Hallo Zusammen und noch ein frohes neues Jahr,
ich habe vor ein paar Tagen das Problem, dass auf meinem Rechner die "Software Shopping Deal Factory" installiert war, die ich auf normalem Wege über Systemsteuerung -> Software nicht deinstalliert bekommen habe. Nach einem Scan mit dem AdwCleaner und MBAM wurde einiges an Schadsoftware gefunden, weshalb ich diese dann auch gleich gelöscht habe.
Nach einem Neustart des Rechners war der Eintrag "Shopping Deal Factory" verschwunden und ich dachte das sich das Problem damit gelöst hat. Leider merkte ich kurz darauf, dass mein Virenschutzprogramm Avira Free Antivius den Sicherheitshinweis "Der Zugriff auf die Datei C:\Program Files\PCTRunner\MyOSProtect.exe mit dem Virus oder dem unerwünschten Programm ADWARE/Loadshop.1410301 wurde blockiert" angezeigt hat.
Im nächsten Schritt habe ich versucht diesen Fund im Avira zu entfernen. Leider scheint das nicht zu funktionieren, ich bekomme nämlich nach einem Neustart des Rechners immer wieder den gleichen Fund angezeigt.
Ich komme hier alleine nicht weiter, weshalb ich Eure Hilfe suche. Den Rechner möchte ich ungern formatieren, weil da Programme drauf sind, die relativ aufwendig in der Installation sind.
Ich habe soeben mit FRST einen Scan meines Systems durchgeführt. Hier die beiden Logfiles:
Nr. 1
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-01-2015
Ran by Feesche (administrator) on SBHR-PC2 on 05-01-2015 11:10:12
Running from C:\Users\Feesche\Downloads
Loaded Profile: Feesche (Available profiles: Rothengatter & Familie & Feesche)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Bytemobile, Inc.) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\bmctl.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-07-22] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5955072 2011-01-18] (Dell Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 38 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Tcpip\Parameters: [DhcpNameServer] 139.7.30.126 139.7.30.125
Tcpip\..\Interfaces\{272436DF-6196-4795-82B7-4EFC8E8A250F}: [NameServer] 0.0.0.0 0.0.0.0
Tcpip\..\Interfaces\{EA35ABD4-08D2-4858-8AC9-CA53BA0DAEB9}: [NameServer] 139.7.30.125,139.7.30.126
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_90 0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon [2014-03-31]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Feesche\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Feesche\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2014-10-28]
CHR Extension: (Docs) - C:\Users\Feesche\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2014-10-28]
CHR Extension: (Google Drive) - C:\Users\Feesche\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2014-10-28]
CHR Extension: (YouTube) - C:\Users\Feesche\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2014-10-28]
CHR Extension: (Google-Suche) - C:\Users\Feesche\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2014-10-28]
CHR Extension: (Google Tabellen) - C:\Users\Feesche\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2014-10-28]
CHR Extension: (Avira Browser Safety) - C:\Users\Feesche\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjkl bdgfkk [2014-10-28]
CHR Extension: (Google Mail) - C:\Users\Feesche\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2014-10-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2015-01-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-02] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [127488 2010-06-29] (Broadcom Corporation) [File not signed]
S3 MyOSProtect; C:\Program Files\PCTRunner\MyOSProtect.exe [1317096 2014-09-01] () [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-07-22] (IDT, Inc.)
