FF, FA, 07]
.text C:\WINDOWS\system32\svchost.exe[2480] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\dashost.exe[2552] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\mqsvc.exe[2564] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\mqsvc.exe[2564] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 742 000007faf95c1b32 4 bytes [5C, F9, FA, 07]
.text C:\WINDOWS\system32\mqsvc.exe[2564] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 750 000007faf95c1b3a 4 bytes [5C, F9, FA, 07]
.text C:\WINDOWS\System32\svchost.exe[2620] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\System32\svchost.exe[2620] c:\windows\system32\WSOCK32.dll!recvfrom + 742 000007faf95c1b32 4 bytes [5C, F9, FA, 07]
.text C:\WINDOWS\System32\svchost.exe[2620] c:\windows\system32\WSOCK32.dll!recvfrom + 750 000007faf95c1b3a 4 bytes [5C, F9, FA, 07]
.text C:\WINDOWS\System32\svchost.exe[2948] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\System32\svchost.exe[2948] c:\windows\system32\WSOCK32.dll!recvfrom + 742 000007faf95c1b32 4 bytes [5C, F9, FA, 07]
.text C:\WINDOWS\System32\svchost.exe[2948] c:\windows\system32\WSOCK32.dll!recvfrom + 750 000007faf95c1b3a 4 bytes [5C, F9, FA, 07]
.text C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe[2432] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe[2432] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fb01bc177a 4 bytes [BC, 01, FB, 07]
.text C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe[2432] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fb01bc1782 4 bytes [BC, 01, FB, 07]
.text C:\WINDOWS\system32\svchost.exe[2128] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[3088] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[3088] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb01bc177a 4 bytes [BC, 01, FB, 07]
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[3088] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb01bc1782 4 bytes [BC, 01, FB, 07]
.text C:\WINDOWS\system32\svchost.exe[3112] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3340] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3740] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[4056] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[3376] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4152] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\taskhostex.exe[4248] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4456] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4456] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb01bc177a 4 bytes [BC, 01, FB, 07]
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4456] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb01bc1782 4 bytes [BC, 01, FB, 07]
.text C:\WINDOWS\Explorer.EXE[4204] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\Explorer.EXE[4204] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb01bc177a 4 bytes [BC, 01, FB, 07]
.text C:\WINDOWS\Explorer.EXE[4204] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb01bc1782 4 bytes [BC, 01, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5060] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5060] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007faff671532 4 bytes [67, FF, FA, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5060] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007faff67153a 4 bytes [67, FF, FA, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5060] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007faff67165a 4 bytes [67, FF, FA, 07]
.text C:\WINDOWS\system32\SearchIndexer.exe[3820] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe[4432] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[4664] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\taskhost.exe[4392] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\WINDOWS\system32\AUDIODG.EXE[64] C:\WINDOWS\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\Program Files\McAfee Security Scan\3.8.130\McUicnt.exe[6128] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb0243f817 1 byte [62]
.text C:\Program Files\McAfee Security Scan\3.8.130\McUicnt.exe[6128] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fb01bc177a 4 bytes [BC, 01, FB, 07]
.text C:\Program Files\McAfee Security Scan\3.8.130\McUicnt.exe[6128] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fb01bc1782 4 bytes [BC, 01, FB, 07]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [784:1544] fffff960008905e8
---- Processes - GMER 2.1 ----
Library C:\Users\Daniel\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [5252](2014-01-03 01:09:26) 0000000003fa0000
Library c:\users\daniel\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpx7o2o7.dll (*** suspicious ***) @ C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [5252](2014-07-13 05:04:55) 0000000003ea0000
Library C:\Users\Daniel\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [5252](2013-08-23 19:01:44) 0000000067080000
Library C:\Users\Daniel\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [5252] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 00000000666f0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -245425283
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\b4749f66f08d
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2014
Ran by Daniel (administrator) on DANIEL-PC on 13-07-2014 11:36:27
Running from C:\Users\Daniel\Desktop\Schutz software
