Trojaner-Board - Kontrollscan mit aswmbr: Unknown Mbr

Hallo schrauber,
Zitat:
Das geht nit einfach mal so, dafür gibt es extra ne mehrmonatige Ausbildung, wenn man das richtig können will
Natürlich, aber ich kann ja damit keinen Schaden anrichten. Dann kannst du mir ja sagen, ob ich das Zeug dazu hätte (Ausbildung) und ob ich schon Vorkenntnisse habe.

FRST Logfile, meiner Meinung nach clean, aber Überreste von McAfee, die ich nicht löschen kann, weil ich den Prozess nicht beenden kann.

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014

Ran by Gideon (administrator) on HOME on 26-03-2014 17:48:11

Running from C:\Users\Gideon\Desktop

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe

(Microsoft Corporation) C:\Windows\system32\dashost.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe

(AMD) C:\Windows\system32\atieclxx.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\system32\msiexec.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-22] (ELAN Microelectronics Corp.)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-09] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-06-03] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-23] (AVAST Software)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-2058586743-3979093847-619797469-1001\...\Run: [Spotify Web Helper] - C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2013-09-28] ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {ABC09333-689F-47B3-8CC3-1DFFC3C27B88} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}

SearchScopes: HKLM - {ABC09333-689F-47B3-8CC3-1DFFC3C27B88} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}

SearchScopes: HKLM-x32 - {ABC09333-689F-47B3-8CC3-1DFFC3C27B88} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

SearchScopes: HKCU - DefaultScope {ABC09333-689F-47B3-8CC3-1DFFC3C27B88} URL = 

SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}

SearchScopes: HKCU - {ABC09333-689F-47B3-8CC3-1DFFC3C27B88} URL = 

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

Chrome: 

=======

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Gideon\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Java(TM) Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File

CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)

CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File

CHR Extension: (Google Drive) - C:\Users\Gideon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-25]

CHR Extension: (YouTube) - C:\Users\Gideon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-25]

CHR Extension: (Google-Suche) - C:\Users\Gideon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-25]

CHR Extension: (AdBlock) - C:\Users\Gideon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-25]

CHR Extension: (Google Wallet) - C:\Users\Gideon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-25]

CHR Extension: (Google Mail) - C:\Users\Gideon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-25]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-02-23]
 

==================== Services (Whitelisted) =================
 

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-23] (AVAST Software)

R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)

R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-04-22] (ELAN Microelectronics Corp.)

R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

S2 McAPExe; No ImagePath

S3 NOBU; No ImagePath
 

==================== Drivers (Whitelisted) ====================
 

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37472 2013-02-14] (Advanced Micro Devices, Inc.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2013-04-21] (Microsoft Corporation)

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-23] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-02-23] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-23] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-23] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-23] (AVAST Software)

R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-23] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-23] ()

R3 AthrSdSrv; C:\Windows\system32\DRIVERS\athrsd.sys [43520 2013-03-12] (Qualcomm Atheros, Inc.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2014-03-16] ()

S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2014-03-13] ()

R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)

S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)

R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)

U3 aswMBR; \??\C:\Users\Gideon\AppData\Local\Temp\aswMBR.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-03-26 17:48 - 2014-03-26 17:48 - 00013428 _____ () C:\Users\Gideon\Desktop\FRST.txt

2014-03-26 17:47 - 2014-03-26 17:48 - 00000000 ____D () C:\FRST

2014-03-26 17:47 - 2014-03-26 17:46 - 02157056 _____ (Farbar) C:\Users\Gideon\Desktop\FRST64.exe

2014-03-26 17:46 - 2014-03-26 17:46 - 02157056 _____ (Farbar) C:\Users\Gideon\Downloads\FRST64.exe

2014-03-23 19:53 - 2014-03-23 19:55 - 30796712 _____ (Oracle Corporation) C:\Users\Gideon\Downloads\jre-7u51-windows-x64.exe

