Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

anythicago.com and bestdriverstar.net [Solved]


  • This topic is locked This topic is locked

#1
Lille

Lille

    Member

  • Member
  • PipPip
  • 13 posts

Hi, 

 

my computer is attacked by the following malware: anythicago.com and bestdriverstar.net.

 

i ran the recommended program.

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015

Ran by Daniel at 2015-06-14 20:13:26

Running from C:\Users\Daniel\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3569579327-585111417-1849176126-500 - Administrator - Disabled)

Daniel (S-1-5-21-3569579327-585111417-1849176126-1001 - Administrator - Enabled) => C:\Users\Daniel

Gast (S-1-5-21-3569579327-585111417-1849176126-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3569579327-585111417-1849176126-1002 - Limited - Enabled)

UpdatusUser (S-1-5-21-3569579327-585111417-1849176126-1003 - Limited - Enabled) => C:\Users\UpdatusUser

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)

Akamai NetSession Interface (HKU\S-1-5-21-3569579327-585111417-1849176126-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)

ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)

Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)

AVG PC TuneUp 2015 (de-DE) (x32 Version: 15.0.1001.471 - AVG Technologies) Hidden

AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.471 - AVG Technologies)

AVG PC TuneUp 2015 (x32 Version: 15.0.1001.471 - AVG Technologies) Hidden

Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )

Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )

Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version:  - )

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)

Dropbox (HKU\S-1-5-21-3569579327-585111417-1849176126-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)

Easy CD-DA Extractor 2010 (HKLM-x32\...\Easy CD-DA Extractor 2010) (Version: 2010.5 - Poikosoft)

ELAN Touchpad 11.5.15.5_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.15.5 - ELAN Microelectronic Corp.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)

Google Update Helper (x32 Version: 1.3.21.89 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3223 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Lidl-Fotos (HKLM-x32\...\Lidl-Fotos_is1) (Version:  - )

Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

NVIDIA Grafiktreiber 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)

NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.70 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden

SlimDrivers (HKLM-x32\...\{5AD12E7A-D739-4451-9BD1-3610EC56D8F5}) (Version: 2.2.45206 - SlimWare Utilities, Inc.)

Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)

SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.20.70 - Akademische Arbeitsgemeinschaft)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-3569579327-585111417-1849176126-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3569579327-585111417-1849176126-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3569579327-585111417-1849176126-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3569579327-585111417-1849176126-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3569579327-585111417-1849176126-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3569579327-585111417-1849176126-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3569579327-585111417-1849176126-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3569579327-585111417-1849176126-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3569579327-585111417-1849176126-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3569579327-585111417-1849176126-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

 

==================== Restore Points =========================

 

04-06-2015 13:31:35 Geplanter Prüfpunkt

06-06-2015 19:10:07 Windows Update

09-06-2015 19:28:17 Windows Update

10-06-2015 19:10:08 Windows Update

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {05C97F31-04CB-492D-AC16-99840C6DF49B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks

Task: {0D1C7A01-79C6-4581-9027-06CE093FE42D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)

Task: {0EE2971E-88AB-4EEE-8CC4-FE1622C7A1CC} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)

Task: {248EDDD8-0E7C-4D34-9956-DA56E5589340} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)

Task: {7CC6B01C-8F59-4AC0-91BC-3C2BA11C440E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)

Task: {8559F88E-770F-4B47-A2DD-D3F08BF23944} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)

Task: {A103B96C-874A-44EA-8316-B3499DC1BC64} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)

Task: {B9AF9621-64E7-4885-81EC-645AC33A6988} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)

Task: {BD7F64C0-DB63-4C74-BA8D-8B02487510FE} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-04-15] (AVG Technologies)

Task: {E19022B9-5B9E-48DA-B8A2-AD5C750FD360} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-10] (Avast Software s.r.o.)

Task: {E9489D0E-5B61-472D-9A12-761926F07F8D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)

Task: {EF63D8F0-A346-496A-BA60-DA22A4C828D4} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2013-09-09] (ASUSTek Computer Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-06-02 14:12 - 2015-05-28 09:04 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll

2015-05-10 14:47 - 2015-05-28 06:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2015-05-10 19:05 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll

2010-06-21 19:37 - 2010-06-30 13:10 - 00126264 _____ () C:\Program Files\Easy CD-DA Extractor 2010\ezcddax64.dll

2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

2015-05-10 14:31 - 2000-01-01 02:00 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2015-04-15 15:30 - 2015-04-15 15:30 - 00712504 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll

2015-04-15 15:30 - 2015-04-15 15:30 - 00855864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll

2015-06-02 14:12 - 2015-05-28 09:04 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

2015-05-10 19:06 - 2015-05-10 19:06 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2015-05-10 19:06 - 2015-05-10 19:06 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2015-06-14 00:44 - 2015-06-14 00:44 - 02954752 _____ () C:\Program Files\AVAST Software\Avast\defs\15061301\algo.dll

2015-06-14 20:10 - 2015-06-14 20:10 - 02954752 _____ () C:\Program Files\AVAST Software\Avast\defs\15061401\algo.dll

2015-06-02 14:13 - 2015-05-28 09:04 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2015-06-14 18:49 - 2015-06-14 18:49 - 00043008 _____ () c:\users\daniel\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprlftlr.dll

2015-05-27 21:01 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Daniel\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-05-27 21:01 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Daniel\AppData\Roaming\Dropbox\bin\libEGL.dll

2015-05-27 21:01 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Daniel\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2015-05-27 21:01 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Daniel\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2015-05-10 19:06 - 2015-05-10 19:06 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2015-05-10 14:39 - 2000-01-01 02:00 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2015-06-10 19:15 - 2015-06-05 20:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll

2015-06-10 19:15 - 2015-06-05 20:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3569579327-585111417-1849176126-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.0.1

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Faulty Device Manager Devices =============

 

Name: Microsoft Virtual WiFi Miniport Adapter

Description: Microsoft Virtual WiFi Miniport Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: vwifimp

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/12/2015 11:21:25 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: aswmbr.exe, Version: 1.0.1.2290, Zeitstempel: 0x54b4df14

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x55636317

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0002e3fe

ID des fehlerhaften Prozesses: 0xf98

Startzeit der fehlerhaften Anwendung: 0xaswmbr.exe0

Pfad der fehlerhaften Anwendung: aswmbr.exe1

Pfad des fehlerhaften Moduls: aswmbr.exe2

Berichtskennung: aswmbr.exe3

 

Error: (06/12/2015 11:17:07 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: aswmbr.exe, Version: 1.0.1.2290, Zeitstempel: 0x54b4df14

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x55636317

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0002e3fe

ID des fehlerhaften Prozesses: 0xe18

Startzeit der fehlerhaften Anwendung: 0xaswmbr.exe0

Pfad der fehlerhaften Anwendung: aswmbr.exe1

Pfad des fehlerhaften Moduls: aswmbr.exe2

Berichtskennung: aswmbr.exe3

 

Error: (06/04/2015 10:13:38 PM) (Source: Adobe Reader) (EventID: 16) (User: )

Description: 

 

Error: (05/31/2015 11:30:58 AM) (Source: Adobe Reader) (EventID: 16) (User: )

Description: 

 

Error: (05/31/2015 11:15:00 AM) (Source: Adobe Reader) (EventID: 16) (User: )

Description: 

 

Error: (05/28/2015 09:15:15 PM) (Source: Adobe Reader) (EventID: 16) (User: )

Description: 

 

Error: (05/28/2015 00:17:14 PM) (Source: Adobe Reader) (EventID: 16) (User: )

Description: 

 

Error: (05/26/2015 08:31:29 PM) (Source: Adobe Reader) (EventID: 16) (User: )

Description: 

 

Error: (05/26/2015 08:30:39 PM) (Source: Adobe Reader) (EventID: 16) (User: )

Description: 

 

Error: (05/18/2015 04:02:05 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020

 

 

System errors:

=============

Error: (06/14/2015 06:51:27 PM) (Source: WMPNetworkSvc) (EventID: 14319) (User: )

Description: WMPNetworkSvc

 

Error: (06/14/2015 06:50:37 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

 

Error: (06/14/2015 06:50:25 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

 

Error: (06/13/2015 04:44:33 PM) (Source: WMPNetworkSvc) (EventID: 14319) (User: )

Description: WMPNetworkSvc

 

Error: (06/13/2015 04:43:40 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

 

Error: (06/13/2015 04:43:33 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

 

Error: (06/12/2015 09:46:00 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

 

Error: (06/12/2015 07:37:59 PM) (Source: WMPNetworkSvc) (EventID: 14319) (User: )

Description: WMPNetworkSvc

 

Error: (06/12/2015 07:37:07 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

 

Error: (06/12/2015 07:36:51 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

 

 

Microsoft Office:

=========================

Error: (06/12/2015 11:21:25 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: aswmbr.exe1.0.1.229054b4df14ntdll.dll6.1.7601.1886955636317c00000050002e3fef9801d0a4f0e679036dC:\Users\Daniel\Downloads\aswmbr.exeC:\Windows\SysWOW64\ntdll.dll65b2c666-10e4-11e5-afe3-f46d04fbb378

 

Error: (06/12/2015 11:17:07 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: aswmbr.exe1.0.1.229054b4df14ntdll.dll6.1.7601.1886955636317c00000050002e3fee1801d0a4f0473acafbC:\Users\Daniel\Downloads\aswmbr.exeC:\Windows\SysWOW64\ntdll.dllcb8a7084-10e3-11e5-afe3-f46d04fbb378

 

Error: (06/04/2015 10:13:38 PM) (Source: Adobe Reader) (EventID: 16) (User: )