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Softwareentwicklung Remus - ArchiCrypt) C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector64.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2817872 2012-04-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11106408 2010-08-04] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-04] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\Policies\Explorer: [HideRunAsVerb] 0
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1252512109-3750120672-4145686215-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-1252512109-3750120672-4145686215-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [496192 2014-02-25] (BillP Studios)
HKU\S-1-5-21-1252512109-3750120672-4145686215-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-17] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ckgp53fe.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://de.yahoo.com?fr=hp-avast&type=avastbcl
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ckgp53fe.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ckgp53fe.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-29]
FF Extension: NoScript - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ckgp53fe.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-29]
FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ckgp53fe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-21]
Chrome:
=======
CHR HomePage: https://de.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: "https://de.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Extension: (Google Docs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-17]
CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-17]
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-17]
CHR Extension: (Google-Suche) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-17]
CHR Extension: (avast! Online Security) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-13]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-02-17]
CHR Extension: (Skype Click to Call) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-17]
CHR Extension: (Google Wallet) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-17]
CHR Extension: (Google Mail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02]
CHR HKLM-x32\...\Chrome\Extension: [ommhmgednjnodcljhlljkaiidghdmikk] - C:\Users\Daniel\AppData\Local\Temp\ccex.crx [2012-10-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 ArchiCrypt Sichere Loeschzonen; C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector64.exe [320600 2013-10-21] (Softwareentwicklung Remus - ArchiCrypt)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-04] (AVAST Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2012-07-26] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-01-27] ()
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2412344 2014-01-28] (TuneUp Software)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
S4 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-02-28] (AnchorFree Inc.)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [185856 2012-07-26] (Microsoft Corporation)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-04-06] (Windows (R) 2003 DDK 3790 provider)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-07-28] (Windows (R) Win 7 DDK provider)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-02-28] (Anchorfree Inc.)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 wmbclass; C:\Windows\system32\DRIVERS\wmbclass.sys [230912 2013-04-09] (Microsoft Corporation)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [287232 2012-06-02] (Marvell)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 idsvc;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-13 11:35 - 2014-07-13 11:36 - 00000000 ____D () C:\FRST
2014-07-13 11:34 - 2014-07-13 11:34 - 00050477 _____ () C:\Users\Daniel\Downloads\Defogger.exe
2014-07-13 11:34 - 2014-07-13 11:34 - 00000474 _____ () C:\Users\Daniel\Downloads\defogger_disable.log
2014-07-13 11:34 - 2014-07-13 11:34 - 00000000 _____ () C:\Users\Daniel\defogger_reenable
2014-07-11 10:36 - 2014-07-11 10:36 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-11 10:36 - 2014-07-11 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-11 10:35 - 2014-07-11 10:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-11 10:35 - 2014-07-11 10:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-11 10:35 - 2014-07-11 10:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-11 10:35 - 2014-07-11 10:35 - 00000000 ____D () C:\Program Files\iPod
2014-07-10 04:41 - 2014-07-10 04:41 - 00000751 _____ () C:\Users\Daniel\Desktop\JRT.txt
2014-07-10 04:23 - 2014-07-10 04:23 - 01348263 _____ () C:\Users\Daniel\Downloads\adwcleaner_3.215.exe
