| |
| |||||||
Log-Analyse und Auswertung: Comodo wird TrojWare.JS.Agent.PD@300743807 nicht losWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.06.2015, 06:07
| #1 |
 |  Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los Hallo Helfer/Helferin, Ich habe ein kleines Problem: Mein Comodo erkennt regelmäßig TrojWare.JS.Agent.PD@300743807 in Firefox Unterordnern. Leider kann ich hier kein Comodo Protokoll posten, da ich aus Dummheit die Logs bereinigt habe, beim Versuch die richtigen Ergebnisse zu filtern. An sich habe ich bisher keine Auffälligkeiten an meinem Rechner erkannt, jedoch plage ich mich jetzt schon seit längerer Zeit mit Problemen am Firefox herum. Es gibt immer wieder Phasen in denen er hängen bleibt, sich selbst beendet oder extrem langsam ist. Dieses Problem hatte auch nach kompletter Deinstallation des Firefox Bestand. Anbei schicke ich die geforderten Logs, und hoffe sie helfen dir (und dann ja auch mir) weiter: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 06:14 on 29/06/2015 (Martin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Martin (administrator) on ******** on 29-06-2015 06:16:17
Running from C:\Users\Martin\Downloads
Loaded Profiles: Martin (Available Profiles: Martin & Administrator)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4150\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5942\Battle.net.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-11-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-11-28] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-10] (COMODO)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-06-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-06-20] (Apple Inc.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-01-28] (Apple Inc.)
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-01-28] (Apple Inc.)
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-02-11] (SUPERAntiSpyware)
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-04-25]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2013-11-20]
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-08] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-08] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0B79355F-0C5D-4A23-87FC-1205805516AD}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0B79355F-0C5D-4A23-87FC-1205805516AD}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-23] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\user.js [2015-06-22]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\donottrackplus@abine.com [2015-06-22]
FF Extension: FoxyProxy Standard - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\foxyproxy@eric.h.jung [2015-06-22]
FF Extension: Flashblock - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-06-22]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-06-22]
FF Extension: anonymoX - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\client@anonymox.net.xpi [2015-06-22]
FF Extension: NoScript - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-06-22]
FF Extension: Adblock Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-22]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-06-22]
Chrome:
=======
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-26]
CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-26]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-26]
CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-29]
CHR Extension: (Google Wallet) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-26]
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Martin\AppData\LocalLow\proxtube\CHROME\proxtube.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-02-11] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-06-20] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-03-29] (Microsoft Corporation)
S4 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-10] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-10] (COMODO)
S4 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-01-28] ()
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2012-11-28] (DTS)
S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-12-12] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-06-22] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-12-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-03] (Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswnet; C:\Windows\System32\Drivers\aswnet.sys [468144 2013-01-21] (AVAST Software)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [40224 2012-09-21] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)