Description: 

 

Error: (05/31/2015 11:30:58 AM) (Source: Adobe Reader) (EventID: 16) (User: )

Description: 

 

Error: (05/31/2015 11:15:00 AM) (Source: Adobe Reader) (EventID: 16) (User: )

Description: 

 

Error: (05/28/2015 09:15:15 PM) (Source: Adobe Reader) (EventID: 16) (User: )

Description: 

 

Error: (05/28/2015 00:17:14 PM) (Source: Adobe Reader) (EventID: 16) (User: )

Description: 

 

Error: (05/26/2015 08:31:29 PM) (Source: Adobe Reader) (EventID: 16) (User: )

Description: 

 

Error: (05/26/2015 08:30:39 PM) (Source: Adobe Reader) (EventID: 16) (User: )

Description: 

 

Error: (05/18/2015 04:02:05 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020 

System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz

Percentage of memory in use: 27%

Total physical RAM: 8103.77 MB

Available physical RAM: 5869.89 MB

Total Pagefile: 16205.75 MB

Available Pagefile: 13984.14 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:137.83 GB) (Free:59.42 GB) NTFS

Drive d: (Data) (Fixed) (Total:327.83 GB) (Free:119.51 GB) NTFS

Drive g: () (Removable) (Total:3.68 GB) (Free:1.22 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=137.8 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=327.8 GB) - (Type=OF Extended)

 

========================================================

Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

 

Partition: GPT Partition Type.

 

==================== End of log ============================

 

 

 
Thanks for the help!
D.

Attached Files


Edited by Lille, 14 June 2015 - 06:57 PM.

  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi,

 

Reviewing your scans now. I'll be back with you in a few hours. :)


  • 0

#3
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Let's have a look with this tool please.

 

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

 

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    process;
    services-list;
    systemspecs;
    startupall;
    skipfix-iedefaults;
    firefoxlook;
    chromelook;
    filesrcm;
    installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please post the resulting log.


  • 0

#4
Lille

Lille

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi there, 

 

I ran the program and immediately received a new and different malware notification.

 

 

 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Daniel on 17.06.2015 at  9:40:56,88.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Daniel\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
17.06.2015 09:42:25 Zoek.exe System Restore Point Created Successfully.
 
==== Installed Programs ======================
 
AAVUpdateManager  
Adobe Acrobat Reader DC - Deutsch  
Akamai NetSession Interface  
ATK Package  
Avast Internet Security  
AVG PC TuneUp 2015  
AVG PC TuneUp 2015 (de-DE)  
Canon IJ Network Scanner Selector EX  
Canon IJ Network Tool  
Canon MG3100 series MP Drivers  
DAEMON Tools Lite  
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition  
Dropbox  
Easy CD-DA Extractor 2010  
ELAN Touchpad 11.5.15.5_X64_WHQL  
Google Chrome  
Google Update Helper  
Intel® Management Engine Components  
Intel® Processor Graphics  
Intel® SDK for OpenCL - CPU Only Runtime Package  
Intel© Trusted Connect Service Client  
Lidl-Fotos  
Malwarebytes Anti-Malware Version 2.1.6.1022  
Microsoft .NET Framework 4 Client Profile DEU Language Pack  
Microsoft .NET Framework 4.5.2  
Microsoft Office Access MUI (German) 2010  
Microsoft Office Excel MUI (German) 2010  
Microsoft Office Groove MUI (German) 2010  
Microsoft Office InfoPath MUI (German) 2010  
Microsoft Office Office 32-bit Components 2010  
Microsoft Office OneNote MUI (German) 2010  
Microsoft Office Outlook MUI (German) 2010  
Microsoft Office PowerPoint MUI (German) 2010  
Microsoft Office Professional Plus 2010  
Microsoft Office Proof (English) 2010  
Microsoft Office Proof (French) 2010  
Microsoft Office Proof (German) 2010  
Microsoft Office Proof (Italian) 2010  
Microsoft Office Proofing (German) 2010  
Microsoft Office Publisher MUI (German) 2010  
Microsoft Office Shared 32-bit MUI (German) 2010  
Microsoft Office Shared MUI (German) 2010  
Microsoft Office Word MUI (German) 2010  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
NVIDIA Grafiktreiber 353.06  
NVIDIA Install Application  
NVIDIA Optimus Update 2.4.5.28  
NVIDIA Systemsteuerung 353.06  
NVIDIA Update 1.11.3  
NVIDIA Update Components  
NVIDIA Update Core  
Realtek Card Reader  
Realtek Ethernet Controller Driver  
Security Update for Microsoft .NET Framework 4.5.2 (KB2972107)  
Security Update for Microsoft .NET Framework 4.5.2 (KB2972216)  
Security Update for Microsoft .NET Framework 4.5.2 (KB2978128)  
Security Update for Microsoft .NET Framework 4.5.2 (KB2979578v2)  
Security Update for Microsoft .NET Framework 4.5.2 (KB3023224)  
Security Update for Microsoft .NET Framework 4.5.2 (KB3035490)  
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)  
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition  
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition  
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition  
Security Update for Microsoft Office 2010 (KB2878284) 64-Bit Edition  
Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition  
Security Update for Microsoft Office 2010 (KB2881071) 64-Bit Edition  
Security Update for Microsoft Word 2010 (KB2883013) 64-Bit Edition  
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition  
SlimDrivers  
Sony PC Companion 2.10.259  
SteuerSparErkl„rung 2015  
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition  
Update for Microsoft Excel 2010 (KB2889836) 64-Bit Edition  
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition  
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition  
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition  
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition  
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition  
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition  
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition  
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition  
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition  
VLC media player  
WinRAR 4.00 (64-bit)  
 
==== Running Processes ======================
 
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe
C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files\AVAST Software\Avast\setup\instup.exe
C:\Windows\SysWOW64\cmd.exe
 
==== Services(whitelist) ======================
Powered by E Dev
 
R2 - [AAV UpdateService] - AAV UpdateService - c:\program files (x86)\akademische arbeitsgemeinschaft\aavupdatemanager\aavus.exe
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [ASLDRService] - ASLDR Service - c:\program files (x86)\asus\atk package\atk hotkey\asldrsrv.exe
R2 - [ATKGFNEXSrv] - ATKGFNEX Service - c:\program files (x86)\asus\atk package\atkgfnex\gfnexsrv.exe
R2 - [Intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
R2 - [jhi_service] - Intel® Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel® management engine components\dal\jhi_service.exe
R2 - [LMS] - Intel® Management and Security Application Local Management Service - c:\program files (x86)\intel\intel® management engine components\lms\lms.exe
R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
R2 - [nvUpdatusService] - NVIDIA Update Service Daemon - c:\program files (x86)\nvidia corporation\nvidia update core\daemonu.exe
R2 - [TuneUp.UtilitiesSvc] - AVG PC TuneUp Service - c:\program files (x86)\avg\avg pc tuneup\tuneuputilitiesservice64.exe
R3 - [AvastVBoxSvc] - AvastVBox COM Service - c:\program files\avast software\avast\ng\vbox\avastvboxsvc.exe
R3 - [ICCS] - Intel® Integrated Clock Controller Service - Intel® ICCS - c:\program files (x86)\intel\intel® integrated clock controller service\iccproxy.exe
R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
R3 - [VSS] - Volumeschattenkopie - c:\windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update-Dienst (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S2 - [WMPNetworkSvc] - Windows Media Player-Netzwerkfreigabedienst - c:\program files\windows media player\wmpnetwk.exe
S3 - [ALG] - Gatewaydienst auf Anwendungsebene - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+-Systemanwendung - c:\windows\system32\dllhost.exe
S3 - [cphs] - Intel® Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
S3 - [ehRecvr] - Windows Media Center-Empfängerdienst - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center-Planerdienst - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation-Schriftartcache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Google Update-Dienst (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [Intel® Capability Licensing Service TCP IP Interface] - Intel® Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe
S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files\microsoft office\office14\groove.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [PerfHost] - Leistungsindikator-DLL-Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - RPC-Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP-Trap - c:\windows\system32\snmptrap.exe
S3 - [Sony PC Companion] - Sony PC Companion - c:\program files (x86)\sony\sony pc companion\pccservice.exe
S3 - [vds] - Virtueller Datenträger - c:\windows\system32\vds.exe
S3 - [wbengine] - Blockebenen-Sicherungsmodul - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI-Leistungsadapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
S4 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
 
==== System Specs ======================
 
Operating System: Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 64-Bit
Manufacturer: ASUSTeK Computer Inc. - Model: K53SV
Install Date: 10.05.2015 14:18:35
Last Boot: 17.06.2015 09:32:14
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Number of Processors: 4
Work Station
Bootmode: Normal boot
Total RAM: 8103 MB (free 5846 MB - 72)
Computername: DANIEL-PC
Domain: WORKGROUP
User: Daniel (Non-Administrator account)
Local Disk:        C:\ - NTFS - 137 GB (free 74 GB)
Local Disk:        D:\ - NTFS - 327 GB (free 113 GB)
CD \ DVD Drive:    E:\ 
CD \ DVD Drive:    F:\ 
Removable Disk:    G:\ - FAT32 - 3 GB (free 1 GB)
Bootdevice: \Device\HarddiskVolume1
Windows update: 
Country: Deutschland 
Language: DEU 
 
