Hallo schrauber, Zitat:
Das geht nit einfach mal so, dafür gibt es extra ne mehrmonatige Ausbildung, wenn man das richtig können will
| Natürlich, aber ich kann ja damit keinen Schaden anrichten. Dann kannst du mir ja sagen, ob ich das Zeug dazu hätte (Ausbildung) und ob ich schon Vorkenntnisse habe.
FRST Logfile, meiner Meinung nach clean, aber Überreste von McAfee, die ich nicht löschen kann, weil ich den Prozess nicht beenden kann.
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Gideon (administrator) on HOME on 26-03-2014 17:48:11
Running from C:\Users\Gideon\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-06-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-23] (AVAST Software)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2058586743-3979093847-619797469-1001\...\Run: [Spotify Web Helper] - C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2013-09-28] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {ABC09333-689F-47B3-8CC3-1DFFC3C27B88} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM - {ABC09333-689F-47B3-8CC3-1DFFC3C27B88} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 - {ABC09333-689F-47B3-8CC3-1DFFC3C27B88} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {ABC09333-689F-47B3-8CC3-1DFFC3C27B88} URL =
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKCU - {ABC09333-689F-47B3-8CC3-1DFFC3C27B88} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Gideon\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Extension: (Google Drive) - C:\Users\Gideon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-25]
CHR Extension: (YouTube) - C:\Users\Gideon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-25]
CHR Extension: (Google-Suche) - C:\Users\Gideon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-25]
CHR Extension: (AdBlock) - C:\Users\Gideon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-25]
CHR Extension: (Google Wallet) - C:\Users\Gideon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-25]
CHR Extension: (Google Mail) - C:\Users\Gideon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-02-23]
==================== Services (Whitelisted) =================
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-23] (AVAST Software)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-04-22] (ELAN Microelectronics Corp.)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
S2 McAPExe; No ImagePath
S3 NOBU; No ImagePath
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37472 2013-02-14] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2013-04-21] (Microsoft Corporation)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-02-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-23] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-23] ()
R3 AthrSdSrv; C:\Windows\system32\DRIVERS\athrsd.sys [43520 2013-03-12] (Qualcomm Atheros, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2014-03-16] ()
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2014-03-13] ()
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
U3 aswMBR; \??\C:\Users\Gideon\AppData\Local\Temp\aswMBR.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-26 17:48 - 2014-03-26 17:48 - 00013428 _____ () C:\Users\Gideon\Desktop\FRST.txt
2014-03-26 17:47 - 2014-03-26 17:48 - 00000000 ____D () C:\FRST
2014-03-26 17:47 - 2014-03-26 17:46 - 02157056 _____ (Farbar) C:\Users\Gideon\Desktop\FRST64.exe
2014-03-26 17:46 - 2014-03-26 17:46 - 02157056 _____ (Farbar) C:\Users\Gideon\Downloads\FRST64.exe
2014-03-23 19:53 - 2014-03-23 19:55 - 30796712 _____ (Oracle Corporation) C:\Users\Gideon\Downloads\jre-7u51-windows-x64.exe
2014-03-23 12:54 - 2014-03-23 12:54 - 00000145 _____ () C:\Users\Gideon\Desktop\emsi.zip
2014-03-23 12:51 - 2014-03-23 12:51 - 00000570 _____ () C:\Users\Gideon\Desktop\MBRMastr_2014.03.23_12.51.16.txt
2014-03-23 12:51 - 2014-03-23 12:51 - 00000528 _____ () C:\Users\Gideon\Desktop\MBRMastr_2014.03.23_12.51.14.txt
2014-03-23 12:44 - 2014-03-23 12:46 - 00000512 _____ () C:\Users\Gideon\Desktop\emsi.mbr
2014-03-23 12:43 - 2014-03-23 12:42 - 00788728 _____ (Emsisoft GmbH) C:\Users\Gideon\Desktop\mbrmastr.exe
2014-03-23 12:42 - 2014-03-23 12:42 - 00788728 _____ (Emsisoft GmbH) C:\Users\Gideon\Downloads\mbrmastr.exe
2014-03-23 11:45 - 2014-03-23 11:45 - 00001787 _____ () C:\Users\Gideon\Desktop\aswMBR.txt
2014-03-23 11:45 - 2014-03-23 11:45 - 00000512 _____ () C:\Users\Gideon\Desktop\MBR.dat
2014-03-23 11:44 - 2014-03-23 11:44 - 04745728 _____ (AVAST Software) C:\Users\Gideon\Downloads\aswMBR.exe
2014-03-23 11:44 - 2014-03-23 11:44 - 04745728 _____ (AVAST Software) C:\Users\Gideon\Desktop\aswMBR.exe