2014-03-23 12:54 - 2014-03-23 12:54 - 00000145 _____ () C:\Users\Gideon\Desktop\emsi.zip

2014-03-23 12:51 - 2014-03-23 12:51 - 00000570 _____ () C:\Users\Gideon\Desktop\MBRMastr_2014.03.23_12.51.16.txt

2014-03-23 12:51 - 2014-03-23 12:51 - 00000528 _____ () C:\Users\Gideon\Desktop\MBRMastr_2014.03.23_12.51.14.txt

2014-03-23 12:44 - 2014-03-23 12:46 - 00000512 _____ () C:\Users\Gideon\Desktop\emsi.mbr

2014-03-23 12:43 - 2014-03-23 12:42 - 00788728 _____ (Emsisoft GmbH) C:\Users\Gideon\Desktop\mbrmastr.exe

2014-03-23 12:42 - 2014-03-23 12:42 - 00788728 _____ (Emsisoft GmbH) C:\Users\Gideon\Downloads\mbrmastr.exe

2014-03-23 11:45 - 2014-03-23 11:45 - 00001787 _____ () C:\Users\Gideon\Desktop\aswMBR.txt

2014-03-23 11:45 - 2014-03-23 11:45 - 00000512 _____ () C:\Users\Gideon\Desktop\MBR.dat

2014-03-23 11:44 - 2014-03-23 11:44 - 04745728 _____ (AVAST Software) C:\Users\Gideon\Downloads\aswMBR.exe

2014-03-23 11:44 - 2014-03-23 11:44 - 04745728 _____ (AVAST Software) C:\Users\Gideon\Desktop\aswMBR.exe

2014-03-21 21:26 - 2014-02-08 05:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-21 21:26 - 2013-10-25 08:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys

2014-03-21 21:26 - 2013-10-24 23:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys

2014-03-21 21:25 - 2014-02-23 09:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-21 21:25 - 2014-02-23 09:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-21 21:25 - 2014-02-23 09:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2014-03-21 21:25 - 2014-02-23 09:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll

2014-03-21 21:25 - 2014-02-23 09:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-21 21:25 - 2014-02-23 09:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-21 21:25 - 2014-02-23 09:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-21 21:25 - 2014-02-23 09:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-21 21:25 - 2014-02-23 09:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-21 21:25 - 2014-02-23 09:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-21 21:25 - 2014-02-23 09:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-21 21:25 - 2014-02-23 09:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-03-21 21:25 - 2014-02-23 09:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-03-21 21:25 - 2014-02-23 09:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-21 21:25 - 2014-02-23 09:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-21 21:25 - 2014-02-23 09:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-21 21:25 - 2014-02-23 07:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-03-21 21:25 - 2014-02-23 07:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-03-21 21:25 - 2014-02-23 07:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll

2014-03-21 21:25 - 2014-02-23 07:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-21 21:25 - 2014-02-23 07:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-03-21 21:25 - 2014-02-23 07:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-03-21 21:25 - 2014-02-23 07:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-03-21 21:25 - 2014-02-23 07:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-03-21 21:25 - 2014-02-23 07:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-03-21 21:25 - 2014-02-23 07:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-03-21 21:25 - 2014-02-23 07:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-03-21 21:25 - 2014-02-23 07:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-03-21 21:25 - 2014-02-23 07:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-03-21 21:25 - 2014-02-23 07:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-03-21 21:25 - 2014-02-23 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-21 21:25 - 2014-02-23 07:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-21 21:25 - 2014-02-23 05:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

2014-03-21 21:24 - 2014-02-06 00:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-21 21:24 - 2014-02-06 00:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-03-21 21:24 - 2014-01-31 01:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-03-21 21:24 - 2014-01-31 01:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-03-21 20:02 - 2013-12-07 07:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-03-21 20:02 - 2013-12-07 06:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-03-16 12:42 - 2014-03-16 12:56 - 00000000 ____D () C:\Users\Gideon\Desktop\mbar