2014-07-10 04:11 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2014-07-10 04:11 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-07-10 03:53 - 2014-07-10 03:53 - 00445632 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-09 06:42 - 2014-07-09 06:42 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-08 22:58 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-08 22:58 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-08 22:58 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-08 22:58 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2014-07-08 22:58 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-07-08 22:58 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-07-08 22:58 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-07-08 22:58 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-07-08 22:58 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-07-08 22:58 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-07-08 22:58 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-08 22:58 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 22:58 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-08 22:58 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 22:58 - 2014-02-08 06:34 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-07-08 22:57 - 2014-07-01 00:42 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-08 22:57 - 2014-07-01 00:42 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-08 22:57 - 2014-07-01 00:42 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-07-08 22:57 - 2014-06-28 05:35 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-08 22:57 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-08 22:57 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-08 22:57 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-07-08 22:57 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-07-08 22:57 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-08 22:57 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-08 22:57 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-07-08 22:57 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-08 22:57 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-08 22:57 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-08 22:57 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-08 22:57 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-07-08 22:57 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-08 22:57 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-08 22:57 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-08 22:57 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-08 22:57 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-07-08 22:57 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-07-08 22:57 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-07-08 22:57 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-07-08 22:57 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-08 22:57 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-08 22:57 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-08 22:57 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-08 22:57 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-08 22:57 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-07-08 22:57 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-08 22:57 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-07-08 22:57 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-08 22:57 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-08 22:57 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-08 22:57 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-08 22:57 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-07-08 22:57 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-08 22:57 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-08 22:57 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-08 22:57 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-07-08 22:57 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-07-08 22:57 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-07-08 22:57 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-07-08 22:57 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-07-08 22:57 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-07-08 22:57 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-07-08 22:57 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-07-08 22:57 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-07-08 22:57 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-08 22:57 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2014-07-08 22:56 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-08 22:56 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-08 22:56 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-05 13:17 - 2014-07-13 11:30 - 00001161 _____ () C:\Users\Daniel\Desktop\CoreTemp.ini
2014-07-05 07:17 - 2014-07-13 07:05 - 00000000 ___RD () C:\Users\Daniel\Dropbox
2014-07-05 07:17 - 2014-07-05 11:36 - 00001021 _____ () C:\Users\Daniel\Desktop\Dropbox.lnk
2014-07-05 07:06 - 2014-07-13 07:05 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\DropboxMaster
2014-07-05 07:06 - 2014-07-05 11:36 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-05 07:03 - 2014-07-13 07:05 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Dropbox
2014-07-04 20:14 - 2014-07-04 20:14 - 00448400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
2014-07-04 20:14 - 2014-07-04 20:14 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-06-23 18:14 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-06-23 18:03 - 2014-06-23 18:03 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-06-23 18:03 - 2014-06-23 18:03 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2014-06-23 18:03 - 2014-06-23 18:03 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-06-23 18:02 - 2014-06-23 18:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-23 17:43 - 2014-06-23 17:44 - 112616784 _____ (Apple Inc.) C:\Users\Daniel\Downloads\iTunes64Setup.exe
2014-06-19 16:01 - 2014-07-13 07:03 - 00068248 _____ () C:\WINDOWS\setupact.log
2014-06-19 16:01 - 2014-06-19 16:01 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-06-19 16:00 - 2014-07-10 04:26 - 00012098 _____ () C:\WINDOWS\PFRO.log