==== System Specs (Software) ======================
 
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 43.0.2357.124
Internet Explorer Version: 11.0.9600.17843 
Google Chrome version: 43.0.2357.124
Adobe Reader version: 15.7.20033.133275
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== C:\Users\Daniel\AppData\Local\Temp ====
2015-06-17 07:33:58 0CFC0308F76EC217C457F54DDFCB3077 43008 ----a-w- C:\Users\Daniel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt2ynxq.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-06-09 17:34:26 DA27A4EA7B7C77FAFDB3F94D83E310C1 12625408 ----a-w- C:\Windows\SysWOW64\wmploc.DLL
2015-06-09 17:34:26 A98E8F79C738CAF23C152DBCABD978FE 11411456 ----a-w- C:\Windows\SysWOW64\wmp.dll
2015-06-09 17:34:26 605E9B2CFA3445ED7716D0B345EE21EC 8192 ----a-w- C:\Windows\SysWOW64\spwmp.dll
2015-06-09 17:34:26 2401379E0610D15FAB78A4B1646F5B8D 4096 ----a-w- C:\Windows\SysWOW64\msdxm.ocx
2015-06-09 17:34:26 2401379E0610D15FAB78A4B1646F5B8D 4096 ----a-w- C:\Windows\SysWOW64\dxmasf.dll
2015-06-09 17:34:13 9E68E1BDEBD85FC8803707370BE0FC6E 641536 ----a-w- C:\Windows\SysWOW64\advapi32.dll
2015-06-09 17:34:13 641A14E6AC492ED45BC68815E2E2F566 3989440 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-09 17:34:13 2CA16814DA3C5B2D8C7E70DC47A45ED1 551424 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2015-06-09 17:34:12 FCA6EFFEE6D7D42E794F0E538297026C 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll
2015-06-09 17:34:12 FB224B0A63B8F58E91FE8A314AD295AD 17408 ----a-w- C:\Windows\SysWOW64\diskperf.exe
2015-06-09 17:34:12 F85FA29340A536C8E0A16151B9B03923 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe
2015-06-09 17:34:12 F81920ADB15012CF4E9FF8238C85686A 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll
2015-06-09 17:34:12 F72A9953199EF5807D595AE3694B5D01 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2015-06-09 17:34:12 EA141596564AE0C670EDD0F2636EC29C 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll
2015-06-09 17:34:12 D877133532CE090502B1166B360E9516 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll
2015-06-09 17:34:12 BBABC6702529CFADAC0EC2B28168A288 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll
2015-06-09 17:34:12 A9E8F961F7FE1EDEEF8F46EEB800F2D8 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll
2015-06-09 17:34:12 9A50B2567918BF7DDD600ECE5DB5ED76 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2015-06-09 17:34:12 8C7635292CFF4901F058269454A1D64E 1310744 ----a-w- C:\Windows\SysWOW64\ntdll.dll
2015-06-09 17:34:12 7A9F94E0F53C8F6E09405351AC104A3C 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll
2015-06-09 17:34:12 6C730482615C97B923B88C648FF554A3 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll
2015-06-09 17:34:12 6C06D2B1CF88AB83F1CFB24928F63107 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2015-06-09 17:34:12 65A5E27C2217D606E212B6088CCD6104 92160 ----a-w- C:\Windows\SysWOW64\sechost.dll
2015-06-09 17:34:12 629AD3FDA168D82D459164044A29F9BB 40448 ----a-w- C:\Windows\SysWOW64\typeperf.exe
2015-06-09 17:34:12 583FFF12D2F0D6E1A8746462C433895F 3934144 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-09 17:34:12 5643A88C6DA8AAEC9CE2845431942650 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll
2015-06-09 17:34:12 558227F567E977D71B9182013EF03E9C 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll
2015-06-09 17:34:12 4238391DE3E3FDCD2C731C1E4E0F402C 635392 ----a-w- C:\Windows\SysWOW64\tdh.dll
2015-06-09 17:34:12 3E6731BF36A7D6C62D09671B427B6B67 37888 ----a-w- C:\Windows\SysWOW64\relog.exe
2015-06-09 17:34:12 3C1BE79C3CE6EB378108B11D94CA1072 364544 ----a-w- C:\Windows\SysWOW64\tracerpt.exe
2015-06-09 17:34:12 3B5DA649BF7B7D07510C06DE0AEEB4EB 82944 ----a-w- C:\Windows\SysWOW64\logman.exe
2015-06-09 17:34:12 2D23A10FBFA09DC1B61799128BBA91A2 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2015-06-09 17:34:11 EEA17E843EE2EE50D623BEACF50BD815 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2015-06-09 17:34:11 EC6E5AE2ECFE7A335B370865A1158EF8 2048 ----a-w- C:\Windows\SysWOW64\user.exe
2015-06-09 17:34:11 7E7933E63BBE2BE71CC908EF140458EF 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll
2015-06-09 17:34:11 619D5101114C71E1A4A585C5E68301B7 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll
2015-06-09 17:34:11 52C869A640B8169D7C8460FB1646ABF5 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll
2015-06-09 17:34:11 2E65BF3D85BB2C831669FBCBDE6C9879 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll
2015-06-09 17:33:48 58788565442368B0615DDAF1D452B843 530432 ----a-w- C:\Windows\SysWOW64\comctl32.dll
2015-06-09 17:33:41 9F6066005D8B8620598085C7499E9B70 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-09 17:33:41 8C3A03295F56D1FFB51D9D05DA42B12D 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-09 17:33:41 81C1182A9EE7AC4D21187811DE66A7D0 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2015-06-09 17:33:41 6B7210618D7E2CE0404ECF748701253A 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 17:33:40 F26680AF396F89F7ABFDA1D1D6B62011 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 17:33:40 975421AC32F9F6E27A58F75DAB4B5871 19607040 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2015-06-09 17:33:40 96837E5864777688477AF6DE2332C06D 503808 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2015-06-09 17:33:40 7C9F8DB66A56306C5BBE97F9FC0F01EF 342736 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 17:33:40 53E9614ADFA6A40A452BA014CEF6F261 1309696 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2015-06-09 17:33:40 2DED8A99E45053C42DD21D6937D3960C 689152 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 17:33:40 185490A6C3BEDAC5EF547314F68AB07B 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-09 17:33:39 B6D8148C1C697A7BF04EE0FE82408B6A 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 17:33:39 5C06EE62F06E990E9521EA80B8D4D4B8 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2015-06-09 17:33:39 4ABEEF30EA5B9F4718312DCB60B6C9BC 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 17:33:38 E21AE910DF0C5CB7D46D8FA17A4567DE 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2015-06-09 17:33:38 DB254D50B4527C2821C537E0587B44E8 12829696 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2015-06-09 17:33:38 C93AE4D14AEF5169791B35D97AE7C9FC 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2015-06-09 17:33:38 C27C8CACEBC712BE2AD791715E9734EC 664064 ----a-w- C:\Windows\SysWOW64\jscript.dll
2015-06-09 17:33:38 927E38A35E4DFC4E294BD130BAA6F759 2278912 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2015-06-09 17:33:38 7DBCBB1647B7CD71E2039C1B50A12717 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 17:33:38 1A628C1F5470F0AF21E37E425026F27A 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll
2015-06-09 17:33:38 17B0852D8202A872C3E6D01B518B6A4E 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2015-06-09 17:33:37 8C8B8C78C0CCD5D36ABCB115B0B581E1 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2015-06-09 17:33:36 E4EB138060BAE0DBAB1A3B71A3141FE7 1950720 ----a-w- C:\Windows\SysWOW64\wininet.dll
2015-06-09 17:33:36 85E21CCF38166E0D6DE2E42D9D3823BD 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-09 17:33:36 3FD7E6DB5D81FE400DB4D81D278596E6 4305920 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2015-06-09 17:33:35 FB5C9234E4BF6BDAF4A954763A4582BA 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll
2015-06-09 17:33:35 EF853EA2A6A7BD891CCF31B0C2915352 341504 ----a-w- C:\Windows\SysWOW64\html.iec
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-06-16 11:36:49 9CA2FDD44F7C1F8AC1652F6C2638CFED 364472 ----a-w- C:\Windows\Sysnative\aswBoot.exe
2015-06-09 17:34:27 9D80A82B0BB77AC3EF6A87FA0C534E20 14635008 ----a-w- C:\Windows\Sysnative\wmp.dll
2015-06-09 17:34:26 834FD7C31EA16D59CC3B2DC60F2F2620 9728 ----a-w- C:\Windows\Sysnative\spwmp.dll
2015-06-09 17:34:26 1A8C5D4BE449E4A9D8667A341E535E22 5120 ----a-w- C:\Windows\Sysnative\msdxm.ocx
2015-06-09 17:34:26 1A8C5D4BE449E4A9D8667A341E535E22 5120 ----a-w- C:\Windows\Sysnative\dxmasf.dll
2015-06-09 17:34:25 51ECEE70F33601310DDEF3EEE39550D3 12625920 ----a-w- C:\Windows\Sysnative\wmploc.DLL
2015-06-09 17:34:24 E87D4371B24BC9E5BAE95AEA60FFD959 193536 ----a-w- C:\Windows\Sysnative\aepic.dll
2015-06-09 17:34:24 CFF429F2234C1D1A5993E80F46C37CFB 1119232 ----a-w- C:\Windows\Sysnative\aeinv.dll
2015-06-09 17:34:24 B23AB4C401E2DE02C47B7497D41E2318 757248 ----a-w- C:\Windows\Sysnative\invagent.dll
2015-06-09 17:34:24 52DEF4C743C2EABD6BD3EDC790A0E778 1021440 ----a-w- C:\Windows\Sysnative\appraiser.dll
2015-06-09 17:34:24 2DCA988113A02EB9BCB98A5DC2D34E57 700416 ----a-w- C:\Windows\Sysnative\generaltel.dll
2015-06-09 17:34:23 6F07FC190DBCB42C8A5319235F72F906 423424 ----a-w- C:\Windows\Sysnative\devinv.dll
2015-06-09 17:34:23 6E2EB5A36C3CCD917F7FF9BED7C1390E 45568 ----a-w- C:\Windows\Sysnative\acmigration.dll
2015-06-09 17:34:23 587BBA3B3959144334700EC48232712F 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll
2015-06-09 17:34:14 AA5319FA8602676B5D3A2B4A1355896D 1255424 ----a-w- C:\Windows\Sysnative\diagtrack.dll
2015-06-09 17:34:13 9E2A2028228645DD57EF45A02CAC0CCE 5569984 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
2015-06-09 17:34:13 93A05407F8E53BC731C42AAD56163F80 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2015-06-09 17:34:13 8DCA1C70AF170C3FBCE47A4F49BFC887 424960 ----a-w- C:\Windows\Sysnative\KernelBase.dll
2015-06-09 17:34:13 6FDF03A3B110C5264F52F979335AE301 1162752 ----a-w- C:\Windows\Sysnative\kernel32.dll
2015-06-09 17:34:13 6ECD6D92F43C2DC55099F892978D5BE7 728576 ----a-w- C:\Windows\Sysnative\kerberos.dll
2015-06-09 17:34:13 53042708C242959B3924242FBBE297B1 1728960 ----a-w- C:\Windows\Sysnative\ntdll.dll
2015-06-09 17:34:13 4FFD08A01047EF6B58F6EB4E6D001A8D 879104 ----a-w- C:\Windows\Sysnative\advapi32.dll
2015-06-09 17:34:12 FF9BBFAE899091C1FF0D1A3F2C587911 243712 ----a-w- C:\Windows\Sysnative\wow64.dll
2015-06-09 17:34:12 E20BF3FA89DE67B00ED713B5254C0BF0 47104 ----a-w- C:\Windows\Sysnative\typeperf.exe
2015-06-09 17:34:12 D68690450978D127E030FB14E9B2023B 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll
2015-06-09 17:34:12 CCB352B939B77B38983DD878C547451F 503808 ----a-w- C:\Windows\Sysnative\srcore.dll
2015-06-09 17:34:12 AD54856A16B635720B0BE5FAF44526FC 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll
2015-06-09 17:34:12 A929B9ABA1083AF35ECE7BD63AF3E42F 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll
2015-06-09 17:34:12 A5F57F4866C2DC7F8215058D7D56BD21 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll
2015-06-09 17:34:12 9BBEA639884C0338DD78654277BD188A 112640 ----a-w- C:\Windows\Sysnative\smss.exe
2015-06-09 17:34:12 996EE6571ADB880A60846DD02C8D5869 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll
2015-06-09 17:34:12 858F04B3C39239972959E9EE97CACAE4 43008 ----a-w- C:\Windows\Sysnative\relog.exe
2015-06-09 17:34:12 7C5E375F20F639607376351A8BCC0647 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2015-06-09 17:34:12 6ACD3C75BE449F039E1A4E43424D5B6F 28160 ----a-w- C:\Windows\Sysnative\secur32.dll
2015-06-09 17:34:12 6703266C1E56157B5965F9AC868A20AC 404992 ----a-w- C:\Windows\Sysnative\tracerpt.exe
2015-06-09 17:34:12 66DF73B202105406602941778792FE3D 879104 ----a-w- C:\Windows\Sysnative\tdh.dll
2015-06-09 17:34:12 5EC57AC6DC16CB8A058CA019AA2C188D 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll
2015-06-09 17:34:12 5A17FF38EDE95B2313E428BF444126D7 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll
2015-06-09 17:34:12 4F90A7A0FCBC0ED18E573917860062FF 113664 ----a-w- C:\Windows\Sysnative\sechost.dll
2015-06-09 17:34:12 48C30C54194142910FB6B86D308220ED 338432 ----a-w- C:\Windows\Sysnative\conhost.exe
2015-06-09 17:34:12 37DFCC91E419952772E02F2B3BBB2E2B 342016 ----a-w- C:\Windows\Sysnative\schannel.dll
2015-06-09 17:34:12 289D99B0879C6ED5C6D1B3A856CA6DA3 22016 ----a-w- C:\Windows\Sysnative\credssp.dll
2015-06-09 17:34:12 2313AF8D5A9CEB4A55400A01DD311A95 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll
2015-06-09 17:34:12 210E7D1EA34369194BE09493784E27BE 104448 ----a-w- C:\Windows\Sysnative\logman.exe
2015-06-09 17:34:12 20BD408AC3F8576997D6A47F48A1C5B2 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll
2015-06-09 17:34:12 1B93381366141875D8EE7EC1085236B9 19456 ----a-w- C:\Windows\Sysnative\diskperf.exe
2015-06-09 17:34:12 17A6A9AAD04CCC6EE53290585BFC43AF 31232 ----a-w- C:\Windows\Sysnative\lsass.exe
2015-06-09 17:34:12 16154A6682B1552DEAB953BFA4B8E955 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe
2015-06-09 17:34:12 13DE715D959DD502CFD52DC920408B33 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll
2015-06-09 17:34:12 11D5815F0DC571CE3C72213B375860B1 50176 ----a-w- C:\Windows\Sysnative\srclient.dll
2015-06-09 17:34:12 03BA5D20751137F3A705B389C52DB8D6 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe
2015-06-09 17:34:11 AF557D115972A73964FC8F209300948A 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll
2015-06-09 17:34:11 8A4EB32C7C948F70EAC6F85063596A39 36864 ----a-w- C:\Windows\Sysnative\UtcResources.dll
2015-06-09 17:34:11 837BBE4170D5A75F293BD6F294A8FE34 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll
2015-06-09 17:34:11 6E882D7CA34073890107559B5A515A24 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll
2015-06-09 17:34:11 6ACFCC28E4D60B5A931D8749332A14E2 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll
2015-06-09 17:33:48 51F89CE2D0FEC66070354504E6C4C3E4 633856 ----a-w- C:\Windows\Sysnative\comctl32.dll
2015-06-09 17:33:47 1EE2DBA5AD2E5EB618C7FB187C2CFDF4 3206144 ----a-w- C:\Windows\Sysnative\win32k.sys
2015-06-09 17:33:41 9DB8E01D5A546FAFCACE95489E351186 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2015-06-09 17:33:41 73509D13542A90E260F45D1D6D4100A8 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2015-06-09 17:33:40 9E2B8C0601E3D460F78F0233B509CE4F 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll
2015-06-09 17:33:40 70D24021ED327CE7FFA9DEE327BB4C6B 720384 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2015-06-09 17:33:40 4BD747AAF01C480901B3E777EC48826B 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2015-06-09 17:33:39 D202078FBA3A77B85D39669EE4110DE2 389840 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2015-06-09 17:33:39 6ABFC5736EC920C4436F32111F5CBCEE 1545728 ----a-w- C:\Windows\Sysnative\urlmon.dll
2015-06-09 17:33:39 3C3E159F284F51D55DB59C3D0B843979 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2015-06-09 17:33:38 86FDFEA67833DB261EC01A777594EDCF 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2015-06-09 17:33:38 57DFACB53ED16190EF732E2430B39741 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2015-06-09 17:33:38 36F3718E67F442F54AB4A39DCDD8FD19 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2015-06-09 17:33:38 083BCA14FCE290D682D8DAC9372CBF23 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2015-06-09 17:33:37 FF84182188CA8F0DC28CFED06C9B7816 2125824 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2015-06-09 17:33:37 7F8F9AE03D1BA4354671E05F07A40F1A 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2015-06-09 17:33:37 5F8EE9311ECF078CD9426874FFAD660C 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll
2015-06-09 17:33:36 AFF5C12099B87FA645F8867701729894 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2015-06-09 17:33:36 6E295C7364DAEB151CC0E98434B6AC92 2885632 ----a-w- C:\Windows\Sysnative\iertutil.dll
2015-06-09 17:33:36 33B5F1A727FACDEA7CDA0E35FFAADDCF 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll
2015-06-09 17:33:36 0EDA3219FA027A486AA11269355AB279 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2015-06-09 17:33:35 AE5A2843B4A2E1E558B9EE13EF62CCE5 14404096 ----a-w- C:\Windows\Sysnative\ieframe.dll
2015-06-09 17:33:35 8909A24DA8B5C426CF6595BA843B6CC5 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2015-06-09 17:33:35 35622F5A652C4E16774234DCA0026E74 633856 ----a-w- C:\Windows\Sysnative\ieui.dll
2015-06-09 17:33:34 CFA52E2FE8E623042A1EEF96EB1B9481 6026240 ----a-w- C:\Windows\Sysnative\jscript9.dll
2015-06-09 17:33:34 ACD6FE6C82B93813F023FC01A51CB940 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2015-06-09 17:33:34 83781DF625A4448B39410D7FA2BDC48D 816640 ----a-w- C:\Windows\Sysnative\jscript.dll
2015-06-09 17:33:34 4A5A84B457C72E79A64AE4036EC6BB0E 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2015-06-09 17:33:34 3854BFE1C0F14872C94501421CC40813 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2015-06-09 17:33:33 417F80E4AFBA1AA9EBBD618F1C6D9165 2426880 ----a-w- C:\Windows\Sysnative\wininet.dll
2015-06-09 17:33:33 2BC2D3A41BB755487FD55C09938F00BC 417792 ----a-w- C:\Windows\Sysnative\html.iec
2015-06-09 17:33:32 A29BAFC1543F9D2234AFFFEA9BCE76C8 24917504 ----a-w- C:\Windows\Sysnative\mshtml.dll
2015-06-09 17:33:32 16091938F6CDBCCCBA1CBE24600121BC 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
2015-06-09 17:33:32 06A8CE6C3AE6B7916F026B0EFDDCAAA5 199680 ----a-w- C:\Windows\Sysnative\msrating.dll
====== C:\Windows\Sysnative\drivers =====
2015-06-16 11:36:51 2EF62E6F46345480A2946AA7D7EB28F5 28144 ----a-w- C:\Windows\Sysnative\drivers\aswKbd.sys
2015-06-16 11:36:33 81A2A421E6D7B43AA9E87A5FCB5730C3 449896 ----a-w- C:\Windows\Sysnative\drivers\aswNdisFlt.sys
2015-06-12 08:59:30 E9CD058C79EA15B4AA93E259FA713B07 136408 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2015-06-12 08:59:05 54D70409DE6932E9EFA117779611E7A9 107736 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2015-06-12 08:59:04 F49FB3C88E263AE9A246593B0BB29294 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2015-06-12 08:59:04 1E9E32AEC3E1EB1B31B8169F33168B56 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2015-06-09 17:34:12 BF69D973523D539A35807946C6DA7E16 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
2015-06-09 17:34:12 272C27711C8AA6E7815EE33F8ACA9C66 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2015-06-02 12:12:05 BED3EDDC4B361B9023022B8ED4B04AEA 31560 ----a-w- C:\Windows\Sysnative\drivers\nvpciflt.sys
2015-06-02 12:12:05 017E0B4AEFCB291E7CF1CD4BF120A7A8 10995528 ----a-w- C:\Windows\Sysnative\drivers\nvlddmkm.sys
2015-06-01 09:43:16 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys
2015-06-01 09:37:26 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys
2015-06-01 09:32:49 36E0DDD19038C92B7C7709BFA03F813F 69888 ----a-w- C:\Windows\Sysnative\drivers\stream.sys
2015-06-01 09:00:58 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_wpdcomp_01_09_00.Wdf
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-06-01 09:03:36 -------- d-----w- C:\PROGRA~2\Sony
======= C: =====
====== C:\Users\Daniel\AppData\Roaming ======
2015-06-02 12:13:44 -------- d-----w- C:\Users\Daniel\AppData\Local\NVIDIA
2015-06-02 09:14:41 -------- d-----w- C:\Users\Daniel\AppData\Local\Akamai
2015-06-01 09:45:28 -------- d-s---w- C:\Users\UpdatusUser\AppData\Roaming\Microsoft
2015-06-01 09:45:28 -------- d-----w- C:\Users\UpdatusUser\AppData\Roaming\Media Center Programs
2015-06-01 09:45:28 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\Temp
2015-06-01 09:45:28 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\Microsoft
2015-06-01 09:45:28 -------- d-----r- C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-01 09:45:28 -------- d-----r- C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-01 09:23:27 -------- d-----w- C:\Users\Daniel\AppData\Local\GWX
2015-06-01 09:08:56 -------- d-----w- C:\Users\Daniel\AppData\Local\Sony
2015-05-27 19:01:28 -------- d-----w- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-27 18:59:32 -------- d-----w- C:\Users\Daniel\AppData\Roaming\Dropbox
====== C:\Users\Daniel ======
2015-06-14 18:11:35 6C98A47EC4FEFA15235E52529B83D1CE 2109952 ----a-w- C:\Users\Daniel\Desktop\FRST64.exe
2015-06-14 18:07:24 6DD947991853486DE376C12FF20A42F7 709564 ----a-w- C:\Users\Daniel\Downloads\delfix_10.8.exe
2015-06-02 12:12:12 -------- d-----w- C:\ProgramData\boost_interprocess
2015-06-01 09:45:31 -------- d-----w- C:\Users\UpdatusUser\Searches
2015-06-01 09:45:31 -------- d-----w- C:\Users\UpdatusUser\Contacts
2015-06-01 09:45:28 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\UpdatusUser\ntuser.ini
2015-06-01 09:45:28 -------- d--h--w- C:\Users\UpdatusUser\AppData
2015-06-01 09:45:28 -------- d-----w- C:\Users\UpdatusUser\Saved Games
2015-06-01 09:45:28 -------- d-----r- C:\Users\UpdatusUser\Videos
2015-06-01 09:45:28 -------- d-----r- C:\Users\UpdatusUser\Pictures
2015-06-01 09:45:28 -------- d-----r- C:\Users\UpdatusUser\Music
2015-06-01 09:45:28 -------- d-----r- C:\Users\UpdatusUser\Links
2015-06-01 09:45:28 -------- d-----r- C:\Users\UpdatusUser\Favorites
2015-06-01 09:45:28 -------- d-----r- C:\Users\UpdatusUser\Downloads
2015-06-01 09:45:28 -------- d-----r- C:\Users\UpdatusUser\Documents
2015-06-01 09:45:28 -------- d-----r- C:\Users\UpdatusUser\Desktop
2015-06-01 09:03:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-06-01 09:03:36 -------- d-----w- C:\ProgramData\Sony
2015-05-27 19:02:39 -------- d-----r- C:\Users\Daniel\Dropbox
2015-05-21 15:02:18 -------- d-----w- C:\ProgramData\Microsoft Toolkit
 