2014-03-16 12:39 - 2014-03-16 12:39 - 00000000 ____D () C:\Users\Gideon\AppData\Roaming\WildTangent

2014-03-14 19:58 - 2014-03-14 20:45 - 00000000 ____D () C:\Users\Gideon\Desktop\Minecraft_Backup

2014-03-13 16:50 - 2014-03-16 12:35 - 00310984 _____ () C:\Windows\system32\Drivers\atksgt.sys

2014-03-13 16:50 - 2014-03-13 16:50 - 00042696 _____ () C:\Windows\system32\Drivers\lirsgt.sys

2014-03-13 16:45 - 2014-03-13 16:48 - 00000000 ____D () C:\Program Files (x86)\Anno 1701

2014-02-24 19:48 - 2014-02-24 19:48 - 00000000 ____D () C:\Users\Gideon\Desktop\Neuer Ordner (2)

2014-02-24 17:00 - 2014-02-24 17:00 - 01934845 _____ () C:\Users\Gideon\Downloads\CakeDefense2 by disco.zip
 

==================== One Month Modified Files and Folders =======
 

2014-03-26 17:48 - 2014-03-26 17:48 - 00013428 _____ () C:\Users\Gideon\Desktop\FRST.txt

2014-03-26 17:48 - 2014-03-26 17:47 - 00000000 ____D () C:\FRST

2014-03-26 17:46 - 2014-03-26 17:47 - 02157056 _____ (Farbar) C:\Users\Gideon\Desktop\FRST64.exe

2014-03-26 17:46 - 2014-03-26 17:46 - 02157056 _____ (Farbar) C:\Users\Gideon\Downloads\FRST64.exe

2014-03-26 17:42 - 2014-01-06 21:14 - 01209644 _____ () C:\Windows\WindowsUpdate.log

2014-03-26 17:42 - 2013-12-25 20:26 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-26 17:41 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru

2014-03-26 17:40 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-03-25 19:42 - 2013-12-25 20:26 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-23 19:55 - 2014-03-23 19:53 - 30796712 _____ (Oracle Corporation) C:\Users\Gideon\Downloads\jre-7u51-windows-x64.exe

2014-03-23 12:54 - 2014-03-23 12:54 - 00000145 _____ () C:\Users\Gideon\Desktop\emsi.zip

2014-03-23 12:51 - 2014-03-23 12:51 - 00000570 _____ () C:\Users\Gideon\Desktop\MBRMastr_2014.03.23_12.51.16.txt

2014-03-23 12:51 - 2014-03-23 12:51 - 00000528 _____ () C:\Users\Gideon\Desktop\MBRMastr_2014.03.23_12.51.14.txt

2014-03-23 12:46 - 2014-03-23 12:44 - 00000512 _____ () C:\Users\Gideon\Desktop\emsi.mbr

2014-03-23 12:42 - 2014-03-23 12:43 - 00788728 _____ (Emsisoft GmbH) C:\Users\Gideon\Desktop\mbrmastr.exe

2014-03-23 12:42 - 2014-03-23 12:42 - 00788728 _____ (Emsisoft GmbH) C:\Users\Gideon\Downloads\mbrmastr.exe

2014-03-23 11:45 - 2014-03-23 11:45 - 00001787 _____ () C:\Users\Gideon\Desktop\aswMBR.txt

2014-03-23 11:45 - 2014-03-23 11:45 - 00000512 _____ () C:\Users\Gideon\Desktop\MBR.dat

2014-03-23 11:44 - 2014-03-23 11:44 - 04745728 _____ (AVAST Software) C:\Users\Gideon\Downloads\aswMBR.exe

2014-03-23 11:44 - 2014-03-23 11:44 - 04745728 _____ (AVAST Software) C:\Users\Gideon\Desktop\aswMBR.exe

