| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Adds und Pop-Ups in Browsern und SteamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.05.2014, 14:47
| #1 |
| |  Adds und Pop-Ups in Browsern und Steam Hallo, ich melde mich hier weil ich seit einer Woche einige Probleme habe. Angefangen hat das als in den einzelnen Browsern mehr Adds und Pop-Ups als üblich aufgetaucht sind. Anfangs ist mir das wegen Add-Block nicht aufgefallen, aber als sich auch meine Startseite von Google Chrome immer wieder zu v9.com gewechselt hat habe ich einige Guides im web befolgt bis die Symptome nicht mehr da waren. Aber auch in meinem Task Manager war ständig unter der Anwendungen Internet Explorer mit posadi17.com geöffnet. Nach etwas googlen fand ich heraus dass das auch ein Virus ist. Habe ich auch per Internet Guides versucht zu lösen, aber einige Symptome lassen sich nicht beheben (Adds und Pop-Ups in Steam und Browsern; v9.com fügt sich nach wie vor selbst als Startseite ein). Da ich nun wirklich keine Ahnung habe was ich noch außer den Computer neu aufzusetzen tun soll, würde ich mich wirklich über Hilfe freuen. Hier noch die Links zu den Guides welche ich befolgt habe: (Befolgte Guide zu Posadi17: hxxp://techfrage.de/question/7726/anleitung-posadi17-browser-virus-entfernen/ ) (Befolgte Guide zu v9.com: https://www.google.de/url?sa=t&rct=j&q=&esrc=s&source=web&cd=16&cad=rja&uact=8&ved=0CHcQFjAFOAo&url=http%3A%2F%2Fmalwaretips.com%2Fblogs%2Fsafe-v9-virus%2F&ei=Pwh6U8boHvH5yAO9iYCQCA&usg=AFQjCNHlSTp4KnawRnze2CxnV4nka6iu4Q&sig2=0iwbL1BVVUwEFEkRqUFSng&bvm=bv.66917471,d.bGQ ) |
|
19.05.2014, 15:02
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Adds und Pop-Ups in Browsern und Steam Hi,
__________________Logs bitte nicht anhängen, immer direkt posten in CODE-Tags und notfalls aufteilen über mehrere Beiträge  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
19.05.2014, 15:13
| #3 |
| | Adds und Pop-Ups in Browsern und SteamCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-05-2014
Ran by vlad at 2014-05-19 14:20:45
Running from C:\Users\vlad\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Antichamber (HKLM\...\Steam App 219890) (Version: - Alexander Bruce)
Arma: Cold War Assault (HKLM\...\Steam App 65790) (Version: - Bohemia Interactive)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2018 - Avast Software)
BattleBlock Theater (HKLM\...\Steam App 238460) (Version: - The Behemoth)
BioShock (HKLM\...\Steam App 7670) (Version: - 2K Boston)
BioShock 2 (HKLM\...\Steam App 8850) (Version: - 2K Marin)
BioShock Infinite (HKLM\...\Steam App 8870) (Version: - Irrational Games)
Borderlands (HKLM\...\Steam App 8980) (Version: - Gearbox Software)
Borderlands 2 (HKLM\...\Steam App 49520) (Version: - Gearbox Software)
Cave Story Deluxe (HKLM\...\Cave Story Deluxe) (Version: - )
Cry of Fear (HKLM\...\Steam App 223710) (Version: - Team Psykskallar)
Crysis (HKLM\...\Steam App 17300) (Version: - Crytek)
Disney-Pixar WALL-E (HKLM\...\{B94C6815-7BCC-4124-AC39-9208A06FFFA7}) (Version: 1.00.0000 - THQ)
Dojotech Spotify Recorder (HKLM\...\{D149DB2E-392E-48CC-8036-88BECC09C50A}) (Version: 3.2 - Dojotech Software)
Don't Starve (HKLM\...\Steam App 219740) (Version: - Klei Entertainment)
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
Driver Booster (HKLM\...\Driver Booster_is1) (Version: 1.2 - IObit)
Edna & Harvey: Harvey's New Eyes (HKLM\...\Steam App 219910) (Version: - Daedalic Entertainment)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FINAL FANTASY VII (HKLM\...\Steam App 39140) (Version: - Square Enix)
Free System Utilities (HKLM\...\{b70d03b1-2a07-4c32-beef-79d2d13a5bee}) (Version: 1.1.3.0 - Covus Freemium GmbH)
Free SystemUtilities (Version: 1.1.3.0 - Covus Freemium GmbH) Hidden
Game Dev Tycoon (HKLM\...\Steam App 239820) (Version: - Greenheart Games)
GameSpy Comrade (HKLM\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Garry)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM\...\Steam App 12210) (Version: - Rockstar North)
Greenfish Icon Editor Pro 3.31 (HKLM\...\{27135B83-5AFF-42A3-BCEB-E689BE9E2090}_is1) (Version: - Greenfish Corporation)
Half-Life (HKLM\...\Steam App 70) (Version: - Valve)
Half-Life 2 (HKLM\...\Steam App 220) (Version: - Valve)
Half-Life 2: Episode One (HKLM\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM\...\Steam App 420) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM\...\Steam App 340) (Version: - Valve)
Half-Life: Blue Shift (HKLM\...\Steam App 130) (Version: - Gearbox Software)
Half-Life: Opposing Force (HKLM\...\Steam App 50) (Version: - Gearbox Software)
Hamachi 1.0.3.0 (HKLM\...\Hamachi) (Version: - )
Hitman 2: Silent Assassin (HKLM\...\Steam App 6850) (Version: - IO Interactive)
Hitman: Absolution (HKLM\...\Steam App 203140) (Version: - IO Interactive)
Hitman: Blood Money (HKLM\...\Steam App 6860) (Version: - IO Interactive)
Hitman: Codename 47 (HKLM\...\Steam App 6900) (Version: - IO Interactive)
Hitman: Contracts (HKLM\...\Steam App 247430) (Version: - )
Hitman: Sniper Challenge (HKLM\...\Steam App 205930) (Version: - IO Interactive)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 45 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Just Cause (HKLM\...\Steam App 6880) (Version: - Avalanche)
Just Cause 2 (HKLM\...\Steam App 8190) (Version: - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM\...\Steam App 259080) (Version: - JC2-MP Team)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
lightshot-5.1.0.15 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.0.15 - Skillbrains)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MEDUSA NX USB 5.1 Gaming Headset (HKLM\...\C-Media CM106 Like Sound Driver) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (HKLM\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 24.0 (x86 de) (HKLM\...\Mozilla Firefox 24.0 (x86 de)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
My Game Long Name (HKLM\...\UDK-ca5c1d5d-d51e-436b-b5ea-a8b1d7131cb6) (Version: - Epic Games, Inc.)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
Outlast (HKLM\...\Steam App 238320) (Version: - Red Barrels)
Overwolf (HKLM\...\{0A337036-B73E-4C85-8D32-3851F84B7CFE}) (Version: 0.46.271 - Overwolf)
Plus-HD-3.8 (HKLM\...\Plus-HD-3.8) (Version: 1.27.153.11 - Plus HD) <==== ATTENTION
Portal (HKLM\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM\...\Steam App 620) (Version: - Valve)
POSTAL 2 (HKLM\...\Steam App 223470) (Version: - Running With Scissors)
Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Q.U.B.E. (HKLM\...\Steam App 203730) (Version: - Toxic Games)
Razer Game Booster (HKLM\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM\...\Steam App 236830) (Version: - )
Reus (HKLM\...\Steam App 222730) (Version: - Abbey Games)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM\...\Steam App 35450) (Version: - Tripwire Interactive)
Rogue Legacy (HKLM\...\Steam App 241600) (Version: - Cellar Door Games)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
SketchUp 2013 (HKLM\...\{2C0777B8-E91F-45AA-976B-7EB6B40E5400}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version: - Valve)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Starbound (HKLM\...\Steam App 211820) (Version: - )
State of Decay (HKLM\...\Steam App 241540) (Version: - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Update kb70007 (Version: 1.0.0 - MSR) Hidden
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
The Binding of Isaac (HKLM\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Plan (HKLM\...\Steam App 250600) (Version: - Krillbite Studio)
The Sims(TM) 3 (HKLM\...\Steam App 47890) (Version: - The Sims Studio)
The Stanley Parable (HKLM\...\Steam App 221910) (Version: - Galactic Cafe)
The Walking Dead (HKLM\...\Steam App 207610) (Version: - )
The Walking Dead: Season Two (HKLM\...\Steam App 261030) (Version: - Telltale Games)
Thomas Was Alone (HKLM\...\Steam App 220780) (Version: - Mike Bithell)
Tomb Raider (HKLM\...\Steam App 203160) (Version: - Crystal Dynamics)
Tomb Raider (VI): The Angel of Darkness (HKLM\...\Steam App 225020) (Version: - Core Design)
Tomb Raider I (HKLM\...\Steam App 224960) (Version: - Core Design)
Tomb Raider II (HKLM\...\Steam App 225300) (Version: - Core Design)
Tomb Raider III: Adventures of Lara Croft (HKLM\...\Steam App 225320) (Version: - Core Design)
Tomb Raider: Anniversary (HKLM\...\Steam App 8000) (Version: - Crystal Dynamics)
Tomb Raider: Chronicles (HKLM\...\Steam App 225000) (Version: - Core Design)
Tomb Raider: Legend (HKLM\...\Steam App 7000) (Version: - Crystal Dynamics)
Tomb Raider: The Last Revelation (HKLM\...\Steam App 224980) (Version: - Core Design)
Tomb Raider: Underworld (HKLM\...\Steam App 8140) (Version: - Crystal Dynamics)
Unreal Development Kit: 2012-10 (HKLM\...\UDK-9a945cf0-3152-4d4f-a428-35aebc522f71) (Version: - Epic Games, Inc.)
Update for Microsoft .NET Framework 4.5 (KB2750147) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805221) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805226) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Restore Points =========================
11-05-2014 19:56:35 Free System Utilities 11.05.2014 21:56:32
15-05-2014 05:11:16 Removed IObit Apps Toolbar v9.1.
15-05-2014 05:12:23 Removed IObit Apps Toolbar v9.1.
15-05-2014 12:06:14 Removed IObit Apps Toolbar v9.1.
15-05-2014 12:09:22 Removed PlayReady PC Runtime X86
15-05-2014 12:11:38 Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU wird entfernt
15-05-2014 12:31:28 Removed Adobe Shockwave Player 11.6.
15-05-2014 12:42:10 Revo Uninstaller's restore point - IObit Apps Toolbar v9.1
15-05-2014 12:42:32 Removed IObit Apps Toolbar v9.1.
15-05-2014 12:52:40 Revo Uninstaller's restore point - Adobe Flash Player 13 ActiveX
15-05-2014 12:53:29 Revo Uninstaller's restore point - Adobe Flash Player 13 Plugin
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0B5B728B-C893-48CD-9612-C161319287B5} - System32\Tasks\Freemium1ClickMaint => C:\Program Files\Covus Freemium\Free System Utilities\1Click.exe [2013-10-09] (Covus Freemium GmbH)
Task: {43A1A5BA-F03D-4D1F-AB04-73507EF3A8FC} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2014-01-10] (IObit)
Task: {546B77E0-2D16-4A99-BE50-BF9A98E0A69D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-13] (Google Inc.)
Task: {597B8412-CAD4-4CF9-9F0E-1AEC902EFD5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-13] (Google Inc.)
Task: {6425BDED-C0D8-49F5-AFEB-3613AFF6F841} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe
Task: {964E9CCF-D038-4D07-8107-8C1B071B4148} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: {CBD415AA-B846-4F3F-AF3E-EDBD7E9136D9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-22] (AVAST Software)
Task: {D8DE037A-B9D5-4AD5-BD12-CC71EB7F3D81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {EF8E9ECD-32D9-4E3F-B9E1-C328774C6DA8} - System32\Tasks\update-S-1-5-21-4018679884-465560905-3469409432-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-4018679884-465560905-3469409432-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe
==================== Loaded Modules (whitelisted) =============
2013-12-07 16:39 - 2014-03-04 14:34 - 00109000 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-10-21 13:43 - 2013-10-20 08:08 - 02136576 _____ () C:\Program Files\AVAST Software\Avast\defs\13102000\algo.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2013-10-21 13:43 - 2013-10-21 13:43 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-17 12:02 - 2014-04-22 00:55 - 00340480 _____ () C:\Program Files\Steam\libavresample-1.dll
2014-05-17 12:02 - 2014-04-22 00:55 - 00471552 _____ () C:\Program Files\Steam\libavutil-53.dll
2014-05-17 12:03 - 2014-04-01 00:09 - 00754688 _____ () C:\Program Files\Steam\SDL2.dll
2014-05-17 12:02 - 2014-04-24 00:01 - 01092288 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2014-05-17 12:02 - 2014-03-03 21:15 - 20626624 _____ () C:\Program Files\Steam\bin\libcef.dll
2014-05-17 12:02 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files\Steam\bin\avcodec-53.dll
2014-05-17 12:02 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files\Steam\bin\avutil-51.dll
2014-05-17 12:02 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files\Steam\bin\avformat-53.dll
2014-05-11 20:29 - 2014-05-08 15:23 - 00018944 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
2014-05-11 20:29 - 2014-05-08 15:23 - 00064000 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\InstallerLibrary.dll
2014-05-11 20:29 - 2014-05-08 15:23 - 00016896 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\Installer.dll
2014-05-11 20:29 - 2014-05-19 13:55 - 00086528 _____ () C:\Program Files\MSR\Privoxy\mgwz.dll
2014-05-14 14:40 - 2014-05-08 01:29 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
2014-05-14 14:40 - 2014-05-08 01:29 - 00674632 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
2014-05-14 14:40 - 2014-05-08 01:29 - 00093000 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\libegl.dll
2014-05-14 14:40 - 2014-05-08 01:29 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\pdf.dll
2014-05-14 14:40 - 2014-05-08 01:29 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
2014-05-14 14:40 - 2014-05-08 01:29 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: DrvUpdater => C:\Users\vlad\AppData\Roaming\DRPSu\DrvUpdater.exe /hide
MSCONFIG\startupreg: Overwolf => C:\Program Files\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Spotify => "C:\Users\vlad\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/19/2014 01:56:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/19/2014 01:42:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/18/2014 06:11:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/18/2014 06:06:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/17/2014 11:45:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/16/2014 10:52:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/16/2014 05:03:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/16/2014 01:54:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.500, Zeitstempel: 0x533d8de2
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x69737265
ID des fehlerhaften Prozesses: 0x8c4
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (05/16/2014 01:53:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/16/2014 01:51:35 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
System errors:
=============
Error: (05/19/2014 01:57:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/19/2014 01:55:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 19.05.2014 um 13:53:47 unerwartet heruntergefahren.