2014-03-21 21:26 - 2014-02-08 05:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-21 21:26 - 2013-10-25 08:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-21 21:26 - 2013-10-24 23:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-21 21:25 - 2014-02-23 09:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-21 21:25 - 2014-02-23 09:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-21 21:25 - 2014-02-23 09:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-21 21:25 - 2014-02-23 09:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-21 21:25 - 2014-02-23 09:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-21 21:25 - 2014-02-23 09:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-21 21:25 - 2014-02-23 09:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-21 21:25 - 2014-02-23 09:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-21 21:25 - 2014-02-23 09:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-21 21:25 - 2014-02-23 09:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-21 21:25 - 2014-02-23 09:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-21 21:25 - 2014-02-23 09:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-21 21:25 - 2014-02-23 09:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-21 21:25 - 2014-02-23 09:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-21 21:25 - 2014-02-23 09:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-21 21:25 - 2014-02-23 09:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-21 21:25 - 2014-02-23 07:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-21 21:25 - 2014-02-23 07:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-21 21:25 - 2014-02-23 07:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-21 21:25 - 2014-02-23 07:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-21 21:25 - 2014-02-23 07:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-21 21:25 - 2014-02-23 07:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-21 21:25 - 2014-02-23 07:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-21 21:25 - 2014-02-23 07:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-21 21:25 - 2014-02-23 07:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-21 21:25 - 2014-02-23 07:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-21 21:25 - 2014-02-23 07:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-21 21:25 - 2014-02-23 07:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-21 21:25 - 2014-02-23 07:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-21 21:25 - 2014-02-23 07:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-21 21:25 - 2014-02-23 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-21 21:25 - 2014-02-23 07:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-21 21:25 - 2014-02-23 05:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-21 21:24 - 2014-02-06 00:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-21 21:24 - 2014-02-06 00:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-21 21:24 - 2014-01-31 01:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-21 21:24 - 2014-01-31 01:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-21 20:02 - 2013-12-07 07:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-21 20:02 - 2013-12-07 06:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-16 12:42 - 2014-03-16 12:56 - 00000000 ____D () C:\Users\Gideon\Desktop\mbar
2014-03-16 12:39 - 2014-03-16 12:39 - 00000000 ____D () C:\Users\Gideon\AppData\Roaming\WildTangent
2014-03-14 19:58 - 2014-03-14 20:45 - 00000000 ____D () C:\Users\Gideon\Desktop\Minecraft_Backup
2014-03-13 16:50 - 2014-03-16 12:35 - 00310984 _____ () C:\Windows\system32\Drivers\atksgt.sys
2014-03-13 16:50 - 2014-03-13 16:50 - 00042696 _____ () C:\Windows\system32\Drivers\lirsgt.sys
2014-03-13 16:45 - 2014-03-13 16:48 - 00000000 ____D () C:\Program Files (x86)\Anno 1701
2014-02-24 19:48 - 2014-02-24 19:48 - 00000000 ____D () C:\Users\Gideon\Desktop\Neuer Ordner (2)
2014-02-24 17:00 - 2014-02-24 17:00 - 01934845 _____ () C:\Users\Gideon\Downloads\CakeDefense2 by disco.zip
==================== One Month Modified Files and Folders =======
2014-03-26 17:48 - 2014-03-26 17:48 - 00013428 _____ () C:\Users\Gideon\Desktop\FRST.txt
2014-03-26 17:48 - 2014-03-26 17:47 - 00000000 ____D () C:\FRST
2014-03-26 17:46 - 2014-03-26 17:47 - 02157056 _____ (Farbar) C:\Users\Gideon\Desktop\FRST64.exe
2014-03-26 17:46 - 2014-03-26 17:46 - 02157056 _____ (Farbar) C:\Users\Gideon\Downloads\FRST64.exe
2014-03-26 17:42 - 2014-01-06 21:14 - 01209644 _____ () C:\Windows\WindowsUpdate.log