R2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-02-05] (Vodafone) [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5210112 2011-01-18] (Dell Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-31] (Avira Operations GmbH & Co. KG)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18496 2011-01-18] (Broadcom Corporation)
S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [88064 2010-09-03] (Broadcom Corporation)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [13224 2011-06-17] (Bytemobile, Inc.) [File not signed]
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [61952 2009-12-21] (CSR, plc)
R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [20480 2014-09-01] () [File not signed] <==== ATTENTION
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-31] (Avira GmbH)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [24232 2011-06-17] (Bytemobile, Inc.) [File not signed]
R3 vodafone_K3805-z_dc_enum; C:\Windows\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys [61952 2010-09-01] (Vodafone)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-05 11:10 - 2015-01-05 11:10 - 00011137 _____ () C:\Users\Feesche\Downloads\FRST.txt
2015-01-05 11:10 - 2015-01-05 11:10 - 00000000 ____D () C:\FRST
2015-01-05 11:09 - 2015-01-05 11:09 - 01115136 _____ (Farbar) C:\Users\Feesche\Downloads\FRST.exe
2015-01-02 13:29 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-02 11:29 - 2015-01-02 11:29 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-02 11:22 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-02 11:22 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-02 11:22 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-02 11:22 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-02 11:22 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-02 11:09 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-02 11:09 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-02 11:08 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-02 11:08 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-02 11:08 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-02 11:08 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-02 11:08 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-02 11:08 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-02 11:08 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-02 11:08 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-02 11:08 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-02 11:08 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-02 11:08 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-02 11:08 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-02 11:08 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-02 11:08 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-02 11:08 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-02 11:08 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-02 11:08 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-02 11:08 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-02 11:08 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-02 11:08 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-02 11:08 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-02 11:08 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-02 11:08 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-02 11:08 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-02 11:08 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-02 11:08 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-02 11:08 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-02 11:08 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-02 11:08 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-02 11:08 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-02 11:08 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-02 11:07 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-02 11:07 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-02 11:07 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-02 11:07 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-02 11:07 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-02 11:07 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-02 11:07 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-02 11:07 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-02 11:06 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-02 11:06 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-02 11:06 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-02 11:06 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-02 11:06 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-02 11:06 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-02 11:05 - 2015-01-02 11:05 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-02 11:05 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-02 10:54 - 2015-01-02 10:54 - 00000000 __SHD () C:\Users\Feesche\AppData\Local\EmieUserList
2015-01-02 10:54 - 2015-01-02 10:54 - 00000000 __SHD () C:\Users\Feesche\AppData\Local\EmieSiteList
2015-01-02 10:54 - 2015-01-02 10:54 - 00000000 __SHD () C:\Users\Feesche\AppData\Local\EmieBrowserModeList
2015-01-02 10:50 - 2015-01-02 10:50 - 00000254 _____ () C:\Users\Feesche\Documents\MBAM2.txt
2015-01-02 10:49 - 2015-01-02 10:49 - 00000254 _____ () C:\Users\Feesche\Documents\MBAM.txt
2015-01-02 10:14 - 2015-01-02 11:01 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-02 10:13 - 2015-01-02 10:13 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-02 10:13 - 2015-01-02 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-02 10:13 - 2015-01-02 10:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-02 10:13 - 2015-01-02 10:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-02 10:13 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-02 10:13 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-02 10:13 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-02 10:12 - 2015-01-02 10:12 - 00009086 _____ () C:\Users\Feesche\Documents\AdwCleaner[S0].txt
2015-01-02 10:04 - 2015-01-05 11:01 - 00000000 ____D () C:\AdwCleaner
2015-01-02 10:04 - 2015-01-02 09:32 - 02173952 _____ () C:\Users\Feesche\Desktop\AdwCleaner_4.106.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-05 11:10 - 2009-07-14 05:34 - 00025392 ____H () C:\Windows\system32B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 11:10 - 2009-07-14 05:34 - 00025392 ____H () C:\Windows\system32B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 11:09 - 2013-11-26 16:16 - 01895702 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 11:03 - 2014-03-31 11:10 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 11:02 - 2014-10-28 09:15 - 00256070 _____ () C:\Windows\PFRO.log
2015-01-05 11:02 - 2014-10-28 09:15 - 00005389 _____ () C:\Windows\setupact.log
2015-01-05 11:02 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 10:13 - 2014-03-31 11:10 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-02 12:02 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-02 11:29 - 2014-05-09 15:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-02 11:29 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-02 11:29 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-01-02 11:28 - 2013-11-27 07:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-02 11:16 - 2013-11-26 17:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-02 11:11 - 2013-11-26 17:15 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-02 11:06 - 2014-08-17 16:06 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-02 11:05 - 2013-11-27 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-02 11:05 - 2013-11-27 08:48 - 00000000 ____D () C:\Program Files\Avira
2015-01-02 10:55 - 2013-11-26 16:23 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-02 09:29 - 2014-10-28 09:18 - 00092616 _____ () C:\Users\Feesche\AppData\Local\GDIPFONTCACHEV1.DAT
Some content of TEMP:
====================
C:\Users\Familie\AppData\Local\Temp\avgnt.exe
C:\Users\Feesche\AppData\Local\Temp\avgnt.exe
C:\Users\Feesche\AppData\Local\Temp\Quarantine.exe
C:\Users\Feesche\AppData\Local\Temp\sqlite3.dll
C:\Users\Rothengatter\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-04 00:08
==================== End Of Log ============================
ich habe vor ein paar Tagen das Problem, dass auf meinem Rechner die "Software Shopping Deal Factory" installiert war, die ich auf normalem Wege über Systemsteuerung -> Software nicht deinstalliert bekommen habe. Nach einem Scan mit dem AdwCleaner und MBAM wurde einiges an Schadsoftware gefunden, weshalb ich diese dann auch gleich gelöscht habe.
