|
Log-Analyse und Auswertung: Hijackthis zeigt das Programme nicht im System32 Ordner sind.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.01.2014, 14:52 | #1 |
| Hijackthis zeigt das Programme nicht im System32 Ordner sind. Hallo Trojaner-Board , Ich hatte gestern das schöne Problem gehabt das ich irgendwie einen Virus /Malware auf dem PC hatte. Diese konnte ich durch CCCleaner und ADW Cleaner löschen lassen. Nun kriege ich von HijackThis das einige exen nicht im System32 Ordner sind und diese eventuell schädlich sein könnten. Ich würde einfach gerne mal einen Scan über meinen neuen PC laufen lassen. Und nachschauen lassen ob alles weg ist was gestern gelöscht worden ist. Adw Logs :AdwCleaner Logfile: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 12/01/2014 um 00:57:01 # Aktualisiert 23/12/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Tobi - TOBI-PC # Gestartet von : C:\Users\Tobi\Downloads\adwcleaner.exe # Option : Suchen ***** [ Dienste ] ***** Dienst Gefunden : SProtection ***** [ Dateien / Ordner ] ***** Datei Gefunden : C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage Datei Gefunden : C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal Ordner Gefunden : C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl Ordner Gefunden C:\Program Files (x86)\Common Files\Umbrella Ordner Gefunden C:\Program Files (x86)\Iminent Ordner Gefunden C:\Program Files (x86)\Show-Password Ordner Gefunden C:\Users\Tobi\AppData\Local\Temp\Iminent ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Show-Password Schlüssel Gefunden : HKCU\Software\Iminent Schlüssel Gefunden : [x64] HKCU\Software\Iminent Schlüssel Gefunden : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gefunden : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gefunden : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC} Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl Schlüssel Gefunden : HKLM\Software\Iminent Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP Schlüssel Gefunden : HKLM\Software\Umbrella Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Iminent Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}] ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Google Chrome v31.0.1650.63 [ Datei : C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [936 octets] - [15/12/2013 01:22:51] AdwCleaner[R10].txt - [1632 octets] - [10/01/2014 16:29:19] AdwCleaner[R11].txt - [1693 octets] - [10/01/2014 20:22:20] AdwCleaner[R12].txt - [4503 octets] - [12/01/2014 00:57:01] AdwCleaner[R1].txt - [914 octets] - [16/12/2013 16:44:48] AdwCleaner[R2].txt - [1119 octets] - [21/12/2013 15:21:29] AdwCleaner[R3].txt - [1153 octets] - [21/12/2013 15:24:11] AdwCleaner[R4].txt - [1213 octets] - [23/12/2013 18:18:25] AdwCleaner[R5].txt - [1270 octets] - [24/12/2013 18:36:25] AdwCleaner[R6].txt - [1391 octets] - [29/12/2013 15:26:53] AdwCleaner[R7].txt - [1451 octets] - [08/01/2014 18:16:09] AdwCleaner[R8].txt - [1511 octets] - [09/01/2014 00:41:02] AdwCleaner[R9].txt - [1571 octets] - [09/01/2014 18:40:51] AdwCleaner[S0].txt - [952 octets] - [15/12/2013 01:23:25] AdwCleaner[S1].txt - [974 octets] - [16/12/2013 16:45:20] AdwCleaner[S2].txt - [1134 octets] - [21/12/2013 15:23:13] AdwCleaner[S3].txt - [1332 octets] - [24/12/2013 18:37:02] AdwCleaner[S4].txt - [1754 octets] - [10/01/2014 20:23:21] ########## EOF - C:\AdwCleaner\AdwCleaner[R12].txt - [5401 octets] ########## --- --- --- Heutiger Logfile Scan AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 12/01/2014 um 14:03:59 # Aktualisiert 23/12/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Tobi - TOBI-PC # Gestartet von : C:\Users\Tobi\Downloads\adwcleaner.exe # Option : Suchen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Google Chrome v31.0.1650.63 [ Datei : C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [936 octets] - [15/12/2013 01:22:51] AdwCleaner[R10].txt - [1632 octets] - [10/01/2014 16:29:19] AdwCleaner[R11].txt - [1693 octets] - [10/01/2014 20:22:20] AdwCleaner[R12].txt - [5510 octets] - [12/01/2014 00:57:01] AdwCleaner[R13].txt - [2059 octets] - [12/01/2014 00:58:36] AdwCleaner[R14].txt - [2056 octets] - [12/01/2014 01:03:07] AdwCleaner[R15].txt - [2118 octets] - [12/01/2014 01:04:21] AdwCleaner[R16].txt - [1080 octets] - [12/01/2014 14:03:59] AdwCleaner[R1].txt - [914 octets] - [16/12/2013 16:44:48] AdwCleaner[R2].txt - [1119 octets] - [21/12/2013 15:21:29] AdwCleaner[R3].txt - [1153 octets] - [21/12/2013 15:24:11] AdwCleaner[R4].txt - [1213 octets] - [23/12/2013 18:18:25] AdwCleaner[R5].txt - [1270 