====== C: exe-files ==
2015-06-16 11:36:49 9CA2FDD44F7C1F8AC1652F6C2638CFED 364472 ----a-w- C:\Windows\System32\aswBoot.exe
2015-06-14 18:11:35 6C98A47EC4FEFA15235E52529B83D1CE 2109952 ----a-w- C:\Users\Daniel\Desktop\FRST64.exe
2015-06-14 18:07:24 6DD947991853486DE376C12FF20A42F7 709564 ----a-w- C:\Users\Daniel\Downloads\delfix_10.8.exe
2015-06-10 17:12:36 74D7DFE507EA48737061EA8E990157E8 2212944 ----a-w- C:\Program Files (x86)\Google\Update\Install\{4513341D-E8E9-4954-8078-B27BAB7A8907}\43.0.2357.124_43.0.2357.81_chrome_updater.exe
2015-06-10 17:12:36 74D7DFE507EA48737061EA8E990157E8 2212944 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\43.0.2357.124\43.0.2357.124_43.0.2357.81_chrome_updater.exe
=== C: other files ==
2015-06-16 11:36:51 2EF62E6F46345480A2946AA7D7EB28F5 28144 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2015-06-16 11:36:33 81A2A421E6D7B43AA9E87A5FCB5730C3 449896 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2015-06-12 08:59:30 E9CD058C79EA15B4AA93E259FA713B07 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-06-12 08:59:05 54D70409DE6932E9EFA117779611E7A9 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-06-12 08:59:04 F49FB3C88E263AE9A246593B0BB29294 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-06-12 08:59:04 1E9E32AEC3E1EB1B31B8169F33168B56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-21-3569579327-585111417-1849176126-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe"
 
[HKEY_USERS\S-1-5-21-3569579327-585111417-1849176126-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-21-3569579327-585111417-1849176126-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\windows\\syswow64\\nvinit.dll, C:\\Windows\\SysWOW64\\nvinit.dll"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll"
 
==== Startup Registry Disabled ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"GoogleChromeAutoLaunch_9CB2B8404301F8169D10E27C4B481A41"="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --no-startup-window"
"DAEMON Tools Lite"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun"
 
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"BCSSync"="\"C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"
 
 
==== Startup Folders ======================
 
2015-05-27 19:02:04 1139 ----a-w- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10.05.2015 18:48]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10.05.2015 18:48]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\ATKOSD2" [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [16.06.2015 13:36]
 
==== Chromium Look ======================
 
Google Chrome Version: 43.0.2357.124
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[10.05.2015 19:06]
 
Google Slides - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
AdBlock - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Avast Online Security - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Hotword Shared Module - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Wallet - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Chromium Startpages ======================
 