R1 cmdhlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)
S3 cpuz137; C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [26856 2015-01-17] (CPUID)
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-11-03] (LogMeIn Inc.)
R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2014-06-26] ()
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-22] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-22] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-12-12] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-29] (Microsoft Corporation)
S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-29 06:16 - 2015-06-29 06:17 - 00018150 _____ C:\Users\Martin\Downloads\FRST.txt
2015-06-29 06:16 - 2015-06-29 06:16 - 00000000 ____D C:\Users\Martin\Desktop\TrojanerBoard
2015-06-29 06:16 - 2015-06-29 06:16 - 00000000 ____D C:\FRST
2015-06-29 06:15 - 2015-06-29 06:15 - 02112512 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe
2015-06-29 06:14 - 2015-06-29 06:14 - 00050477 _____ C:\Users\Martin\Downloads\Defogger.exe
2015-06-29 06:14 - 2015-06-29 06:14 - 00000474 _____ C:\Users\Martin\Downloads\defogger_disable.log
2015-06-29 06:14 - 2015-06-29 06:14 - 00000000 _____ C:\Users\Martin\defogger_reenable
2015-06-28 04:36 - 2015-06-28 04:36 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Movavi
2015-06-28 04:36 - 2015-06-28 04:36 - 00000000 ____D C:\Users\Martin\AppData\Local\Movavi
2015-06-28 04:36 - 2015-06-28 04:36 - 00000000 ____D C:\Users\Martin\AppData\Local\Deshaker
2015-06-28 04:35 - 2015-06-28 04:35 - 00001132 _____ C:\Users\Public\Desktop\Movavi Video Editor 10.lnk
2015-06-28 04:35 - 2015-06-28 04:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 10
2015-06-28 04:34 - 2015-06-28 04:35 - 00000000 ____D C:\Program Files (x86)\Movavi Video Editor 10
2015-06-28 04:33 - 2015-06-28 04:33 - 00005005 _____ C:\ProgramData\wmzddnmb.cix
2015-06-28 04:33 - 2015-06-28 04:33 - 00000000 ____D C:\ProgramData\Movavi Video Editor 10
2015-06-28 04:31 - 2015-06-28 04:32 - 122618720 _____ (Movavi) C:\Users\Martin\Downloads\MovaviVideoEditorSetupC.exe
2015-06-28 03:59 - 2015-06-28 04:26 - 00000000 ____D C:\Users\Martin\Desktop\Schattenspiel Teamspeak
2015-06-27 20:08 - 2015-06-27 20:08 - 06477032 _____ (Tim Kosse) C:\Users\Martin\Downloads\FileZilla_3.11.0.2_win64-setup.exe
2015-06-27 14:44 - 2015-06-27 14:44 - 00001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft Logs Uploader.lnk
2015-06-27 14:44 - 2015-06-27 14:44 - 00001023 _____ C:\Users\Public\Desktop\Warcraft Logs Uploader.lnk
2015-06-27 14:44 - 2015-06-27 14:44 - 00000000 ____D C:\Program Files (x86)\Warcraft Logs Uploader
2015-06-27 14:42 - 2015-06-27 14:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-06-27 14:42 - 2015-06-27 14:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-06-27 14:20 - 2015-06-27 14:20 - 18054744 _____ (Adobe Systems Inc.) C:\Users\Martin\Downloads\AdobeAIRInstaller.exe
2015-06-27 14:20 - 2015-06-27 14:20 - 01371985 _____ C:\Users\Martin\Downloads\warcraftlogs.air
2015-06-25 10:48 - 2015-06-25 10:48 - 00098110 _____ C:\Users\Martin\Downloads\MasterPlan-0.60.zip
2015-06-25 09:48 - 2015-06-25 15:45 - 00000000 ____D C:\Users\Martin\Desktop\AltesIphoneFinal2015
2015-06-24 14:44 - 2015-06-24 14:44 - 02528274 _____ C:\Users\Martin\Downloads\DBM-Core-6.2.0.zip
2015-06-24 07:07 - 2015-06-24 07:33 - 00000000 ____D C:\Users\Martin\Desktop\Schattenspiel Screens
2015-06-22 02:34 - 2015-06-22 02:34 - 00001114 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-22 02:26 - 2015-06-22 02:26 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup(1).exe
2015-06-22 00:15 - 2015-06-22 00:15 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup.exe
2015-06-22 00:02 - 2015-06-22 00:02 - 00000000 ____D C:\Users\Martin\Downloads\Malwarebytes-Anti-Malware
2015-06-22 00:02 - 2015-06-22 00:02 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Browser-Security
2015-06-22 00:02 - 2015-06-22 00:02 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2015-06-20 04:05 - 2015-06-20 04:05 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-06-20 04:05 - 2015-06-20 04:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\Program Files\iTunes
2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\Program Files\iPod
2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-06-19 19:57 - 2015-06-19 19:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\GWX