2014-03-26 17:42 - 2013-12-25 20:26 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-26 17:41 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-26 17:40 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-25 19:42 - 2013-12-25 20:26 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-23 19:55 - 2014-03-23 19:53 - 30796712 _____ (Oracle Corporation) C:\Users\Gideon\Downloads\jre-7u51-windows-x64.exe
2014-03-23 12:54 - 2014-03-23 12:54 - 00000145 _____ () C:\Users\Gideon\Desktop\emsi.zip
2014-03-23 12:51 - 2014-03-23 12:51 - 00000570 _____ () C:\Users\Gideon\Desktop\MBRMastr_2014.03.23_12.51.16.txt
2014-03-23 12:51 - 2014-03-23 12:51 - 00000528 _____ () C:\Users\Gideon\Desktop\MBRMastr_2014.03.23_12.51.14.txt
2014-03-23 12:46 - 2014-03-23 12:44 - 00000512 _____ () C:\Users\Gideon\Desktop\emsi.mbr
2014-03-23 12:42 - 2014-03-23 12:43 - 00788728 _____ (Emsisoft GmbH) C:\Users\Gideon\Desktop\mbrmastr.exe
2014-03-23 12:42 - 2014-03-23 12:42 - 00788728 _____ (Emsisoft GmbH) C:\Users\Gideon\Downloads\mbrmastr.exe
2014-03-23 11:45 - 2014-03-23 11:45 - 00001787 _____ () C:\Users\Gideon\Desktop\aswMBR.txt
2014-03-23 11:45 - 2014-03-23 11:45 - 00000512 _____ () C:\Users\Gideon\Desktop\MBR.dat
2014-03-23 11:44 - 2014-03-23 11:44 - 04745728 _____ (AVAST Software) C:\Users\Gideon\Downloads\aswMBR.exe
2014-03-23 11:44 - 2014-03-23 11:44 - 04745728 _____ (AVAST Software) C:\Users\Gideon\Desktop\aswMBR.exe
2014-03-23 01:22 - 2013-12-25 20:13 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2058586743-3979093847-619797469-1001
2014-03-22 23:46 - 2013-12-25 20:07 - 00000000 ___RD () C:\Users\Gideon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-22 23:46 - 2013-12-25 20:07 - 00000000 ___RD () C:\Users\Gideon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-22 23:45 - 2013-08-02 16:58 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-22 23:45 - 2013-08-02 16:58 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-03-22 23:44 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-22 23:42 - 2014-02-01 09:10 - 415082178 _____ () C:\Windows\MEMORY.DMP
2014-03-22 23:42 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-22 23:42 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-22 23:42 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-22 23:42 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-22 23:42 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-22 13:42 - 2013-12-25 20:06 - 00000000 ____D () C:\Users\Gideon\AppData\Local\VirtualStore
2014-03-22 00:06 - 2013-12-27 13:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-22 00:03 - 2013-12-27 13:23 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-22 00:03 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-21 20:31 - 2013-12-25 20:29 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-16 21:37 - 2013-12-26 00:56 - 00000000 ____D () C:\Users\Gideon\AppData\Roaming\.minecraft
2014-03-16 12:56 - 2014-03-16 12:42 - 00000000 ____D () C:\Users\Gideon\Desktop\mbar
2014-03-16 12:56 - 2014-01-26 13:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-16 12:42 - 2014-01-26 13:39 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-16 12:39 - 2014-03-16 12:39 - 00000000 ____D () C:\Users\Gideon\AppData\Roaming\WildTangent
2014-03-16 12:39 - 2013-08-02 16:56 - 00000000 ____D () C:\ProgramData\WildTangent
2014-03-16 12:35 - 2014-03-13 16:50 - 00310984 _____ () C:\Windows\system32\Drivers\atksgt.sys
2014-03-16 12:25 - 2013-12-27 23:52 - 00000000 ____D () C:\Program Files (x86)\KONAMI
2014-03-16 12:11 - 2013-09-29 05:32 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-03-16 12:11 - 2013-09-29 05:32 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-03-16 12:11 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 20:45 - 2014-03-14 19:58 - 00000000 ____D () C:\Users\Gideon\Desktop\Minecraft_Backup
2014-03-14 15:34 - 2014-01-03 16:44 - 00000000 ____D () C:\Users\Gideon\Desktop\Backup MCraft
2014-03-14 15:34 - 2013-12-26 00:59 - 00000000 ____D () C:\Users\Gideon\Desktop\saves
2014-03-13 16:50 - 2014-03-13 16:50 - 00042696 _____ () C:\Windows\system32\Drivers\lirsgt.sys
2014-03-13 16:48 - 2014-03-13 16:45 - 00000000 ____D () C:\Program Files (x86)\Anno 1701
2014-03-09 19:51 - 2014-02-17 14:28 - 00000000 ____D () C:\AdwCleaner
2014-03-04 23:52 - 2013-12-29 00:18 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:52 - 2013-12-29 00:18 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-24 19:48 - 2014-02-24 19:48 - 00000000 ____D () C:\Users\Gideon\Desktop\Neuer Ordner (2)
2014-02-24 17:00 - 2014-02-24 17:00 - 01934845 _____ () C:\Users\Gideon\Downloads\CakeDefense2 by disco.zip
2014-02-24 16:33 - 2014-02-23 15:33 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-24 12:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-22 15:40
==================== End Of Log ============================ --- --- ---
Schöne Grüße,
Keckrem |