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences
70A9D23BA0A596CB456D8302F","nbpagnldghgfoolbancepceaanlmhfmd":"ED566DD9C255CD63329DEE6F9F527C04B31904CCC24A4829F2C31D81D32433ED","neajdppkdcdipfabeoofebfddakdcjhd":"3BF19000E53D3020D02AE5E6C59EB3B9F2065BEB071E432BE0A741B99F4EB928","nkeimhogjdpnpccoofpliimaahmaaome":"CC615E46A88F673A34735554060892971780ABB506AA08D02335E218500B39A0","nmmhkkegccagdldgiimedpiccmgmieda":"A0125C9C58F92C054564240F37AA31E6499B069AA9F3760D62D1D1E363A316E5","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"CA2E0911D0F54213271F0A96C8AFF7822BE28F7FABF752572AE8BA70116C2CE6","pjkljhegncpnkpknbcohdijeoejaedia":"7217A0DF31F6FFD3457442EA9CD32E98F92B3BF73CD19886C160405FDE2895DC"}},"google":{"services":{"last_username":"637555E8211F7F4855277F215FA52D9D99349FBE36A677A6C6F28BD7717DA939","username":"7A57427F6FA5DA76BFA719F1742F797348565997FA167FC2DD0F74FD5C0A4A62"}},"homepage":"27C0E5ED2BA8FED563979413C1B9772017BE7FEBD1A02538C0332B44D2EAE1B0","homepage_is_newtabpage":"010456AACE5E66553616511FCE933A94074BA848B420EF5B4D493E5FC9B77A28","pinned_tabs":"8CC8D73088B92FFD7BB95CA3E15EAFF8E459F69A1AF62D28E53E2AA6D3E606EB","prefs":{"preference_reset_time":"A4EC0D91D1295943E0F01939EA9C2C7A47E7E03483CA2B8408C7DDE9FD5961D6"},"profile":{"reset_prompt_memento":"4D57A68BEEAD050EF583225A43A3A5E551E4937C25BD8232E16A30F100AA86CA"},"safebrowsing":{"incidents_sent":"9E7DFA30C7200911021C7B10A09D1F6D2A4A267C0CB1A7FABD52082A5C82BD1A"},"search_provider_overrides":"1700548C0ECF54BF8CA0D668A2B1DAE080CEAEBD263CA7A36DAE5517A92B50D7","session":{"restore_on_startup":"242770C48656CCA00FF873630F458FD4D11CB990582F8268B8A5AE1B8BFC55DE","startup_urls":"A4984DA437E076627F55B5FC08B848EEC8B16C749B021A6E10F803C9E7AE5969"},"software_reporter":{"prompt_reason":"58C1FDA1246F2773CB8D4402F5D8A381A64D97F37FC33DD1555583CF158154F1","prompt_seed":"C413C121A542C4B8AA6331F56C19144615217003052DD17AD4679ABB184BF0EF","prompt_version":"BE73F8C5098C0C8BEA8F85AA9F3C5B189F5114EF56FA27429643EBE63339113F"},"sync":{"remaining_rollback_tries":"6010054F3132BCC4EDC29D0C49E0E978574C1F005245053E4849FFF21FFFF4DC"}},"super_mac":"B43593C0489E36B8F373D3349FDDD90BAA9745FAFA58308766F0B024C642A06B"},"session":{"restore_on_startup":4,"startup_urls":["https://www.google.d...back_tries":0}}
 
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IESR02"
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on 17.06.2015 at  9:45:17,59 ======================
 

  • 0

#5
Lille

Lille

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

The new malware infection that popped up was this:

 

Infektion:URL:Mal
Prozess:C:\Windows\System32\svchost.exe
 
Thanks for your work!

Edited by Lille, 17 June 2015 - 01:59 AM.

  • 0

#6
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

51a612a8b27e2-Zoek.png Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
     

createsrpoint;
chrdefaults;
iedefaults'
FFdefaults;
fakechrprofiles;delete
shortcutfix;
autoclean;
resethosts;
emptyalltemp;

 

  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.


  • 0

#7
Lille

Lille

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

hi there. the newest logfile:

 

 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Daniel on 18.06.2015 at 16:55:26,90.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Daniel\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2015-06-17-074517.log 45329 bytes
 
==== System Restore Info ======================
 
18.06.2015 16:56:25 Zoek.exe System Restore Point Created Successfully.
 
==== Reset Hosts File ======================
 
# Copyright © 1993-2006 Microsoft Corp. 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# For example: 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
# localhost name resolution is handled within DNS itself. 
127.0.0.1       localhost 
::1             localhost 
 
==== Empty Folders Check ======================
 
C:\Program Files\Google deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\Users\Daniel\AppData\Roaming\dlg deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [16.06.2015 13:36]
 
==== Chromium Look ======================
 
Google Chrome Version: 43.0.2357.124
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[10.05.2015 19:06]
 
AdBlock - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Avast Online Security - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Hotword Shared Module - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
 
==== Chromium Startpages ======================
 
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences
70A9D23BA0A596CB456D8302F","nbpagnldghgfoolbancepceaanlmhfmd":"ED566DD9C255CD63329DEE6F9F527C04B31904CCC24A4829F2C31D81D32433ED","neajdppkdcdipfabeoofebfddakdcjhd":"3BF19000E53D3020D02AE5E6C59EB3B9F2065BEB071E432BE0A741B99F4EB928","nkeimhogjdpnpccoofpliimaahmaaome":"CC615E46A88F673A34735554060892971780ABB506AA08D02335E218500B39A0","nmmhkkegccagdldgiimedpiccmgmieda":"F1B6257B654A2AB1E14C242B70AD8F548C63B4B30582270C49CA772ED7C7F02B","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"CA2E0911D0F54213271F0A96C8AFF7822BE28F7FABF752572AE8BA70116C2CE6","pjkljhegncpnkpknbcohdijeoejaedia":"990F8EAEC2233607F72D7A4B2B52E6038DBCFCFFD53BC02585F5EF401FF93E8B"}},"google":{"services":{"last_username":"637555E8211F7F4855277F215FA52D9D99349FBE36A677A6C6F28BD7717DA939","username":"7A57427F6FA5DA76BFA719F1742F797348565997FA167FC2DD0F74FD5C0A4A62"}},"homepage":"27C0E5ED2BA8FED563979413C1B9772017BE7FEBD1A02538C0332B44D2EAE1B0","homepage_is_newtabpage":"010456AACE5E66553616511FCE933A94074BA848B420EF5B4D493E5FC9B77A28","pinned_tabs":"8CC8D73088B92FFD7BB95CA3E15EAFF8E459F69A1AF62D28E53E2AA6D3E606EB","prefs":{"preference_reset_time":"A4EC0D91D1295943E0F01939EA9C2C7A47E7E03483CA2B8408C7DDE9FD5961D6"},"profile":{"reset_prompt_memento":"4D57A68BEEAD050EF583225A43A3A5E551E4937C25BD8232E16A30F100AA86CA"},"safebrowsing":{"incidents_sent":"9E7DFA30C7200911021C7B10A09D1F6D2A4A267C0CB1A7FABD52082A5C82BD1A"},"search_provider_overrides":"1700548C0ECF54BF8CA0D668A2B1DAE080CEAEBD263CA7A36DAE5517A92B50D7","session":{"restore_on_startup":"242770C48656CCA00FF873630F458FD4D11CB990582F8268B8A5AE1B8BFC55DE","startup_urls":"A4984DA437E076627F55B5FC08B848EEC8B16C749B021A6E10F803C9E7AE5969"},"software_reporter":{"prompt_reason":"58C1FDA1246F2773CB8D4402F5D8A381A64D97F37FC33DD1555583CF158154F1","prompt_seed":"C413C121A542C4B8AA6331F56C19144615217003052DD17AD4679ABB184BF0EF","prompt_version":"BE73F8C5098C0C8BEA8F85AA9F3C5B189F5114EF56FA27429643EBE63339113F"},"sync":{"remaining_rollback_tries":"6010054F3132BCC4EDC29D0C49E0E978574C1F005245053E4849FFF21FFFF4DC"}},"super_mac":"04017CFC018385C3837678574CECCECEE50A4A57C4ED5973F3F87DF94E7AC063"},"session":{"restore_on_startup":4,"startup_urls":["https://www.google.d...back_tries":0}}
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IESR02"
 
==== Reset Google Chrome ======================
 
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== shortcuts on All Users Desktop ======================
 
C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe 
 
==== shortcuts in Users Start Menu ======================
 
C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe  -extoff
C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe 
C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt 
C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm 
C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe 
 