octets] - [24/12/2013 18:36:25] AdwCleaner[R6].txt - [1391 octets] - [29/12/2013 15:26:53] AdwCleaner[R7].txt - [1451 octets] - [08/01/2014 18:16:09] AdwCleaner[R8].txt - [1511 octets] - [09/01/2014 00:41:02] AdwCleaner[R9].txt - [1571 octets] - [09/01/2014 18:40:51] AdwCleaner[S0].txt - [952 octets] - [15/12/2013 01:23:25] AdwCleaner[S1].txt - [974 octets] - [16/12/2013 16:45:20] AdwCleaner[S2].txt - [1134 octets] - [21/12/2013 15:23:13] AdwCleaner[S3].txt - [1332 octets] - [24/12/2013 18:37:02] AdwCleaner[S4].txt - [1754 octets] - [10/01/2014 20:23:21] AdwCleaner[S5].txt - [5528 octets] - [12/01/2014 00:57:41] AdwCleaner[S6].txt - [2119 octets] - [12/01/2014 00:59:00] ########## EOF - C:\AdwCleaner\AdwCleaner[R16].txt - [2098 octets] ########## [/PHP] Würde mich auf eine Hilfe freuen |
12.01.2014, 16:54 | #2 |
/// the machine /// TB-Ausbilder | Hijackthis zeigt das Programme nicht im System32 Ordner sind. hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
12.01.2014, 20:52 | #3 |
| Hijackthis zeigt das Programme nicht im System32 Ordner sind.FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2014 01 Ran by Tobi (administrator) on TOBI-PC on 12-01-2014 20:51:11 Running from C:\Users\Tobi\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Spotify Ltd) C:\Users\Tobi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe () B:\Program Files\CoreTemp32_rc5\Core Temp.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation) HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation) HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKCU\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation) HKCU\...\Run: [Spotify] - C:\Users\Tobi\AppData\Roaming\Spotify\Spotify.exe [5951488 2013-12-05] (Spotify Ltd) HKCU\...\Run: [Spotify Web Helper] - C:\Users\Tobi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-05] (Spotify Ltd) HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815464 2014-01-07] (Valve Corporation) HKCU\...\Run: [EADM] - E:\Program Files (x86)\Origin\Origin.exe [3551576 2013-11-26] (Electronic Arts) MountPoints2: {9b6b8a2e-3061-11e3-a4b6-806e6f6e6963} - D:\Run.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation) Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk ShortcutTarget: Samsung Magician.lnk -> B:\Samsung Magician\Samsung Magician.exe (Samsung Electronics.) ==================== Internet (Whitelisted) ==================== BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - B:\Program Files\bin\ssv.dll (Oracle Corporation) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - B:\Program Files\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Extension: (ProxTube) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.7_0 [2013-12-31] CHR Extension: (YouTube) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1 [2013-10-08] CHR Extension: (Google Search) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1 [2013-10-08] CHR Extension: (Kaspersky URL Advisor) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\14.0.0.4651_0 [2013-10-08] CHR Extension: (AdBlock) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0 [2013-12-01] CHR Extension: (Safe Money) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\14.0.0.4651_0 [2013-10-08] CHR Extension: (Dangerous Websites Blocker) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\14.0.0.4651_0 [2013-10-08] CHR Extension: (Virtual Keyboard) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\14.0.0.4816_0 [2013-12-18] CHR Extension: (Google Wallet) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-19] CHR Extension: (Gmail) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2 [2013-10-08] CHR Extension: (Anti-Banner) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\14.0.0.4651_0 [2013-10-08] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [logekkkdbdidmmcgkonmmonclldogceg] - C:\Program Files (x86)\Show-Password\150.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-08-14] ==================== Services (Whitelisted) ================= S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-08] (Kaspersky Lab ZAO) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-07] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-05] () S2 WinkHandler; C:\Program Files (x86)\Iminent\WinkHandler.exe [x] ==================== Drivers (Whitelisted) ==================== R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] () R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-06] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620640 2013-12-18] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-08] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-08] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation) S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] () R3 ALSysIO; \??