2014-06-19 05:59 - 2014-06-19 20:53 - 00000041 _____ () C:\Users\Daniel\Desktop\Kennwort Netzwerk Home.txt
2014-06-18 19:12 - 2014-06-18 19:12 - 02347384 _____ (ESET) C:\Users\Daniel\Downloads\esetsmartinstaller_deu.exe
2014-06-18 19:02 - 2014-06-18 19:02 - 01016261 _____ (Thisisu) C:\Users\Daniel\Downloads\JRT_6.1.4(1).exe
2014-06-18 03:53 - 2014-06-18 03:53 - 00000000 ____H () C:\Users\Daniel\AppData\Local\BIT189E.tmp
2014-06-18 03:51 - 2014-06-18 03:51 - 00000000 _____ () C:\Users\Daniel\AppData\Local\{CED4D30C-A6BD-47C4-8937-F29FE156C14E}
2014-06-15 08:17 - 2014-06-15 08:17 - 00313256 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-06-15 08:17 - 2014-06-15 08:17 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-06-15 08:17 - 2014-06-15 08:17 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-06-15 08:17 - 2014-06-15 08:17 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-06-13 18:52 - 2014-06-13 18:52 - 00000014 _____ () C:\Users\Daniel\Desktop\apple reklamation.txt
==================== One Month Modified Files and Folders =======
2014-07-13 11:37 - 2014-02-17 07:02 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-13 11:36 - 2014-07-13 11:35 - 00000000 ____D () C:\FRST
2014-07-13 11:36 - 2013-12-24 14:01 - 00000000 ____D () C:\Users\Daniel\Desktop\Schutz software
2014-07-13 11:34 - 2014-07-13 11:34 - 00050477 _____ () C:\Users\Daniel\Downloads\Defogger.exe
2014-07-13 11:34 - 2014-07-13 11:34 - 00000474 _____ () C:\Users\Daniel\Downloads\defogger_disable.log
2014-07-13 11:34 - 2014-07-13 11:34 - 00000000 _____ () C:\Users\Daniel\defogger_reenable
2014-07-13 11:34 - 2012-11-16 21:30 - 00000000 ____D () C:\Users\Daniel
2014-07-13 11:30 - 2014-07-05 13:17 - 00001161 _____ () C:\Users\Daniel\Desktop\CoreTemp.ini
2014-07-13 11:24 - 2012-01-07 11:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-13 11:20 - 2013-06-23 13:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-13 11:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-13 11:00 - 2012-03-30 10:02 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Skyrim
2014-07-13 10:11 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-13 10:09 - 2014-03-23 15:15 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Battle.net
2014-07-13 10:09 - 2014-03-23 15:15 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-13 07:36 - 2014-03-15 13:37 - 01764622 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-13 07:05 - 2014-07-05 07:17 - 00000000 ___RD () C:\Users\Daniel\Dropbox
2014-07-13 07:05 - 2014-07-05 07:06 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\DropboxMaster
2014-07-13 07:05 - 2014-07-05 07:03 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Dropbox
2014-07-13 07:04 - 2014-02-17 07:02 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-13 07:04 - 2014-01-03 07:32 - 00000000 ____D () C:\Users\Daniel\Tracing
2014-07-13 07:03 - 2014-06-19 16:01 - 00068248 _____ () C:\WINDOWS\setupact.log
2014-07-13 07:03 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-12 09:17 - 2013-08-28 15:44 - 00000000 ____D () C:\Program Files (x86)\JoWooD
2014-07-12 09:17 - 2011-11-09 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
2014-07-11 10:36 - 2014-07-11 10:36 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-11 10:36 - 2014-07-11 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-11 10:36 - 2014-07-11 10:35 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-11 10:36 - 2014-07-11 10:35 - 00000000 ____D () C:\Program Files\iTunes
2014-07-11 10:36 - 2014-07-11 10:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-11 10:36 - 2014-05-17 12:17 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 10:35 - 2014-07-11 10:35 - 00000000 ____D () C:\Program Files\iPod
2014-07-11 10:24 - 2013-06-21 16:09 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-07-10 05:03 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-10 04:41 - 2014-07-10 04:41 - 00000751 _____ () C:\Users\Daniel\Desktop\JRT.txt
2014-07-10 04:26 - 2014-06-19 16:00 - 00012098 _____ () C:\WINDOWS\PFRO.log
2014-07-10 04:25 - 2014-01-01 19:51 - 00000000 ____D () C:\AdwCleaner
2014-07-10 04:25 - 2012-07-26 07:26 - 00008192 _____ () C:\WINDOWS\system32\config\BBI
2014-07-10 04:23 - 2014-07-10 04:23 - 01348263 _____ () C:\Users\Daniel\Downloads\adwcleaner_3.215.exe
2014-07-10 04:13 - 2013-12-10 19:36 - 00001131 _____ () C:\Users\Public\Desktop\DivX Converter.lnk
2014-07-10 04:13 - 2013-12-10 19:36 - 00001066 _____ () C:\Users\Public\Desktop\DivX Player.lnk
2014-07-10 04:13 - 2013-12-10 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-07-10 04:13 - 2013-06-22 19:15 - 00001615 _____ () C:\Users\Daniel\Desktop\DivX Movies.lnk
2014-07-10 04:13 - 2012-04-08 10:24 - 00000000 ____D () C:\Program Files\DivX
2014-07-10 04:13 - 2012-04-08 10:24 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-07-10 04:13 - 2012-04-08 10:23 - 00000000 ____D () C:\ProgramData\DivX