==== shortcuts in All Users Start Menu ======================
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}\SC_Reader.ico 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Integrator.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk - C:\Windows\ehome\ehshell.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\AVG PC TuneUp 2015.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Integrator.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\AVG PC TuneUp Hilfe.lnk - C:\ProgramData\AVG\AWL2015\de-DE\main_vista_7.chm 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG 1-Klick-Wartung.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Browser Cleaner.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\BrowserCleaner.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Cleaner for iOS.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\iOSCleaner.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Disk Cleaner.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\DiskCleaner.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Disk Doctor.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\DiskDoctor.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Disk Space Explorer.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\DiskExplorer.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Drive Defrag.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\DriveDefrag.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Duplicate Finder.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\DuplicateFinder.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Economy-Modus.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\EnergyOptimizer.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Live-Optimierung.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\SettingCenter.exe /live
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Optimierungsbericht.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Report.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Process Manager.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\ProcessManager.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Program Deactivator.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\ProgramDeactivator.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Registry Cleaner.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\RegistryCleaner.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Registry Defrag.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\RegistryDefrag.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Registry Editor.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\RegistryEditor.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Repair Wizard.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\RepairWizard.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Rescue Center.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\RescueCenter.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Setting Center.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\SettingCenter.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Shortcut Cleaner.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\ShortcutCleaner.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Shredder.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Shredder.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG StartUp Manager.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\StartUpManager.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG StartUp Optimizer.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\StartupOptimizer.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Styler.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Styler.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG System Control.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\SystemControl.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG System Information.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\SystemInformation.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Undelete.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\Undelete.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Uninstall Manager.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\UninstallManager.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015\Alle Funktionen\AVG Update Wizard.lnk - C:\Program Files (x86)\AVG\AVG PC TuneUp\UpdateWizard.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3100 series\Liesmich.lnk - C:\Program Files (x86)\CanonBJ\IJPrinter\Canon MG3100 series\readme_German.txt 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3100 series\MP Drivers Deinstallieren.lnk - C:\Windows\System32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series\DelDrv64.exe /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series /L0x0007
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\IJ Network Scanner Selector EX\IJ Network Scanner Selector EX Deinstallieren.lnk - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSU.exe /UninstallRemove C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\uninst.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\IJ Network Scanner Selector EX\IJ Network Scanner Selector EX.lnk - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\IJ Network Tool\IJ Network Tool Deinstallieren.lnk - C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNUU.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\IJ Network Tool\IJ Network Tool.lnk - C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNPUT.EXE 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DTGadget.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DT.gadget 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk - C:\Program Files (x86)\DAEMON Tools Lite\SPTDinst-x64.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD-DA Extractor 2010\Easy CD-DA Extractor.lnk - C:\Program Files\Easy CD-DA Extractor 2010\ezcddax.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD-DA Extractor 2010\Programs\Audio CD Ripper.lnk - C:\Program Files\Easy CD-DA Extractor 2010\ezcddax.exe -R
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD-DA Extractor 2010\Programs\Audio Converter.lnk - C:\Program Files\Easy CD-DA Extractor 2010\ezcddax.exe -C
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD-DA Extractor 2010\Programs\CD-DVD Creator.lnk - C:\Program Files\Easy CD-DA Extractor 2010\ezcddax.exe -B
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD-DA Extractor 2010\Programs\Metadata Editor.lnk - C:\Program Files\Easy CD-DA Extractor 2010\ezcddax.exe -E
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lidl-Fotos\Lidl-Fotos deinstallieren.lnk - D:\Lidl_Fotos\unins000.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lidl-Fotos\Lidl-Fotos.lnk - D:\Lidl_Fotos\Loader.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\accicons.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe  /design 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\joticon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pubs.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Digitales Zertifikat für VBA-Projekte.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Clip Organizer.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\cagicon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Office 2010 Upload Center.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\msouc.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Office 2010-Spracheinstellungen.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers Help.lnk - C:\Windows\Installer\{5AD12E7A-D739-4451-9BD1-3610EC56D8F5}\Icon.exe -help
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers.lnk - C:\Windows\Installer\{5AD12E7A-D739-4451-9BD1-3610EC56D8F5}\Icon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Sony PC Companion\Deinstallieren.lnk - C:\Program Files (x86)\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe -uninst -runfromtemp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Sony PC Companion\Sony PC Companion 2.1.lnk - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps\SteuerSparErklärung 2015\Start-Center 2015.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps\SteuerSparErklärung 2015\Informationen und Hilfe\Report erstellen.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps\SteuerSparErklärung 2015\Informationen und Hilfe\SteuerSparErklärung 2015 deinstallieren.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps\SteuerSparErklärung 2015\Informationen und Hilfe\TeamViewer.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps\SteuerSparErklärung 2015\Programmfunktionen\Gesonderte Feststellung 2014.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps\SteuerSparErklärung 2015\Programmfunktionen\Gewinn-Erfassung 2015.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps\SteuerSparErklärung 2015\Programmfunktionen\Gewinnermittlung 2014.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps\SteuerSparErklärung 2015\Programmfunktionen\Lohnsteuer-Ermäßigung 2015.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps\SteuerSparErklärung 2015\Programmfunktionen\Steuererklärung 2014.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps\SteuerSparErklärung 2015\Programmfunktionen\Steuerprognose 2015.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files\VideoLAN\VLC\Documentation.url 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files\VideoLAN\VLC\NEWS.txt 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files\VideoLAN\VLC\VideoLAN Website.url 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe -Iskins
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe 
 
==== shortcuts in Quick Launch ======================
 
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe 
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe 
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=2 folders=1 9743 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Daniel\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Daniel\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on 18.06.2015 at 17:11:38,57 ======================
 
 
thanks again!
d.

  • 0

#8
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

How is the machine working now?


  • 0

#9
Lille

Lille

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

so far, no reports. i'll check in again tomorrow. thanks!!!


  • 0

#10
Lille

Lille

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

sadly, a different malware attack appeared today.

 


  • 0

Advertisements


#11
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Let's look from a slightly different angle. Please follow the instructions below and post the resulting log. Also, let me know how the machine is working after.

 

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.



  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

 


  • 0

#12
Lille

Lille

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

hi again.

 

the log:

 

