| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BKA Trojana (nur im borwser?) Bitte um hilfeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.11.2013, 16:46
| #1 |
| |  BKA Trojana (nur im borwser?) Bitte um hilfe Hey Trojana Board, hier meine Geschichte: Gestern war ich auf einer Pornoseite (ja ja ich weiß) und habe dort ein thumbnail angeklickt und landete auf eine Seite die so (ungefähr) aussah.  Etwas anders, rechts war noch meine IP adresse und unten waren haufenweise logos von verschienden bezahlungsmöglichkeiten. Ich bekam erstmal ein schreck (man weiß ja nie wohin ein so ein thumbnail führt) und dann viel mit das mit dem Geld auf, und wusste sofort; Betrug! Ich wollte also den tab schließen doch ein popup fenster verhinderte dies. Auch das schließen des browser ging nicht, also öfnete ich den Taskmanager und beendete den Prozess des Browsers. Nun gut, und hier kommt mein Bedenken. Laut meiner anschließenden recherche und ein telefonat mit der Polizei sagten alle mein ganze PC müsste nun nicht mehr gehen. Doch er ging. Ohne probleme. Ich lief Hitman pro rüber laufen und auch sonstige malware und antiviren programme, und bis auf ein paar cookies war alles okay kein Virus. Ich habe sogar das System wieder hergestellt von dem tag zuvor. Ich sprach dann noch mit ein paar Leuten aus dem IT bereich. Zuerst machten sie mir alle angst, doch als ich ihnen schilderte dass die ganze sache auschließlich im browser war sagten sie alle "dann musst du dir keine Gedanken machen". Was ist mir passiert? War das der echte Trojana? War das ein Fake um leute angst zu machen wie diese lästigen "hier nicht klicken" seiten die man dann doch klickt und laute musik und 10000 popup fenster abspielen? Ich will ungern mein system plätten da ich zurzeit keine möglichkeit habe daten zu sichern und diese mir zu wichtig sind. Mein PC geht, kein zeichen von "überweisen sie 100€ ihr PC wurde gesperrt". Hatte ich glück? Kann doch etwas sein? Ich meine es kann immer etwas sein aber wie warscheinlich ist es? Kennt jemand einen fall wie meinen wo nichts war am ende? Ein schlechter scherz? Vielen dank. Und bitte gruselt mich nicht zu sehr nur wenn ihr es für absolut möglich haltet das mein PC infiziert wurde. Habe eben gelesen das HijackThis nicht genug ist, ich lasse es trotzdem drin, schaden kann es nicht. HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 16:59:23, on 28.11.2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) Boot mode: Normal Running processes: C:\Users\Knet\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Citrix\ICA Client\redirector.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Citrix\Receiver\Receiver.exe C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Users\Knet\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe C:\Users\Knet\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe C:\Users\Knet\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe C:\Users\Knet\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe C:\Users\Knet\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe C:\Users\Knet\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe C:\Users\Knet\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe C:\Users\Knet\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe C:\Users\Knet\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe C:\Users\Knet\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe C:\Users\Knet\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe C:\Users\Knet\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe C:\Users\Knet\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe C:\Users\Knet\Downloads\HijackThis.exe F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Dropbox.lnk = C:\Users\Knet\AppData\Roaming\Dropbox\bin\Dropbox.exe O9 - Extra button: In Blog veroffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veroffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - ESC Trusted Zone: hxxp://*.update.microsoft.com O17 - HKLM\System\CCS\Services\Tcpip\..\{FD283403-4059-4A59-9483-1798A29154C2}: NameServer = 8.8.8.8 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: Expat Shield Service (ExpatShieldService) - Unknown owner - C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe O23 - Service: Expat Shield Routing Service (ExpatSrv) - AnchorFree Inc. - C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe O23 - Service: Expat Shield Tray Service (ExpatTrayService) - Unknown owner - C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE O23 - Service: Expat Shield Monitoring Service (ExpatWd) - Unknown owner - C:\Program Files (x86)\Expat Shield\bin\hsswd.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12409 bytes Geändert von Orcake (28.11.2013 um 17:06 Uhr) |
|
28.11.2013, 18:49
| #2 |
| /// the machine /// TB-Ausbilder    | BKA Trojana (nur im borwser?) Bitte um hilfe hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
28.11.2013, 19:36
| #3 |
| | BKA Trojana (nur im borwser?) Bitte um hilfe Das geschieht wenn ich es starte. Ist das schlimm? Was soll ich tun? _______________________________________ Nun hat es geklappt, würde trotzdem gern wissen ob das oben schlimm war, deswegen lasse ich es in der nachicht. FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-11-2013
Ran by Knet (administrator) on KNET-PC on 28-11-2013 19:43:29
Running from C:\Users\Knet\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
() C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
(AnchorFree Inc.) C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
() C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Dropbox, Inc.) C:\Users\Knet\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
MountPoints2: {22b501f9-9fbc-11e2-ad27-88ae1d9e30d6} - V:\install.exe
MountPoints2: {2e8e6589-4d3b-11e3-a4cd-88ae1d9e30d6} - W:\setup.exe
MountPoints2: {635ca1d2-8f21-11e2-85ed-806e6f6e6963} - D:\SETUP.EXE
MountPoints2: {6529e5cb-a47d-11e2-95be-88ae1d9e30d6} - V:\launch.exe
MountPoints2: {6529e622-a47d-11e2-95be-88ae1d9e30d6} - V:\SETUP.exe
MountPoints2: {aaf04ce9-963b-11e2-904c-88ae1d9e30d6} - V:\SETUP.EXE
MountPoints2: {b9bdcb47-a459-11e2-92ea-88ae1d9e30d6} - V:\launch.exe
MountPoints2: {b9bdcb4b-a459-11e2-92ea-88ae1d9e30d6} - V:\launch.exe
MountPoints2: {b9bdcb4e-a459-11e2-92ea-88ae1d9e30d6} - V:\launch.exe
MountPoints2: {cc033c39-a521-11e2-861d-88ae1d9e30d6} - V:\setup.exe
MountPoints2: {cc033c48-a521-11e2-861d-88ae1d9e30d6} - V:\setup.exe
MountPoints2: {d0b2c391-9006-11e2-85c3-88ae1d9e30d6} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL V:\Setup.msi
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] - C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-28] (AVAST Software)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
Startup: C:\Users\Knet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Knet\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=bdtdhp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273603139105l04g4z1k5v4702200s
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll (AnchorFree Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{FD283403-4059-4A59-9483-1798A29154C2}: [NameServer]8.8.8.8
Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Docs) - C:\Users\Knet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Knet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Knet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Knet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (avast! Online Security) - C:\Users\Knet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Google Wallet) - C:\Users\Knet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Knet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-28] (AVAST Software)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 ExpatShieldService; C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [331608 2012-01-17] ()
S3 ExpatTrayService; C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE [77520 2012-01-17] ()
R2 ExpatWd; C:\Program Files (x86)\Expat Shield\bin\hsswd.exe [329544 2012-01-05] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-11-27] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-28] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [125304 2012-09-10] (Focusrite Audio Engineering Limited.)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2013-11-28] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-04-28] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-28 19:43 - 2013-11-28 19:44 - 00016874 _____ C:\Users\Knet\Desktop\FRST.txt
2013-11-28 19:43 - 2013-11-28 19:43 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-11-28 19:43 - 2013-11-28 19:43 - 00000000 ____D C:\FRST
2013-11-28 19:34 - 2013-11-28 19:34 - 01092049 _____ (Farbar) C:\Users\Knet\Downloads\FRST.exe
2013-11-28 19:21 - 2013-11-28 19:21 - 01959024 _____ (Farbar) C:\Users\Knet\Desktop\FRST64.exe
2013-11-28 18:52 - 2013-11-28 18:52 - 00007594 _____ C:\Users\Knet\AppData\Local\Resmon.ResmonCfg
2013-11-28 17:21 - 2013-11-28 17:21 - 00000000 ____D C:\Users\Knet\AppData\Roaming\Malwarebytes
2013-11-28 17:21 - 2013-11-28 17:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-28 17:21 - 2013-11-28 17:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-28 17:21 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-28 17:20 - 2013-11-28 17:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Knet\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-28 17:10 - 2013-11-28 17:10 - 00000000 ____D C:\Users\Knet\AppData\Roaming\AVAST Software
2013-11-28 17:09 - 2013-11-28 17:09 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-28 17:08 - 2013-11-28 17:08 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-11-28 17:08 - 2013-11-28 17:08 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-11-28 17:08 - 2013-11-28 17:08 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-11-28 17:08 - 2013-11-28 17:08 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-28 17:08 - 2013-11-28 17:08 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-11-28 17:08 - 2013-11-28 17:08 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-11-28 17:08 - 2013-11-28 17:08 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-11-28 17:08 - 2013-11-28 17:08 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-11-28 17:08 - 2013-11-28 17:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-11-28 17:08 - 2013-11-28 17:08 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-11-28 17:07 - 2013-11-28 17:07 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-28 17:07 - 2013-11-28 17:07 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-28 17:03 - 2013-11-28 17:04 - 87529432 _____ (AVAST Software) C:\Users\Knet\Downloads\avast_free_antivirus_setup.exe
2013-11-28 16:59 - 2013-11-28 16:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\Knet\Downloads\HijackThis.exe
2013-11-28 16:59 - 2013-11-28 16:59 - 00012411 _____ C:\Users\Knet\Downloads\hijackthis.log
2013-11-28 00:02 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-27 23:58 - 2013-11-27 23:58 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-27 23:58 - 2013-11-27 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-27 23:58 - 2013-11-27 23:58 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-27 23:58 - 2013-11-27 23:58 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-27 23:58 - 2013-11-27 23:58 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-27 23:58 - 2013-11-27 23:58 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-27 23:58 - 2013-11-27 23:58 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-27 23:58 - 2013-11-27 23:58 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-27 23:58 - 2013-11-27 23:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-27 23:58 - 2013-11-27 23:58 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-27 23:58 - 2013-11-27 23:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-27 23:57 - 2013-11-28 00:02 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-27 23:29 - 2013-11-27 23:29 - 10264904 _____ (SurfRight B.V.) C:\Users\Knet\Downloads\HitmanPro_x64.exe
2013-11-27 23:29 - 2013-11-27 23:29 - 00001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-11-27 23:29 - 2013-11-27 23:29 - 00000000 ____D C:\Program Files\HitmanPro
2013-11-27 22:36 - 2013-11-27 23:01 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-27 22:23 - 2013-11-27 23:15 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-27 22:23 - 2013-11-27 22:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-14 16:51 - 2013-11-14 16:51 - 50449456 _____ (Microsoft Corporation) C:\Users\Knet\Downloads\dotNetFx40_Full_x86_x64.exe
2013-11-14 07:18 - 2013-11-28 19:39 - 00002744 _____ C:\Windows\setupact.log
2013-11-14 07:18 - 2013-11-14 07:18 - 00000000 _____ C:\Windows\setuperr.log
2013-11-14 00:40 - 2013-11-14 00:40 - 00000000 ____D C:\Users\Knet\Downloads\DLsite mods 2
2013-11-13 23:59 - 2013-11-13 23:59 - 00481631 _____ C:\Users\Knet\Downloads\3DCG mod torrent collection.rar
2013-11-13 23:58 - 2013-11-13 23:58 - 00481631 _____ C:\Users\Knet\Downloads\3DCG mod Colletions.rar
2013-11-13 23:26 - 2013-11-13 23:26 - 00000000 ____D C:\Users\Knet\Documents\TechArts3D
2013-11-13 23:25 - 2013-11-13 23:25 - 00000000 ____D C:\Program Files (x86)\TechArts3D
2013-11-13 22:59 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 22:59 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 22:59 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 22:59 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 22:59 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 22:59 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 22:59 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 22:59 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 22:59 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 22:59 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 22:59 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 22:59 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 22:59 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 22:59 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 22:59 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 22:59 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 22:59 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 22:59 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 22:59 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 22:59 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 22:59 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 22:59 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 22:59 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 22:59 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 22:59 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 22:59 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 22:59 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 22:59 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 22:59 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 22:59 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-03 11:52 - 2013-11-03 11:52 - 00045806 _____ C:\Users\Knet\Downloads\circa_survive_were_all_thieves.gp5
2013-11-03 11:51 - 2013-11-03 11:51 - 00045859 _____ C:\Users\Knet\Downloads\circa_survive_stop_the_fucking_car.gp5
2013-11-03 11:51 - 2013-11-03 11:51 - 00010969 _____ C:\Users\Knet\Downloads\circa_survive_the_greatest_lie.gp5
2013-11-03 11:46 - 2013-11-03 11:46 - 00032214 _____ C:\Users\Knet\Downloads\circa_survive_in_fear_and_faith.gp5
2013-11-03 11:35 - 2013-11-03 11:35 - 00053802 _____ C:\Users\Knet\Downloads\circa_survive_greatest_lie.gp5
2013-11-03 11:31 - 2013-11-03 11:31 - 00038134 _____ C:\Users\Knet\Downloads\circa_survive_act_apalled.gp5
2013-11-01 14:05 - 2013-11-01 14:05 - 00008214 _____ C:\Users\Knet\Downloads\misc_computer_games_silent_hill_3_-_end_of_small_sanctuary.gp4
==================== One Month Modified Files and Folders =======
2013-11-28 19:44 - 2013-11-28 19:43 - 00016874 _____ C:\Users\Knet\Desktop\FRST.txt
2013-11-28 19:43 - 2013-11-28 19:43 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-11-28 19:43 - 2013-11-28 19:43 - 00000000 ____D C:\FRST
2013-11-28 19:40 - 2013-04-24 16:28 - 00000000 ___RD C:\Users\Knet\Dropbox
2013-11-28 19:40 - 2013-04-24 16:26 - 00000000 ____D C:\Users\Knet\AppData\Roaming\Dropbox
2013-11-28 19:40 - 2013-03-18 18:28 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-28 19:39 - 2013-11-14 07:18 - 00002744 _____ C:\Windows\setupact.log
2013-11-28 19:39 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-28 19:38 - 2013-03-17 17:43 - 01724601 _____ C:\Windows\WindowsUpdate.log
2013-11-28 19:34 - 2013-11-28 19:34 - 01092049 _____ (Farbar) C:\Users\Knet\Downloads\FRST.exe
2013-11-28 19:21 - 2013-11-28 19:21 - 01959024 _____ (Farbar) C:\Users\Knet\Desktop\FRST64.exe
2013-11-28 19:15 - 2013-03-18 18:39 - 00000000 ____D C:\Users\Knet\AppData\Roaming\Skype
2013-11-28 19:14 - 2013-03-18 18:28 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-28 18:52 - 2013-11-28 18:52 - 00007594 _____ C:\Users\Knet\AppData\Local\Resmon.ResmonCfg
2013-11-28 17:44 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-28 17:44 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-28 17:34 - 2013-03-17 17:40 - 00104034 _____ C:\Windows\PFRO.log
2013-11-28 17:21 - 2013-11-28 17:21 - 00000000 ____D C:\Users\Knet\AppData\Roaming\Malwarebytes
2013-11-28 17:21 - 2013-11-28 17:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-28 17:21 - 2013-11-28 17:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-28 17:20 - 2013-11-28 17:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Knet\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-28 17:10 - 2013-11-28 17:10 - 00000000 ____D C:\Users\Knet\AppData\Roaming\AVAST Software
2013-11-28 17:09 - 2013-11-28 17:09 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-28 17:09 - 2013-03-18 18:28 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-28 17:09 - 2013-03-17 18:29 - 00000000 ____D C:\Users\Knet\AppData\Local\Google
2013-11-28 17:09 - 2010-07-13 12:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-28 17:08 - 2013-11-28 17:08 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-11-28 17:08 - 2013-11-28 17:08 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-11-28 17:08 - 2013-11-28 17:08 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-11-28 17:08 - 2013-11-28 17:08 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-28 17:08 - 2013-11-28 17:08 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-11-28 17:08 - 2013-11-28 17:08 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-11-28 17:08 - 2013-11-28 17:08 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-11-28 17:08 - 2013-11-28 17:08 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-11-28 17:08 - 2013-11-28 17:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-11-28 17:08 - 2013-11-28 17:08 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-11-28 17:08 - 2013-03-18 18:28 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-28 17:07 - 2013-11-28 17:07 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-28 17:07 - 2013-11-28 17:07 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-28 17:04 - 2013-11-28 17:03 - 87529432 _____ (AVAST Software) C:\Users\Knet\Downloads\avast_free_antivirus_setup.exe
2013-11-28 16:59 - 2013-11-28 16:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\Knet\Downloads\HijackThis.exe
2013-11-28 16:59 - 2013-11-28 16:59 - 00012411 _____ C:\Users\Knet\Downloads\hijackthis.log
2013-11-28 00:05 - 2013-03-17 18:29 - 00001425 _____ C:\Users\Knet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-28 00:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-28 00:02 - 2013-11-27 23:57 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-27 23:58 - 2013-11-27 23:58 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-27 23:58 - 2013-11-27 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-27 23:58 - 2013-11-27 23:58 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-27 23:58 - 2013-11-27 23:58 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-27 23:58 - 2013-11-27 23:58 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-27 23:58 - 2013-11-27 23:58 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-27 23:58 - 2013-11-27 23:58 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-27 23:58 - 2013-11-27 23:58 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-27 23:58 - 2013-11-27 23:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-27 23:58 - 2013-11-27 23:58 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-27 23:58 - 2013-11-27 23:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-27 23:58 - 2013-11-27 23:58 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-27 23:58 - 2013-11-27 23:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-27 23:35 - 2013-04-16 19:30 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3041941655-3651832477-661197269-1000UA.job
2013-11-27 23:29 - 2013-11-27 23:29 - 10264904 _____ (SurfRight B.V.) C:\Users\Knet\Downloads\HitmanPro_x64.exe
2013-11-27 23:29 - 2013-11-27 23:29 - 00001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-11-27 23:29 - 2013-11-27 23:29 - 00000000 ____D C:\Program Files\HitmanPro
2013-11-27 23:15 - 2013-11-27 22:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-27 23:15 - 2013-03-17 18:26 - 00000000 ____D C:\Users\Knet
2013-11-27 23:15 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Media
2013-11-27 23:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-27 23:15 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-27 23:01 - 2013-11-27 22:36 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-27 22:31 - 2013-11-27 22:23 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-25 20:42 - 2013-03-30 14:45 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-25 20:42 - 2013-03-30 14:45 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-25 00:17 - 2013-03-18 20:13 - 00000000 ____D C:\Users\Knet\AppData\Roaming\uTorrent
2013-11-24 20:35 - 2013-04-16 19:30 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3041941655-3651832477-661197269-1000Core.job
2013-11-22 18:03 - 2013-04-27 11:22 - 00000000 ____D C:\Users\Knet\Documents\REAPER Media
2013-11-22 17:52 - 2013-04-27 12:58 - 00000000 ____D C:\Users\Knet\Documents\Musikprojekte
2013-11-21 22:07 - 2013-04-07 14:19 - 00000000 ____D C:\Users\Knet\AppData\Roaming\Mal Updater
2013-11-20 23:40 - 2013-06-23 10:11 - 00000000 ____D C:\Users\Knet\AppData\Roaming\foobar2000
2013-11-18 20:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-16 19:06 - 2013-04-03 21:55 - 01578854 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-16 19:06 - 2013-03-18 02:35 - 00686360 _____ C:\Windows\system32\perfh007.dat
2013-11-16 19:06 - 2013-03-18 02:35 - 00147488 _____ C:\Windows\system32\perfc007.dat
2013-11-16 19:06 - 2009-07-14 06:13 - 01578854 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-15 18:39 - 2013-06-23 15:59 - 00000000 ____D C:\Users\Knet\AppData\Local\Last.fm
2013-11-14 16:51 - 2013-11-14 16:51 - 50449456 _____ (Microsoft Corporation) C:\Users\Knet\Downloads\dotNetFx40_Full_x86_x64.exe
2013-11-14 16:30 - 2013-04-25 17:26 - 00000000 ____D C:\Users\Knet\Documents\Meine Programme
2013-11-14 07:18 - 2013-11-14 07:18 - 00000000 _____ C:\Windows\setuperr.log
2013-11-14 01:17 - 2013-08-14 07:00 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 01:14 - 2013-03-17 21:03 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 01:04 - 2010-07-13 12:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-14 00:59 - 2010-07-13 12:59 - 00001024 ___RH C:\Users\Public\Documents\NTIMMV9Acer.dll
2013-11-14 00:59 - 2010-07-13 12:59 - 00000000 ____D C:\Program Files (x86)\NTI
2013-11-14 00:55 - 2013-03-27 07:43 - 00000000 ____D C:\Windows\Minidump
2013-11-14 00:45 - 2013-03-18 22:17 - 00000000 ____D C:\ProgramData\Ableton
2013-11-14 00:40 - 2013-11-14 00:40 - 00000000 ____D C:\Users\Knet\Downloads\DLsite mods 2
2013-11-13 23:59 - 2013-11-13 23:59 - 00481631 _____ C:\Users\Knet\Downloads\3DCG mod torrent collection.rar
2013-11-13 23:58 - 2013-11-13 23:58 - 00481631 _____ C:\Users\Knet\Downloads\3DCG mod Colletions.rar
2013-11-13 23:26 - 2013-11-13 23:26 - 00000000 ____D C:\Users\Knet\Documents\TechArts3D
2013-11-13 23:25 - 2013-11-13 23:25 - 00000000 ____D C:\Program Files (x86)\TechArts3D
2013-11-13 22:47 - 2013-03-18 18:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-13 22:47 - 2013-03-18 18:39 - 00000000 ____D C:\ProgramData\Skype
2013-11-13 20:53 - 2013-03-18 18:30 - 00000000 ___RD C:\Users\Knet\Google Drive
2013-11-11 18:40 - 2013-05-07 20:48 - 00000000 ____D C:\Users\Knet\AppData\Local\Paint.NET
2013-11-03 11:52 - 2013-11-03 11:52 - 00045806 _____ C:\Users\Knet\Downloads\circa_survive_were_all_thieves.gp5
2013-11-03 11:51 - 2013-11-03 11:51 - 00045859 _____ C:\Users\Knet\Downloads\circa_survive_stop_the_fucking_car.gp5
2013-11-03 11:51 - 2013-11-03 11:51 - 00010969 _____ C:\Users\Knet\Downloads\circa_survive_the_greatest_lie.gp5
2013-11-03 11:46 - 2013-11-03 11:46 - 00032214 _____ C:\Users\Knet\Downloads\circa_survive_in_fear_and_faith.gp5
2013-11-03 11:35 - 2013-11-03 11:35 - 00053802 _____ C:\Users\Knet\Downloads\circa_survive_greatest_lie.gp5
2013-11-03 11:31 - 2013-11-03 11:31 - 00038134 _____ C:\Users\Knet\Downloads\circa_survive_act_apalled.gp5
2013-11-01 14:05 - 2013-11-01 14:05 - 00008214 _____ C:\Users\Knet\Downloads\misc_computer_games_silent_hill_3_-_end_of_small_sanctuary.gp4
2013-10-30 21:18 - 2013-03-27 22:47 - 00000000 ____D C:\Users\Knet\AppData\Roaming\Mumble
Some content of TEMP:
====================
C:\Users\Knet\AppData\Local\Temp\avgnt.exe
C:\Users\Knet\AppData\Local\Temp\_isF73B.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-22 00:53
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-11-2013
Ran by Knet at 2013-11-28 19:46:37
Running from C:\Users\Knet\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
µTorrent (x32 Version: 2.2.1)
¹–ë‚̉S (x32)
3Dカスタム少女 (x32 Version: 1.0.0)
7-Zip 9.20 (x32)
Ableton Live 9 Suite (x32 Version: 9.0.0.0)
Acer Backup Manager (x32 Version: 2.0.0.68)
Acer Crystal Eye webcam (x32 Version: 1.0.4.0)
Acer ePower Management (x32 Version: 5.00.3005)
Acer eRecovery Management (x32 Version: 4.05.3013)
Acer ScreenSaver (x32 Version: 1.1.0707.2010)
Acer Updater (x32 Version: 1.02.3001)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 3.6.0.6090)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Reader 9.1 MUI (x32 Version: 9.1.0)
Audacity 2.0.3 (x32 Version: 2.0.3)
avast! Free Antivirus (x32 Version: 9.0.2008)
Avira Free Antivirus (x32 Version: 14.0.1.749)
Backup Manager Basic (x32 Version: 2.0.0.68)
Baldur's Gate(TM) II - Shadows of Amn(TM) (x32)
Bass Station 2.0 (x32 Version: 2.0)
Bing-Desktop (x32 Version: 1.3.171.0)
Broadcom Gigabit NetLink Controller (Version: 14.0.2.3)
Citrix Authentication Manager (x32 Version: 5.0.0.60597)
Citrix Receiver (DV) (x32 Version: 14.0.0.91)
Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 14.0.0.91)
Citrix Receiver (USB) (x32 Version: 14.0.0.91)
Citrix Receiver (x32 Version: 14.0.0.91)
Citrix Receiver Inside (x32 Version: 3.4.0.45902)
Citrix Receiver Updater (x32 Version: 4.0.0.45893)
Citrix Receiver(Aero) (x32 Version: 14.0.0.91)
Combined Community Codec Pack 2013-04-20 (x32 Version: 2013.04.20.0)
CoolNovo (HKCU Version: 2.0.9.20)
CyberLink PowerDVD 9 (x32 Version: 9.0.2829.50)
D2SE V2.2.0 (x32 Version: 2.2.0)
Diablo II (x32)
Don't Starve (x32)
Dota 2 (x32)
Dream Day First Home (x32)
Dropbox (HKCU Version: 2.0.22)
eBay Worldwide (x32 Version: 2.1.0901)
Expat Shield 2.25 (x32 Version: 2.25)
EZdrummer (x32 Version: 1.1.1)
EZXMetalHeads (x32 Version: 1.0.0)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Fences (Version: 1.0)
Fences (x32)
Focusrite USB 2.0 Audio Driver 2.4 (Version: 2.4)
foobar2000 v1.2.8 (x32 Version: 1.2.8)
Free M4a to MP3 Converter 8.0 (x32)
Google Chrome (x32 Version: 31.0.1650.57)
Google Drive (x32 Version: 1.12.5329.1887)
Google Update Helper (x32 Version: 1.3.21.169)
Grim Dawn (x32)
Guitar Pro 5.2 (x32)
HitmanPro 3.7 (Version: 3.7.8.208)
Identity Card (x32 Version: 1.00.3003)
IDroo 1.0.0.186 (x32 Version: 1.0.0.186)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.2.1001)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.02.00.1002)
Junk Mail filter update (x32 Version: 14.0.8089.726)
keFIR VST plugin (x32 Version: 1.0.0)
LAME v3.99.3 (for Windows) (x32)
Last.fm Scrobbler 2.1.36 (x32)
Launch Manager (x32 Version: 4.0.12)
Magic 2014 (x32)
Magic Online (x32 Version: 3.00.0000)
Magic The Gathering Online (HKCU Version: 3.4.76.329)
Mal Updater 2.95 (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0)
Microsoft-Maus- und Tastatur-Center (Version: 2.1.177.0)
MSVCRT (x32 Version: 14.0.1468.721)
Mumble 1.2.3 (x32 Version: 1.2.3)
MyWinLocker (x32 Version: 3.1.212.0)
MyWinLocker Suite (x32 Version: 3.1.212.0)
Norton Online Backup (x32 Version: 2.1.17869)
NVIDIA Display Control Panel (Version: 6.14.12.5903)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
NVIDIA PhysX (x32 Version: 9.10.0224)
Online Plug-in (x32 Version: 14.0.0.91)
Opera 12.15 (x32 Version: 12.15.1748)
Paint.NET v3.5.10 (Version: 3.60.0)
Path of Exile (x32 Version: 0.10.3.23684)
PlugY, The Survival Kit (x32 Version: 10.00)
Poker Pop (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6141)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30122)
REAPER (x64)
Rogue Legacy version 1.0.10a (x32 Version: 1.0.10a)
Scarlett Plug-in Suite 1.4 (x32 Version: 1.4)
Self-Service Plug-in (x32 Version: 4.0.0.40674)
Shredder (Version: 2.0.8.3)
Shredder (x32 Version: 2.0.8.3)
Skype™ 6.10 (x32 Version: 6.10.104)
SpeedFan (remove only) (x32)
Spin & Win (x32)
Steam (x32 Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 14.0.19.0)
TeamSpeak 3 Client (x32 Version: 3.0.11)
TERA De-Censor Patch version 1.1 (x32 Version: 1.1)
The Incredible Adventures of Van Helsing (x32)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
VOCALOID2 Editor V2.0.2.4J (x32 Version: 0.0.0.1)
VOCALOID2 Expression DB (Standard) (x32 Version: 0.0.0.1)
VOCALOID2 Voice DB (Miku) (x32 Version: 0.0.0.1)
VOCALOID2 VSTi V2.0.2.0 (x32 Version: 0.0.0.1)
Wanko to Kurasou English v1.0 (x32)
Welcome Center (x32 Version: 1.02.3002)
WinCDEmu (x32 Version: 3.6)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/10/2012 2.4.128.0) (Version: 09/10/2012 2.4.128.0)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
YUME MIRU KUSURI (x32 Version: 1.00.0000)
==================== Restore Points =========================
26-11-2013 07:12:03 Windows Update
27-11-2013 22:11:50 Wiederherstellungsvorgang
27-11-2013 22:56:56 Windows Update
28-11-2013 16:07:32 avast! antivirus system restore point
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1FB90EEB-4F4E-411F-9374-A8ECF447F7C4} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {3E37C306-CEB9-4C32-8214-9E6C76ABD3DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-18] (Google Inc.)
Task: {4D3DCE9F-8DEE-4418-A935-F0C74AD234E4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {71361FC6-4F34-45EA-84D7-6F1B3E5A009D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {75B8BE99-2DA2-473A-B444-163BF8B440A6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {D27AEAA5-52CD-4EBD-92B3-A63100EE5AE7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-18] (Google Inc.)
Task: {DF9C6796-7C88-49B6-8240-7E58C71A2EE3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {F0AAAF67-820A-4DC5-9B78-3040203C15C6} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2013-01-29] (Microsoft)
Task: {FA3298D1-42A2-46EB-8914-565383710A94} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-28] (AVAST Software)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3041941655-3651832477-661197269-1000Core.job => C:\Users\Knet\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3041941655-3651832477-661197269-1000UA.job => C:\Users\Knet\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-11-28 17:12 - 2013-11-28 09:15 - 02149376 _____ () C:\Program Files\AVAST Software\Avast\defs\13112800\algo.dll
2013-11-28 19:46 - 2013-11-28 19:15 - 02149376 _____ () C:\Program Files\AVAST Software\Avast\defs\13112801\algo.dll
2013-03-17 18:41 - 2012-12-18 09:31 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2009-03-30 03:34 - 2009-03-30 03:34 - 00280143 _____ () C:\Program Files (x86)\Expat Shield\bin\libidn-11.dll
2009-03-27 21:02 - 2009-03-27 21:02 - 01554920 _____ () C:\Program Files (x86)\Expat Shield\bin\libeay32.dll
2009-03-27 21:02 - 2009-03-27 21:02 - 00332254 _____ () C:\Program Files (x86)\Expat Shield\bin\libssl32.dll
2010-06-28 15:20 - 2010-06-28 15:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 15:12 - 2010-06-28 15:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\Knet\AppData\Roaming\Dropbox\bin\libcef.dll
2010-07-25 07:10 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2013-11-28 17:08 - 2013-11-28 17:08 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-01-17 22:21 - 2012-01-17 22:21 - 00009544 _____ () C:\Program Files (x86)\Expat Shield\bin\lang\gui-eng.dll
2013-11-17 02:33 - 2013-11-17 02:33 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\eff228aa396c1d45248a54b44d7ce5a0\IsdiInterop.ni.dll
2010-07-13 12:32 - 2010-04-13 17:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-02 17:13 - 2013-08-21 11:48 - 00599968 _____ () C:\Users\Knet\AppData\Local\MapleStudio\ChromePlus\Application\2.0.9.20\libglesv2.dll
2013-09-02 17:13 - 2013-08-21 11:48 - 00124832 _____ () C:\Users\Knet\AppData\Local\MapleStudio\ChromePlus\Application\2.0.9.20\libegl.dll
2013-09-02 17:13 - 2013-08-21 11:48 - 04051408 _____ () C:\Users\Knet\AppData\Local\MapleStudio\ChromePlus\Application\2.0.9.20\pdf.dll
2013-09-02 17:13 - 2013-08-21 11:48 - 00393120 _____ () C:\Users\Knet\AppData\Local\MapleStudio\ChromePlus\Application\2.0.9.20\ppGoogleNaClPluginChrome.dll
2013-09-02 17:13 - 2013-08-21 11:48 - 01597856 _____ () C:\Users\Knet\AppData\Local\MapleStudio\ChromePlus\Application\2.0.9.20\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/28/2013 05:07:47 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary gtfnsnvf.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (11/28/2013 04:33:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: openvpntray.exe, Version: 0.0.0.0, Zeitstempel: 0x4f15e5fe
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003aff2
ID des fehlerhaften Prozesses: 0x1130
Startzeit der fehlerhaften Anwendung: 0xopenvpntray.exe0
Pfad der fehlerhaften Anwendung: openvpntray.exe1
Pfad des fehlerhaften Moduls: openvpntray.exe2
Berichtskennung: openvpntray.exe3
Error: (11/22/2013 05:54:33 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (11/22/2013 05:23:26 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (11/19/2013 07:36:14 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (11/18/2013 08:35:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (11/18/2013 06:36:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: openvpntray.exe, Version: 0.0.0.0, Zeitstempel: 0x4f15e5fe
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f1e6
ID des fehlerhaften Prozesses: 0xecc
Startzeit der fehlerhaften Anwendung: 0xopenvpntray.exe0
Pfad der fehlerhaften Anwendung: openvpntray.exe1
Pfad des fehlerhaften Moduls: openvpntray.exe2
Berichtskennung: openvpntray.exe3
Error: (11/16/2013 09:34:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (11/16/2013 08:09:14 PM) (Source: Application Hang) (User: )
Description: Programm ObsDX9.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 12d0
Startzeit: 01cee2ff3474a7f7
Endzeit: 53
Anwendungspfad: C:\Program Files (x86)\TechArts3D\3Dカスタム少女\ObsDX9.exe
Berichts-ID: 8bfb2324-4ef2-11e3-8dbd-88ae1d9e30d6
Error: (11/16/2013 01:03:17 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: openvpntray.exe, Version: 0.0.0.0, Zeitstempel: 0x4f15e5fe
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x9a8
Startzeit der fehlerhaften Anwendung: 0xopenvpntray.exe0
Pfad der fehlerhaften Anwendung: openvpntray.exe1
Pfad des fehlerhaften Moduls: openvpntray.exe2
Berichtskennung: openvpntray.exe3
System errors:
=============
Error: (11/28/2013 07:48:14 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Bing Desktop Update service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/28/2013 07:41:58 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (11/28/2013 07:41:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/28/2013 07:41:58 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (11/28/2013 07:37:03 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Updater Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/28/2013 07:36:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/28/2013 07:28:07 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/28/2013 05:39:09 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error: (11/28/2013 05:08:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avast! Antivirus" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (11/27/2013 11:21:55 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Bing Desktop Update service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (11/28/2013 05:07:47 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary gtfnsnvf.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (11/28/2013 04:33:18 PM) (Source: Application Error)(User: )
Description: openvpntray.exe0.0.0.04f15e5feole32.dll6.1.7601.175144ce7b96fc00000050003aff2113001ceec4f17443937C:\Program Files (x86)\Expat Shield\bin\openvpntray.exeC:\Windows\syswow64\ole32.dll66fab1ab-5842-11e3-bc89-88ae1d9e30d6
Error: (11/22/2013 05:54:33 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\REAPER (x64)\REAPERReWireDev.dll
Error: (11/22/2013 05:23:26 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\REAPER (x64)\REAPERReWireDev.dll
Error: (11/19/2013 07:36:14 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (11/18/2013 08:35:35 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (11/18/2013 06:36:04 PM) (Source: Application Error)(User: )
Description: openvpntray.exe0.0.0.04f15e5feole32.dll6.1.7601.175144ce7b96fc00000050001f1e6ecc01cee4847e052613C:\Program Files (x86)\Expat Shield\bin\openvpntray.exeC:\Windows\syswow64\ole32.dlle5954826-5077-11e3-99f5-88ae1d9e30d6
Error: (11/16/2013 09:34:04 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\REAPER (x64)\REAPERReWireDev.dll
Error: (11/16/2013 08:09:14 PM) (Source: Application Hang)(User: )
Description: ObsDX9.exe0.0.0.012d001cee2ff3474a7f753C:\Program Files (x86)\TechArts3D\3Dカスタム少女\ObsDX9.exe8bfb2324-4ef2-11e3-8dbd-88ae1d9e30d6
Error: (11/16/2013 01:03:17 AM) (Source: Application Error)(User: )
Description: openvpntray.exe0.0.0.04f15e5feunknown0.0.0.000000000c0000005000000009a801cee25f2960d67fC:\Program Files (x86)\Expat Shield\bin\openvpntray.exeunknown7e2fc109-4e52-11e3-b93c-88ae1d9e30d6
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 3958.71 MB
Available physical RAM: 1710.5 MB
Total Pagefile: 7915.6 MB
Available Pagefile: 5036.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:452.66 GB) (Free:38.34 GB) NTFS
Drive d: (Expansion) (CDROM) (Total:0.47 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2A524FF6)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Geändert von Orcake (28.11.2013 um 19:53 Uhr) |
|
29.11.2013, 15:31
| #4 | |
| /// the machine /// TB-Ausbilder | BKA Trojana (nur im borwser?) Bitte um hilfe hi, FRST konnte beim ersten Run kein backup der Registry erstellen, halb so wild. Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.11.2013, 20:13
| #5 |
| | BKA Trojana (nur im borwser?) Bitte um hilfe Habe Combofix gestartet. Musste erstmal nachschauen wie man Avira ausschaltet... Außerdem habe ich die txt nun als file angehängt wenn das okay ist. PS: Habe mehr über den vermeidlichen Virus erfahren. Nennt sich Browlock und basiert wohl auf HTML welches nur im browser stress macht, und nicht das system infizieren sollte. Dennoch auf nummer sicher gehen ist immer besser. Vielen Dank! |
|
30.11.2013, 16:59
| #6 |
| /// the machine /// TB-Ausbilder | BKA Trojana (nur im borwser?) Bitte um hilfe Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> BKA Trojana (nur im borwser?) Bitte um hilfe |
|
| Themen zu BKA Trojana (nur im borwser?) Bitte um hilfe |
| betrug, browser, fake, geld, geschichte, gesperrt, infiziert, ip adresse, klicke, launch, leute, malware, musik, nicht mehr, nichts, pc infiziert, popup, programme, prozess, schlechter, schließen, seiten, system, tab, taskmanager, trojana, wichtig |
Linear-Darstellung