Error: (05/19/2014 01:42:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/19/2014 01:41:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SystemUpdatekb70007" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/19/2014 01:41:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SystemUpdatekb70007 erreicht.
Error: (05/18/2014 06:10:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/18/2014 06:10:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/18/2014 06:10:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.
Error: (05/18/2014 06:07:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/17/2014 11:44:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (05/19/2014 01:56:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/19/2014 01:42:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/18/2014 06:11:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/18/2014 06:06:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/17/2014 11:45:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/16/2014 10:52:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/16/2014 05:03:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/16/2014 01:54:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.500533d8de2unknown0.0.0.000000000c0000005697372658c401cf70fd2e3d108cC:\Program Files\ Malwarebytes Anti-Malware \mbam.exeunknowndcf2a07d-dcf0-11e3-a2a4-3085a94274df
Error: (05/16/2014 01:53:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/16/2014 01:51:35 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
==================== Memory info ===========================
Percentage of memory in use: 51%
Total physical RAM: 3198.12 MB
Available physical RAM: 1545.27 MB
Total Pagefile: 6394.53 MB
Available Pagefile: 4334.38 MB
Total Virtual: 3071.88 MB
Available Virtual: 2930.77 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:501.43 GB) NTFS
Drive d: (WALL-E) (CDROM) (Total:3.49 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 61C89B35)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:16 on 19/05/2014 (vlad)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=769f41f36249694aba45ac46bc8f7b01
# engine=18300
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-17 12:08:32
# local_time=2014-05-17 02:08:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 76 169642 18556051 0 0
# compatibility_mode=5893 16776573 100 94 7949 151959703 0 0
# scanned=440132
# found=2
# cleaned=2
# scan_time=6362
sh=91A36ECC07C1A2FDFC46A22BE61580DB05B9A07B ft=1 fh=3949443ec6f71fd1 vn="Win32/OutBrowse.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-4018679884-465560905-3469409432-1000\$RBLUKMS.exe"
sh=91A36ECC07C1A2FDFC46A22BE61580DB05B9A07B ft=1 fh=3949443ec6f71fd1 vn="Win32/OutBrowse.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-4018679884-465560905-3469409432-1000\$RPYBXW7.exe"
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014 Ran by vlad (administrator) on VLAD-PC on 19-05-2014 14:20:20 Running from C:\Users\vlad\Desktop Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe (Spotify Ltd) C:\Users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe () C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (The Privoxy team - www.privoxy.org) C:\Program Files\MSR\Privoxy\privoxy.exe (Skillbrains) C:\Users\vlad\AppData\Local\Skillbrains\lightshot\5.1.0.15\Lightshot.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6667992 2014-04-16] (Realtek Semiconductor) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-22] (AVAST Software) HKLM\...\Run: [Cm106Sound] => RunDll32 cm106.cpl,CMICtrlWnd HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [1081112 2014-04-02] (NVIDIA Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1825984 2014-04-24] (Valve Corporation) HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Spotify Web Helper] => C:\Users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-16] (Spotify Ltd) HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [LightShot] => C:\Users\vlad\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226592 2014-03-06] () HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\MountPoints2: {0991ce67-33f1-11e3-a25e-806e6f6e6963} - D:\autorun.exe HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\MountPoints2: {632248a1-446a-11e3-a955-3085a94274df} - F:\HTC_Sync_Manager_PC.exe Startup: C:\Users\vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled () ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\vlad\AppData\Roaming\Mozilla\Firefox\Profiles\l31jvc68.default-1400128695494 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-13] Chrome: ======= CHR HomePage: CHR StartupUrls: "https://www.google.de/", "hxxp://www.v9.com/?type=hppp&ts=1400067628&from=irs&uid=HitachiXHDS721010DLE630_MSE523RP09LKLH09LKLHX&i=psd&t=342815dbc", "hxxp://www.msn.com/?pc=AV01" CHR Extension: (Google Docs) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-13] CHR Extension: (Adblock Plus) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-12] CHR Extension: (Google Wallet) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-13] CHR Extension: (SiteBlock) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2014-05-12] CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-22] (AVAST Software) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2011-07-26] (Microsoft Corporation) S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19405768 2014-04-02] (NVIDIA Corporation) S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-11-11] (Overwolf Ltd) R2 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.) R2 SystemUpdatekb70007; C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] () ==================== Drivers (Whitelisted) ==================== R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2012-12-03] (Advanced Micro Devices Inc.) R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [57856 2012-10-25] (Alcor Micro, Corp.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-22] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-22] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-22] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-22] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-22] () R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2013-10-14] (LogMeIn, Inc.) S3 JRAID; C:\Windows\system32\drivers\jraid.sys [93096 2009-07-18] (JMicron Technology Corp.) S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30984 2013-01-03] (Logitech, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] () R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-21] (NVIDIA Corporation) S3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1515520 2009-10-01] (C-Media Electronics Inc) R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2011-07-26] (Microsoft Corporation) R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2011-07-26] (Microsoft Corporation) R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2011-07-26] (Microsoft Corporation) R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2011-07-26] (Microsoft Corporation) S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-19 14:20 - 2014-05-19 14:20 - 00012605 _____ () C:\Users\vlad\Desktop\FRST.txt 2014-05-19 14:20 - 2014-05-19 14:20 - 00000000 ____D () C:\FRST 2014-05-19 14:18 - 2014-05-19 14:18 - 01056768 _____ (Farbar) C:\Users\vlad\Desktop\FRST.exe 2014-05-19 14:16 - 2014-05-19 14:17 - 00000470 _____ () C:\Users\vlad\Downloads\defogger_disable.log 2014-05-19 14:16 - 2014-05-19 14:16 - 00000000 _____ () C:\Users\vlad\defogger_reenable 2014-05-19 14:15 - 2014-05-19 14:15 - 00050477 _____ () C:\Users\vlad\Downloads\Defogger.exe 2014-05-17 16:29 - 2014-05-17 16:29 - 00529265 _____ () C:\Users\vlad\Downloads\epsxe170.zip 2014-05-17 16:20 - 2014-05-17 16:20 - 00000215 _____ () C:\Users\vlad\Desktop\Arma Cold War Assault.url 2014-05-17 12:18 - 2014-05-17 12:18 - 00000000 ____D () C:\Program Files\ESET 2014-05-15 20:57 - 2014-05-15 20:57 - 00000216 _____ () C:\Users\vlad\Desktop\BattleBlock Theater.url 2014-05-15 14:00 - 2014-05-15 14:00 - 01141680 _____ () C:\Users\vlad\Downloads\SteamSetup.exe 2014-05-15 07:12 - 2014-05-15 14:09 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-05-14 23:04 - 2014-05-14 23:04 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu (1).exe 2014-05-14 20:42 - 2014-05-14 20:42 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu.exe 2014-05-14 20:39 - 2014-05-14 20:39 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004 (1).exe 2014-05-14 20:34 - 2014-05-14 20:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\vlad\Downloads\revosetup.exe 2014-05-14 20:34 - 2014-05-14 20:34 - 00001222 _____ () C:\Users\vlad\Downloads\Revo Uninstaller.lnk 2014-05-14 20:34 - 2014-05-14 20:34 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-05-14 20:14 - 2014-05-14 20:23 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-05-14 20:13 - 2014-05-14 20:13 - 10094400 _____ (SurfRight B.V.) C:\Users\vlad\Downloads\HitmanPro.exe 2014-05-14 19:55 - 2014-05-19 13:58 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-14 19:55 - 2014-05-14 19:55 - 00001060 _____ () C:\Users\vlad\Downloads\ Malwarebytes Anti-Malware .lnk 2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-14 19:54 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-14 19:54 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-14 19:54 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-14 19:53 - 2014-05-14 19:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-14 19:47 - 2014-05-14 19:47 - 01016261 _____ (Thisisu) C:\Users\vlad\Downloads\JRT (1).exe 2014-05-14 19:47 - 2014-05-14 19:47 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 19:46 - 2014-05-14 19:46 - 01016261 _____ (Thisisu) C:\Users\vlad\Downloads\JRT.exe 2014-05-14 19:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-05-14 19:39 - 2014-05-14 22:44 - 00000000 ____D () C:\AdwCleaner 2014-05-14 19:30 - 2014-05-14 19:30 - 01325827 _____ () C:\Users\vlad\Downloads\adwcleaner_3.208.exe 2014-05-14 19:28 - 2014-05-14 19:28 - 00002102 _____ () C:\sc-cleaner.txt 2014-05-14 19:27 - 2014-05-14 19:27 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\vlad\Downloads\sc-cleaner.exe 2014-05-14 18:30 - 2014-05-17 20:32 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock2Steam 2014-05-14 18:30 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock2 2014-05-12 19:55 - 2014-05-12 19:55 - 00000216 _____ () C:\Users\vlad\Desktop\The Plan.url 2014-05-11 20:27 - 2014-05-11 20:29 - 00000000 ____D () C:\Program Files\MSR 2014-05-11 20:27 - 2014-05-11 20:27 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\InetStat 2014-05-11 20:26 - 2014-05-11 20:26 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Wise 2014-05-09 23:43 - 2014-05-14 18:25 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock 2014-05-09 23:43 - 2014-05-09 23:48 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock 2014-05-09 23:42 - 2014-05-09 23:43 - 00123394 _____ () C:\Windows\DirectX.log 2014-05-09 20:53 - 2014-05-18 18:30 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock Infinite.url 2014-05-09 20:53 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock 2.url 2014-05-09 20:52 - 2014-05-09 20:52 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock.url 2014-05-09 20:46 - 2014-05-09 20:46 - 00000216 _____ () C:\Users\vlad\Desktop\POSTAL 2.url 2014-04-28 18:14 - 2014-04-28 18:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\CrashRpt 2014-04-24 13:06 - 2014-04-24 13:06 - 00000216 _____ () C:\Users\vlad\Desktop\Red Orchestra 2 Heroes of Stalingrad - Single Player.url 2014-04-24 13:06 - 2014-04-24 13:06 - 00000215 _____ () C:\Users\vlad\Desktop\Rising StormRed Orchestra 2 Multiplayer.url 2014-04-22 04:48 - 2014-04-22 04:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-22 04:48 - 2014-04-22 04:48 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys ==================== One Month Modified Files and Folders ======= 2014-05-19 14:20 - 2014-05-19 14:20 - 00012605 _____ () C:\Users\vlad\Desktop\FRST.txt 2014-05-19 14:20 - 2014-05-19 14:20 - 00000000 ____D () C:\FRST 2014-05-19 14:18 - 2014-05-19 14:18 - 01056768 _____ (Farbar) C:\Users\vlad\Desktop\FRST.exe 2014-05-19 14:17 - 2014-05-19 14:16 - 00000470 _____ () C:\Users\vlad\Downloads\defogger_disable.log 2014-05-19 14:16 - 2014-05-19 14:16 - 00000000 _____ () C:\Users\vlad\defogger_reenable 2014-05-19 14:16 - 2013-10-13 12:53 - 00000000 ____D () C:\Users\vlad 2014-05-19 14:15 - 2014-05-19 14:15 - 00050477 _____ () C:\Users\vlad\Downloads\Defogger.exe 2014-05-19 14:15 - 2013-10-14 15:13 - 00001420 _____ () C:\Users\vlad\Desktop\Notizen.txt 2014-05-19 14:08 - 2013-10-14 15:27 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Skype 2014-05-19 14:03 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-19 14:03 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-19 13:58 - 2014-05-14 19:55 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-19 13:57 - 2013-11-03 11:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-19 13:55 - 2014-03-29 12:54 - 00015485 _____ () C:\Windows\setupact.log 2014-05-19 13:55 - 2013-12-07 16:39 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-19 13:55 - 2013-10-14 15:32 - 00000000 ____D () C:\Program Files\Steam 2014-05-19 13:55 - 2013-10-13 13:41 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-19 13:55 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-19 13:50 - 2013-10-14 21:11 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Spotify 2014-05-18 22:35 - 2013-10-13 13:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-18 21:24 - 2014-02-22 21:30 - 00000374 _____ () C:\Windows\Tasks\update-sys.job 2014-05-18 20:26 - 2014-02-22 21:30 - 00000374 _____ () C:\Windows\Tasks\update-S-1-5-21-4018679884-465560905-3469409432-1000.job 2014-05-18 19:03 - 2013-10-14 15:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\.minecraft 2014-05-18 18:30 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock Infinite.url 2014-05-17 20:32 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock2Steam 2014-05-17 16:29 - 2014-05-17 16:29 - 00529265 _____ () C:\Users\vlad\Downloads\epsxe170.zip 2014-05-17 16:20 - 2014-05-17 16:20 - 00000215 _____ () C:\Users\vlad\Desktop\Arma Cold War Assault.url 2014-05-17 12:18 - 2014-05-17 12:18 - 00000000 ____D () C:\Program Files\ESET 2014-05-16 22:51 - 2013-12-02 14:08 - 00000000 ____D () C:\ProgramData\ProductData 2014-05-16 17:07 - 2013-10-14 21:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\Spotify 2014-05-15 20:57 - 2014-05-15 20:57 - 00000216 _____ () C:\Users\vlad\Desktop\BattleBlock Theater.url 2014-05-15 15:01 - 2014-03-29 12:53 - 00012994 _____ () C:\Windows\PFRO.log 2014-05-15 14:32 - 2013-10-13 12:52 - 00000000 ____D () C:\Windows\system32\Macromed 2014-05-15 14:09 - 2014-05-15 07:12 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-05-15 14:07 - 2013-10-14 15:48 - 00000000 ____D () C:\Users\vlad\Desktop\Zeug 2014-05-15 14:00 - 2014-05-15 14:00 - 01141680 _____ () C:\Users\vlad\Downloads\SteamSetup.exe 2014-05-15 13:47 - 2013-12-28 19:17 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-05-15 13:47 - 2013-10-13 13:18 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-05-15 13:47 - 2013-10-13 13:18 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-05-15 07:17 - 2013-10-13 12:26 - 01766109 _____ () C:\Windows\WindowsUpdate.log 2014-05-15 07:16 - 2013-10-14 16:06 - 00002551 _____ () C:\Users\Public\Desktop\Free System Utilities.lnk 2014-05-15 07:11 - 