2014-07-10 04:11 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-10 03:53 - 2014-07-10 03:53 - 00445632 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-09 16:34 - 2012-07-26 12:27 - 00879766 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-09 16:34 - 2012-07-26 12:27 - 00203372 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-09 16:34 - 2012-07-26 09:28 - 02069876 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-09 06:42 - 2014-07-09 06:42 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 06:42 - 2012-07-26 12:29 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 06:42 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 06:42 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 06:42 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-09 06:31 - 2011-10-01 17:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 06:30 - 2013-08-14 07:42 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 06:24 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-09 06:24 - 2011-09-26 06:40 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-08 19:20 - 2013-06-23 13:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-08 04:04 - 2013-07-13 07:44 - 00002563 _____ () C:\Users\Public\Desktop\Free System Utilities.lnk
2014-07-07 19:48 - 2010-10-25 03:50 - 00000000 ____D () C:\ProgramData\Temp
2014-07-07 19:37 - 2013-08-01 06:12 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-07-05 13:10 - 2014-03-23 15:55 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-05 11:36 - 2014-07-05 07:17 - 00001021 _____ () C:\Users\Daniel\Desktop\Dropbox.lnk
2014-07-05 11:36 - 2014-07-05 07:06 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-04 20:15 - 2013-12-29 20:17 - 00001972 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-07-04 20:15 - 2013-06-21 16:09 - 00427360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-04 20:14 - 2014-07-04 20:14 - 00448400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
2014-07-04 20:14 - 2014-07-04 20:14 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-04 20:14 - 2014-04-21 18:33 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-04 20:14 - 2013-12-22 17:54 - 00092008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-07-04 20:14 - 2013-07-08 08:06 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2014-07-04 20:14 - 2013-06-21 16:09 - 01041168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-07-04 20:14 - 2013-06-21 16:09 - 00307344 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-04 20:14 - 2013-06-21 16:09 - 00224896 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-04 20:14 - 2013-06-21 16:09 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-07-04 20:14 - 2013-06-21 16:09 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-07-04 20:14 - 2013-06-21 16:09 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-07-01 00:42 - 2014-07-08 22:57 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-01 00:42 - 2014-07-08 22:57 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-01 00:42 - 2014-07-08 22:57 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-06-28 12:10 - 2013-09-19 06:46 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\vlc
2014-06-28 07:19 - 2013-07-27 07:17 - 00000000 ____D () C:\Users\Daniel\Downloads\backups
2014-06-28 05:35 - 2014-07-08 22:57 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-06-26 22:53 - 2013-09-12 05:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:53 - 2013-09-12 05:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-23 18:33 - 2012-11-16 22:07 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1252512109-3750120672-4145686215-1001
2014-06-23 18:13 - 2012-12-13 19:17 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-06-23 18:03 - 2014-06-23 18:03 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-06-23 18:03 - 2014-06-23 18:03 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2014-06-23 18:03 - 2014-06-23 18:03 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-06-23 18:02 - 2014-06-23 18:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-23 18:02 - 2012-12-13 19:16 - 00000000 ____D () C:\ProgramData\Apple
2014-06-23 17:44 - 2014-06-23 17:43 - 112616784 _____ (Apple Inc.) C:\Users\Daniel\Downloads\iTunes64Setup.exe
2014-06-23 17:32 - 2014-02-17 07:02 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-23 17:32 - 2014-02-17 07:02 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-23 05:46 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-06-20 06:29 - 2014-02-17 07:03 - 00002163 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-20 06:29 - 2013-12-30 19:26 - 00001139 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-20 06:29 - 2013-12-30 19:26 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-20 06:29 - 2011-09-24 11:45 - 00001383 _____ () C:\Users\Daniel\Desktop\Internet Explorer.lnk
2014-06-19 20:53 - 2014-06-19 05:59 - 00000041 _____ () C:\Users\Daniel\Desktop\Kennwort Netzwerk Home.txt
2014-06-19 16:01 - 2014-06-19 16:01 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-06-19 04:12 - 2014-07-08 22:57 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-06-19 04:12 - 2014-07-08 22:57 - 01366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-06-19 04:12 - 2014-07-08 22:57 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-06-19 04:12 - 2014-07-08 22:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-06-19 04:12 - 2014-07-08 22:57 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-06-19 04:11 - 2014-07-08 22:57 - 19277312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-06-19 04:11 - 2014-07-08 22:57 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-06-19 04:11 - 2014-07-08 22:57 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-06-19 04:10 - 2014-07-08 22:57 - 15369728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-06-19 04:10 - 2014-07-08 22:57 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-06-19 04:10 - 2014-07-08 22:57 - 