2014-03-23 01:22 - 2013-12-25 20:13 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2058586743-3979093847-619797469-1001

2014-03-22 23:46 - 2013-12-25 20:07 - 00000000 ___RD () C:\Users\Gideon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-03-22 23:46 - 2013-12-25 20:07 - 00000000 ___RD () C:\Users\Gideon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-03-22 23:45 - 2013-08-02 16:58 - 00000000 ____D () C:\ProgramData\McAfee

2014-03-22 23:45 - 2013-08-02 16:58 - 00000000 ____D () C:\Program Files\Common Files\mcafee

2014-03-22 23:44 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-22 23:42 - 2014-02-01 09:10 - 415082178 _____ () C:\Windows\MEMORY.DMP

2014-03-22 23:42 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData

2014-03-22 23:42 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-03-22 23:42 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-03-22 23:42 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender

2014-03-22 23:42 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-03-22 13:42 - 2013-12-25 20:06 - 00000000 ____D () C:\Users\Gideon\AppData\Local\VirtualStore

2014-03-22 00:06 - 2013-12-27 13:23 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-22 00:03 - 2013-12-27 13:23 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-03-22 00:03 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-03-21 20:31 - 2013-12-25 20:29 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-03-16 21:37 - 2013-12-26 00:56 - 00000000 ____D () C:\Users\Gideon\AppData\Roaming\.minecraft

2014-03-16 12:56 - 2014-03-16 12:42 - 00000000 ____D () C:\Users\Gideon\Desktop\mbar

2014-03-16 12:56 - 2014-01-26 13:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-03-16 12:42 - 2014-01-26 13:39 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-16 12:39 - 2014-03-16 12:39 - 00000000 ____D () C:\Users\Gideon\AppData\Roaming\WildTangent

2014-03-16 12:39 - 2013-08-02 16:56 - 00000000 ____D () C:\ProgramData\WildTangent

2014-03-16 12:35 - 2014-03-13 16:50 - 00310984 _____ () C:\Windows\system32\Drivers\atksgt.sys

2014-03-16 12:25 - 2013-12-27 23:52 - 00000000 ____D () C:\Program Files (x86)\KONAMI

2014-03-16 12:11 - 2013-09-29 05:32 - 00753134 _____ () C:\Windows\system32\perfh007.dat

2014-03-16 12:11 - 2013-09-29 05:32 - 00155826 _____ () C:\Windows\system32\perfc007.dat

2014-03-16 12:11 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-03-14 20:45 - 2014-03-14 19:58 - 00000000 ____D () C:\Users\Gideon\Desktop\Minecraft_Backup

2014-03-14 15:34 - 2014-01-03 16:44 - 00000000 ____D () C:\Users\Gideon\Desktop\Backup MCraft

2014-03-14 15:34 - 2013-12-26 00:59 - 00000000 ____D () C:\Users\Gideon\Desktop\saves

2014-03-13 16:50 - 2014-03-13 16:50 - 00042696 _____ () C:\Windows\system32\Drivers\lirsgt.sys

2014-03-13 16:48 - 2014-03-13 16:45 - 00000000 ____D () C:\Program Files (x86)\Anno 1701

2014-03-09 19:51 - 2014-02-17 14:28 - 00000000 ____D () C:\AdwCleaner

2014-03-04 23:52 - 2013-12-29 00:18 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-04 23:52 - 2013-12-29 00:18 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-02-24 19:48 - 2014-02-24 19:48 - 00000000 ____D () C:\Users\Gideon\Desktop\Neuer Ordner (2)

2014-02-24 17:00 - 2014-02-24 17:00 - 01934845 _____ () C:\Users\Gideon\Downloads\CakeDefense2 by disco.zip

2014-02-24 16:33 - 2014-02-23 15:33 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-02-24 12:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-03-22 15:40
 

==================== End Of Log ============================
--- --- ---

Schöne Grüße,
Keckrem