2013-10-13 13:08 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\DRPSu 2014-05-15 06:43 - 2013-10-13 12:55 - 00001435 _____ () C:\Users\vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-15 06:39 - 2013-10-13 13:42 - 00002109 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-14 23:04 - 2014-05-14 23:04 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu (1).exe 2014-05-14 22:44 - 2014-05-14 19:39 - 00000000 ____D () C:\AdwCleaner 2014-05-14 22:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\TAPI 2014-05-14 20:42 - 2014-05-14 20:42 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu.exe 2014-05-14 20:39 - 2014-05-14 20:39 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004 (1).exe 2014-05-14 20:34 - 2014-05-14 20:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\vlad\Downloads\revosetup.exe 2014-05-14 20:34 - 2014-05-14 20:34 - 00001222 _____ () C:\Users\vlad\Downloads\Revo Uninstaller.lnk 2014-05-14 20:34 - 2014-05-14 20:34 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-05-14 20:23 - 2014-05-14 20:14 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-05-14 20:13 - 2014-05-14 20:13 - 10094400 _____ (SurfRight B.V.) C:\Users\vlad\Downloads\HitmanPro.exe 2014-05-14 19:55 - 2014-05-14 19:55 - 00001060 _____ () C:\Users\vlad\Downloads\ Malwarebytes Anti-Malware .lnk 2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-14 19:53 - 2014-05-14 19:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-14 19:47 - 2014-05-14 19:47 - 01016261 _____ (Thisisu) C:\Users\vlad\Downloads\JRT (1).exe 2014-05-14 19:47 - 2014-05-14 19:47 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 19:46 - 2014-05-14 19:46 - 01016261 _____ (Thisisu) C:\Users\vlad\Downloads\JRT.exe 2014-05-14 19:30 - 2014-05-14 19:30 - 01325827 _____ () C:\Users\vlad\Downloads\adwcleaner_3.208.exe 2014-05-14 19:28 - 2014-05-14 19:28 - 00002102 _____ () C:\sc-cleaner.txt 2014-05-14 19:27 - 2014-05-14 19:27 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\vlad\Downloads\sc-cleaner.exe 2014-05-14 18:30 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock2 2014-05-14 18:25 - 2014-05-09 23:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock 2014-05-14 13:58 - 2013-11-03 11:40 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-05-14 13:58 - 2013-10-13 12:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-05-13 21:56 - 2013-10-14 15:39 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\vlc 2014-05-12 19:55 - 2014-05-12 19:55 - 00000216 _____ () C:\Users\vlad\Desktop\The Plan.url 2014-05-12 14:58 - 2013-10-13 12:56 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-12 14:58 - 2013-10-13 12:56 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-11 21:19 - 2013-10-14 23:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Hamachi 2014-05-11 20:32 - 2013-12-02 16:31 - 00000000 ____D () C:\Users\vlad\Desktop\ROM's 2014-05-11 20:29 - 2014-05-11 20:27 - 00000000 ____D () C:\Program Files\MSR 2014-05-11 20:27 - 2014-05-11 20:27 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\InetStat 2014-05-11 20:26 - 2014-05-11 20:26 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Wise 2014-05-11 20:09 - 2013-10-13 13:45 - 00000000 ____D () C:\Users\vlad\Desktop\Hintergrundbilder 2014-05-10 12:28 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-05-09 23:48 - 2014-05-09 23:43 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock 2014-05-09 23:43 - 2014-05-09 23:42 - 00123394 _____ () C:\Windows\DirectX.log 2014-05-09 20:53 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock 2.url 2014-05-09 20:52 - 2014-05-09 20:52 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock.url 2014-05-09 20:46 - 2014-05-09 20:46 - 00000216 _____ () C:\Users\vlad\Desktop\POSTAL 2.url 2014-05-03 15:08 - 2013-10-14 15:48 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\ftblauncher 2014-05-03 15:08 - 2013-10-14 15:46 - 04588972 _____ () C:\Users\vlad\Desktop\Feed the Beast.exe 2014-05-01 21:13 - 2013-10-14 15:56 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\.technic 2014-05-01 18:23 - 2013-10-22 15:52 - 00000000 ____D () C:\Users\vlad\Desktop\Server 2014-05-01 18:21 - 2013-10-14 15:48 - 02346942 _____ () C:\Users\vlad\Desktop\Tekkit.exe 2014-04-28 18:14 - 2014-04-28 18:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\CrashRpt 2014-04-28 18:13 - 2013-10-14 18:33 - 00000000 ____D () C:\Users\vlad\Documents\My Games 2014-04-25 21:35 - 2013-10-14 15:32 - 00000000 ____D () C:\Program Files\Common Files\Steam 2014-04-24 13:06 - 2014-04-24 13:06 - 00000216 _____ () C:\Users\vlad\Desktop\Red Orchestra 2 Heroes of Stalingrad - Single Player.url 2014-04-24 13:06 - 2014-04-24 13:06 - 00000215 _____ () C:\Users\vlad\Desktop\Rising StormRed Orchestra 2 Multiplayer.url 2014-04-22 20:20 - 2013-10-15 20:14 - 00000000 ____D () C:\Riot Games 2014-04-22 04:48 - 2014-04-22 04:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-22 04:48 - 2014-04-22 04:48 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-04-22 04:48 - 2013-10-13 13:18 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400154447337 2014-04-22 04:48 - 2013-10-13 13:18 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400154447337 2014-04-22 04:48 - 2013-10-13 13:18 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-22 04:48 - 2013-10-13 13:18 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-22 04:48 - 2013-10-13 13:18 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-22 04:48 - 2013-10-13 13:18 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-22 04:48 - 2013-10-13 13:18 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-22 04:48 - 2013-10-13 13:18 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk Some content of TEMP: ==================== C:\Users\vlad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7tahgf.dll C:\Users\vlad\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2011-07-26 01:49] - [2011-07-26 01:49] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746 C:\Windows\system32\winlogon.exe [2011-08-15 16:45] - [2011-08-15 16:45] - 0286720 ____A (Microsoft Corporation) 58AACDEE236690C090A86B5A34EC4B77 C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe [2011-07-26 01:46] - [2011-07-26 01:46] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000 C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll [2011-07-26 01:07] - [2011-07-26 01:07] - 0376832 ____A (Microsoft Corporation) FAFD0AE107BF665CB457608831814B0C ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\system32\Drivers\volsnap.sys [2011-07-26 02:14] - [2011-07-26 02:14] - 0246144 ____A (Microsoft Corporation) C2232C62CD2E44E40CDADD00BBCFE366 LastRegBack: 2014-05-03 13:59 ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-19 14:48:25
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721010DLE630 rev.MS2OA610 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\vlad\AppData\Local\Temp\kxldypob.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xCF226AA0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xCF22757E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xCF2335C8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xCF233614]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xCF2337AE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xCF233536]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0xCF2DD6D2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xCF23357E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xCF227AB4]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThreadEx [0xCF227CD0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xCF233768]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xCF22836C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xCF226B06]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xCF22BB40]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xCF2266F2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xCF2DD7B2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xCF226B6C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xCF22BF36]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xCF228E54]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xCF2335F2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xCF233636]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xCF2337D2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xCF23355C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xCF22B43A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xCF2336E6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xCF2335A6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xCF22B822]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xCF23378C]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xCF2DD556]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xCF228CC8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0xCF2289D6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xCF226BD2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xCF226C38]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0xCF2DD8AE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xCF22678C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xCF22695E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xCF2268EC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xCF228536]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xCF228698]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xCF2269E6]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0xCF2DD624]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xCF2281C6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xCF226C9E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xCF2275DA]
INT 0x51 ? C40FBA58
INT 0x52 ? C40607D8
INT 0x61 ? C40FB558
INT 0x62 ? C2FA7058
INT 0x72 ? C2FA72D8
INT 0x82 ? C2FA77D8
INT 0x92 ? C2FA7558
INT 0xA2 ? C4060CD8
INT 0xB1 ? C2FA7CD8
INT 0xB2 ? C4060558
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackComplete + 1441 E303FE95 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 E3079522 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB E3080760 4 Bytes [A0, 6A, 22, CF]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 E30807E8 4 Bytes [7E, 75, 22, CF] {JLE 0x77; AND CL, BH}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 E308083C 8 Bytes [C8, 35, 23, CF, 14, 36, 23, ...] {ENTER 0x2335, 0xcf; ADC AL, 0x36; AND ECX, EDI}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 E3080848 4 Bytes [AE, 37, 23, CF] {SCASB ; AAA ; AND ECX, EDI}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF E3080864 4 Bytes [36, 35, 23, CF]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 E323C87F 4 Bytes CALL CF229517 \SystemRoot\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 E32565DD 4 Bytes CALL CF22952D \SystemRoot\system32\drivers\aswSnx.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[492] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[572] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[580] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Windows\system32\services.exe[620] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1552] kernel32.dll!SetUnhandledExceptionFilter 76B7F4EB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1552] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1756] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Windows\Explorer.EXE[1784] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1924] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2112] kernel32.dll!SetUnhandledExceptionFilter 76B7F4EB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2112] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[2140] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[2156] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe[2376] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2460] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text ...
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{0991CE64-33F1-11E3-A25E-806E6F6E6963} 3290915520
Reg HKLM\SOFTWARE\Classes\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32@ %SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}
---- EOF - GMER 2.1 ----
Code:
ATTFilter <?xml version="1.0" encoding="UTF-16"?>
-<mbam-log>
-<header>
<date>2014/05/14 20:06:40 +0200</date>
<log>mbam-log-2014-05-14 (19-56-54).xml</log>
<isadmin>yes</isadmin>
</header>
-<engine>
<version>2.00.1.1004</version>
<rules-database>v2014.05.14.08</rules-database>
<swissarmy-database>v2014.03.27.01</swissarmy-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
-<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x86</arch>
<username>vlad</username>
<filesys>NTFS</filesys>
</system>
-<summary>
<type>threat</type>
<result>completed</result>
<objects>236753</objects>
<time>583</time>
<processes>0</processes>
<modules>0</modules>
<keys>2</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>3</files>
<sectors>0</sectors>
</summary>
-<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<shuriken>enabled</shuriken>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
-<items>
-<key>
<path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path>
<vendor>PUP.Optional.SupTab.A</vendor>
<action>success</action>
<hash>ada30d44295293a3075868bf59a96e92</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\Plus-HD-3.8</path>
<vendor>PUP.Optional.PlusHD.A</vendor>
<action>success</action>
<hash>86cace83166593a361c30c90ea18a759</hash>
</key>
-<file>
<path>C:\$Recycle.Bin\S-1-5-21-4018679884-465560905-3469409432-1000\$R1JS5TN.exe</path>
<vendor>PUP.Optional.OutBrowse</vendor>
<action>success</action>
<hash>ea66aba6d2a9340256fcde9bc73a669a</hash>
</file>
-<file>
<path>C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage</path>
<vendor>PUP.Optional.Superfish.A</vendor>
<action>success</action>
<hash>81cf18392c4fac8a62a4552b847e45bb</hash>
</file>
-<file>
<path>C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Preferences</path>
<vendor>PUP.Optional.V9.A</vendor>
<action>replaced</action>
<baddata> "startup_urls": [ "https://www.google.de/", "hxxp://www.v9.com/?type=hppp&ts=1400067628&from=irs&uid=HitachiXHDS721010DLE630_MSE523RP09LKLH09LKLHX&i=psd&t=342815dbc" ],</baddata>
<gooddata/>
<hash>30203d14e39869cd162ce1945aaa8a76</hash>
</file>
</items>
</mbam-log>
|
|
19.05.2014, 15:28
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adds und Pop-Ups in Browsern und Steam Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.05.2014, 16:10
| #5 |
| | Adds und Pop-Ups in Browsern und SteamCode:
ATTFilter ComboFix 14-05-19.01 - vlad 19.05.2014 16:46:58.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3198.1783 [GMT 2:00]
ausgeführt von:: c:\users\vlad\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\MICROSOFT
c:\windows\MICROSOFT\SystemUpdatekb70007\Installer.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\InstallerLibrary.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\Newtonsoft.Json.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\SQLite.Interop.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\System.Data.SQLite.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\win32.reg
c:\windows\MICROSOFT\SystemUpdatekb70007\WindowsUpdater.exe
c:\windows\system32\SET135A.tmp
c:\windows\system32\SET1639.tmp
c:\windows\system32\SETBC4.tmp
c:\windows\system32\SETFF02.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SystemUpdatekb70007
-------\Service_SystemUpdatekb70007
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-19 bis 2014-05-19 ))))))))))))))))))))))))))))))
.