\C:\Users\Tobi\AppData\Local\Temp\ALSysIO64.sys [x] S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x] S3 gdrv; \??\C:\Windows\gdrv.sys [x] S3 GPU-Z; \??\C:\Users\Tobi\AppData\Local\Temp\GPU-Z.sys [x] S3 r6hkcuwhn; \??\C:\Users\Tobi\AppData\Local\Temp\hh4xadzj4.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-12 20:51 - 2014-01-12 20:51 - 00014619 _____ C:\Users\Tobi\Downloads\FRST.txt 2014-01-12 20:50 - 2014-01-12 20:50 - 02075136 _____ (Farbar) C:\Users\Tobi\Downloads\FRST64.exe 2014-01-12 20:50 - 2014-01-12 20:50 - 00000000 ____D C:\FRST 2014-01-12 14:59 - 2014-01-12 15:23 - 00000280 _____ C:\Windows\setupact.log 2014-01-12 14:59 - 2014-01-12 14:59 - 00278840 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-12 14:59 - 2014-01-12 14:59 - 00058016 _____ C:\Users\Tobi\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-12 14:59 - 2014-01-12 14:59 - 00000000 _____ C:\Windows\setuperr.log 2014-01-12 00:54 - 2014-01-12 14:59 - 00000402 _____ C:\Windows\Tasks\Show-Password Update.job 2014-01-12 00:54 - 2014-01-12 00:54 - 00003048 _____ C:\Windows\System32\Tasks\Show-Password Update 2014-01-10 17:12 - 2014-01-10 17:12 - 01227218 _____ C:\Users\Tobi\Downloads\ssshot14.zip 2014-01-10 17:12 - 2014-01-10 17:12 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\SimpleScreenshot 2014-01-07 19:20 - 2013-12-19 21:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-01-07 19:20 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-01-07 19:20 - 2013-12-19 21:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-01-07 19:20 - 2013-11-28 14:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2014-01-07 19:20 - 2013-11-28 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2014-01-07 19:20 - 2013-11-22 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2014-01-04 23:12 - 2014-01-05 19:08 - 00000134 _____ C:\Users\Tobi\Desktop\Filme.txt 2014-01-02 00:21 - 2014-01-02 00:21 - 00004197 _____ C:\Users\Tobi\Downloads\14650f0restCFGGO.rar 2013-12-30 21:38 - 1997-06-06 15:52 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SPORDER.DLL 2013-12-30 21:37 - 2013-12-30 21:37 - 03830776 _____ (Initex ) C:\Users\Tobi\Downloads\ProxifierSetup.exe 2013-12-30 14:11 - 2014-01-12 18:23 - 00000000 ____D C:\Users\Tobi\AppData\Local\DayZ 2013-12-30 14:11 - 2013-12-30 14:11 - 00000000 ____D C:\Users\Tobi\Documents\DayZ 2013-12-29 23:44 - 2013-12-29 23:44 - 00000222 _____ C:\Users\Tobi\Desktop\DayZ.url 2013-12-27 19:38 - 2013-07-12 20:23 - 00000000 ____D C:\Users\Tobi\Desktop\left4gore-2.3-windows 2013-12-27 19:37 - 2013-12-27 19:37 - 00022202 _____ C:\Users\Tobi\Downloads\left4gore-2.3-windows.zip 2013-12-27 19:31 - 2013-12-27 19:31 - 00567253 _____ C:\Users\Tobi\Downloads\left4uncut_ver21.zip 2013-12-27 19:10 - 2013-12-27 19:10 - 00561383 _____ C:\Users\Tobi\Downloads\Left4Uncut [09.07.2013].rar 2013-12-26 18:51 - 2013-12-26 18:51 - 00000219 _____ C:\Users\Tobi\Desktop\Left 4 Dead 2.url 2013-12-24 18:39 - 2014-01-12 18:08 - 00349151 _____ C:\Windows\WindowsUpdate.log 2013-12-24 18:36 - 2013-12-24 18:36 - 01233962 _____ C:\Users\Tobi\Downloads\adwcleaner.exe 2013-12-21 23:26 - 2013-12-21 23:26 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Canneverbe Limited 2013-12-21 23:26 - 2013-12-21 23:26 - 00000000 ____D C:\ProgramData\Canneverbe Limited 2013-12-21 23:24 - 2013-12-21 23:25 - 04986624 _____ (Canneverbe Limited ) C:\Users\Tobi\Downloads\cdbxp_setup_4.5.2.4478_minimal.exe 2013-12-20 00:27 - 2013-12-20 00:27 - 01196675 _____ C:\Users\Tobi\Downloads\SteamMover_v0_1.zip 2013-12-19 18:37 - 2013-12-19 18:37 - 00161218 _____ C:\Users\Tobi\Downloads\proxtube_1.2.6.crx 2013-12-19 18:37 - 2013-12-19 18:37 - 00161218 _____ C:\Users\Tobi\Downloads\proxtube_1.2.6 (2).crx 2013-12-19 18:37 - 2013-12-19 18:37 - 00161218 _____ C:\Users\Tobi\Downloads\proxtube_1.2.6 (1).crx 2013-12-19 12:20 - 2013-12-19 12:20 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2013-12-19 00:52 - 2013-12-19 00:52 - 00054326 _____ C:\Users\Tobi\Downloads\b02844abcb8613e1f9f2717fe58c7cb8-130318840080038567.zip 2013-12-17 22:23 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2013-12-17 22:23 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2013-12-17 14:02 - 2013-12-17 14:02 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z 2013-12-17 14:01 - 2013-12-17 14:01 - 00614784 _____ C:\Users\Tobi\Downloads\GPU Z - CHIP-Downloader.exe 2013-12-16 16:14 - 2013-12-16 16:14 - 00215643 _____ C:\Users\Tobi\Downloads\tMorph.zip 2013-12-15 01:22 - 2014-01-12 15:03 - 00000000 ____D C:\AdwCleaner 2013-12-15 01:12 - 2013-12-15 01:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tobi\Downloads\HiJackThis204 (1).exe 2013-12-14 16:01 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-14 16:01 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-14 16:01 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-14 16:01 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-14 16:00 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-14 16:00 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-14 16:00 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-14 16:00 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-14 16:00 - 2012-02-11 07:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe 2013-12-14 16:00 - 2012-02-11 07:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe 2013-12-14 16:00 - 2011-02-25 07:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2013-12-14 16:00 - 2011-02-25 06:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2013-12-14 01:35 - 2013-12-14 01:35 - 07659044 _____ C:\Users\Tobi\Downloads\OBS_0_59b_Installer.exe 2013-12-14 01:35 - 2013-12-14 01:35 - 00000935 _____ C:\Users\Tobi\Desktop\Open Broadcaster Software.lnk 2013-12-14 01:35 - 2013-12-14 01:35 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software 2013-12-14 01:35 - 2013-12-14 01:35 - 00000000 ____D C:\Program Files\OBS 2013-12-14 01:35 - 2013-12-14 01:35 - 00000000 ____D C:\Program Files (x86)\OBS ==================== One Month Modified Files and Folders ======= 2014-01-12 20:51 - 2014-01-12 20:51 - 00014619 _____ C:\Users\Tobi\Downloads\FRST.txt 2014-01-12 20:50 - 2014-01-12 20:50 - 02075136 _____ (Farbar) C:\Users\Tobi\Downloads\FRST64.exe 2014-01-12 20:50 - 2014-01-12 20:50 - 00000000 ____D C:\FRST 2014-01-12 20:49 - 2013-10-11 12:33 - 00000000 ____D C:\Program Files (x86)\Steam 2014-01-12 20:42 - 2013-10-08 18:04 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\TS3Client 2014-01-12 20:22 - 2013-10-08 22:50 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-12 20:21 - 2013-10-11 12:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-12 20:19 - 2013-10-08 17:21 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2014-01-12 18:23 - 2013-12-30 14:11 - 00000000 ____D C:\Users\Tobi\AppData\Local\DayZ 2014-01-12 18:08 - 2013-12-24 18:39 - 00349151 _____ C:\Windows\WindowsUpdate.log 2014-01-12 16:01 - 2009-07-14 18:58 - 00700454 _____ C:\Windows\system32\perfh007.dat 2014-01-12 16:01 - 2009-07-14 18:58 - 00150092 _____ C:\Windows\system32\perfc007.dat 2014-01-12 16:01 - 2009-07-14 06:13 - 01624034 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-12 15:49 - 2013-10-08 20:06 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Spotify 2014-01-12 15:23 - 2014-01-12 14:59 - 00000280 _____ C:\Windows\setupact.log 2014-01-12 15:06 - 2009-07-14 05:45 - 00022752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-12 15:06 - 2009-07-14 05:45 - 00022752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-12 15:03 - 2013-12-15 01:22 - 00000000 ____D C:\AdwCleaner 2014-01-12 14:59 - 2014-01-12 14:59 - 00278840 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-12 14:59 - 2014-01-12 14:59 - 00058016 _____ C:\Users\Tobi\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-12 14:59 - 2014-01-12 14:59 - 00000000 _____ C:\Windows\setuperr.log 2014-01-12 14:59 - 2014-01-12 00:54 - 00000402 _____ C:\Windows\Tasks\Show-Password Update.job 2014-01-12 14:59 - 2013-10-08 22:50 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-12 14:59 - 2013-10-08 20:01 - 00000000 ____D C:\Users\Tobi\AppData\Local\Deployment 2014-01-12 14:59 - 2013-10-08 17:06 - 00000000 ____D C:\ProgramData\NVIDIA 2014-01-12 14:59 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-12 14:59 - 2009-07-14 05:45 - 00015360 _____ C:\Windows\system32\umstartup.etl 2014-01-12 14:58 - 2009-07-14 05:45 - 00021504 _____ C:\Windows\system32\umstartup000.etl 2014-01-12 14:48 - 2013-12-02 02:28 - 00011903 _____ C:\Users\Tobi\Downloads\hijackthis.log 2014-01-12 00:54 - 2014-01-12 00:54 - 00003048 _____ C:\Windows\System32\Tasks\Show-Password Update 2014-01-11 19:39 - 2013-10-08 19:51 - 00000000 ____D C:\Users\Tobi\AppData\Local\Battle.net 2014-01-10 17:12 - 2014-01-10 17:12 - 01227218 _____ C:\Users\Tobi\Downloads\ssshot14.zip 2014-01-10 17:12 - 2014-01-10 17:12 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\SimpleScreenshot 