Nach einem Neustart des Rechners war der Eintrag "Shopping Deal Factory" verschwunden und ich dachte das sich das Problem damit gelöst hat. Leider merkte ich kurz darauf, dass mein Virenschutzprogramm Avira Free Antivius den Sicherheitshinweis "Der Zugriff auf die Datei C:\Program Files\PCTRunner\MyOSProtect.exe mit dem Virus oder dem unerwünschten Programm ADWARE/Loadshop.1410301 wurde blockiert" angezeigt hat.
Im nächsten Schritt habe ich versucht diesen Fund im Avira zu entfernen. Leider scheint das nicht zu funktionieren, ich bekomme nämlich nach einem Neustart des Rechners immer wieder den gleichen Fund angezeigt.
Ich komme hier alleine nicht weiter, weshalb ich Eure Hilfe suche. Den Rechner möchte ich ungern formatieren, weil da Programme drauf sind, die relativ aufwendig in der Installation sind.
Ich habe soeben mit FRST einen Scan meines Systems durchgeführt. Hier die beiden Logfiles:
Nr. 1
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-01-2015
Ran by Feesche (administrator) on SBHR-PC2 on 05-01-2015 11:10:12
Running from C:\Users\Feesche\Downloads
Loaded Profile: Feesche (Available profiles: Rothengatter & Familie & Feesche)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Bytemobile, Inc.) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\bmctl.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-07-22] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5955072 2011-01-18] (Dell Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 38 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Tcpip\Parameters: [DhcpNameServer] 139.7.30.126 139.7.30.125
Tcpip\..\Interfaces\{272436DF-6196-4795-82B7-4EFC8E8A250F}: [NameServer] 0.0.0.0 0.0.0.0
Tcpip\..\Interfaces\{EA35ABD4-08D2-4858-8AC9-CA53BA0DAEB9}: [NameServer] 139.7.30.125,139.7.30.126
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_90 0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon [2014-03-31]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Feesche\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Feesche\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2014-10-28]
CHR Extension: (Docs) - C:\Users\Feesche\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2014-10-28]
CHR Extension: (Google Drive) - C:\Users\Feesche\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2014-10-28]
CHR Extension: (YouTube) - C:\Users\Feesche\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2014-10-28]
CHR Extension: (Google-Suche) - C:\Users\Feesche\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2014-10-28]
CHR Extension: (Google Tabellen) - C:\Users\Feesche\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2014-10-28]
CHR Extension: (Avira Browser Safety) - C:\Users\Feesche\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjkl bdgfkk [2014-10-28]
CHR Extension: (Google Mail) - C:\Users\Feesche\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2014-10-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2015-01-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-02] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [127488 2010-06-29] (Broadcom Corporation) [File not signed]
S3 MyOSProtect; C:\Program Files\PCTRunner\MyOSProtect.exe [1317096 2014-09-01] () [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-07-22] (IDT, Inc.)