.
2014-05-19 14:58 . 2014-05-19 14:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-19 13:14 . 2014-05-19 13:14 -------- d-----w- c:\program files\7-Zip
2014-05-19 12:58 . 2014-05-19 12:58 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEAB06BB-863E-461B-8945-E826172865E0}\offreg.dll
2014-05-19 12:20 . 2014-05-19 12:21 -------- d-----w- C:\FRST
2014-05-17 10:18 . 2014-05-17 10:18 -------- d-----w- c:\program files\ESET
2014-05-14 18:34 . 2014-05-14 18:34 -------- d-----w- c:\program files\VS Revo Group
2014-05-14 18:14 . 2014-05-14 18:23 -------- d-----w- c:\programdata\HitmanPro
2014-05-14 17:55 . 2014-05-19 15:01 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-14 17:54 . 2014-05-14 17:54 -------- d-----w- c:\program files\ Malwarebytes Anti-Malware
2014-05-14 17:54 . 2014-05-14 17:54 -------- d-----w- c:\programdata\Malwarebytes
2014-05-14 17:54 . 2014-04-03 07:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-14 17:54 . 2014-04-03 07:51 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-14 17:54 . 2014-04-03 07:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-14 17:47 . 2014-05-14 17:47 -------- d-----w- c:\windows\ERUNT
2014-05-14 17:40 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-14 17:39 . 2014-05-14 20:44 -------- d-----w- C:\AdwCleaner
2014-05-11 18:27 . 2014-05-11 18:29 -------- d-----w- c:\program files\MSR
2014-05-11 18:27 . 2014-05-11 18:27 -------- d-----w- c:\users\vlad\AppData\Roaming\InetStat
2014-05-11 18:26 . 2014-05-11 18:26 -------- d-----w- c:\users\vlad\AppData\Roaming\Wise
2014-05-09 21:43 . 2014-05-14 16:25 -------- d-----w- c:\users\vlad\AppData\Roaming\Bioshock
2014-04-28 16:14 . 2014-04-28 16:14 -------- d-----w- c:\users\vlad\AppData\Local\CrashRpt
2014-04-22 02:48 . 2014-04-22 02:48 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-22 02:48 . 2014-04-22 02:48 43152 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 11:47 . 2013-12-28 17:17 68312 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-15 11:47 . 2013-10-13 11:18 411680 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-15 11:47 . 2013-10-13 11:18 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-14 11:58 . 2013-11-03 09:40 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-14 11:58 . 2013-10-13 10:53 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-22 02:48 . 2013-10-13 11:18 411552 ----a-w- c:\windows\system32\drivers\aswsp.sys.1400154447337
2014-04-22 02:48 . 2013-10-13 11:18 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-22 02:48 . 2013-10-13 11:18 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400154447337
2014-04-22 02:48 . 2013-10-13 11:18 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-22 02:48 . 2013-10-13 11:18 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-22 02:48 . 2013-10-13 11:18 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-22 02:48 . 2013-10-13 11:18 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-16 12:06 . 2014-04-16 12:06 3017112 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2014-04-16 12:06 . 2014-04-16 12:06 1823320 ----a-w- c:\windows\system32\WavesGUILib.dll
2014-04-16 12:06 . 2014-04-16 12:06 915160 ----a-w- c:\windows\system32\RtkCoInstII.dll
2014-04-16 12:06 . 2014-04-16 12:06 782040 ----a-w- c:\windows\system32\RtkApoApi.dll
2014-04-16 12:06 . 2014-04-16 12:06 56270336 ----a-w- c:\windows\system32\RCoRes.dat
2014-04-16 12:06 . 2014-04-16 12:06 2467544 ----a-w- c:\windows\system32\RtkAPO.dll
2014-04-16 12:06 . 2014-04-16 12:06 948336 ----a-w- c:\windows\system32\MaxxSpeechAPO.dll
2014-04-16 12:06 . 2014-04-16 12:06 785520 ----a-w- c:\windows\system32\MaxxVoiceAPO20.dll
2014-04-16 12:06 . 2014-04-16 12:06 3650136 ----a-w- c:\windows\system32\MaxxAudioVnN.dll
2014-04-16 12:06 . 2014-04-16 12:06 28031576 ----a-w- c:\windows\system32\MaxxAudioVnA.dll
2014-04-16 12:06 . 2014-04-16 12:06 11736152 ----a-w- c:\windows\system32\MaxxVoiceAPO30.dll
2014-04-16 12:06 . 2014-04-16 12:06 1687128 ----a-w- c:\windows\system32\MaxxAudioRealtek2.dll
2014-04-16 12:06 . 2014-04-16 12:06 874584 ----a-w- c:\windows\system32\MaxxAudioAPOShell.dll
2014-04-16 12:06 . 2014-04-16 12:06 1936472 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
2014-04-16 12:06 . 2014-04-16 12:06 14463064 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2014-04-16 12:06 . 2014-04-16 12:06 1266776 ----a-w- c:\windows\system32\MaxxAudioAPO60.dll
2014-04-16 12:06 . 2014-04-16 12:06 1143408 ----a-w- c:\windows\system32\MaxxAudioAPO50.dll
2014-04-16 12:06 . 2014-04-16 12:06 1143408 ----a-w- c:\windows\system32\MaxxAudioAPO40.dll
2014-04-16 12:06 . 2014-04-16 12:06 2421792 ----a-w- c:\windows\system32\FMAPO.dll
2014-04-16 12:05 . 2014-04-16 12:05 76872 ----a-w- c:\windows\system32\RtNicProp32.dll
2014-04-16 12:05 . 2014-04-16 12:05 693464 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2014-04-16 12:05 . 2011-07-26 17:19 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2014-04-06 15:36 . 2014-04-06 15:36 606968 ----a-w- c:\windows\system32\sltech32.dll
2014-04-06 15:36 . 2014-04-06 15:36 219896 ----a-w- c:\windows\system32\slprp32.dll
2014-04-06 15:36 . 2014-04-06 15:36 964856 ----a-w- c:\windows\system32\slcnt32.dll
2014-04-06 15:36 . 2014-04-06 15:36 827128 ----a-w- c:\windows\system32\sl3apo32.dll
2014-04-06 15:36 . 2014-04-06 15:36 2559192 ----a-w- c:\windows\system32\RtkPgExt.dll
2014-04-06 15:36 . 2014-04-06 15:36 890160 ----a-w- c:\windows\system32\NAHIMICAPOSettingsIPC.dll
2014-04-06 15:36 . 2014-04-06 15:36 5088008 ----a-w- c:\windows\system32\NAHIMICAPOlfx.dll
2014-04-02 13:27 . 2014-01-23 14:20 1081112 ----a-w- c:\windows\system32\nvspcap.dll
2014-03-29 10:43 . 2014-03-29 10:43 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-29 10:43 . 2014-03-29 10:43 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-29 10:43 . 2014-03-29 10:43 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-29 10:43 . 2014-03-29 10:43 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-29 10:43 . 2014-03-29 10:43 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-03-29 10:43 . 2014-03-29 10:43 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-29 10:43 . 2014-03-29 10:43 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-29 10:43 . 2014-03-29 10:43 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-29 10:43 . 2014-03-29 10:43 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-03-29 10:43 . 2014-03-29 10:43 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-29 10:43 . 2014-03-29 10:43 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-29 10:42 . 2014-03-29 10:42 509440 ----a-w- c:\windows\system32\qedit.dll
2014-03-29 10:42 . 2014-03-29 10:42 2357760 ----a-w- c:\windows\system32\win32k.sys
2014-03-29 10:42 . 2014-03-29 10:42 381440 ----a-w- c:\windows\system32\wer.dll
2014-03-29 10:42 . 2014-03-29 10:42 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-29 10:41 . 2014-03-29 10:41 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-21 19:43 . 2014-04-08 13:20 34080 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2014-03-21 19:43 . 2014-01-23 14:19 33568 ----a-w- c:\windows\system32\nvaudcap32v.dll
2014-03-04 14:29 . 2014-03-10 19:09 9690424 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-04 14:29 . 2014-03-10 19:09 865224 ----a-w- c:\windows\system32\NvIFR.dll
2014-03-04 14:29 . 2014-03-10 19:09 847136 ----a-w- c:\windows\system32\NvFBC.dll
2014-03-04 14:29 . 2014-03-10 19:09 409544 ----a-w- c:\windows\system32\nvEncodeAPI.dll
2014-03-04 14:29 . 2014-03-10 19:09 334792 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-03-04 14:29 . 2014-03-10 19:09 305600 ----a-w- c:\windows\system32\nvoglshim32.dll
2014-03-04 14:29 . 2014-03-10 19:09 23716640 ----a-w- c:\windows\system32\nvoglv32.dll
2014-03-04 14:29 . 2014-03-10 19:09 148016 ----a-w- c:\windows\system32\nvinit.dll
2014-03-04 14:29 . 2014-03-10 19:09 10523480 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-04 14:29 . 2014-03-10 19:09 9728064 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-04 14:29 . 2014-03-10 19:09 894296 ----a-w- c:\windows\system32\nvdispgenco3233523.dll
2014-03-04 14:29 . 2014-03-10 19:09 2956632 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-04 14:29 . 2014-03-10 19:09 2411976 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-04 14:29 . 2014-03-10 19:09 1049888 ----a-w- c:\windows\system32\nvdispco3233523.dll
2014-03-04 14:29 . 2014-03-10 19:09 17559384 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-04 14:29 . 2013-12-07 14:38 832936 ----a-w- c:\windows\system32\nvumdshim.dll
2014-03-04 14:29 . 2013-12-07 14:38 15783992 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-03-04 14:29 . 2013-12-07 14:38 14709720 ----a-w- c:\windows\system32\nvd3dum.dll
2014-03-04 14:29 . 2013-12-07 14:38 2715264 ----a-w- c:\windows\system32\nvapi.dll
2014-03-04 12:34 . 2013-12-07 14:39 4348704 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 12:34 . 2013-12-07 14:39 3044696 ----a-w- c:\windows\system32\nvsvc.dll
2014-03-04 12:34 . 2013-12-07 14:39 663896 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 12:34 . 2013-12-07 14:39 62752 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 12:34 . 2013-12-07 14:39 2556360 ----a-w- c:\windows\system32\nvsvcr.dll
2014-03-04 12:34 . 2013-12-07 14:39 375128 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 11:32 . 2014-03-10 19:15 599840 ----a-w- c:\windows\system32\nvStreaming.exe
2014-02-19 13:27 . 2014-02-19 13:27 1892056 ----a-w- c:\windows\system32\RTSndMgr.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-22 02:48 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2014-04-23 1825984]
"Spotify Web Helper"="c:\users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-05-16 1176632]
"LightShot"="c:\users\vlad\AppData\Local\Skillbrains\lightshot\Lightshot.exe" [2014-03-06 226592]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2014-04-16 6667992]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-22 3873704]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-02 2201032]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-04-02 1081112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2013-10-14 625952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Overwolf]
2013-11-11 13:55 35256 ----a-w- c:\program files\Overwolf\Overwolf.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2014-05-16 15:06 6170168 ----a-w- c:\users\vlad\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-05-16 15:06 1176632 ----a-w- c:\users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2013-12-03 2151200]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2011-07-26 15768]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-29 108032]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 494368]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\Overwolf\OverwolfUpdater.exe [2013-11-11 18360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-12-02 14848]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2013-12-08 602216]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-07-25 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-12-02 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-12-02 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-12-02 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [2009-10-01 1515520]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-26 1343400]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-05-15 777488]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-05-15 411680]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-04-22 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-04-22 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-05-15 68312]
S2 MBAMScheduler;MBAMScheduler;c:\program files\ Malwarebytes Anti-Malware \mbamscheduler.exe [2014-04-03 1809720]
S2 MBAMService;MBAMService;c:\program files\ Malwarebytes Anti-Malware \mbamservice.exe [2014-04-03 857912]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-04-02 1615192]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-04-02 19405768]
S2 RzKLService;RzKLService;c:\program files\Razer\Razer Game Booster\RzKLService.exe [2013-11-22 105448]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-03-04 411936]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2012-10-25 57856]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-04-03 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-05-19 107736]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-04-03 51416]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-03-21 34080]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-04-16 693464]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-14 12:36 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-03 11:58]
.