2014-01-09 18:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2014-01-09 00:41 - 2013-10-08 17:22 - 00002330 _____ C:\Users\Tobi\Desktop\Sicherer Zahlungsverkehr.lnk 2014-01-07 19:21 - 2013-10-08 17:05 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2014-01-07 14:53 - 2013-10-22 15:54 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Skype 2014-01-07 14:51 - 2013-11-19 01:54 - 00000727 _____ C:\Users\Tobi\Desktop\Neues Textdokument.txt 2014-01-05 19:08 - 2014-01-04 23:12 - 00000134 _____ C:\Users\Tobi\Desktop\Filme.txt 2014-01-03 14:40 - 2013-12-10 03:31 - 00000000 ____D C:\Users\Tobi\Desktop\Spotify 2014-01-02 00:21 - 2014-01-02 00:21 - 00004197 _____ C:\Users\Tobi\Downloads\14650f0restCFGGO.rar 2013-12-30 21:37 - 2013-12-30 21:37 - 03830776 _____ (Initex ) C:\Users\Tobi\Downloads\ProxifierSetup.exe 2013-12-30 14:11 - 2013-12-30 14:11 - 00000000 ____D C:\Users\Tobi\Documents\DayZ 2013-12-29 23:44 - 2013-12-29 23:44 - 00000222 _____ C:\Users\Tobi\Desktop\DayZ.url 2013-12-29 23:44 - 2013-10-11 13:26 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2013-12-29 23:05 - 2013-10-08 20:06 - 00000000 ____D C:\Users\Tobi\AppData\Local\Spotify 2013-12-28 22:12 - 2013-10-08 22:44 - 00000000 ____D C:\Program Files (x86)\GIGABYTE 2013-12-27 19:37 - 2013-12-27 19:37 - 00022202 _____ C:\Users\Tobi\Downloads\left4gore-2.3-windows.zip 2013-12-27 19:31 - 2013-12-27 19:31 - 00567253 _____ C:\Users\Tobi\Downloads\left4uncut_ver21.zip 2013-12-27 19:10 - 2013-12-27 19:10 - 00561383 _____ C:\Users\Tobi\Downloads\Left4Uncut [09.07.2013].rar 2013-12-26 18:51 - 2013-12-26 18:51 - 00000219 _____ C:\Users\Tobi\Desktop\Left 4 Dead 2.url 2013-12-24 18:36 - 2013-12-24 18:36 - 01233962 _____ C:\Users\Tobi\Downloads\adwcleaner.exe 2013-12-22 14:53 - 2013-10-08 22:42 - 01597378 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-12-21 23:26 - 2013-12-21 23:26 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Canneverbe Limited 2013-12-21 23:26 - 2013-12-21 23:26 - 00000000 ____D C:\ProgramData\Canneverbe Limited 2013-12-21 23:25 - 2013-12-21 23:24 - 04986624 _____ (Canneverbe Limited ) C:\Users\Tobi\Downloads\cdbxp_setup_4.5.2.4478_minimal.exe 2013-12-21 12:17 - 2013-12-10 03:35 - 00000000 ____D C:\Windows\Minidump 2013-12-21 12:17 - 2013-10-08 23:34 - 00000000 ____D C:\Windows\Panther 2013-12-20 23:27 - 2013-10-08 19:51 - 00000000 ____D C:\Program Files (x86)\Battle.net 2013-12-20 00:27 - 2013-12-20 00:27 - 01196675 _____ C:\Users\Tobi\Downloads\SteamMover_v0_1.zip 2013-12-19 21:33 - 2014-01-07 19:20 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2013-12-19 21:33 - 2014-01-07 19:20 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll 2013-12-19 21:33 - 2014-01-07 19:20 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2013-12-19 21:33 - 2013-10-08 17:05 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2013-12-19 21:33 - 2013-10-08 17:05 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2013-12-19 21:33 - 2013-10-08 17:05 - 03071656 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2013-12-19 21:33 - 2013-10-08 17:05 - 02698272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2013-12-19 21:33 - 2013-10-08 17:05 - 01436528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2013-12-19 21:33 - 2013-10-08 17:05 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2013-12-19 21:33 - 2013-10-08 17:05 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2013-12-19 21:33 - 2013-10-08 17:05 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2013-12-19 21:33 - 2013-10-08 17:05 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2013-12-19 21:33 - 2013-10-08 17:05 - 00023754 _____ C:\Windows\system32\nvinfo.pb 2013-12-19 19:53 - 2013-10-08 17:05 - 06671648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2013-12-19 19:53 - 2013-10-08 17:05 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2013-12-19 19:53 - 2013-10-08 17:05 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2013-12-19 19:53 - 2013-10-08 17:05 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2013-12-19 19:53 - 2013-10-08 17:05 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2013-12-19 19:53 - 2013-10-08 17:05 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2013-12-19 18:37 - 2013-12-19 18:37 - 00161218 _____ C:\Users\Tobi\Downloads\proxtube_1.2.6.crx 2013-12-19 18:37 - 2013-12-19 18:37 - 00161218 _____ C:\Users\Tobi\Downloads\proxtube_1.2.6 (2).crx 2013-12-19 18:37 - 2013-12-19 18:37 - 00161218 _____ C:\Users\Tobi\Downloads\proxtube_1.2.6 (1).crx 2013-12-19 