R2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-02-05] (Vodafone) [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5210112 2011-01-18] (Dell Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-31] (Avira Operations GmbH & Co. KG)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18496 2011-01-18] (Broadcom Corporation)
S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [88064 2010-09-03] (Broadcom Corporation)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [13224 2011-06-17] (Bytemobile, Inc.) [File not signed]
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [61952 2009-12-21] (CSR, plc)
R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [20480 2014-09-01] () [File not signed] <==== ATTENTION
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-31] (Avira GmbH)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [24232 2011-06-17] (Bytemobile, Inc.) [File not signed]
R3 vodafone_K3805-z_dc_enum; C:\Windows\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys [61952 2010-09-01] (Vodafone)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-05 11:10 - 2015-01-05 11:10 - 00011137 _____ () C:\Users\Feesche\Downloads\FRST.txt
2015-01-05 11:10 - 2015-01-05 11:10 - 00000000 ____D () C:\FRST
2015-01-05 11:09 - 2015-01-05 11:09 - 01115136 _____ (Farbar) C:\Users\Feesche\Downloads\FRST.exe
2015-01-02 13:29 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-02 11:29 - 2015-01-02 11:29 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-02 11:22 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-02 11:22 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-02 11:22 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-02 11:22 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-02 11:22 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-02 11:09 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-02 11:09 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-02 11:08 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-02 11:08 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-02 11:08 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-02 11:08 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-02 11:08 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-02 11:08 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-02 11:08 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-02 11:08 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-02 11:08 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-02 11:08 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-02 11:08 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-02 11:08 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-02 11:08 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-02 11:08 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-02 11:08 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-02 11:08 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-02 11:08 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-02 11:08 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-02 11:08 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-02 11:08 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-02 11:08 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-02 11:08 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-02 11:08 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-02 11:08 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-02 11:08 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-02 11:08 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-02 11:08 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-02 11:08 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-02 11:08 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-02 11:08 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-02 11:08 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-02 11:07 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-02 11:07 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-02 11:07 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-02 11:07 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-02 11:07 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-02 11:07 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-02 11:07 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-02 11:07 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-02 11:06 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-02 11:06 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-02 11:06 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-02 11:06 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-02 11:06 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-02 11:06 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-02 11:05 - 2015-01-02 11:05 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-02 11:05 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-02 10:54 - 2015-01-02 10:54 - 00000000 __SHD () C:\Users\Feesche\AppData\Local\EmieUserList
2015-01-02 10:54 - 2015-01-02 10:54 - 00000000 __SHD () C:\Users\Feesche\AppData\Local\EmieSiteList
2015-01-02 10:54 - 2015-01-02 10:54 - 00000000 __SHD () C:\Users\Feesche\AppData\Local\EmieBrowserModeList
2015-01-02 10:50 - 2015-01-02 10:50 - 00000254 _____ () C:\Users\Feesche\Documents\MBAM2.txt
2015-01-02 10:49 - 2015-01-02 10:49 - 00000254 _____ () C:\Users\Feesche\Documents\MBAM.txt
2015-01-02 10:14 - 2015-01-02 11:01 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-02 10:13 - 2015-01-02 10:13 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-02 10:13 - 2015-01-02 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-02 10:13 - 2015-01-02 10:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-02 10:13 - 2015-01-02 10:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-02 10:13 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-02 10:13 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-02 10:13 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-02 10:12 - 2015-01-02 10:12 - 00009086 _____ () C:\Users\Feesche\Documents\AdwCleaner[S0].txt
2015-01-02 10:04 - 2015-01-05 11:01 - 00000000 ____D () C:\AdwCleaner
2015-01-02 10:04 - 2015-01-02 09:32 - 02173952 _____ () C:\Users\Feesche\Desktop\AdwCleaner_4.106.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-05 11:10 - 2009-07-14 05:34 - 00025392 ____H () C:\Windows\system32B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 11:10 - 2009-07-14 05:34 - 00025392 ____H () C:\Windows\system32B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 11:09 - 2013-11-26 16:16 - 01895702 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 11:03 - 2014-03-31 11:10 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 11:02 - 2014-10-28 09:15 - 00256070 _____ () C:\Windows\PFRO.log
2015-01-05 11:02 - 2014-10-28 09:15 - 00005389 _____ () C:\Windows\setupact.log
2015-01-05 11:02 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 10:13 - 2014-03-31 11:10 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-02 12:02 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-02 11:29 - 2014-05-09 15:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-02 11:29 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-02 11:29 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-01-02 11:28 - 2013-11-27 07:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-02 11:16 - 2013-11-26 17:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-02 11:11 - 2013-11-26 17:15 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-02 11:06 - 2014-08-17 16:06 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-02 11:05 - 2013-11-27 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-02 11:05 - 2013-11-27 08:48 - 00000000 ____D () C:\Program Files\Avira
2015-01-02 10:55 - 2013-11-26 16:23 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-02 09:29 - 2014-10-28 09:18 - 00092616 _____ () C:\Users\Feesche\AppData\Local\GDIPFONTCACHEV1.DAT
Some content of TEMP:
====================
C:\Users\Familie\AppData\Local\Temp\avgnt.exe
C:\Users\Feesche\AppData\Local\Temp\avgnt.exe
C:\Users\Feesche\AppData\Local\Temp\Quarantine.exe
C:\Users\Feesche\AppData\Local\Temp\sqlite3.dll
C:\Users\Rothengatter\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-04 00:08
==================== End Of Log ============================
No comments:
Post a Comment