2014-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-13 11:41]
.
2014-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-13 11:41]
.
2014-05-19 c:\windows\Tasks\update-S-1-5-21-4018679884-465560905-3469409432-1000.job
- c:\program files\Skillbrains\Updater\Updater.exe [2014-02-22 12:37]
.
2014-05-18 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2014-02-22 12:37]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118
FF - ProfilePath - c:\users\vlad\AppData\Roaming\Mozilla\Firefox\Profiles\l31jvc68.default-1400128695494\
FF - ExtSQL: 2014-04-22 04:48; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Cm106Sound - cm106.cpl
MSConfigStartUp-Advanced SystemCare 7 - c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe
MSConfigStartUp-DrvUpdater - c:\users\vlad\AppData\Roaming\DRPSu\DrvUpdater.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4018679884-465560905-3469409432-1000\Software\SecuROM\License information*]
"datasecu"=hex:58,28,08,6b,82,b6,e0,c9,f1,b2,53,bd,d6,49,e6,6f,bb,60,3d,39,6a,
1d,43,de,d6,68,96,38,fb,16,c6,41,17,88,7e,5c,3d,ea,6a,fc,80,51,0b,3f,7d,a1,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\ Malwarebytes Anti-Malware \mbam.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\rundll32.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\users\vlad\AppData\Local\Skillbrains\lightshot\5.1.0.15\Lightshot.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Steam\SteamService.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-19 17:06:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-05-19 15:06
.
Vor Suchlauf: 10 Verzeichnis(se), 553.522.561.024 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 553.359.802.368 Bytes frei
.
- - End Of File - - A5AA71A72630AFD75B27AD7BBF2463B7
A36C5E4F47E84449FF07ED3517B43A31
|
|
20.05.2014, 00:14
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adds und Pop-Ups in Browsern und Steam Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> Adds und Pop-Ups in Browsern und Steam |
|
20.05.2014, 13:20
| #7 |
| | Adds und Pop-Ups in Browsern und SteamCode:
ATTFilter # AdwCleaner v3.210 - Bericht erstellt am 20/05/2014 um 14:00:26
# Aktualisiert 19/05/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : vlad - VLAD-PC
# Gestartet von : C:\Users\vlad\Desktop\adwcleaner_3.210.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files\MSR
Ordner Gelöscht : C:\Users\vlad\AppData\Roaming\InetStat
Datei Gelöscht : C:\Windows\System32\Tasks\Freemium1ClickMaint
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B5B728B-C893-48CD-9612-C161319287B5}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B5B728B-C893-48CD-9612-C161319287B5}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\covus freemium gmbh
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\Users\vlad\AppData\Roaming\Mozilla\Firefox\Profiles\l31jvc68.default-1400128695494\prefs.js ]
-\\ Google Chrome v34.0.1847.137
[ Datei : C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Startup_urls] : hxxp://www.v9.com/?type=hppp&ts=1400067628&from=irs&uid=HitachiXHDS721010DLE630_MSE523RP09LKLH09LKLHX&i=psd&t=342815dbc
*************************
AdwCleaner[R0].txt - [8769 octets] - [14/05/2014 19:39:30]
AdwCleaner[R1].txt - [386 octets] - [14/05/2014 20:40:40]
AdwCleaner[R2].txt - [1270 octets] - [14/05/2014 22:40:12]
AdwCleaner[R3].txt - [1918 octets] - [20/05/2014 13:58:48]
AdwCleaner[S0].txt - [8205 octets] - [14/05/2014 19:41:41]
AdwCleaner[S1].txt - [1331 octets] - [14/05/2014 22:44:25]
AdwCleaner[S2].txt - [1847 octets] - [20/05/2014 14:00:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1907 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x86
Ran by vlad on 20.05.2014 at 14:08:45,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.05.2014 at 14:12:27,13
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014 Ran by vlad (administrator) on VLAD-PC on 20-05-2014 14:14:58 Running from C:\Users\vlad\Desktop Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe (Spotify Ltd) C:\Users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Skillbrains) C:\Users\vlad\AppData\Local\Skillbrains\lightshot\5.1.0.15\Lightshot.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6667992 2014-04-16] (Realtek Semiconductor) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-22] (AVAST Software) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [1081112 2014-04-02] (NVIDIA Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1825984 2014-04-24] (Valve Corporation) HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Spotify Web Helper] => C:\Users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-16] (Spotify Ltd) HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [LightShot] => C:\Users\vlad\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226592 2014-03-06] () HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) Startup: C:\Users\vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled () ==================== Internet (Whitelisted) ==================== ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\vlad\AppData\Roaming\Mozilla\Firefox\Profiles\l31jvc68.default-1400128695494 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-13] Chrome: ======= CHR HomePage: CHR StartupUrls: "https://www.google.de/", "hxxp://www.msn.com/?pc=AV01" CHR Extension: (Google Docs) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-13] CHR Extension: (Adblock Plus) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-12] CHR Extension: (Google Wallet) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-13] CHR Extension: (SiteBlock) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2014-05-12] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-22] (AVAST Software) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2011-07-26] (Microsoft Corporation) S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19405768 2014-04-02] (NVIDIA Corporation) S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-11-11] (Overwolf Ltd) R2 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.) ==================== Drivers (Whitelisted) ==================== R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2012-12-03] (Advanced Micro Devices Inc.) R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [57856 2012-10-25] (Alcor Micro, Corp.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-22] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-22] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-22] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-22] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-22] () R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2013-10-14] (LogMeIn, Inc.) S3 JRAID; C:\Windows\system32\drivers\jraid.sys [93096 2009-07-18] (JMicron Technology Corp.) S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30984 2013-01-03] (Logitech, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] () R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-21] (NVIDIA Corporation) S3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1515520 2009-10-01] (C-Media Electronics Inc) R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2011-07-26] (Microsoft Corporation) R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2011-07-26] (Microsoft Corporation) R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2011-07-26] (Microsoft Corporation) R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2011-07-26] (Microsoft Corporation) S3 catchme; \??\C:\Users\vlad\AppData\Local\Temp\catchme.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-20 14:14 - 2014-05-20 14:14 - 00011620 _____ () C:\Users\vlad\Desktop\FRST.txt 2014-05-20 14:12 - 2014-05-20 14:12 - 00000767 _____ () C:\Users\vlad\Desktop\JRT.txt 2014-05-20 14:03 - 2014-05-20 14:03 - 00001987 _____ () C:\Users\vlad\Desktop\AdwCleaner[S2].txt 2014-05-20 13:58 - 2014-05-20 13:58 - 01326389 _____ () C:\Users\vlad\Desktop\adwcleaner_3.210.exe 2014-05-19 17:06 - 2014-05-19 17:06 - 00021770 _____ () C:\ComboFix.txt 2014-05-19 16:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-05-19 16:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-05-19 16:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-05-19 16:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-05-19 16:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-05-19 16:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-05-19 16:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-05-19 16:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-05-19 16:40 - 2014-05-19 17:06 - 00000000 ____D () C:\Qoobox 2014-05-19 16:39 - 2014-05-19 17:05 - 00000000 ____D () C:\Windows\erdnt 2014-05-19 15:14 - 2014-05-19 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-05-19 15:14 - 2014-05-19 15:14 - 00000000 ____D () C:\Program Files\7-Zip 2014-05-19 15:13 - 2014-05-19 15:13 - 00961360 _____ (Chip Digital GmbH) C:\Users\vlad\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe 2014-05-19 14:20 - 2014-05-20 14:14 - 00000000 ____D () C:\FRST 2014-05-19 14:18 - 2014-05-19 14:18 - 01056768 _____ (Farbar) C:\Users\vlad\Desktop\FRST.exe 2014-05-19 14:16 - 2014-05-19 14:16 - 00000000 _____ () C:\Users\vlad\defogger_reenable 2014-05-19 14:15 - 2014-05-19 14:15 - 00050477 _____ () C:\Users\vlad\Downloads\Defogger.exe 2014-05-17 16:29 - 2014-05-17 16:29 - 00529265 _____ () C:\Users\vlad\Downloads\epsxe170.zip 2014-05-17 16:20 - 2014-05-17 16:20 - 00000215 _____ () C:\Users\vlad\Desktop\Arma Cold War Assault.url 2014-05-17 12:18 - 2014-05-17 12:18 - 00000000 ____D () C:\Program Files\ESET 2014-05-15 20:57 - 2014-05-15 20:57 - 00000216 _____ () C:\Users\vlad\Desktop\BattleBlock Theater.url 2014-05-15 14:00 - 2014-05-15 14:00 - 01141680 _____ () C:\Users\vlad\Downloads\SteamSetup.exe 2014-05-15 07:12 - 2014-05-15 14:09 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-05-14 23:04 - 2014-05-14 23:04 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu (1).exe 2014-05-14 20:42 - 2014-05-14 20:42 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu.exe 2014-05-14 20:39 - 2014-05-14 20:39 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004 (1).exe 2014-05-14 20:34 - 2014-05-14 20:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\vlad\Downloads\revosetup.exe 2014-05-14 20:34 - 2014-05-14 20:34 - 00001222 _____ () C:\Users\vlad\Downloads\Revo Uninstaller.lnk 2014-05-14 20:34 - 2014-05-14 20:34 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-05-14 20:14 - 2014-05-14 20:23 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-05-14 20:13 - 2014-05-14 20:13 - 10094400 _____ (SurfRight B.V.) C:\Users\vlad\Downloads\HitmanPro.exe 2014-05-14 19:55 - 2014-05-20 14:08 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-14 19:55 - 2014-05-14 19:55 - 00001060 _____ () C:\Users\vlad\Downloads\ Malwarebytes Anti-Malware .lnk 2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-14 19:54 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-14 19:54 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-14 19:54 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-14 19:53 - 2014-05-14 19:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-14 19:47 - 2014-05-14 19:47 - 01016261 _____ (Thisisu) C:\Users\vlad\Downloads\JRT (1).exe 2014-05-14 19:47 - 2014-05-14 19:47 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 19:46 - 2014-05-14 19:46 - 01016261 _____ (Thisisu) C:\Users\vlad\Desktop\JRT.exe 2014-05-14 19:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-05-14 19:39 - 2014-05-20 14:00 - 00000000 ____D () C:\AdwCleaner 2014-05-14 19:28 - 2014-05-14 19:28 - 00002102 _____ () C:\sc-cleaner.txt 2014-05-14 19:27 - 2014-05-14 19:27 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\vlad\Downloads\sc-cleaner.exe 2014-05-14 18:30 - 2014-05-17 20:32 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock2Steam 2014-05-14 18:30 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock2 2014-05-12 19:55 - 2014-05-12 19:55 - 00000216 _____ () C:\Users\vlad\Desktop\The Plan.url 2014-05-11 20:26 - 2014-05-11 20:26 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Wise 2014-05-09 23:43 - 2014-05-14 18:25 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock 2014-05-09 23:43 - 2014-05-09 23:48 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock 2014-05-09 23:42 - 2014-05-09 23:43 - 00123394 _____ () C:\Windows\DirectX.log 2014-05-09 20:53 - 2014-05-18 18:30 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock Infinite.url 2014-05-09 20:53 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock 2.url 2014-05-09 20:52 - 2014-05-09 20:52 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock.url 2014-05-09 20:46 - 2014-05-09 20:46 - 00000216 _____ () C:\Users\vlad\Desktop\POSTAL 2.url 2014-04-28 18:14 - 2014-04-28 18:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\CrashRpt 2014-04-24 13:06 - 2014-05-19 19:01 - 00000216 _____ () C:\Users\vlad\Desktop\Red Orchestra 2 Heroes of Stalingrad - Single Player.url 2014-04-24 13:06 - 2014-04-24 13:06 - 00000215 _____ () C:\Users\vlad\Desktop\Rising StormRed Orchestra 2 Multiplayer.url 2014-04-22 04:48 - 2014-04-22 04:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-22 04:48 - 2014-04-22 04:48 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys ==================== One Month Modified Files and Folders ======= 2014-05-20 14:15 - 2014-05-20 14:14 - 00011620 _____ () C:\Users\vlad\Desktop\FRST.txt 2014-05-20 14:14 - 2014-05-19 14:20 - 00000000 ____D () C:\FRST 2014-05-20 14:14 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-20 14:14 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-20 