02650624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-06-19 04:10 - 2014-07-08 22:57 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-06-19 04:10 - 2014-07-08 22:57 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-06-19 04:10 - 2014-07-08 22:57 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-06-19 04:10 - 2014-07-08 22:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-06-19 04:10 - 2014-07-08 22:57 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-06-19 04:10 - 2014-07-08 22:57 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-06-19 04:10 - 2014-07-08 22:57 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-06-19 04:10 - 2014-07-08 22:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-06-19 04:10 - 2014-07-08 22:57 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-06-19 04:09 - 2014-07-08 22:57 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-06-19 03:12 - 2014-04-21 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-06-19 03:12 - 2014-03-20 19:51 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\TS3Client
2014-06-19 03:11 - 2014-04-21 19:44 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-06-19 02:53 - 2014-07-08 22:57 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-06-19 02:53 - 2014-07-08 22:57 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-06-19 02:53 - 2014-07-08 22:57 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-06-19 02:53 - 2014-07-08 22:57 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-06-19 02:53 - 2014-07-08 22:57 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-06-19 02:53 - 2014-07-08 22:57 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-06-19 02:53 - 2014-07-08 22:57 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-06-19 02:52 - 2014-07-08 22:57 - 13732352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-06-19 02:52 - 2014-07-08 22:57 - 02863616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-06-19 02:52 - 2014-07-08 22:57 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-06-19 02:52 - 2014-07-08 22:57 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-06-19 02:52 - 2014-07-08 22:57 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-06-19 02:52 - 2014-07-08 22:57 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-06-19 02:52 - 2014-07-08 22:57 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-06-19 02:52 - 2014-07-08 22:57 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-06-19 02:52 - 2014-07-08 22:57 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-06-19 02:52 - 2014-07-08 22:57 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-06-19 02:52 - 2014-07-08 22:57 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-06-19 02:52 - 2014-07-08 22:57 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-06-19 02:33 - 2014-07-08 22:57 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-06-19 02:30 - 2014-07-08 22:57 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-06-19 00:05 - 2014-07-08 22:57 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-06-18 19:12 - 2014-06-18 19:12 - 02347384 _____ (ESET) C:\Users\Daniel\Downloads\esetsmartinstaller_deu.exe
2014-06-18 19:02 - 2014-06-18 19:02 - 01016261 _____ (Thisisu) C:\Users\Daniel\Downloads\JRT_6.1.4(1).exe
2014-06-18 18:40 - 2014-06-04 05:34 - 00003852 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1394894571
2014-06-18 18:40 - 2014-03-15 16:42 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-06-18 03:53 - 2014-06-18 03:53 - 00000000 ____H () C:\Users\Daniel\AppData\Local\BIT189E.tmp
2014-06-18 03:51 - 2014-06-18 03:51 - 00000000 _____ () C:\Users\Daniel\AppData\Local\{CED4D30C-A6BD-47C4-8937-F29FE156C14E}
2014-06-18 01:27 - 2014-07-08 22:58 - 01440256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-06-18 01:24 - 2014-07-08 22:58 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-06-16 18:10 - 2013-09-19 06:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-16 18:09 - 2013-12-25 19:52 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-06-16 18:09 - 2013-12-25 19:52 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-06-16 18:09 - 2013-12-25 19:52 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-06-16 18:09 - 2013-06-24 17:40 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-06-16 18:09 - 2013-06-24 17:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-15 08:17 - 2014-06-15 08:17 - 00313256 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-06-15 08:17 - 2014-06-15 08:17 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-06-15 08:17 - 2014-06-15 08:17 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-06-15 08:17 - 2014-06-15 08:17 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-06-13 18:52 - 2014-06-13 18:52 - 00000014 _____ () C:\Users\Daniel\Desktop\apple reklamation.txt
Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpx7o2o7.dll
C:\Users\Daniel\AppData\Local\temp\Quarantine.exe
C:\Users\Daniel\AppData\Local\temp\WEB.DE_Toolbar_IE_Setup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-13 07:16
==================== End Of Log ============================
Danke schon mal im voraus. Mfg LuciLu |
| Themen zu Programme ruckeln stark und laufen instabil. |
| adobe, antivirus, avast, avg, chromium, combofix, defender, desktop, downloader, firefox, flash player, google, homepage, iexplore.exe, internet, mozilla, netzwerk, realtek, registry, scan, schutz, security, services.exe, spyware, svchost.exe, system, wscript.exe |
Baum-Darstellung