12:20 - 2013-12-19 12:20 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2013-12-19 06:01 - 2013-10-08 17:05 - 03539040 _____ C:\Windows\system32\nvcoproc.bin 2013-12-19 00:52 - 2013-12-19 00:52 - 00054326 _____ C:\Users\Tobi\Downloads\b02844abcb8613e1f9f2717fe58c7cb8-130318840080038567.zip 2013-12-18 13:23 - 2013-10-08 17:21 - 00620640 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2013-12-18 13:23 - 2013-06-06 16:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2013-12-17 20:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-12-17 14:02 - 2013-12-17 14:02 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z 2013-12-17 14:01 - 2013-12-17 14:01 - 00614784 _____ C:\Users\Tobi\Downloads\GPU Z - CHIP-Downloader.exe 2013-12-16 19:20 - 2013-10-17 18:41 - 00000000 ____D C:\Users\Tobi\Desktop\Tmorph 2013-12-16 16:14 - 2013-12-16 16:14 - 00215643 _____ C:\Users\Tobi\Downloads\tMorph.zip 2013-12-15 01:12 - 2013-12-15 01:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tobi\Downloads\HiJackThis204 (1).exe 2013-12-14 01:35 - 2013-12-14 01:35 - 07659044 _____ C:\Users\Tobi\Downloads\OBS_0_59b_Installer.exe 2013-12-14 01:35 - 2013-12-14 01:35 - 00000935 _____ C:\Users\Tobi\Desktop\Open Broadcaster Software.lnk 2013-12-14 01:35 - 2013-12-14 01:35 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software 2013-12-14 01:35 - 2013-12-14 01:35 - 00000000 ____D C:\Program Files\OBS 2013-12-14 01:35 - 2013-12-14 01:35 - 00000000 ____D C:\Program Files (x86)\OBS 2013-12-14 01:35 - 2013-10-12 21:06 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\OBS Some content of TEMP: ==================== C:\Users\Tobi\AppData\Local\Temp\IMsetup.exe C:\Users\Tobi\AppData\Local\Temp\OptimizerPro.exe C:\Users\Tobi\AppData\Local\Temp\Show-Password_1030-8102.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2014-01-11 19:01 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2014 01 Ran by Tobi at 2014-01-12 20:51:22 Running from C:\Users\Tobi\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== 3DMark 11 (x32 Version: 1.0.5 - Futuremark Corporation) Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) Battle.net (x32 Version: - Blizzard Entertainment) Battlefield 4™ (x32 Version: 1.0.0.1 - Electronic Arts) CCleaner (Version: 4.07 - Piriform) Counter-Strike: Global Offensive (x32 Version: - Valve) Curse Client (HKCU Version: 5.1.1.792 - Curse) DayZ (x32 Version: - Bohemia Interactive) ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB) Futuremark SystemInfo (x32 Version: 4.17.0 - Futuremark Corporation) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden Hearthstone (x32 Version: - Blizzard Entertainment) Intel(R) Management Engine Components (x32 Version: 9.0.0.1323 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 2.0.0.100 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden Java 7 Update 45 (x32 Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden Left 4 Dead 2 (x32 Version: - Valve) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden NVIDIA 3D Vision Controller-Treiber 332.21 (Version: 332.21 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 332.21 (Version: 332.21 - NVIDIA Corporation) NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 332.21 (Version: 332.21 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation) ON_OFF Charge 2 B13.0403.1 (x32 Version: 1.00.0000 - GIGABYTE) ON_OFF Charge 2 B13.0403.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden ON_OFF Charge B13.0403.1 (x32 Version: 1.00.0001 - GIGABYTE) Open Broadcaster Software (x32 Version: - ) Origin (x32 Version: 9.3.10.4710 - Electronic Arts, Inc.) Pando Media Booster (x32 Version: 2.6.0.7 - Pando Networks Inc.) PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.) Realtek Ethernet Controller Driver (x32 Version: 7.65.1025.2012 - Realtek) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6849 - Realtek Semiconductor Corp.) Samsung Magician (x32 Version: 4.3.0 - Samsung Electronics) Security Task Manager 1.8d (x32 Version: 1.8d - Neuber Software) SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden Skype™ 6.9 (x32 Version: 6.9.106 - Skype Technologies S.A.) Spotify (HKCU Version: 0.9.6.81.gd359a796 - Spotify AB) Steam (x32 Version: 1.0.0.0 - Valve Corporation) TeamSpeak 3 Client (Version: 3.0.13.1 - TeamSpeak Systems GmbH) TechPowerUp GPU-Z (x32 Version: - TechPowerUp) VLC media player 2.1.1 (Version: 2.1.1 - VideoLAN) WinRAR 5.00 (64-bit) (Version: 5.00.0 - win.rar GmbH) World of Warcraft (x32 Version: - Blizzard Entertainment) XSplit Broadcaster (x32 Version: 1.3.1310.1103 - SplitMediaLabs) ==================== Restore Points ========================= 31-12-2013 12:17:13 Windows Update 03-01-2014 12:36:13 Windows Update 07-01-2014 11:59:49 Windows Update 10-01-2014 15:30:35 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {91E44D48-2AAA-4EBE-8F87-78C4864F27F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated) Task: {943B57DA-4129-44D6-85D4-D36828DB0CBF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.) Task: {9635066D-AC30-446A-AB90-B9A06F1D2F89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.) Task: {A99884CC-183B-4588-BF58-E057984F3085} - System32\Tasks\Show-Password Update => C:\Program Files (x86)\Show-Password\Show_Password.exe Task: {B156181A-2068-4654-B21C-D117B4111D13} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd) Task: {FC971985-2252-4D4C-9E0B-092EE86939E7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Show-Password Update.job => C:\Program Files (x86)\Show-Password\Show_Password.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-27 13:15 - 2013-10-24 17:13 - 00302056 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll 2013-09-27 13:15 - 2013-10-24 17:13 - 00320488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll 2013-09-27 13:15 - 2013-10-24 17:13 - 00565224 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll 2013-09-27 13:15 - 2013-10-24 17:13 - 00700904 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll 2013-06-17 11:35 - 2013-06-17 11:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll 2013-05-08 13:52 - 2013-05-08 13:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll 2013-10-08 22:45 - 2013-03-12 12:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2013-12-06 21:23 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll 2013-12-06 21:23 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll 2013-12-06 21:23 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll 2013-12-06 21:23 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll 2013-12-06 21:23 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Standard-VGA-Grafikkarte Description: Standard-VGA-Grafikkarte Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardgrafikkartentypen) Service: vga Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/12/2014 06:27:35 PM) (Source: Windows Search Service) (User: ) Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) Error: (01/12/2014 06:23:05 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: DayZ.exe, Version: 0.30.114.8, Zeitstempel: 0x52cadbda Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x3f5f7efb ID des fehlerhaften Prozesses: 0x17f4 Startzeit der fehlerhaften Anwendung: 0xDayZ.exe0 Pfad der fehlerhaften Anwendung: DayZ.exe1 Pfad des fehlerhaften Moduls: DayZ.exe2 Berichtskennung: DayZ.exe3 Error: (01/11/2014 01:54:37 PM) (Source: Windows Search Service) (User: ) Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) Error: (01/10/2014 10:33:11 PM) (Source: Windows Search Service) (User: ) Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) Error: (01/10/2014 00:57:57 AM) (Source: Windows Search Service) (User: ) Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) Error: (01/08/2014 03:01:25 PM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (01/08/2014 03:01:25 PM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (01/08/2014 03:01:25 PM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] Error: (01/07/2014 09:31:30 PM) (Source: Windows Search Service) (User: ) Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) Error: (01/07/2014 02:57:14 PM) (Source: Windows Search Service) (User: ) Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) System errors: ============= Error: (01/12/2014 03:01:35 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/12/2014 03:01:35 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (01/12/2014 02:59:15 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: UsbCharger Error: (01/12/2014 02:59:15 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinkHandler" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/12/2014 02:00:28 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: UsbCharger Error: (01/12/2014 02:00:27 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinkHandler" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/12/2014 01:04:08 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: UsbCharger Error: (01/12/2014 01:04:08 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinkHandler" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/12/2014 00:59:59 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: UsbCharger Error: (01/12/2014 00:59:58 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinkHandler" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (01/12/2014 06:27:35 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) C:\ Error: (01/12/2014 06:23:05 PM) (Source: Application Error)(User: ) Description: DayZ.exe0.30.114.852cadbdaunknown0.0.0.000000000c00000053f5f7efb17f401cf0fb50e63cdf5E:\Program Files (x86)\SteamLibrary\steamapps\common\DayZ\DayZ.exeunknown3227cc7d-7bae-11e3-8299-94de80b1db59 Error: (01/11/2014 01:54:37 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) C:\ Error: (01/10/2014 10:33:11 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) C:\ Error: (01/10/2014 00:57:57 AM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) C:\ Error: (01/08/2014 03:01:25 PM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (01/08/2014 03:01:25 PM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (01/08/2014 03:01:25 PM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] Error: (01/07/2014 09:31:30 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) C:\ Error: (01/07/2014 02:57:14 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) C:\ CodeIntegrity Errors: =================================== Date: 2014-01-12 01:32:22.832 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-12 01:32:22.831 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-12 01:32:22.830 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-12 01:32:22.824 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-12 01:32:22.823 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-12 01:32:22.822 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-11 19:01:39.036 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-11 19:01:39.008 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-11 19:01:39.002 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-11 19:01:38.988 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 25% Total physical RAM: 8070.98 MB Available physical RAM: 6041.68 MB Total Pagefile: 16140.15 MB Available Pagefile: 13808.22 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive b: (Volume) (Fixed) (Total:931.51 GB) (Free:795.02 GB) NTFS Drive c: () (Fixed) (Total:111.69 GB) (Free:55.66 GB) NTFS Drive e: (SSD 2) (Fixed) (Total:111.79 GB) (Free:47.22 GB) NTFS Drive f: () (Removable) (Total:7.81 GB) (Free:7.05 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: FA14CCCB) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 112 GB) (Disk ID: A85B6A2E) Partition 1: (Not Active) - (Size=112 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: AB923940) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 8 GB) (Disk ID: 631EFA5F) Partition 1: (Active) - (Size=8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
13.01.2014, 12:18 | #4 |
/// the machine /// TB-Ausbilder | Hijackthis zeigt das Programme nicht im System32 Ordner sind. hi, Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.01.2014, 14:48 | #5 |
| Hijackthis zeigt das Programme nicht im System32 Ordner sind.Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1008 www.malwarebytes.org Database version: v2014.01.13.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Tobi :: TOBI-PC [administrator] 13.01.2014 14:44:09 mbar-log-2014-01-13 (14-44-09).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 227587 Time elapsed: 3 minute(s), 43 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
14.01.2014, 09:51 | #6 |
/// the machine /// TB-Ausbilder | Hijackthis zeigt das Programme nicht im System32 Ordner sind. Hijackthis kannste knicken, die Auswertung auf der Seite ist seit Jahren fürs klo. Noch Probleme mit der Kiste? Logs sind sauber.
__________________ --> Hijackthis zeigt das Programme nicht im System32 Ordner sind. |
15.01.2014, 00:21 | #7 |
| Hijackthis zeigt das Programme nicht im System32 Ordner sind. Nein bis jetzt keine mehr ! Werde trotzdem mal den pc neu aufsetzen wenn ich neues Internet habe. Trotzdem Danke LG |
15.01.2014, 14:51 | #8 |
/// the machine /// TB-Ausbilder | Hijackthis zeigt das Programme nicht im System32 Ordner sind. ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Hijackthis zeigt das Programme nicht im System32 Ordner sind. |
adw cleaner, appdata, appdatalow, bericht, dateien, exe, gelöscht, google, hijack, hijackthis, home, internet explorer, logfile, löschen, microsoft, neue, ordner, preferences, problem, programme, registrierungsdatenbank, scan, software, suche, system, system32, temp, virus, windows |