14:12 - 2014-05-20 14:12 - 00000767 _____ () C:\Users\vlad\Desktop\JRT.txt 2014-05-20 14:08 - 2014-05-14 19:55 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-20 14:08 - 2013-10-14 15:27 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Skype 2014-05-20 14:07 - 2014-03-29 12:54 - 00016157 _____ () C:\Windows\setupact.log 2014-05-20 14:07 - 2013-10-14 15:32 - 00000000 ____D () C:\Program Files\Steam 2014-05-20 14:07 - 2013-10-13 13:41 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-20 14:06 - 2013-12-07 16:39 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-20 14:06 - 2013-10-13 12:26 - 01778721 _____ () C:\Windows\WindowsUpdate.log 2014-05-20 14:06 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-20 14:03 - 2014-05-20 14:03 - 00001987 _____ () C:\Users\vlad\Desktop\AdwCleaner[S2].txt 2014-05-20 14:02 - 2014-03-29 12:53 - 00013844 _____ () C:\Windows\PFRO.log 2014-05-20 14:00 - 2014-05-14 19:39 - 00000000 ____D () C:\AdwCleaner 2014-05-20 13:58 - 2014-05-20 13:58 - 01326389 _____ () C:\Users\vlad\Desktop\adwcleaner_3.210.exe 2014-05-20 13:56 - 2013-11-03 11:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-19 22:42 - 2013-10-14 21:11 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Spotify 2014-05-19 22:35 - 2013-10-13 13:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-19 21:38 - 2013-10-14 23:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Hamachi 2014-05-19 21:24 - 2014-02-22 21:30 - 00000374 _____ () C:\Windows\Tasks\update-sys.job 2014-05-19 20:26 - 2014-02-22 21:30 - 00000374 _____ () C:\Windows\Tasks\update-S-1-5-21-4018679884-465560905-3469409432-1000.job 2014-05-19 19:01 - 2014-04-24 13:06 - 00000216 _____ () C:\Users\vlad\Desktop\Red Orchestra 2 Heroes of Stalingrad - Single Player.url 2014-05-19 17:48 - 2013-10-14 21:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\Spotify 2014-05-19 17:06 - 2014-05-19 17:06 - 00021770 _____ () C:\ComboFix.txt 2014-05-19 17:06 - 2014-05-19 16:40 - 00000000 ____D () C:\Qoobox 2014-05-19 17:06 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default 2014-05-19 17:06 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-05-19 17:05 - 2014-05-19 16:39 - 00000000 ____D () C:\Windows\erdnt 2014-05-19 17:01 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini 2014-05-19 16:59 - 2009-07-14 04:03 - 51380224 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-05-19 16:59 - 2009-07-14 04:03 - 19922944 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-05-19 16:59 - 2009-07-14 04:03 - 01835008 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-05-19 16:59 - 2009-07-14 04:03 - 00069632 _____ () C:\Windows\system32\config\SAM.bak 2014-05-19 16:59 - 2009-07-14 04:03 - 00028672 _____ () C:\Windows\system32\config\SECURITY.bak 2014-05-19 15:49 - 2013-10-14 15:13 - 00001502 _____ () C:\Users\vlad\Desktop\Notizen.txt 2014-05-19 15:14 - 2014-05-19 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-05-19 15:14 - 2014-05-19 15:14 - 00000000 ____D () C:\Program Files\7-Zip 2014-05-19 15:13 - 2014-05-19 15:13 - 00961360 _____ (Chip Digital GmbH) C:\Users\vlad\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe 2014-05-19 14:18 - 2014-05-19 14:18 - 01056768 _____ (Farbar) C:\Users\vlad\Desktop\FRST.exe 2014-05-19 14:16 - 2014-05-19 14:16 - 00000000 _____ () C:\Users\vlad\defogger_reenable 2014-05-19 14:16 - 2013-10-13 12:53 - 00000000 ____D () C:\Users\vlad 2014-05-19 14:15 - 2014-05-19 14:15 - 00050477 _____ () C:\Users\vlad\Downloads\Defogger.exe 2014-05-18 19:03 - 2013-10-14 15:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\.minecraft 2014-05-18 18:30 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock Infinite.url 2014-05-17 20:32 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock2Steam 2014-05-17 16:29 - 2014-05-17 16:29 - 00529265 _____ () C:\Users\vlad\Downloads\epsxe170.zip 2014-05-17 16:20 - 2014-05-17 16:20 - 00000215 _____ () C:\Users\vlad\Desktop\Arma Cold War Assault.url 2014-05-17 12:18 - 2014-05-17 12:18 - 00000000 ____D () C:\Program Files\ESET 2014-05-16 22:51 - 2013-12-02 14:08 - 00000000 ____D () C:\ProgramData\ProductData 2014-05-15 20:57 - 2014-05-15 20:57 - 00000216 _____ () C:\Users\vlad\Desktop\BattleBlock Theater.url 2014-05-15 14:32 - 2013-10-13 12:52 - 00000000 ____D () C:\Windows\system32\Macromed 2014-05-15 14:09 - 2014-05-15 07:12 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-05-15 14:07 - 2013-10-14 15:48 - 00000000 ____D () C:\Users\vlad\Desktop\Zeug 2014-05-15 14:00 - 2014-05-15 14:00 - 01141680 _____ () C:\Users\vlad\Downloads\SteamSetup.exe 2014-05-15 13:47 - 2013-12-28 19:17 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-05-15 13:47 - 2013-10-13 13:18 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-05-15 13:47 - 2013-10-13 13:18 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-05-15 07:16 - 2013-10-14 16:06 - 00002551 _____ () C:\Users\Public\Desktop\Free System Utilities.lnk 2014-05-15 07:11 - 2013-10-13 13:08 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\DRPSu 2014-05-15 06:43 - 2013-10-13 12:55 - 00001435 _____ () C:\Users\vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-15 06:39 - 2013-10-13 13:42 - 00002109 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-14 23:04 - 2014-05-14 23:04 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu (1).exe 2014-05-14 22:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\TAPI 2014-05-14 20:42 - 2014-05-14 20:42 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu.exe 2014-05-14 20:39 - 2014-05-14 20:39 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004 (1).exe 2014-05-14 20:34 - 2014-05-14 20:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\vlad\Downloads\revosetup.exe 2014-05-14 20:34 - 2014-05-14 20:34 - 00001222 _____ () C:\Users\vlad\Downloads\Revo Uninstaller.lnk 2014-05-14 20:34 - 2014-05-14 20:34 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-05-14 20:23 - 2014-05-14 20:14 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-05-14 20:13 - 2014-05-14 20:13 - 10094400 _____ (SurfRight B.V.) C:\Users\vlad\Downloads\HitmanPro.exe 2014-05-14 19:55 - 2014-05-14 19:55 - 00001060 _____ () C:\Users\vlad\Downloads\ Malwarebytes Anti-Malware .lnk 2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-14 19:53 - 2014-05-14 19:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-14 19:47 - 2014-05-14 19:47 - 01016261 _____ (Thisisu) C:\Users\vlad\Downloads\JRT (1).exe 2014-05-14 19:47 - 2014-05-14 19:47 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 19:46 - 2014-05-14 19:46 - 01016261 _____ (Thisisu) C:\Users\vlad\Desktop\JRT.exe 2014-05-14 19:28 - 2014-05-14 19:28 - 00002102 _____ () C:\sc-cleaner.txt 2014-05-14 19:27 - 2014-05-14 19:27 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\vlad\Downloads\sc-cleaner.exe 2014-05-14 18:30 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock2 2014-05-14 18:25 - 2014-05-09 23:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock 2014-05-14 13:58 - 2013-11-03 11:40 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-05-14 13:58 - 2013-10-13 12:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-05-13 21:56 - 2013-10-14 15:39 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\vlc 2014-05-12 19:55 - 2014-05-12 19:55 - 00000216 _____ () C:\Users\vlad\Desktop\The Plan.url 2014-05-12 14:58 - 2013-10-13 12:56 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-12 14:58 - 2013-10-13 12:56 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-11 20:32 - 2013-12-02 16:31 - 00000000 ____D () C:\Users\vlad\Desktop\ROM's 2014-05-11 20:26 - 2014-05-11 20:26 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Wise 2014-05-11 20:09 - 2013-10-13 13:45 - 00000000 ____D () C:\Users\vlad\Desktop\Hintergrundbilder 2014-05-10 12:28 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-05-09 23:48 - 2014-05-09 23:43 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock 2014-05-09 23:43 - 2014-05-09 23:42 - 00123394 _____ () C:\Windows\DirectX.log 2014-05-09 20:53 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock 2.url 2014-05-09 20:52 - 2014-05-09 20:52 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock.url 2014-05-09 20:46 - 2014-05-09 20:46 - 00000216 _____ () C:\Users\vlad\Desktop\POSTAL 2.url 2014-05-03 15:08 - 2013-10-14 15:48 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\ftblauncher 2014-05-03 15:08 - 2013-10-14 15:46 - 04588972 _____ () C:\Users\vlad\Desktop\Feed the Beast.exe 2014-05-01 21:13 - 2013-10-14 15:56 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\.technic 2014-05-01 18:23 - 2013-10-22 15:52 - 00000000 ____D () C:\Users\vlad\Desktop\Server 2014-05-01 18:21 - 2013-10-14 15:48 - 02346942 _____ () C:\Users\vlad\Desktop\Tekkit.exe 2014-04-28 18:14 - 2014-04-28 18:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\CrashRpt 2014-04-28 18:13 - 2013-10-14 18:33 - 00000000 ____D () C:\Users\vlad\Documents\My Games 2014-04-25 21:35 - 2013-10-14 15:32 - 00000000 ____D () C:\Program Files\Common Files\Steam 2014-04-24 13:06 - 2014-04-24 13:06 - 00000215 _____ () C:\Users\vlad\Desktop\Rising StormRed Orchestra 2 Multiplayer.url 2014-04-22 20:20 - 2013-10-15 20:14 - 00000000 ____D () C:\Riot Games 2014-04-22 04:48 - 2014-04-22 04:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-22 04:48 - 2014-04-22 04:48 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-04-22 04:48 - 2013-10-13 13:18 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400154447337 2014-04-22 04:48 - 2013-10-13 13:18 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400154447337 2014-04-22 04:48 - 2013-10-13 13:18 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-22 04:48 - 2013-10-13 13:18 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-22 04:48 - 2013-10-13 13:18 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-22 04:48 - 2013-10-13 13:18 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-22 04:48 - 2013-10-13 13:18 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-22 04:48 - 2013-10-13 13:18 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk Some content of TEMP: ==================== C:\Users\vlad\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2011-07-26 01:49] - [2011-07-26 01:49] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746 C:\Windows\system32\winlogon.exe [2011-08-15 16:45] - [2011-08-15 16:45] - 0286720 ____A (Microsoft Corporation) 58AACDEE236690C090A86B5A34EC4B77 C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe [2011-07-26 01:46] - [2011-07-26 01:46] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000 C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll [2011-07-26 01:07] - [2011-07-26 01:07] - 0376832 ____A (Microsoft Corporation) FAFD0AE107BF665CB457608831814B0C ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\system32\Drivers\volsnap.sys [2011-07-26 02:14] - [2011-07-26 02:14] - 0246144 ____A (Microsoft Corporation) C2232C62CD2E44E40CDADD00BBCFE366 LastRegBack: 2014-05-03 13:59 ==================== End Of Log ============================ |
|
20.05.2014, 14:59
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adds und Pop-Ups in Browsern und Steam Bitte auch ein neues Addition-Log: Haken setzen bei addition.txt dann auf Scan klicken 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.05.2014, 20:00
| #9 |
| | Adds und Pop-Ups in Browsern und SteamFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014 Ran by vlad (administrator) on VLAD-PC on 20-05-2014 20:55:32 Running from C:\Users\vlad\Desktop Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6667992 2014-04-16] (Realtek Semiconductor) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-22] (AVAST Software) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [1081112 2014-04-02] (NVIDIA Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1825984 2014-04-24] (Valve Corporation) HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Spotify Web Helper] => C:\Users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-16] (Spotify Ltd) HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [LightShot] => C:\Users\vlad\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226592 2014-03-06] () HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) Startup: C:\Users\vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled () ==================== Internet (Whitelisted) ==================== ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\vlad\AppData\Roaming\Mozilla\Firefox\Profiles\l31jvc68.default-1400128695494 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-13] Chrome: ======= CHR HomePage: CHR StartupUrls: "https://www.google.de/", "hxxp://www.v9.com/?type=hppp&ts=1400067628&from=irs&uid=HitachiXHDS721010DLE630_MSE523RP09LKLH09LKLHX&i=psd&t=342815dbc", "hxxp://www.msn.com/?pc=AV01" CHR Extension: (Google Docs) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-13] CHR Extension: (Adblock Plus) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-12] CHR Extension: (Google Wallet) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-13] CHR Extension: (SiteBlock) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2014-05-12] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-22] (AVAST Software) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2011-07-26] (Microsoft Corporation) S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19405768 2014-04-02] (NVIDIA Corporation) S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-11-11] (Overwolf Ltd) R2 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.) ==================== Drivers (Whitelisted) ==================== R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2012-12-03] (Advanced Micro Devices Inc.) R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [57856 2012-10-25] (Alcor Micro, Corp.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-22] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-22] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-22] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-22] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-22] () R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2013-10-14] (LogMeIn, Inc.) S3 JRAID; C:\Windows\system32\drivers\jraid.sys [93096 2009-07-18] (JMicron Technology Corp.) S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30984 2013-01-03] (Logitech, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] () R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-21] (NVIDIA Corporation) S3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1515520 2009-10-01] (C-Media Electronics Inc) R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2011-07-26] (Microsoft Corporation) R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2011-07-26] (Microsoft Corporation) R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2011-07-26] (Microsoft Corporation) R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2011-07-26] (Microsoft Corporation) S3 catchme; \??\C:\Users\vlad\AppData\Local\Temp\catchme.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-20 20:55 - 2014-05-20 20:55 - 00011217 _____ () C:\Users\vlad\Desktop\FRST.txt 2014-05-19 17:06 - 2014-05-19 17:06 - 00021770 _____ () C:\ComboFix.txt 2014-05-19 16:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-05-19 16:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-05-19 16:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-05-19 16:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-05-19 16:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-05-19 16:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-05-19 16:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-05-19 16:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-05-19 16:40 - 2014-05-19 17:06 - 00000000 ____D () C:\Qoobox 2014-05-19 16:39 - 2014-05-19 17:05 - 00000000 ____D () C:\Windows\erdnt 2014-05-19 15:14 - 2014-05-19 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-05-19 15:14 - 2014-05-19 15:14 - 00000000 ____D () C:\Program Files\7-Zip 2014-05-19 15:13 - 2014-05-19 15:13 - 00961360 _____ (Chip Digital GmbH) C:\Users\vlad\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe 2014-05-19 14:20 - 2014-05-20 20:55 - 00000000 ____D () C:\FRST 2014-05-19 14:18 - 2014-05-19 14:18 - 01056768 _____ (Farbar) C:\Users\vlad\Desktop\FRST.exe 2014-05-19 14:16 - 2014-05-19 14:16 - 00000000 _____ () C:\Users\vlad\defogger_reenable 2014-05-19 14:15 - 2014-05-19 14:15 - 00050477 _____ () C:\Users\vlad\Downloads\Defogger.exe 2014-05-17 16:29 - 2014-05-17 16:29 - 00529265 _____ () C:\Users\vlad\Downloads\epsxe170.zip 2014-05-17 16:20 - 2014-05-17 16:20 - 00000215 _____ () C:\Users\vlad\Desktop\Arma Cold War Assault.url 2014-05-17 12:18 - 2014-05-17 12:18 - 00000000 ____D () C:\Program Files\ESET 2014-05-15 20:57 - 2014-05-15 20:57 - 00000216 _____ () C:\Users\vlad\Desktop\BattleBlock Theater.url 2014-05-15 14:00 - 2014-05-15 14:00 - 01141680 _____ () C:\Users\vlad\Downloads\SteamSetup.exe 2014-05-15 07:12 - 2014-05-15 14:09 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-05-14 23:04 - 2014-05-14 23:04 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu (1).exe 2014-05-14 20:42 - 2014-05-14 20:42 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu.exe 2014-05-14 20:39 - 2014-05-14 20:39 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004 (1).exe 2014-05-14 20:34 - 2014-05-14 20:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\vlad\Downloads\revosetup.exe 2014-05-14 20:34 - 2014-05-14 20:34 - 00001222 _____ () C:\Users\vlad\Downloads\Revo Uninstaller.lnk 2014-05-14 20:34 - 2014-05-14 20:34 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-05-14 20:14 - 2014-05-14 20:23 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-05-14 20:13 - 2014-05-14 20:13 - 10094400 _____ (SurfRight B.V.) C:\Users\vlad\Downloads\HitmanPro.exe 2014-05-14 19:55 - 2014-05-20 17:25 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-14 19:55 - 2014-05-14 19:55 - 00001060 _____ () C:\Users\vlad\Downloads\ Malwarebytes Anti-Malware .lnk 2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-14 19:54 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-14 19:54 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-14 19:54 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-14 19:53 - 2014-05-14 19:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-14 19:47 - 2014-05-14 19:47 - 01016261 _____ (Thisisu) C:\Users\vlad\Downloads\JRT (1).exe 2014-05-14 19:47 - 2014-05-14 19:47 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 19:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-05-14 19:39 - 2014-05-20 14:00 - 00000000 ____D () C:\AdwCleaner 2014-05-14 19:28 - 2014-05-14 19:28 - 00002102 _____ () C:\sc-cleaner.txt 2014-05-14 19:27 - 2014-05-14 19:27 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\vlad\Downloads\sc-cleaner.exe 2014-05-14 18:30 - 2014-05-20 18:11 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock2Steam 2014-05-14 18:30 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock2 2014-05-12 19:55 - 2014-05-12 19:55 - 00000216 _____ () C:\Users\vlad\Desktop\The Plan.url 2014-05-11 20:26 - 2014-05-11 20:26 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Wise 2014-05-09 23:43 - 2014-05-14 18:25 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock 2014-05-09 23:43 - 2014-05-09 23:48 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock 2014-05-09 23:42 - 2014-05-09 23:43 - 00123394 _____ () C:\Windows\DirectX.log 2014-05-09 20:53 - 2014-05-18 18:30 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock Infinite.url 2014-05-09 20:53 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock 2.url 2014-05-09 20:52 - 2014-05-09 20:52 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock.url 2014-05-09 20:46 - 2014-05-09 20:46 - 00000216 _____ () C:\Users\vlad\Desktop\POSTAL 2.url 2014-04-28 18:14 - 2014-04-28 18:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\CrashRpt 2014-04-24 13:06 - 2014-05-19 19:01 - 00000216 _____ () C:\Users\vlad\Desktop\Red Orchestra 2 Heroes of Stalingrad - Single Player.url 2014-04-24 13:06 - 2014-04-24 13:06 - 00000215 _____ () C:\Users\vlad\Desktop\Rising StormRed Orchestra 2 Multiplayer.url 2014-04-22 04:48 - 2014-04-22 04:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-22 04:48 - 2014-04-22 04:48 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys ==================== One Month Modified Files and Folders ======= 2014-05-20 20:55 - 2014-05-20 20:55 - 00011217 _____ () C:\Users\vlad\Desktop\FRST.txt 2014-05-20 20:55 - 2014-05-19 14:20 - 00000000 ____D () C:\FRST 2014-05-20 20:53 - 2013-10-14 15:27 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Skype 2014-05-20 20:52 - 2013-10-14 21:11 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Spotify 2014-05-20 20:35 - 2013-10-13 13:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-20 20:26 - 2014-02-22 21:30 - 00000374 _____ () C:\Windows\Tasks\update-S-1-5-21-4018679884-465560905-3469409432-1000.job 2014-05-20 20:07 - 2013-10-22 18:00 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\TS3Client 2014-05-20 19:56 - 2013-11-03 11:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-20 18:20 - 2013-10-14 15:32 - 00000000 ____D () C:\Program Files\Steam 2014-05-20 18:11 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock2Steam 2014-05-20 17:35 - 2013-10-13 13:41 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-20 17:32 - 2013-10-13 13:45 - 00000000 ____D () C:\Users\vlad\Desktop\Hintergrundbilder 2014-05-20 17:25 - 2014-05-14 19:55 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-20 17:24 - 2014-02-22 21:30 - 00000374 _____ () C:\Windows\Tasks\update-sys.job 2014-05-20 17:04 - 2013-10-13 12:26 - 01778817 _____ () C:\Windows\WindowsUpdate.log 2014-05-20 14:14 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-20 14:14 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-20 14:07 - 2014-03-29 12:54 - 00016157 _____ () C:\Windows\setupact.log 2014-05-20 14:06 - 2013-12-07 16:39 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-20 14:06 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-20 14:02 - 2014-03-29 12:53 - 00013844 _____ () C:\Windows\PFRO.log 2014-05-20 14:00 - 2014-05-14 19:39 - 00000000 ____D () C:\AdwCleaner 2014-05-19 21:38 - 2013-10-14 23:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Hamachi 2014-05-19 19:01 - 2014-04-24 13:06 - 00000216 _____ () C:\Users\vlad\Desktop\Red Orchestra 2 Heroes of Stalingrad - Single Player.url 2014-05-19 17:48 - 2013-10-14 21:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\Spotify 2014-05-19 17:06 - 2014-05-19 17:06 - 00021770 _____ () C:\ComboFix.txt 2014-05-19 17:06 - 2014-05-19 16:40 - 00000000 ____D () C:\Qoobox 2014-05-19 17:06 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default 2014-05-19 17:06 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-05-19 17:05 - 2014-05-19 16:39 - 00000000 ____D () C:\Windows\erdnt 2014-05-19 17:01 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini 2014-05-19 16:59 - 2009-07-14 04:03 - 51380224 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-05-19 16:59 - 2009-07-14 04:03 - 19922944 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-05-19 16:59 - 2009-07-14 04:03 - 01835008 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-05-19 16:59 - 2009-07-14 04:03 - 00069632 _____ () C:\Windows\system32\config\SAM.bak 2014-05-19 16:59 - 2009-07-14 04:03 - 00028672 _____ () C:\Windows\system32\config\SECURITY.bak 2014-05-19 15:49 - 2013-10-14 15:13 - 00001502 _____ () C:\Users\vlad\Desktop\Notizen.txt 2014-05-19 15:14 - 2014-05-19 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-05-19 15:14 - 2014-05-19 15:14 - 00000000 ____D () C:\Program Files\7-Zip 2014-05-19 15:13 - 2014-05-19 15:13 - 00961360 _____ (Chip Digital GmbH) C:\Users\vlad\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe 2014-05-19 14:18 - 2014-05-19 14:18 - 01056768 _____ (Farbar) C:\Users\vlad\Desktop\FRST.exe 2014-05-19 14:16 - 2014-05-19 14:16 - 00000000 _____ () C:\Users\vlad\defogger_reenable 2014-05-19 14:16 - 2013-10-13 12:53 - 00000000 ____D () C:\Users\vlad 2014-05-19 14:15 - 2014-05-19 14:15 - 00050477 _____ () C:\Users\vlad\Downloads\Defogger.exe 2014-05-18 19:03 - 2013-10-14 15:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\.minecraft 2014-05-18 18:30 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock Infinite.url 2014-05-17 16:29 - 2014-05-17 16:29 - 00529265 _____ () C:\Users\vlad\Downloads\epsxe170.zip 2014-05-17 16:20 - 2014-05-17 16:20 - 00000215 _____ () C:\Users\vlad\Desktop\Arma Cold War Assault.url 2014-05-17 12:18 - 2014-05-17 12:18 - 00000000 ____D () C:\Program Files\ESET 2014-05-16 22:51 - 2013-12-02 14:08 - 00000000 ____D () C:\ProgramData\ProductData 2014-05-15 20:57 - 2014-05-15 20:57 - 00000216 _____ () C:\Users\vlad\Desktop\BattleBlock Theater.url 2014-05-15 14:32 - 2013-10-13 12:52 - 00000000 ____D () C:\Windows\system32\Macromed 2014-05-15 14:09 - 2014-05-15 07:12 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-05-15 14:07 - 2013-10-14 15:48 - 00000000 ____D () C:\Users\vlad\Desktop\Zeug 2014-05-15 14:00 - 2014-05-15 14:00 - 01141680 _____ () C:\Users\vlad\Downloads\SteamSetup.exe 2014-05-15 13:47 - 2013-12-28 19:17 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-05-15 13:47 - 2013-10-13 13:18 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-05-15 13:47 - 2013-10-13 13:18 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-05-15 07:16 - 2013-10-14 16:06 - 00002551 _____ () C:\Users\Public\Desktop\Free System Utilities.lnk 2014-05-15 07:11 - 2013-10-13 13:08 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\DRPSu 2014-05-15 06:43 - 2013-10-13 12:55 - 00001435 _____ () C:\Users\vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-15 06:39 - 2013-10-13 13:42 - 00002109 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-14 23:04 - 2014-05-14 23:04 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu (1).exe 2014-05-14 22:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\TAPI 2014-05-14 20:42 - 2014-05-14 20:42 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu.exe 2014-05-14 20:39 - 2014-05-14 20:39 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004 (1).exe 2014-05-14 20:34 - 2014-05-14 20:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\vlad\Downloads\revosetup.exe 2014-05-14 20:34 - 2014-05-14 20:34 - 00001222 _____ () C:\Users\vlad\Downloads\Revo Uninstaller.lnk 2014-05-14 20:34 - 2014-05-14 20:34 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-05-14 20:23 - 2014-05-14 20:14 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-05-14 20:13 - 2014-05-14 20:13 - 10094400 _____ (SurfRight B.V.) C:\Users\vlad\Downloads\HitmanPro.exe 2014-05-14 19:55 - 2014-05-14 19:55 - 00001060 _____ () C:\Users\vlad\Downloads\ Malwarebytes Anti-Malware .lnk 2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-14 19:53 - 2014-05-14 19:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-14 19:47 - 2014-05-14 19:47 - 01016261 _____ (Thisisu) C:\Users\vlad\Downloads\JRT (1).exe 2014-05-14 19:47 - 2014-05-14 19:47 - 00000000 ____D () C:\Windows\ERUNT 