2015-06-15 20:07 - 2015-06-15 20:07 - 00000000 _____ C:\Users\Martin\Desktop\Neues Textdokument.txt
2015-06-10 21:36 - 2015-06-10 21:36 - 00202295 _____ C:\Users\Martin\Downloads\libmp3lame-win-3.99.3.zip
2015-06-10 21:31 - 2015-06-13 20:10 - 00018012 _____ C:\Users\Martin\Desktop\ChamaleonOffbeat.aup
2015-06-10 21:31 - 2015-06-10 21:31 - 00031037 _____ C:\Users\Martin\Desktop\ChamaleonOffbeatSIcherung.aup
2015-06-10 21:31 - 2015-06-10 21:31 - 00000000 ____D C:\Users\Martin\Desktop\ChamaleonOffbeatSIcherung_data
2015-06-10 21:31 - 2015-06-10 21:31 - 00000000 ____D C:\Users\Martin\Desktop\ChamaleonOffbeat_data
2015-06-10 20:37 - 2015-06-10 20:37 - 00001548 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-06-10 20:37 - 2015-06-10 20:37 - 00001257 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-06-10 20:37 - 2015-06-10 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-06-10 20:36 - 2015-06-10 20:36 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2015-06-10 20:35 - 2015-06-10 20:35 - 36127464 _____ (DVDVideoSoft Ltd. ) C:\Users\Martin\Downloads\FreeYouTubeToMP3Converter_3.12.59.525.exe
2015-06-10 20:33 - 2015-06-10 20:33 - 00001031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-06-10 20:33 - 2015-06-10 20:33 - 00001019 _____ C:\Users\Public\Desktop\Audacity.lnk
2015-06-10 20:33 - 2015-06-10 20:33 - 00000000 ____D C:\Program Files (x86)\Audacity
2015-06-10 20:29 - 2015-06-10 20:29 - 01197344 _____ C:\Users\Martin\Downloads\Audacity - CHIP-Installer.exe
2015-06-10 20:10 - 2015-06-24 15:35 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-10 20:10 - 2015-06-24 15:35 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 15:44 - 2015-06-10 15:44 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 15:44 - 2015-06-10 15:44 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 15:44 - 2015-06-10 15:44 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 15:44 - 2015-06-10 15:44 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-10 15:44 - 2015-06-10 15:44 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 15:44 - 2015-06-10 15:44 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 15:44 - 2015-06-10 15:44 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 15:44 - 2015-06-10 15:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 15:44 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 15:44 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 15:44 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 15:43 - 2015-06-10 15:43 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-09 01:51 - 2015-06-09 01:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-09 01:51 - 2015-06-09 01:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-09 01:51 - 2015-06-09 01:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-09 01:50 - 2015-06-09 01:50 - 13095136 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\Silverlight_x64 (1).exe
2015-06-09 01:41 - 2015-06-09 01:42 - 13095136 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\Silverlight_x64.exe
2015-06-08 18:48 - 2015-06-08 18:48 - 00000000 ____D C:\Users\Martin\AppData\Local\GWX
2015-06-08 09:56 - 2015-06-25 23:04 - 00000000 ____D C:\Users\Martin\AppData\Roaming\.minecraft
2015-06-08 09:55 - 2015-06-08 10:06 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-06-08 09:55 - 2015-06-08 09:55 - 02314240 _____ C:\Users\Martin\Downloads\MinecraftInstaller.msi
2015-06-08 09:55 - 2015-06-08 09:55 - 00000973 _____ C:\Users\Public\Desktop\Minecraft.lnk
2015-06-08 09:55 - 2015-06-08 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-06-08 09:54 - 2015-06-08 09:54 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-06-08 09:54 - 2015-06-08 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-08 09:54 - 2015-06-08 09:54 - 00000000 ____D C:\Program Files\Java
2015-06-08 09:48 - 2015-06-08 09:48 - 01197344 _____ C:\Users\Martin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe
2015-06-07 18:29 - 2015-06-07 18:29 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-03 20:35 - 2015-06-03 20:35 - 01594655 _____ C:\Users\Martin\Downloads\ExRT3440.zip
2015-06-03 07:07 - 2015-06-03 07:07 - 00007194 _____ C:\Users\Martin\Desktop\readme.html
2015-06-03 07:06 - 2015-06-03 07:06 - 06471520 _____ (Tim Kosse) C:\Users\Martin\Downloads\FileZilla_3.11.0.1_win64-setup.exe
2015-06-02 02:07 - 2015-06-02 02:07 - 00733320 _____ C:\Users\Martin\Khuz06.02.html
2015-06-02 02:07 - 2015-06-02 02:07 - 00000561 _____ C:\Users\Martin\Desktop\Khuz06.02.html.lnk