ComboFix 15-06-18.01 - Daniel 19.06.2015  17:50:11.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8104.5957 [GMT 2:00]
ausgeführt von:: c:\users\Daniel\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-05-19 bis 2015-06-19  ))))))))))))))))))))))))))))))
.
.
2015-06-19 15:57 . 2015-06-19 15:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-19 07:14 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6832A079-51AB-40BE-B374-58C8B311B4EA}\mpengine.dll
2015-06-18 18:17 . 2015-06-18 18:17 -------- d-----w- c:\users\Daniel\AppData\Local\Dropbox
2015-06-18 18:17 . 2015-06-18 18:17 -------- d-----w- c:\programdata\Dropbox
2015-06-18 15:10 . 2015-06-18 14:55 24064 ----a-w- c:\windows\zoek-delete.exe
2015-06-18 15:10 . 2015-06-19 15:59 -------- d-----w- c:\users\Daniel\AppData\Local\Temp
2015-06-17 07:40 . 2015-06-18 15:07 -------- d-----w- C:\zoek_backup
2015-06-16 11:36 . 2015-06-16 11:36 28144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-06-16 11:36 . 2015-05-10 17:06 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-06-16 11:36 . 2015-06-16 11:36 449896 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2015-06-16 08:40 . 2015-06-16 08:40 -------- d-s---w- c:\windows\SysWow64\Microsoft
2015-06-12 09:12 . 2015-06-14 18:13 -------- d-----w- C:\FRST
2015-06-12 08:59 . 2015-06-12 08:59 -------- d-----w- c:\programdata\Malwarebytes
2015-06-09 17:33 . 2015-04-24 18:17 633856 ----a-w- c:\windows\system32\comctl32.dll
2015-06-02 16:00 . 2015-01-31 03:48 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2015-06-02 16:00 . 2015-01-31 03:48 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-06-02 16:00 . 2015-01-30 23:56 243200 ----a-w- c:\windows\system32\rdpudd.dll
2015-06-02 16:00 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-06-02 12:13 . 2015-06-02 12:13 -------- d-----w- c:\windows\SysWow64\NV
2015-06-02 12:13 . 2015-06-02 12:13 -------- d-----w- c:\windows\system32\NV
2015-06-02 12:13 . 2015-06-02 12:13 -------- d-----w- c:\users\Daniel\AppData\Local\NVIDIA
2015-06-02 09:14 . 2015-06-02 09:14 -------- d-----w- c:\users\Daniel\AppData\Local\Akamai
2015-06-02 09:00 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-06-02 09:00 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll
2015-06-01 09:45 . 2015-06-02 15:53 -------- d-----w- c:\users\UpdatusUser
2015-06-01 09:45 . 2015-05-28 04:15 75080 ----a-w- c:\windows\system32\nv3dappshextr.dll
2015-06-01 09:45 . 2015-05-28 04:15 1059472 ----a-w- c:\windows\system32\nv3dappshext.dll
2015-06-01 09:37 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2015-06-01 09:37 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2015-06-01 09:37 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2015-06-01 09:36 . 2012-03-14 03:00 385024 ----a-w- c:\windows\system32\CNMLMAR.DLL
2015-06-01 09:34 . 2015-03-14 03:21 1632768 ----a-w- c:\windows\system32\dwmcore.dll
2015-06-01 09:34 . 2015-03-14 03:21 82944 ----a-w- c:\windows\system32\dwmapi.dll
2015-06-01 09:34 . 2015-03-14 03:04 67584 ----a-w- c:\windows\SysWow64\dwmapi.dll
2015-06-01 09:34 . 2015-03-14 03:04 1372160 ----a-w- c:\windows\SysWow64\dwmcore.dll
2015-06-01 09:32 . 2015-04-11 03:19 69888 ----a-w- c:\windows\system32\drivers\stream.sys
2015-06-01 09:23 . 2015-06-01 09:23 -------- d-----w- c:\users\Daniel\AppData\Local\GWX
2015-06-01 09:08 . 2015-06-01 09:08 -------- d-----w- c:\users\Daniel\AppData\Local\Sony
2015-06-01 09:03 . 2015-06-01 09:03 -------- d-----w- c:\programdata\Sony
2015-06-01 09:03 . 2015-06-01 09:03 -------- d-----w- c:\program files (x86)\Sony
2015-05-27 19:02 . 2015-06-19 07:10 -------- d-----r- c:\users\Daniel\Dropbox
2015-05-27 18:59 . 2015-06-19 07:10 -------- d-----w- c:\users\Daniel\AppData\Roaming\Dropbox
2015-05-21 15:02 . 2015-05-21 15:02 -------- d-----w- c:\programdata\Microsoft Toolkit
2015-05-21 00:09 . 2015-05-21 00:09 -------- d-----w- c:\windows\Migration
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-10 17:12 . 2015-05-15 10:00 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-28 07:04 . 2015-05-10 12:46 154256 ----a-w- c:\windows\SysWow64\nvinit.dll
2015-05-28 07:04 . 2013-04-08 11:32 175880 ----a-w- c:\windows\system32\nvinitx.dll
2015-05-28 04:15 . 2015-05-10 12:47 937288 ----a-w- c:\windows\system32\nvvsvc.exe
2015-05-28 04:15 . 2015-05-10 12:47 62608 ----a-w- c:\windows\system32\nvshext.dll
2015-05-28 04:15 . 2015-05-10 12:47 385168 ----a-w- c:\windows\system32\nvmctray.dll
2015-05-28 04:15 . 2015-05-10 12:47 3491984 ----a-w- c:\windows\system32\nvsvc64.dll
2015-05-28 04:15 . 2015-05-10 12:47 2558608 ----a-w- c:\windows\system32\nvsvcr.dll
2015-05-28 04:15 . 2015-05-10 12:47 6872904 ----a-w- c:\windows\system32\nvcpl.dll
2015-05-27 10:48 . 2015-05-10 12:47 4408727 ----a-w- c:\windows\system32\nvcoproc.bin
2015-05-25 18:01 . 2015-06-09 17:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-10 17:14 . 2015-05-10 17:14 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2015-05-10 17:06 . 2015-05-10 17:06 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-05-10 17:06 . 2015-05-10 17:06 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-05-10 17:06 . 2015-05-10 17:04 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-05-10 17:06 . 2015-05-10 17:04 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-05-10 17:06 . 2015-05-10 16:42 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-05-10 17:06 . 2015-05-10 16:42 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-05-10 17:06 . 2015-05-10 16:42 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-05-10 17:06 . 2015-05-10 17:06 43112 ----a-w- c:\windows\avastSS.scr
2015-05-10 17:06 . 2015-05-10 16:42 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-05-10 13:50 . 2015-05-10 13:50 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2015-05-10 13:50 . 2015-05-10 13:50 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-05-10 13:50 . 2015-05-10 13:50 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2015-05-10 13:50 . 2015-05-10 13:50 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2015-05-10 13:50 . 2015-05-10 13:50 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2015-05-10 13:50 . 2015-05-10 13:50 235008 ----a-w- c:\windows\system32\elshyph.dll
2015-05-10 13:50 . 2015-05-10 13:50 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2015-05-10 13:50 . 2015-05-10 13:50 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2015-05-10 13:50 . 2015-05-10 13:50 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2015-05-10 13:50 . 2015-05-10 13:50 942592 ----a-w- c:\windows\system32\jsIntl.dll
2015-05-10 13:50 . 2015-05-10 13:50 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-05-10 13:50 . 2015-05-10 13:50 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2015-05-10 13:50 . 2015-05-10 13:50 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-05-10 13:50 . 2015-05-10 13:50 81408 ----a-w- c:\windows\system32\icardie.dll
2015-05-10 13:50 . 2015-05-10 13:50 77312 ----a-w- c:\windows\system32\tdc.ocx
2015-05-10 13:50 . 2015-05-10 13:50 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2015-05-10 13:50 . 2015-05-10 13:50 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-05-10 13:50 . 2015-05-10 13:50 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2015-05-10 13:50 . 2015-05-10 13:50 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2015-05-10 13:50 . 2015-05-10 13:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2015-05-10 13:50 . 2015-05-10 13:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-05-10 13:50 . 2015-05-10 13:50 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-05-10 13:50 . 2015-05-10 13:50 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2015-05-10 13:50 . 2015-05-10 13:50 30208 ----a-w- c:\windows\system32\licmgr10.dll
2015-05-10 13:50 . 2015-05-10 13:50 247808 ----a-w- c:\windows\system32\msls31.dll
2015-05-10 13:50 . 2015-05-10 13:50 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-05-10 13:50 . 2015-05-10 13:50 235520 ----a-w- c:\windows\system32\url.dll
2015-05-10 13:50 . 2015-05-10 13:50 167424 ----a-w- c:\windows\system32\iexpress.exe
2015-05-10 13:50 . 2015-05-10 13:50 147968 ----a-w- c:\windows\system32\occache.dll
2015-05-10 13:50 . 2015-05-10 13:50 143872 ----a-w- c:\windows\system32\wextract.exe
2015-05-10 13:50 . 2015-05-10 13:50 13824 ----a-w- c:\windows\system32\mshta.exe
2015-05-10 13:50 . 2015-05-10 13:50 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-05-10 13:50 . 2015-05-10 13:50 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2015-05-10 13:50 . 2015-05-10 13:50 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2015-05-10 13:50 . 2015-05-10 13:50 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-05-10 13:50 . 2015-05-10 13:50 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2015-05-10 13:50 . 2015-05-10 13:50 105984 ----a-w- c:\windows\system32\iesysprep.dll
2015-05-10 13:50 . 2015-05-10 13:50 101376 ----a-w- c:\windows\system32\inseng.dll
2015-05-10 13:49 . 2015-05-10 13:49 327168 ----a-w- c:\windows\system32\mswsock.dll
2015-05-10 13:49 . 2015-05-10 13:49 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2015-05-10 13:49 . 2015-05-10 13:49 68608 ----a-w- c:\windows\system32\taskhost.exe
2015-05-10 13:47 . 2015-05-10 13:47 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-05-10 13:47 . 2015-05-10 13:47 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-05-10 13:47 . 2015-05-10 13:47 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2015-05-10 13:47 . 2015-05-10 13:47 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2015-05-10 13:47 . 2015-05-10 13:47 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-05-10 13:47 . 2015-05-10 13:47 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-05-10 13:47 . 2015-05-10 13:47 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-05-10 13:47 . 2015-05-10 13:47 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-05-10 13:47 . 2015-05-10 13:47 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2015-05-10 13:47 . 2015-05-10 13:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-05-10 13:47 . 2015-05-10 13:47 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-05-10 13:47 . 2015-05-10 13:47 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2015-05-10 13:47 . 2015-05-10 13:47 363008 ----a-w- c:\windows\system32\dxgi.dll
2015-05-10 13:47 . 2015-05-10 13:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-05-10 13:47 . 2015-05-10 13:47 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-05-10 13:47 . 2015-05-10 13:47 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-05-10 13:47 . 2015-05-10 13:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2015-05-10 13:47 . 2015-05-10 13:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-05-10 13:47 . 2015-05-10 13:47 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-05-10 13:47 . 2015-05-10 13:47 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-05-10 13:47 . 2015-05-10 13:47 296960 ----a-w- c:\windows\system32\d3d10core.dll
2015-05-10 13:47 . 2015-05-10 13:47 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-05-10 13:47 . 2015-05-10 13:47 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-05-10 13:47 . 2015-05-10 13:47 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2015-05-10 13:47 . 2015-05-10 13:47 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2015-05-10 13:47 . 2015-05-10 13:47 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2015-05-10 13:47 . 2015-05-10 13:47 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2015-05-10 13:47 . 2015-05-10 13:47 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2015-05-10 13:47 . 2015-05-10 13:47 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2015-05-10 13:47 . 2015-05-10 13:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2015-05-10 13:47 . 2015-05-10 13:47 1238528 ----a-w- c:\windows\system32\d3d10.dll
2015-05-10 13:47 . 2015-05-10 13:47 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2015-05-10 13:47 . 2015-05-10 13:47 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2015-05-10 13:47 . 2015-05-10 13:47 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-05-10 13:47 . 2015-05-10 13:47 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-05-10 13:47 . 2015-05-10 13:47 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2015-05-10 13:47 . 2015-05-10 13:47 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2015-05-10 13:47 . 2015-05-10 13:47 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Daniel\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432]
"Dropbox Update"="c:\users\Daniel\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-18 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-11 5515496]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2013-09-09 406328]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2013-05-30 205624]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
.
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-27 43871584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 ETD;ELAN Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel® Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTSUER;Realtek USB Card Reader - UER;c:\windows\system32\Drivers\RtsUer.sys;c:\windows\SYSNATIVE\Drivers\RtsUer.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-10 17:12 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-18 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3569579327-585111417-1849176126-1001Core.job
- c:\users\Daniel\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 18:17]
.
2015-06-19 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3569579327-585111417-1849176126-1001UA.job
- c:\users\Daniel\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 18:17]
.
2015-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10 16:48]
.
2015-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10 16:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-10 17:06 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2015-01-30 174480]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2015-01-30 402320]
"Persistence"="c:\windows\system32\igfxpers.exe" [2015-01-30 445328]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-05-28 2754704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-06-19  18:09:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-06-19 16:09
.
Vor Suchlauf: 8 Verzeichnis(se), 74.332.631.040 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 74.101.587.968 Bytes frei
.
- - End Of File - - A6EC763462958825AB8F559CDA21325D
A36C5E4F47E84449FF07ED3517B43A31
 
thanks!

  • 0

#13
Lille

Lille

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

so far, nothing to mention. looks good.


  • 0

#14
Lille

Lille

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

after a few days have passed, i am very sure that the threat is gone. thank you very much for your patience and help!

 

d


  • 0

#15
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I'm glad to hear that the issue is resolved.

 

I'll keep the topic open for a few days in case you need me or a question occurs to you.

 

OK, let's remove my tools and hopefully that goes without incident.

 

51a5ce45263de-delfix.png Clean with DelFix
 
Please download DelFix by Xplode and save it to your desktop.
 
  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.
 
Include it for my review.

 

Preventing Re-Infection

An ounce of prevention is better than a pound of cure, so, I have listed some tips for you to stay safe on the internet in the future.

WARNING!: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java. Have a look at this article.

I would recommend that you completely uninstall Java unless you need it to run an important software. In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you still want to keep Java

  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
  • Warning!: Make sure to uncheck Optional offer box when downloading Java or you will install an adware on your computer.

Adobe products have to always be updated, because they also are being used to infect your computer.

  • If you want to update Adobe Flash Player, visit this site.
  • If you want to update Adobe Reader, visit this site.
  • Warning!: Make sure to uncheck Optional offer box when downloading Adobe products or you will install an adware on your computer.

Turning on Automatic Updates is a crucial security measure. Keeping them out-of-date is like begging to get your system infected.

  • Click Start > Control Panel > System and Security > Windows Update
  • Under Windows Update click Turn automatic updating on or off
  • Make sure that your settings are set so that you will receive updates automatically and click OK.

FileHippo is one of programs that can check for out-of-date programs on your computer. You can get it here

Recommendations for security programs

  • Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
  • WinPatrol as a robust security monitor, will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

For some good tips about how to prevent infection in the future, visit this site.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP