| |
| |||||||
Log-Analyse und Auswertung: 98% Auslastung der GPU im Leerlauf, Malwarebytes erkennt svhost.exe BitCoinMinerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.01.2014, 15:03
| #5 |
| |  98% Auslastung der GPU im Leerlauf, Malwarebytes erkennt svhost.exe BitCoinMinerCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2014
Ran by Sven at 2014-01-04 14:56:25 Run:1
Running from C:\Users\Sven\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
c:\users\Sven\AppData\Roaming\Microsoft\IE10\svhost.exe
c:\users\Sven\AppData\Roaming\Microsoft\svhost.exe
c:\users\Sven\AppData\Roaming\Microsoft\IE10\7z.exe
C:\Users\Sven\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe
HKCU\...\Run: [VSA] - C:\Users\Sven\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe [1751552 2013-05-07] (Microsoft Corporation)
CMD: dir /a/s "c:\users\Sven\AppData\Roaming\Microsoft"
*****************
c:\users\Sven\AppData\Roaming\Microsoft\IE10\svhost.exe => Moved successfully.
c:\users\Sven\AppData\Roaming\Microsoft\svhost.exe => Moved successfully.
c:\users\Sven\AppData\Roaming\Microsoft\IE10\7z.exe => Moved successfully.
C:\Users\Sven\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\VSA => Value deleted successfully.
========= dir /a/s "c:\users\Sven\AppData\Roaming\Microsoft" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 4833-D47B
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft
04.01.2014 14:56 <DIR> .
04.01.2014 14:56 <DIR> ..
10.09.2013 12:34 <DIR> Credentials
10.09.2013 13:09 <DIR> Crypto
20.10.2013 17:40 <DIR> HTML Help
04.01.2014 14:56 <DIR> IE10
11.09.2013 13:47 <DIR> Installer
11.09.2013 11:59 <DIR> Internet Explorer
11.09.2013 09:19 <DIR> MMC
10.09.2013 12:35 <DIR> Network
10.09.2013 12:34 <DIR> Protect
10.09.2013 15:09 <DIR> Speech
10.09.2013 12:38 <DIR> SystemCertificates
11.09.2013 11:43 <DIR> VSA
17.11.2013 12:48 <DIR> Windows
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Credentials
10.09.2013 12:34 <DIR> .
10.09.2013 12:34 <DIR> ..
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Crypto
10.09.2013 13:09 <DIR> .
10.09.2013 13:09 <DIR> ..
10.09.2013 13:09 <DIR> RSA
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Crypto\RSA
10.09.2013 13:09 <DIR> .
10.09.2013 13:09 <DIR> ..
18.09.2013 22:17 <DIR> S-1-5-21-1363398570-1270459621-3004585888-1001
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1363398570-1270459621-3004585888-1001
18.09.2013 22:17 <DIR> .
18.09.2013 22:17 <DIR> ..
18.09.2013 22:17 45 0b6513fecdeb1d122b4a0c38ddd08960_bd3e23f6-8387-4584-b8c9-d921b793b561
10.09.2013 16:31 45 83aa4cc77f591dfc2374580bbd95f6ba_bd3e23f6-8387-4584-b8c9-d921b793b561
10.09.2013 17:15 87 932a2db58c237abd381d22df4c63a04a_bd3e23f6-8387-4584-b8c9-d921b793b561
10.09.2013 17:04 66 cfcd3282100a5c74f6fb046fab0c5a24_bd3e23f6-8387-4584-b8c9-d921b793b561
4 Datei(en), 243 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\HTML Help
20.10.2013 17:40 <DIR> .
20.10.2013 17:40 <DIR> ..
20.10.2013 17:40 8.590 hh.dat
1 Datei(en), 8.590 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\IE10
04.01.2014 14:56 <DIR> .
04.01.2014 14:56 <DIR> ..
04.01.2014 14:52 1.132.104 archiv.2ev
23.04.2013 16:03 30.802 diakgcn121016.cl
13.09.2013 14:40 3 err.txt
23.04.2013 16:03 309.248 libcurl-4.dll
23.04.2013 16:03 1.479.680 libeay32.dll
23.04.2013 16:03 224.256 libidn-11.dll
23.04.2013 16:03 87.054 libpdcurses.dll
23.04.2013 16:03 104.960 libusb-1.0.dll
23.04.2013 16:03 13.062 phatk121016.cl
23.04.2013 16:03 42.958 poclbm121016.cl
16.09.2013 19:16 232.904 poclbm121016GeForce GTX 770gv1w256l4.bin
23.04.2013 16:03 45.056 pthreadGC2.dll
23.04.2013 16:03 323.584 ssleay32.dll
23.04.2013 16:03 122.368 zlib1.dll
14 Datei(en), 4.148.039 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Installer
11.09.2013 13:47 <DIR> .
11.09.2013 13:47 <DIR> ..
11.09.2013 13:47 <DIR> {121CAAD8-0CD7-48CC-A3E1-A1AB8C0B1086}
10.09.2013 17:11 <DIR> {3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Installer\{121CAAD8-0CD7-48CC-A3E1-A1AB8C0B1086}
11.09.2013 13:47 <DIR> .
11.09.2013 13:47 <DIR> ..
11.09.2013 13:47 370.070 _34370A18468EFE9D7BBCCB.exe
11.09.2013 13:47 370.070 _853F67D554F05449430E7E.exe
11.09.2013 13:47 370.070 _EC2EA312A2F70E46BBE50A.exe
3 Datei(en), 1.110.210 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
10.09.2013 17:11 <DIR> .
10.09.2013 17:11 <DIR> ..
10.09.2013 17:11 53.248 ARPPRODUCTICON.exe
1 Datei(en), 53.248 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Internet Explorer
11.09.2013 11:59 <DIR> .
11.09.2013 11:59 <DIR> ..
10.09.2013 17:19 <DIR> Quick Launch
11.09.2013 11:59 <DIR> UserData
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
10.09.2013 17:19 <DIR> .
10.09.2013 17:19 <DIR> ..
10.09.2013 13:16 221 desktop.ini
20.10.2013 17:50 2.283 Google Chrome.lnk
10.09.2013 13:16 1.437 Launch Internet Explorer Browser.lnk
14.07.2009 05:49 290 Shows Desktop.lnk
11.12.2013 19:38 <DIR> User Pinned
14.07.2009 05:49 272 Window Switcher.lnk
5 Datei(en), 4.503 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
11.12.2013 19:38 <DIR> .
11.12.2013 19:38 <DIR> ..
21.10.2013 20:13 <DIR> ImplicitAppShortcuts
04.01.2014 10:42 <DIR> StartMenu
10.09.2013 17:28 <DIR> TaskBar
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts
21.10.2013 20:13 <DIR> .
21.10.2013 20:13 <DIR> ..
21.10.2013 20:13 <DIR> 7e4dca80246863e3
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3
21.10.2013 20:13 <DIR> .
21.10.2013 20:13 <DIR> ..
21.10.2013 20:13 73 desktop.ini
21.10.2013 20:13 2.675 pinned.lnk
2 Datei(en), 2.748 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu
04.01.2014 10:42 <DIR> .
04.01.2014 10:42 <DIR> ..
04.12.2013 13:06 792 Malwarebytes Anti-Malware.lnk
10.09.2013 19:40 698 Origin.lnk
2 Datei(en), 1.490 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
10.09.2013 17:28 <DIR> .
10.09.2013 17:28 <DIR> ..
10.09.2013 17:28 151 desktop.ini
10.09.2013 17:19 2.294 Google Chrome.lnk
14.07.2009 05:49 1.228 Windows Explorer.lnk
21.11.2010 04:40 1.547 Windows Media Player.lnk
4 Datei(en), 5.220 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Internet Explorer\UserData
11.09.2013 11:59 <DIR> .
11.09.2013 11:59 <DIR> ..
20.10.2013 17:52 <DIR> Low
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low
20.10.2013 17:52 <DIR> .
20.10.2013 17:52 <DIR> ..
20.10.2013 17:52 <DIR> 2BETQEEH
20.10.2013 17:52 <DIR> B72VTP6P
20.10.2013 17:52 0 container.dat
20.10.2013 17:52 <DIR> GY6BJEM1
20.10.2013 17:52 <DIR> KL3LE1PN
1 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\2BETQEEH
20.10.2013 17:52 <DIR> .
20.10.2013 17:52 <DIR> ..
20.10.2013 17:52 28 s_nav[1].xml
1 Datei(en), 28 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\B72VTP6P
20.10.2013 17:52 <DIR> .
20.10.2013 17:52 <DIR> ..
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\GY6BJEM1
20.10.2013 17:52 <DIR> .
20.10.2013 17:52 <DIR> ..
20.10.2013 17:52 28 s_nav[1].xml
1 Datei(en), 28 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\KL3LE1PN
20.10.2013 17:52 <DIR> .
20.10.2013 17:52 <DIR> ..
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\MMC
11.09.2013 09:19 <DIR> .
11.09.2013 09:19 <DIR> ..
11.09.2013 09:19 145.158 taskschd
1 Datei(en), 145.158 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Network
10.09.2013 12:35 <DIR> .
10.09.2013 12:35 <DIR> ..
10.09.2013 12:35 <DIR> Connections
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Network\Connections
10.09.2013 12:35 <DIR> .
10.09.2013 12:35 <DIR> ..
10.09.2013 12:35 <DIR> Pbk
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Network\Connections\Pbk
10.09.2013 12:35 <DIR> .
10.09.2013 12:35 <DIR> ..
10.09.2013 12:35 <DIR> _hiddenPbk
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
10.09.2013 12:35 <DIR> .
10.09.2013 12:35 <DIR> ..
10.09.2013 12:35 0 rasphone.pbk
1 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Protect
10.09.2013 12:34 <DIR> .
10.09.2013 12:34 <DIR> ..
10.09.2013 12:34 24 CREDHIST
14.12.2013 11:25 <DIR> S-1-5-21-1363398570-1270459621-3004585888-1001
1 Datei(en), 24 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Protect\S-1-5-21-1363398570-1270459621-3004585888-1001
14.12.2013 11:25 <DIR> .
14.12.2013 11:25 <DIR> ..
14.12.2013 11:25 468 22b00353-c4b3-4a9d-a022-15868dfa306c
10.09.2013 12:34 468 e2f9b36c-8b72-4d5d-9a6c-67490099b675
14.12.2013 11:25 24 Preferred
3 Datei(en), 960 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Speech
10.09.2013 15:09 <DIR> .
10.09.2013 15:09 <DIR> ..
10.09.2013 15:09 <DIR> Files
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Speech\Files
10.09.2013 15:09 <DIR> .
10.09.2013 15:09 <DIR> ..
10.09.2013 15:09 <DIR> UserLexicons
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Speech\Files\UserLexicons
10.09.2013 15:09 <DIR> .
10.09.2013 15:09 <DIR> ..
10.09.2013 15:09 940 SP_60457A2FD4E84494845617C498A1664D.dat
1 Datei(en), 940 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\SystemCertificates
10.09.2013 12:38 <DIR> .
10.09.2013 12:38 <DIR> ..
10.09.2013 12:38 <DIR> My
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\SystemCertificates\My
10.09.2013 12:38 <DIR> .
10.09.2013 12:38 <DIR> ..
10.09.2013 12:38 <DIR> Certificates
10.09.2013 12:38 <DIR> CRLs
10.09.2013 12:38 <DIR> CTLs
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
10.09.2013 12:38 <DIR> .
10.09.2013 12:38 <DIR> ..
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
10.09.2013 12:38 <DIR> .
10.09.2013 12:38 <DIR> ..
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
10.09.2013 12:38 <DIR> .
10.09.2013 12:38 <DIR> ..
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\VSA
11.09.2013 11:43 <DIR> .
11.09.2013 11:43 <DIR> ..
04.01.2014 14:56 <DIR> 9.0
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\VSA\9.0
04.01.2014 14:56 <DIR> .
04.01.2014 14:56 <DIR> ..
13.09.2013 14:37 1.412.825 ef.2e
1 Datei(en), 1.412.825 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows
17.11.2013 12:48 <DIR> .
17.11.2013 12:48 <DIR> ..
04.01.2014 14:47 <DIR> Cookies
17.11.2013 12:48 <DIR> DNTException
11.09.2013 12:21 <DIR> IECompatCache
11.09.2013 12:21 <DIR> IECompatUACache
20.10.2013 17:52 <DIR> IEDownloadHistory
11.09.2013 11:59 <DIR> IETldCache
12.09.2013 10:54 <DIR> Libraries
14.07.2009 03:34 <DIR> Network Shortcuts
14.07.2009 03:35 <DIR> Printer Shortcuts
10.09.2013 12:34 <DIR> PrivacIE
04.01.2014 14:46 <DIR> Recent
10.09.2013 12:34 <DIR> SendTo
12.09.2013 10:54 <DIR> Start Menu
14.07.2009 03:34 <DIR> Templates
10.09.2013 12:34 <DIR> Themes
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Cookies
04.01.2014 14:47 <DIR> .
04.01.2014 14:47 <DIR> ..
27.09.2013 18:06 118 0R7058L5.txt
26.09.2013 18:27 104 23FG8ZGK.txt
22.10.2013 09:33 115 4YRI61Z7.txt
29.10.2013 21:17 147 6IBHB8YA.txt
14.12.2013 22:10 422 6RNFKXHG.txt
11.09.2013 11:59 0 container.dat
11.09.2013 13:41 362 EY1AUKMI.txt
13.09.2013 14:37 371 H9WPA6XE.txt
21.10.2013 15:01 <DIR> Low
11.09.2013 13:41 134 O2S4E8FP.txt
19.11.2013 20:07 118 O69O0SSG.txt
10.09.2013 17:01 146 sven@onlinestores.metaservices.microsoft[1].txt
11.09.2013 10:09 96 sven@winzip[1].txt
04.01.2014 14:47 89 SXA6CQT5.txt
04.01.2014 14:47 125 U4FHOR4N.txt
14.12.2013 22:10 115 Z39G6UWA.txt
15 Datei(en), 2.462 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Cookies\Low
21.10.2013 15:01 <DIR> .
21.10.2013 15:01 <DIR> ..
21.10.2013 15:01 424 43C0HLCQ.txt
20.10.2013 17:52 102 8KLYSXGW.txt
20.10.2013 17:52 357 A32LDKHX.txt
11.09.2013 11:59 0 container.dat
20.10.2013 17:52 132 CQGO91R1.txt
21.10.2013 15:01 560 LZLG8LBA.txt
21.10.2013 15:01 108 PCP5ZHKT.txt
20.10.2013 17:52 210 Q9SP01GK.txt
21.10.2013 15:00 2.156 QLUAM122.txt
21.10.2013 14:59 236 RIKQDDLR.txt
20.10.2013 17:52 600 SP9ZDKDH.txt
10.09.2013 17:15 547 sven@ad.yieldmanager[2].txt
10.09.2013 16:32 164 sven@addthis[2].txt
10.09.2013 16:26 97 sven@apmebf[1].txt
10.09.2013 19:25 341 sven@asus[2].txt
10.09.2013 17:14 141 sven@doubleclick[1].txt
10.09.2013 16:28 188 sven@eloqua[2].txt
10.09.2013 19:25 413 sven@etrk.asus[2].txt
10.09.2013 17:14 195 sven@google[1].txt
10.09.2013 17:15 481 sven@google[2].txt
10.09.2013 17:15 441 sven@google[4].txt
10.09.2013 17:15 344 sven@invitemedia[1].txt
10.09.2013 16:29 341 sven@java[1].txt
10.09.2013 16:26 167 sven@mediaplex[2].txt
10.09.2013 16:30 142 sven@microsoftinternetexplorer.112.2o7[1].txt
10.09.2013 16:29 122 sven@oracle.112.2o7[1].txt
10.09.2013 16:29 270 sven@oracle[1].txt
10.09.2013 19:27 376 sven@support.asus.com[1].txt
10.09.2013 16:29 209 sven@www.bing[2].txt
10.09.2013 17:14 89 sven@yahoo[2].txt
21.10.2013 14:59 1.494 T1UHZ29O.txt
31 Datei(en), 11.447 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\DNTException
17.11.2013 12:48 <DIR> .
17.11.2013 12:48 <DIR> ..
17.11.2013 12:48 <DIR> Low
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\DNTException\Low
17.11.2013 12:48 <DIR> .
17.11.2013 12:48 <DIR> ..
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\IECompatCache
11.09.2013 12:21 <DIR> .
11.09.2013 12:21 <DIR> ..
11.09.2013 12:21 0 container.dat
20.10.2013 17:52 <DIR> Low
1 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
20.10.2013 17:52 <DIR> .
20.10.2013 17:52 <DIR> ..
20.10.2013 17:52 0 container.dat
1 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\IECompatUACache
11.09.2013 12:21 <DIR> .
11.09.2013 12:21 <DIR> ..
11.09.2013 12:21 0 container.dat
20.10.2013 17:52 <DIR> Low
1 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
20.10.2013 17:52 <DIR> .
20.10.2013 17:52 <DIR> ..
20.10.2013 17:52 0 container.dat
1 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
20.10.2013 17:52 <DIR> .
20.10.2013 17:52 <DIR> ..
20.10.2013 17:52 0 container.dat
1 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\IETldCache
11.09.2013 11:59 <DIR> .
11.09.2013 11:59 <DIR> ..
11.09.2013 11:59 0 container.dat
11.09.2013 11:59 <DIR> Low
1 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\IETldCache\Low
11.09.2013 11:59 <DIR> .
11.09.2013 11:59 <DIR> ..
11.09.2013 11:59 0 container.dat
1 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Libraries
12.09.2013 10:54 <DIR> .
12.09.2013 10:54 <DIR> ..
12.09.2013 10:54 274 desktop.ini
12.09.2013 10:54 3.641 Documents.library-ms
12.09.2013 10:54 3.597 Music.library-ms
12.09.2013 10:54 3.633 Pictures.library-ms
12.09.2013 10:54 3.611 Videos.library-ms
5 Datei(en), 14.756 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Network Shortcuts
14.07.2009 03:34 <DIR> .
14.07.2009 03:34 <DIR> ..
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
14.07.2009 03:35 <DIR> .
14.07.2009 03:35 <DIR> ..
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\PrivacIE
10.09.2013 12:34 <DIR> .
10.09.2013 12:34 <DIR> ..
11.09.2013 11:59 <DIR> Low
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
11.09.2013 11:59 <DIR> .
11.09.2013 11:59 <DIR> ..
11.09.2013 11:59 0 container.dat
1 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Recent
04.01.2014 14:46 <DIR> .
04.01.2014 14:46 <DIR> ..
16.11.2013 19:33 923 100_0354.lnk
16.11.2013 19:34 923 100_1033.lnk
22.10.2013 10:49 1.362 2013-10-22_00001.lnk
04.01.2014 01:07 552 Addition.lnk
04.01.2014 10:54 <DIR> AutomaticDestinations
12.09.2013 15:16 617 autosave.save_multiplayer.lnk
11.09.2013 10:20 569 Battlefield3_Nov22_Patch.lnk
11.09.2013 10:20 396 BF3.lnk
11.09.2013 11:39 547 bf3de.lnk
11.09.2013 11:40 547 bf3en.lnk
11.09.2013 11:45 970 bf3_march_5_patch.lnk
11.09.2013 10:12 563 BF3_Russian_To_English.lnk
11.09.2013 10:16 560 BF3_Russian_To_German.lnk
27.09.2013 18:04 244 CD-Laufwerk.lnk
04.01.2014 02:07 552 ComboFix.lnk
04.01.2014 14:55 <DIR> CustomDestinations
04.01.2014 00:50 654 defogger_disable.lnk
12.09.2013 10:54 432 desktop.ini
04.01.2014 00:50 429 Downloads.lnk
16.11.2013 19:34 918 DSC02210.lnk
16.11.2013 19:34 742 ducky.lnk
11.09.2013 10:14 491 Englisch.lnk
04.01.2014 14:46 545 Fixlist.lnk
04.01.2014 01:07 528 FRST.lnk
04.01.2014 01:08 552 gmerfile.lnk
16.11.2013 19:34 739 Liza.lnk
04.01.2014 00:21 1.004 Logs.lnk
04.01.2014 01:06 662 mbam-log-2014-01-03 (23-22-08).lnk
04.01.2014 01:06 662 MBAM-log-2014-01-04 (00-13-42).lnk
04.01.2014 00:21 1.327 MBAM-log-2014-01-04 (00-21-50).lnk
04.01.2014 01:22 588 MBAM-log-2014-01-04 (01-22-46).lnk
03.12.2013 12:19 636 MSIAfterburnerSetup231.lnk
11.09.2013 10:14 631 Read me.lnk
22.10.2013 10:49 1.071 screenshots.lnk
10.09.2013 16:22 608 treiber_SpW101Stick_20090626.lnk
33 Datei(en), 22.544 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations
04.01.2014 10:54 <DIR> .
04.01.2014 10:54 <DIR> ..
04.01.2014 14:46 17.408 1b4dd67f29cb1962.automaticDestinations-ms
03.12.2013 12:19 3.072 46f433176bc0b3d2.automaticDestinations-ms
17.11.2013 17:26 12.288 74d7f43c1561fc1e.automaticDestinations-ms
04.01.2014 00:49 31.232 7e4dca80246863e3.automaticDestinations-ms
04.01.2014 14:46 10.240 9b9cdc69c1c24e2b.automaticDestinations-ms
03.12.2013 12:17 10.752 db53b23fd1edbd46.automaticDestinations-ms
04.01.2014 10:58 7.168 e7e9102686db9ad6.automaticDestinations-ms
7 Datei(en), 92.160 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
04.01.2014 14:55 <DIR> .
04.01.2014 14:55 <DIR> ..
10.09.2013 12:34 24 1b4dd67f29cb1962.customDestinations-ms
21.10.2013 20:13 8.463 28c8b86deab549a1.customDestinations-ms
04.01.2014 14:50 20.960 2f5627cf5e2fabcd.customDestinations-ms
10.09.2013 12:34 17.261 5afe4de1b92fc382.customDestinations-ms
03.12.2013 18:27 11.350 5ba118bcb65c6639.customDestinations-ms
04.01.2014 14:55 23.112 5d696d521de238c3.customDestinations-ms
17.11.2013 17:26 1.869 74d7f43c1561fc1e.customDestinations-ms
10.09.2013 12:34 24 7e4dca80246863e3.customDestinations-ms
20.10.2013 18:08 3.404 83b03b46dcd30a0e.customDestinations-ms
03.12.2013 12:17 8.372 db53b23fd1edbd46.customDestinations-ms
04.01.2014 14:50 3.212 e7e9102686db9ad6.customDestinations-ms
11 Datei(en), 98.051 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\SendTo
10.09.2013 12:34 <DIR> .
10.09.2013 12:34 <DIR> ..
10.06.2009 21:45 3 Compressed (zipped) Folder.ZFSendToTarget
10.06.2009 21:44 7 Desktop (create shortcut).DeskLink
14.07.2009 05:54 558 Desktop.ini
10.09.2013 12:34 0 Dokumente.mydocs
14.07.2009 05:54 1.238 Fax Recipient.lnk
10.06.2009 21:44 4 Mail Recipient.MAPIMail
6 Datei(en), 1.810 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu
12.09.2013 10:54 <DIR> .
12.09.2013 10:54 <DIR> ..
12.09.2013 10:54 174 desktop.ini
10.09.2013 12:34 <VERBINDUNG> Programme [C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
03.01.2014 22:44 <DIR> Programs
1 Datei(en), 174 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
03.01.2014 22:44 <DIR> .
03.01.2014 22:44 <DIR> ..
14.07.2009 05:54 <DIR> Accessories
12.09.2013 10:54 <DIR> Administrative Tools
10.09.2013 23:51 <DIR> Bohemia Interactive
11.09.2013 13:47 <DIR> DayZero
12.09.2013 10:54 476 desktop.ini
14.09.2013 21:50 <DIR> Games
17.11.2013 12:48 1.425 Internet Explorer.lnk
14.07.2009 05:49 <DIR> Maintenance
03.12.2013 12:19 <DIR> MSI Afterburner
11.09.2013 12:22 <DIR> Overwolf
03.01.2014 22:44 1.312 PlanetSide 2 PSG.lnk
12.09.2013 10:54 <DIR> Startup
11.09.2013 12:21 <DIR> TeamSpeak 3 Client
21.12.2013 19:13 <DIR> Ubisoft
03.12.2013 12:19 <DIR> WinRAR
3 Datei(en), 3.213 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
14.07.2009 05:54 <DIR> .
14.07.2009 05:54 <DIR> ..
14.07.2009 05:54 <DIR> Accessibility
14.07.2009 05:54 1.280 Command Prompt.lnk
14.07.2009 05:54 678 Desktop.ini
14.07.2009 05:54 1.304 Notepad.lnk
14.07.2009 05:49 262 Run.lnk
10.09.2013 12:34 <DIR> System Tools
14.07.2009 05:49 1.228 Windows Explorer.lnk
5 Datei(en), 4.752 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
14.07.2009 05:54 <DIR> .
14.07.2009 05:54 <DIR> ..
14.07.2009 05:54 704 Desktop.ini
14.07.2009 05:54 1.358 Ease of Access.lnk
14.07.2009 05:54 1.258 Magnify.lnk
14.07.2009 05:54 1.262 Narrator.lnk
14.07.2009 05:54 1.250 On-Screen Keyboard.lnk
5 Datei(en), 5.832 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
10.09.2013 12:34 <DIR> .
10.09.2013 12:34 <DIR> ..
14.07.2009 05:49 262 computer.lnk
14.07.2009 05:49 262 Control Panel.lnk
10.09.2013 12:34 738 Desktop.ini
17.11.2013 12:48 1.487 Internet Explorer (No Add-ons).lnk
14.07.2009 05:54 1.306 Private Character Editor.lnk
5 Datei(en), 4.055 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
12.09.2013 10:54 <DIR> .
12.09.2013 10:54 <DIR> ..
12.09.2013 10:54 174 desktop.ini
1 Datei(en), 174 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
10.09.2013 23:51 <DIR> .
10.09.2013 23:51 <DIR> ..
10.09.2013 19:49 <DIR> ArmA 2
10.09.2013 23:51 <DIR> Arma 2 Operation Arrowhead
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\ArmA 2
10.09.2013 19:49 <DIR> .
10.09.2013 19:49 <DIR> ..
10.09.2013 19:49 <DIR> BattlEye
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\ArmA 2\BattlEye
10.09.2013 19:49 <DIR> .
10.09.2013 19:49 <DIR> ..
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\Arma 2 Operation Arrowhead
10.09.2013 23:51 <DIR> .
10.09.2013 23:51 <DIR> ..
10.09.2013 23:51 <DIR> BattlEye
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\Arma 2 Operation Arrowhead\BattlEye
10.09.2013 23:51 <DIR> .
10.09.2013 23:51 <DIR> ..
11.09.2013 13:35 1.399 Uninstall BattlEye.lnk
1 Datei(en), 1.399 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DayZero
11.09.2013 13:47 <DIR> .
11.09.2013 13:47 <DIR> ..
11.09.2013 13:47 3.025 DayZero Launcher.lnk
1 Datei(en), 3.025 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
14.09.2013 21:50 <DIR> .
14.09.2013 21:50 <DIR> ..
14.09.2013 21:50 234 Steam Day of Defeat SourceT.lnk
1 Datei(en), 234 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
14.07.2009 05:49 <DIR> .
14.07.2009 05:49 <DIR> ..
14.07.2009 05:49 318 Desktop.ini
14.07.2009 05:49 262 Help.lnk
2 Datei(en), 580 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
03.12.2013 12:19 <DIR> .
03.12.2013 12:19 <DIR> ..
03.12.2013 12:19 1.052 MSI Afterburner On-Screen Display Server.lnk
03.12.2013 12:19 771 MSI Afterburner.lnk
03.12.2013 12:19 819 ReadMe.lnk
03.12.2013 12:19 <DIR> SDK
03.12.2013 12:19 756 Uninstall.lnk
4 Datei(en), 3.398 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\SDK
03.12.2013 12:19 <DIR> .
03.12.2013 12:19 <DIR> ..
03.12.2013 12:19 943 MSI Afterburner localization reference.lnk
03.12.2013 12:19 952 MSI Afterburner skin format reference.lnk
03.12.2013 12:19 806 Samples.lnk
3 Datei(en), 2.701 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
11.09.2013 12:22 <DIR> .
11.09.2013 12:22 <DIR> ..
11.09.2013 12:22 2.011 Overwolf.lnk
11.09.2013 12:22 1.112 Uninstall Overwolf.lnk
2 Datei(en), 3.123 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
12.09.2013 10:54 <DIR> .
12.09.2013 10:54 <DIR> ..
12.09.2013 10:54 174 desktop.ini
1 Datei(en), 174 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
11.09.2013 12:21 <DIR> .
11.09.2013 12:21 <DIR> ..
11.09.2013 12:21 1.004 TeamSpeak 3 Client.lnk
11.09.2013 12:21 787 Uninstall.lnk
2 Datei(en), 1.791 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
21.12.2013 19:13 <DIR> .
21.12.2013 19:13 <DIR> ..
21.12.2013 19:13 <DIR> Uplay
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay
21.12.2013 19:13 <DIR> .
21.12.2013 19:13 <DIR> ..
21.12.2013 19:13 1.271 Uninstall.lnk
21.12.2013 19:13 1.247 Uplay.lnk
2 Datei(en), 2.518 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
03.12.2013 12:19 <DIR> .
03.12.2013 12:19 <DIR> ..
03.12.2013 12:19 1.000 Benutzerhandbuch f�r die Konsolenversion von RAR.lnk
03.12.2013 12:19 1.019 Hilfe zu WinRAR.lnk
03.12.2013 12:19 1.031 Was ist neu in dieser Version.lnk
03.12.2013 12:19 1.019 WinRAR.lnk
4 Datei(en), 4.069 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Templates
14.07.2009 03:34 <DIR> .
14.07.2009 03:34 <DIR> ..
0 Datei(en), 0 Bytes
Verzeichnis von c:\users\Sven\AppData\Roaming\Microsoft\Windows\Themes
10.09.2013 12:34 <DIR> .
10.09.2013 12:34 <DIR> ..
11.10.2013 18:51 642.987 TranscodedWallpaper.jpg
1 Datei(en), 642.987 Bytes
Anzahl der angezeigten Dateien:
207 Datei(en), 7.821.683 Bytes
255 Verzeichnis(se), 430.530.134.016 Bytes frei
========= End of CMD: =========
The system needs a manual reboot.
==== End of Fixlog ====
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by Sven (administrator) on SVEN-PC on 04-01-2014 15:00:10
Running from C:\Users\Sven\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Deutsche Telekom AG) C:\Program Files (x86)\Speedport W 101 Stick WLAN Manager\Speedport W 101 Stick.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\wmi64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6843024 2012-10-29] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1
CHR Extension: (Google Drive) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
CHR Extension: (YouTube) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\14.0.0.4651_1
CHR Extension: (Safe Money) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\14.0.0.4651_1
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\14.0.0.4651_1
CHR Extension: (Virtual Keyboard) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\14.0.0.4816_1
CHR Extension: (Google Wallet) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1
CHR Extension: (Gmail) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
CHR Extension: (Anti-Banner) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\14.0.0.4651_1
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-03] (Kaspersky Lab ZAO)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-09-11] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; g:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; g:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-12-21] ()
==================== Drivers (Whitelisted) ====================
S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-11] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620640 2013-12-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-03] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-03] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-03] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-20] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
S3 ZDCNDIS6a64; C:\Windows\system32\ZDCNDIS6a64.sys [41280 2009-06-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 ZDCNDIS6a64; C:\Windows\SysWow64\ZDCNDIS6a64.sys [41280 2009-06-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 ZY202_VS; C:\Windows\System32\DRIVERS\WlanGZG.sys [1041920 2009-06-26] (Atheros Communications, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-04 15:00 - 2014-01-04 15:00 - 00012934 _____ C:\Users\Sven\Downloads\FRST.txt
2014-01-04 02:05 - 2014-01-04 02:05 - 00026510 _____ C:\Users\Sven\Desktop\ComboFix.txt
2014-01-04 01:58 - 2014-01-04 02:05 - 00000000 ____D C:\Qoobox
2014-01-04 01:58 - 2014-01-04 02:04 - 00000000 ____D C:\Windows\erdnt
2014-01-04 01:58 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-04 01:58 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-04 01:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-04 01:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-04 01:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-04 01:58 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-04 01:58 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-04 01:58 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-04 01:56 - 2014-01-04 01:57 - 05160001 ____R (Swearware) C:\Users\Sven\Desktop\ComboFix.exe
2014-01-04 01:29 - 2014-01-04 01:29 - 00000000 ____D C:\Crash
2014-01-04 00:35 - 2014-01-04 00:35 - 00059957 _____ C:\Users\Sven\Desktop\gmerfile.log
2014-01-04 00:29 - 2014-01-04 00:29 - 00377856 _____ C:\Users\Sven\Downloads\gmer_2.1.19163.exe
2014-01-04 00:26 - 2014-01-04 14:56 - 00000000 ____D C:\FRST
2014-01-04 00:26 - 2014-01-04 00:27 - 00031356 _____ C:\Users\Sven\Desktop\FRST.txt
2014-01-04 00:26 - 2014-01-04 00:27 - 00022829 _____ C:\Users\Sven\Desktop\Addition.txt
2014-01-04 00:25 - 2014-01-04 14:47 - 01931368 _____ (Farbar) C:\Users\Sven\Downloads\FRST64.exe
2014-01-04 00:24 - 2014-01-04 00:24 - 00000470 _____ C:\Users\Sven\Desktop\defogger_disable.log
2014-01-04 00:24 - 2014-01-04 00:24 - 00000000 _____ C:\Users\Sven\defogger_reenable
2014-01-04 00:23 - 2014-01-04 00:23 - 00050477 _____ C:\Users\Sven\Desktop\Defogger.exe
2014-01-03 22:51 - 2014-01-03 22:51 - 01233962 _____ C:\Users\Sven\Downloads\adwcleaner.exe
2014-01-03 22:45 - 2014-01-03 22:45 - 00000000 ____D C:\Users\Sven\AppData\Local\SCE
2014-01-03 22:44 - 2014-01-03 22:44 - 00001312 _____ C:\Users\Sven\Desktop\PlanetSide 2 PSG.lnk
2014-01-03 22:44 - 2014-01-03 22:44 - 00001312 _____ C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2 PSG.lnk
2014-01-03 22:43 - 2014-01-03 22:44 - 20095616 _____ C:\Users\Sven\Downloads\PS2_PSG_setup.exe
2014-01-02 21:27 - 2014-01-02 21:27 - 00354984 _____ C:\Windows\Minidump\010214-26176-01.dmp
2013-12-23 16:11 - 2014-01-03 22:58 - 00000000 ____D C:\AdwCleaner
2013-12-23 16:10 - 2013-12-23 16:10 - 01233962 _____ C:\Users\Sven\Desktop\adwcleaner.exe
2013-12-21 19:14 - 2013-12-22 10:33 - 00000000 ____D C:\Users\Sven\AppData\Local\Ubisoft Game Launcher
2013-12-21 19:13 - 2013-12-21 19:13 - 00000000 ____D C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2013-12-21 19:13 - 2013-12-21 19:13 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-12-18 19:31 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-18 19:31 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 12613920 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-12-14 22:17 - 2013-11-23 20:26 - 11566648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 11441664 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 09663656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-12-14 22:17 - 2013-11-23 20:26 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-12-14 11:28 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-14 11:28 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-14 11:28 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-14 11:28 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-14 11:27 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-14 11:27 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-14 11:27 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-14 11:27 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-14 11:27 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-14 11:27 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-14 11:27 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-14 11:27 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-14 11:27 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-14 11:27 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-14 11:27 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-14 11:27 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-14 11:27 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-14 11:27 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-14 11:27 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-14 11:27 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-14 11:27 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-14 11:27 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-14 11:27 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-14 11:27 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-14 11:27 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-14 11:27 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-14 11:27 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-14 11:27 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-14 11:27 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-14 11:27 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-14 11:27 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-14 11:27 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-14 11:27 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-14 11:27 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-14 11:27 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-14 11:24 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-14 11:24 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-14 11:24 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-14 11:24 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-14 11:24 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-14 11:24 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-14 11:24 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-14 11:24 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-14 11:24 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-14 11:24 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-14 11:24 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-14 11:24 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-14 11:24 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-14 11:24 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-14 11:24 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-14 11:24 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-14 11:24 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-14 11:24 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-14 11:24 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
==================== One Month Modified Files and Folders =======
2014-01-04 15:01 - 2014-01-04 15:00 - 00012934 _____ C:\Users\Sven\Downloads\FRST.txt
2014-01-04 14:58 - 2013-09-26 18:28 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-04 14:58 - 2013-09-10 17:15 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-04 14:58 - 2013-09-10 13:42 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-04 14:58 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-04 14:58 - 2009-07-14 05:51 - 00053184 _____ C:\Windows\setupact.log
2014-01-04 14:57 - 2013-09-10 19:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-04 14:57 - 2013-09-10 12:28 - 01877487 _____ C:\Windows\WindowsUpdate.log
2014-01-04 14:57 - 2009-07-14 05:45 - 00026928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-04 14:57 - 2009-07-14 05:45 - 00026928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-04 14:56 - 2014-01-04 00:26 - 00000000 ____D C:\FRST
2014-01-04 14:47 - 2014-01-04 00:25 - 01931368 _____ (Farbar) C:\Users\Sven\Downloads\FRST64.exe
2014-01-04 14:33 - 2013-09-10 17:15 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-04 11:01 - 2013-09-11 09:44 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-04 10:36 - 2010-11-21 04:47 - 00212526 _____ C:\Windows\PFRO.log
2014-01-04 02:05 - 2014-01-04 02:05 - 00026510 _____ C:\Users\Sven\Desktop\ComboFix.txt
2014-01-04 02:05 - 2014-01-04 01:58 - 00000000 ____D C:\Qoobox
2014-01-04 02:05 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-04 02:04 - 2014-01-04 01:58 - 00000000 ____D C:\Windows\erdnt
2014-01-04 02:04 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-04 01:57 - 2014-01-04 01:56 - 05160001 ____R (Swearware) C:\Users\Sven\Desktop\ComboFix.exe
2014-01-04 01:29 - 2014-01-04 01:29 - 00000000 ____D C:\Crash
2014-01-04 00:35 - 2014-01-04 00:35 - 00059957 _____ C:\Users\Sven\Desktop\gmerfile.log
2014-01-04 00:29 - 2014-01-04 00:29 - 00377856 _____ C:\Users\Sven\Downloads\gmer_2.1.19163.exe
2014-01-04 00:27 - 2014-01-04 00:26 - 00031356 _____ C:\Users\Sven\Desktop\FRST.txt
2014-01-04 00:27 - 2014-01-04 00:26 - 00022829 _____ C:\Users\Sven\Desktop\Addition.txt
2014-01-04 00:24 - 2014-01-04 00:24 - 00000470 _____ C:\Users\Sven\Desktop\defogger_disable.log
2014-01-04 00:24 - 2014-01-04 00:24 - 00000000 _____ C:\Users\Sven\defogger_reenable
2014-01-04 00:24 - 2013-09-10 12:34 - 00000000 ____D C:\Users\Sven
2014-01-04 00:23 - 2014-01-04 00:23 - 00050477 _____ C:\Users\Sven\Desktop\Defogger.exe
2014-01-03 22:58 - 2013-12-23 16:11 - 00000000 ____D C:\AdwCleaner
2014-01-03 22:51 - 2014-01-03 22:51 - 01233962 _____ C:\Users\Sven\Downloads\adwcleaner.exe
2014-01-03 22:45 - 2014-01-03 22:45 - 00000000 ____D C:\Users\Sven\AppData\Local\SCE
2014-01-03 22:44 - 2014-01-03 22:44 - 00001312 _____ C:\Users\Sven\Desktop\PlanetSide 2 PSG.lnk
2014-01-03 22:44 - 2014-01-03 22:44 - 00001312 _____ C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2 PSG.lnk
2014-01-03 22:44 - 2014-01-03 22:43 - 20095616 _____ C:\Users\Sven\Downloads\PS2_PSG_setup.exe
2014-01-02 21:57 - 2013-09-11 09:44 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2014-01-02 21:27 - 2014-01-02 21:27 - 00354984 _____ C:\Windows\Minidump\010214-26176-01.dmp
2014-01-02 21:27 - 2013-10-20 12:25 - 00000000 ____D C:\Windows\Minidump
2014-01-02 21:26 - 2013-11-20 19:47 - 734524269 _____ C:\Windows\MEMORY.DMP
2014-01-01 18:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-27 11:12 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-23 22:00 - 2013-09-10 17:13 - 00000000 ____D C:\Users\Sven\AppData\Roaming\TS3Client
2013-12-23 16:10 - 2013-12-23 16:10 - 01233962 _____ C:\Users\Sven\Desktop\adwcleaner.exe
2013-12-22 13:27 - 2013-09-10 23:51 - 00000000 ____D C:\Users\Sven\AppData\Local\ArmA 2 OA
2013-12-22 11:34 - 2013-12-04 12:16 - 00000000 ____D C:\Users\Sven\AppData\Roaming\NVIDIA
2013-12-22 10:33 - 2013-12-21 19:14 - 00000000 ____D C:\Users\Sven\AppData\Local\Ubisoft Game Launcher
2013-12-21 19:13 - 2013-12-21 19:13 - 00000000 ____D C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2013-12-21 19:13 - 2013-12-21 19:13 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-12-21 19:13 - 2013-09-11 09:44 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-21 19:13 - 2013-09-10 18:33 - 00184453 _____ C:\Windows\DirectX.log
2013-12-20 22:47 - 2013-09-12 20:19 - 00000000 ____D C:\Users\Sven\Documents\My Games
2013-12-20 17:34 - 2013-09-26 18:28 - 00620640 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-12-20 17:34 - 2013-06-06 16:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2013-12-14 22:21 - 2013-09-10 13:41 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-14 17:29 - 2013-09-10 22:23 - 00699416 _____ C:\Windows\system32\perfh007.dat
2013-12-14 17:29 - 2013-09-10 22:23 - 00149556 _____ C:\Windows\system32\perfc007.dat
2013-12-14 17:29 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-14 17:26 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-14 17:22 - 2009-07-14 05:45 - 00275856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-14 11:57 - 2013-09-10 19:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-14 11:57 - 2013-09-10 19:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-14 11:57 - 2013-09-10 19:26 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-14 11:28 - 2013-09-10 17:15 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-14 11:27 - 2013-09-11 10:29 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 11:27 - 2013-09-10 17:15 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-14 11:25 - 2013-09-11 10:29 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-10 03:13 - 2013-10-29 20:17 - 01100248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-12-10 03:13 - 2013-10-29 20:17 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-12-05 09:42 - 2013-12-18 19:31 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-05 09:42 - 2013-12-18 19:31 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-05 09:42 - 2013-10-22 09:34 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-01 18:17
==================== End Of Log ============================
--- --- --- |
| Themen zu 98% Auslastung der GPU im Leerlauf, Malwarebytes erkennt svhost.exe BitCoinMiner |
| 4d36e972-e325-11ce-bfc1-08002be10318, adobe, ausgelastet, auslastung, coinminer, computer, defender, desktop, ebanking, entfernen, flash player, google, installation, internet, klelam.sys, minidump, ntdll.dll, plug-in, problem, programm, realtek, registry, rundll, security, services.exe, software, stick, svchost.exe, temp, usb, windows, wlan |
Baum-Darstellung