2015-06-01 23:10 - 2015-06-02 02:06 - 00000000 ____D C:\Users\Martin\Desktop\simc-612-02-win64
2015-06-01 23:09 - 2015-06-01 23:09 - 32565970 _____ C:\Users\Martin\Desktop\simc-612-02-win64.7z
2015-05-31 02:08 - 2015-05-31 02:08 - 00000874 _____ C:\Users\Martin\AppData\Local\recently-used.xbel
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-29 06:16 - 2015-02-25 16:32 - 00000000 ____D C:\Users\Martin\AppData\Local\Battle.net
2015-06-29 06:14 - 2014-10-21 05:20 - 00000000 ____D C:\Users\Martin
2015-06-29 06:14 - 2012-12-13 15:21 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-06-29 06:03 - 2015-01-13 18:30 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-29 06:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-29 05:47 - 2014-04-26 14:55 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-29 05:32 - 2014-10-21 05:10 - 01229766 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-29 00:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-29 00:05 - 2012-12-18 20:36 - 00000000 ____D C:\Users\Martin\AppData\Roaming\TS3Client
2015-06-28 22:47 - 2014-04-26 14:55 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-28 04:56 - 2012-11-28 11:03 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-683499341-1041353402-3527594545-1001
2015-06-28 04:42 - 2013-01-07 20:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\vlc
2015-06-27 20:09 - 2014-11-10 18:30 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FileZilla
2015-06-27 14:44 - 2012-12-13 14:40 - 00000000 ____D C:\ProgramData\Adobe
2015-06-27 14:44 - 2012-11-28 10:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Adobe
2015-06-27 14:42 - 2012-12-15 01:20 - 00000000 ____D C:\Users\Martin\AppData\Local\Adobe
2015-06-27 14:42 - 2012-12-15 01:14 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-26 20:20 - 2014-11-09 03:11 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-26 14:45 - 2014-10-21 05:10 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-26 14:45 - 2014-09-23 23:06 - 00021992 _____ C:\WINDOWS\PFRO.log
2015-06-26 14:45 - 2013-08-22 16:46 - 00438109 _____ C:\WINDOWS\setupact.log
2015-06-26 14:45 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-26 12:18 - 2013-01-21 05:46 - 00000000 ____D C:\Users\Martin\Desktop\World of Warcraft
2015-06-25 16:05 - 2014-11-06 20:55 - 00000600 _____ C:\Users\Martin\AppData\Local\PUTTY.RND
2015-06-25 15:23 - 2013-11-05 18:27 - 00000000 ____D C:\ProgramData\Origin
2015-06-25 10:26 - 2015-02-12 09:52 - 00000000 ____D C:\Users\Martin\Desktop\Nudeanna
2015-06-24 20:05 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-24 07:09 - 2014-09-24 14:11 - 00000000 ____D C:\Users\Martin\Desktop\la fotografia
2015-06-24 04:40 - 2015-02-05 05:24 - 00067082 _____ C:\Users\Martin\Desktop\Email1.odt
2015-06-24 04:15 - 2015-03-01 18:51 - 00000000 ____D C:\Users\Martin\Desktop\Tor Browser
2015-06-23 19:03 - 2015-01-13 18:30 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-22 02:35 - 2014-04-17 17:29 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-22 02:34 - 2014-04-17 17:28 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-22 02:34 - 2014-04-17 17:28 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-22 02:34 - 2014-04-17 17:28 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-22 02:34 - 2014-04-17 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-22 02:34 - 2014-04-17 17:28 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-22 00:02 - 2015-04-24 00:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-21 18:53 - 2015-02-25 16:32 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-20 04:08 - 2015-04-21 13:59 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-683499341-1041353402-3527594545-500
2015-06-20 04:05 - 2012-08-21 13:01 - 00125872 _____ (GEAR Software Inc.) C:\WINDOWS\system32\GEARAspi64.dll
2015-06-20 04:05 - 2012-08-21 13:01 - 00106928 _____ (GEAR Software Inc.) C:\WINDOWS\SysWOW64\GEARAspi.dll
2015-06-20 04:04 - 2013-05-16 12:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-06-19 08:41 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-18 01:11 - 2014-12-12 01:19 - 00948588 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-06-17 22:39 - 2014-09-24 08:17 - 02129096 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-17 22:39 - 2014-09-24 07:43 - 01025754 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-17 22:39 - 2014-09-24 07:43 - 00245418 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-17 00:44 - 2014-05-01 16:16 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-06-13 20:10 - 2013-01-31 03:47 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Audacity
2015-06-11 01:40 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-10 20:37 - 2013-01-07 20:12 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2015-06-10 20:36 - 2013-01-07 20:12 - 00000000 ____D C:\Users\Martin\AppData\Roaming\DVDVideoSoft
2015-06-10 20:10 - 2013-08-22 16:44 - 00362840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-10 18:53 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-10 18:52 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 18:48 - 2013-09-18 11:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 18:41 - 2012-12-12 22:46 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-08 09:39 - 2015-03-01 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-08 09:38 - 2015-04-16 02:36 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-08 09:38 - 2014-09-24 09:43 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-08 09:03 - 2015-01-28 00:21 - 00000000 ____D C:\Users\Martin\Desktop\Schattenspiel.Server
2015-06-08 08:56 - 2014-09-25 16:48 - 00000000 ____D C:\ProgramData\Oracle
2015-06-05 15:36 - 2014-03-25 20:22 - 00820928 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
2015-06-05 15:36 - 2014-03-25 20:22 - 00126696 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2015-06-05 15:36 - 2014-03-25 20:22 - 00035056 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2015-06-05 15:36 - 2014-03-25 20:22 - 00020672 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
2015-06-05 15:34 - 2014-03-25 20:22 - 00576824 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-06-05 15:34 - 2014-03-25 20:22 - 00444448 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-06-05 15:34 - 2014-03-25 20:22 - 00041224 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2015-06-05 15:33 - 2014-03-25 20:22 - 00358080 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2015-06-05 15:32 - 2014-03-25 20:22 - 00045760 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll
2015-06-05 15:31 - 2014-03-25 20:22 - 00288448 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2015-06-05 15:31 - 2014-03-25 20:22 - 00040640 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll
2015-06-04 17:45 - 2014-06-22 17:40 - 00000000 ____D C:\Users\Martin\AppData\Roaming\SimulationCraft
2015-06-03 00:54 - 2013-11-05 18:28 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Origin
2015-06-03 00:53 - 2013-11-05 18:26 - 00000000 ____D C:\Program Files (x86)\Origin
2015-05-31 02:08 - 2013-01-20 00:25 - 00000000 ____D C:\Users\Martin\.gimp-2.8
==================== Files in the root of some directories =======
2013-06-03 18:24 - 2013-06-03 19:16 - 0000474 _____ () C:\Users\Martin\AppData\Roaming\Poladroid prefs.plist
2014-11-06 20:55 - 2015-06-25 16:05 - 0000600 _____ () C:\Users\Martin\AppData\Local\PUTTY.RND
2015-05-31 02:08 - 2015-05-31 02:08 - 0000874 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel
2014-04-15 20:00 - 2014-04-15 20:00 - 0000017 _____ () C:\Users\Martin\AppData\Local\resmon.resmoncfg
2013-04-25 13:58 - 2014-11-09 02:51 - 0001809 _____ () C:\ProgramData\hpzinstall.log
2015-06-28 04:33 - 2015-06-28 04:33 - 0005005 _____ () C:\ProgramData\wmzddnmb.cix
Some files in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\sdan.exe
C:\Users\Martin\AppData\Local\Temp\sdapk.exe
C:\Users\Martin\AppData\Local\Temp\sdaspwn.exe
C:\Users\Martin\AppData\Local\Temp\Setup-Giga1.exe
C:\Users\Martin\AppData\Local\Temp\WEB.DE_MailCheck_FF_WebSetup_sfs_ki20501.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
Code:
ATTFilter LastRegBack: 2015-06-26 15:07
==================== End of log ============================
Bei GMER bekam ich zwei Fehlermeldungen, die wie folgt lauteten: C:\WINDOWS\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. C:\Users\Martin\ntuser.dat: "Obiger Text" Vor Ausführen des GMER Scans habe ich Internet, Antivirus und sonstige Prozesse beendet. Ich hoffe ich habe alle Informationen richtig zusammengetragen. Herzlichen Dank schon vorab für die Mühen und Ihre Zeit! LG Baane |
| Themen zu Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los |
| adobe, adware, antivirus, browser, comodo, datei anhängen, defender, desktop, email, firefox, flash player, google, hängen, langsam, mozilla, problem, prozess, prozesse, realtek, registry, rundll, scan, security, software, superantispyware, svchost.exe, system, trojware, wiederholung, windows |
Baum-Darstellung