2014-05-14 19:28 - 2014-05-14 19:28 - 00002102 _____ () C:\sc-cleaner.txt 2014-05-14 19:27 - 2014-05-14 19:27 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\vlad\Downloads\sc-cleaner.exe 2014-05-14 18:30 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock2 2014-05-14 18:25 - 2014-05-09 23:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock 2014-05-14 13:58 - 2013-11-03 11:40 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-05-14 13:58 - 2013-10-13 12:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-05-13 21:56 - 2013-10-14 15:39 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\vlc 2014-05-12 19:55 - 2014-05-12 19:55 - 00000216 _____ () C:\Users\vlad\Desktop\The Plan.url 2014-05-12 14:58 - 2013-10-13 12:56 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-12 14:58 - 2013-10-13 12:56 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-11 20:32 - 2013-12-02 16:31 - 00000000 ____D () C:\Users\vlad\Desktop\ROM's 2014-05-11 20:26 - 2014-05-11 20:26 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Wise 2014-05-10 12:28 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-05-09 23:48 - 2014-05-09 23:43 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock 2014-05-09 23:43 - 2014-05-09 23:42 - 00123394 _____ () C:\Windows\DirectX.log 2014-05-09 20:53 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock 2.url 2014-05-09 20:52 - 2014-05-09 20:52 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock.url 2014-05-09 20:46 - 2014-05-09 20:46 - 00000216 _____ () C:\Users\vlad\Desktop\POSTAL 2.url 2014-05-03 15:08 - 2013-10-14 15:48 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\ftblauncher 2014-05-03 15:08 - 2013-10-14 15:46 - 04588972 _____ () C:\Users\vlad\Desktop\Feed the Beast.exe 2014-05-01 21:13 - 2013-10-14 15:56 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\.technic 2014-05-01 18:23 - 2013-10-22 15:52 - 00000000 ____D () C:\Users\vlad\Desktop\Server 2014-05-01 18:21 - 2013-10-14 15:48 - 02346942 _____ () C:\Users\vlad\Desktop\Tekkit.exe 2014-04-28 18:14 - 2014-04-28 18:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\CrashRpt 2014-04-28 18:13 - 2013-10-14 18:33 - 00000000 ____D () C:\Users\vlad\Documents\My Games 2014-04-25 21:35 - 2013-10-14 15:32 - 00000000 ____D () C:\Program Files\Common Files\Steam 2014-04-24 13:06 - 2014-04-24 13:06 - 00000215 _____ () C:\Users\vlad\Desktop\Rising StormRed Orchestra 2 Multiplayer.url 2014-04-22 20:20 - 2013-10-15 20:14 - 00000000 ____D () C:\Riot Games 2014-04-22 04:48 - 2014-04-22 04:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-22 04:48 - 2014-04-22 04:48 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-04-22 04:48 - 2013-10-13 13:18 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400154447337 2014-04-22 04:48 - 2013-10-13 13:18 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400154447337 2014-04-22 04:48 - 2013-10-13 13:18 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-22 04:48 - 2013-10-13 13:18 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-22 04:48 - 2013-10-13 13:18 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-22 04:48 - 2013-10-13 13:18 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-22 04:48 - 2013-10-13 13:18 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-22 04:48 - 2013-10-13 13:18 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk Some content of TEMP: ==================== C:\Users\vlad\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2011-07-26 01:49] - [2011-07-26 01:49] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746 C:\Windows\system32\winlogon.exe [2011-08-15 16:45] - [2011-08-15 16:45] - 0286720 ____A (Microsoft Corporation) 58AACDEE236690C090A86B5A34EC4B77 C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe [2011-07-26 01:46] - [2011-07-26 01:46] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000 C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll [2011-07-26 01:07] - [2011-07-26 01:07] - 0376832 ____A (Microsoft Corporation) FAFD0AE107BF665CB457608831814B0C ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\system32\Drivers\volsnap.sys [2011-07-26 02:14] - [2011-07-26 02:14] - 0246144 ____A (Microsoft Corporation) C2232C62CD2E44E40CDADD00BBCFE366 LastRegBack: 2014-05-03 13:59 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-05-2014
Ran by vlad at 2014-05-20 20:56:04
Running from C:\Users\vlad\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Antichamber (HKLM\...\Steam App 219890) (Version: - Alexander Bruce)
Arma: Cold War Assault (HKLM\...\Steam App 65790) (Version: - Bohemia Interactive)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2018 - Avast Software)
BattleBlock Theater (HKLM\...\Steam App 238460) (Version: - The Behemoth)
BioShock (HKLM\...\Steam App 7670) (Version: - 2K Boston)
BioShock 2 (HKLM\...\Steam App 8850) (Version: - 2K Marin)
BioShock Infinite (HKLM\...\Steam App 8870) (Version: - Irrational Games)
Borderlands (HKLM\...\Steam App 8980) (Version: - Gearbox Software)
Borderlands 2 (HKLM\...\Steam App 49520) (Version: - Gearbox Software)
Cave Story Deluxe (HKLM\...\Cave Story Deluxe) (Version: - )
Cry of Fear (HKLM\...\Steam App 223710) (Version: - Team Psykskallar)
Crysis (HKLM\...\Steam App 17300) (Version: - Crytek)
Disney-Pixar WALL-E (HKLM\...\{B94C6815-7BCC-4124-AC39-9208A06FFFA7}) (Version: 1.00.0000 - THQ)
Dojotech Spotify Recorder (HKLM\...\{D149DB2E-392E-48CC-8036-88BECC09C50A}) (Version: 3.2 - Dojotech Software)
Don't Starve (HKLM\...\Steam App 219740) (Version: - Klei Entertainment)
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
Driver Booster (HKLM\...\Driver Booster_is1) (Version: 1.2 - IObit)
Edna & Harvey: Harvey's New Eyes (HKLM\...\Steam App 219910) (Version: - Daedalic Entertainment)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FINAL FANTASY VII (HKLM\...\Steam App 39140) (Version: - Square Enix)
Free System Utilities (HKLM\...\{b70d03b1-2a07-4c32-beef-79d2d13a5bee}) (Version: 1.1.3.0 - Covus Freemium GmbH)
Free SystemUtilities (Version: 1.1.3.0 - Covus Freemium GmbH) Hidden
Game Dev Tycoon (HKLM\...\Steam App 239820) (Version: - Greenheart Games)
GameSpy Comrade (HKLM\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Garry)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM\...\Steam App 12210) (Version: - Rockstar North)
Greenfish Icon Editor Pro 3.31 (HKLM\...\{27135B83-5AFF-42A3-BCEB-E689BE9E2090}_is1) (Version: - Greenfish Corporation)
Half-Life (HKLM\...\Steam App 70) (Version: - Valve)
Half-Life 2 (HKLM\...\Steam App 220) (Version: - Valve)
Half-Life 2: Episode One (HKLM\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM\...\Steam App 420) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM\...\Steam App 340) (Version: - Valve)
Half-Life: Blue Shift (HKLM\...\Steam App 130) (Version: - Gearbox Software)
Half-Life: Opposing Force (HKLM\...\Steam App 50) (Version: - Gearbox Software)
Hamachi 1.0.3.0 (HKLM\...\Hamachi) (Version: - )
Hitman 2: Silent Assassin (HKLM\...\Steam App 6850) (Version: - IO Interactive)
Hitman: Absolution (HKLM\...\Steam App 203140) (Version: - IO Interactive)
Hitman: Blood Money (HKLM\...\Steam App 6860) (Version: - IO Interactive)
Hitman: Codename 47 (HKLM\...\Steam App 6900) (Version: - IO Interactive)
Hitman: Contracts (HKLM\...\Steam App 247430) (Version: - )
Hitman: Sniper Challenge (HKLM\...\Steam App 205930) (Version: - IO Interactive)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 45 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Just Cause (HKLM\...\Steam App 6880) (Version: - Avalanche)
Just Cause 2 (HKLM\...\Steam App 8190) (Version: - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM\...\Steam App 259080) (Version: - JC2-MP Team)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
lightshot-5.1.0.15 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.0.15 - Skillbrains)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MEDUSA NX USB 5.1 Gaming Headset (HKLM\...\C-Media CM106 Like Sound Driver) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (HKLM\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 24.0 (x86 de) (HKLM\...\Mozilla Firefox 24.0 (x86 de)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
My Game Long Name (HKLM\...\UDK-ca5c1d5d-d51e-436b-b5ea-a8b1d7131cb6) (Version: - Epic Games, Inc.)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
Outlast (HKLM\...\Steam App 238320) (Version: - Red Barrels)
Overwolf (HKLM\...\{0A337036-B73E-4C85-8D32-3851F84B7CFE}) (Version: 0.46.271 - Overwolf)
Plus-HD-3.8 (HKLM\...\Plus-HD-3.8) (Version: 1.27.153.11 - Plus HD) <==== ATTENTION
Portal (HKLM\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM\...\Steam App 620) (Version: - Valve)
POSTAL 2 (HKLM\...\Steam App 223470) (Version: - Running With Scissors)
Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Q.U.B.E. (HKLM\...\Steam App 203730) (Version: - Toxic Games)
Razer Game Booster (HKLM\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM\...\Steam App 236830) (Version: - )
Reus (HKLM\...\Steam App 222730) (Version: - Abbey Games)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM\...\Steam App 35450) (Version: - Tripwire Interactive)
Rogue Legacy (HKLM\...\Steam App 241600) (Version: - Cellar Door Games)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
SketchUp 2013 (HKLM\...\{2C0777B8-E91F-45AA-976B-7EB6B40E5400}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version: - Valve)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Starbound (HKLM\...\Steam App 211820) (Version: - )
State of Decay (HKLM\...\Steam App 241540) (Version: - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Update kb70007 (Version: 1.0.0 - MSR) Hidden
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
The Binding of Isaac (HKLM\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Plan (HKLM\...\Steam App 250600) (Version: - Krillbite Studio)
The Sims(TM) 3 (HKLM\...\Steam App 47890) (Version: - The Sims Studio)
The Stanley Parable (HKLM\...\Steam App 221910) (Version: - Galactic Cafe)
The Walking Dead (HKLM\...\Steam App 207610) (Version: - )
The Walking Dead: Season Two (HKLM\...\Steam App 261030) (Version: - Telltale Games)
Thomas Was Alone (HKLM\...\Steam App 220780) (Version: - Mike Bithell)
Tomb Raider (HKLM\...\Steam App 203160) (Version: - Crystal Dynamics)
Tomb Raider (VI): The Angel of Darkness (HKLM\...\Steam App 225020) (Version: - Core Design)
Tomb Raider I (HKLM\...\Steam App 224960) (Version: - Core Design)
Tomb Raider II (HKLM\...\Steam App 225300) (Version: - Core Design)
Tomb Raider III: Adventures of Lara Croft (HKLM\...\Steam App 225320) (Version: - Core Design)
Tomb Raider: Anniversary (HKLM\...\Steam App 8000) (Version: - Crystal Dynamics)
Tomb Raider: Chronicles (HKLM\...\Steam App 225000) (Version: - Core Design)
Tomb Raider: Legend (HKLM\...\Steam App 7000) (Version: - Crystal Dynamics)
Tomb Raider: The Last Revelation (HKLM\...\Steam App 224980) (Version: - Core Design)
Tomb Raider: Underworld (HKLM\...\Steam App 8140) (Version: - Crystal Dynamics)
Unreal Development Kit: 2012-10 (HKLM\...\UDK-9a945cf0-3152-4d4f-a428-35aebc522f71) (Version: - Epic Games, Inc.)
Update for Microsoft .NET Framework 4.5 (KB2750147) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805221) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805226) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Restore Points =========================
15-05-2014 05:11:16 Removed IObit Apps Toolbar v9.1.
15-05-2014 05:12:23 Removed IObit Apps Toolbar v9.1.
15-05-2014 12:06:14 Removed IObit Apps Toolbar v9.1.
15-05-2014 12:09:22 Removed PlayReady PC Runtime X86
15-05-2014 12:11:38 Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU wird entfernt
15-05-2014 12:31:28 Removed Adobe Shockwave Player 11.6.
15-05-2014 12:42:10 Revo Uninstaller's restore point - IObit Apps Toolbar v9.1
15-05-2014 12:42:32 Removed IObit Apps Toolbar v9.1.
15-05-2014 12:52:40 Revo Uninstaller's restore point - Adobe Flash Player 13 ActiveX
15-05-2014 12:53:29 Revo Uninstaller's restore point - Adobe Flash Player 13 Plugin
19-05-2014 14:44:33 ComboFix created restore point
==================== Hosts content: ==========================
2009-07-14 04:04 - 2014-05-19 17:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {43A1A5BA-F03D-4D1F-AB04-73507EF3A8FC} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2014-01-10] (IObit)
Task: {546B77E0-2D16-4A99-BE50-BF9A98E0A69D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-13] (Google Inc.)
Task: {597B8412-CAD4-4CF9-9F0E-1AEC902EFD5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-13] (Google Inc.)
Task: {6425BDED-C0D8-49F5-AFEB-3613AFF6F841} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe
Task: {964E9CCF-D038-4D07-8107-8C1B071B4148} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: {CBD415AA-B846-4F3F-AF3E-EDBD7E9136D9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-22] (AVAST Software)
Task: {D8DE037A-B9D5-4AD5-BD12-CC71EB7F3D81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {EF8E9ECD-32D9-4E3F-B9E1-C328774C6DA8} - System32\Tasks\update-S-1-5-21-4018679884-465560905-3469409432-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-4018679884-465560905-3469409432-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe
==================== Loaded Modules (whitelisted) =============
2013-12-07 16:39 - 2014-03-04 14:34 - 00109000 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-10-21 13:43 - 2013-10-20 08:08 - 02136576 _____ () C:\Program Files\AVAST Software\Avast\defs\13102000\algo.dll
2013-10-21 13:43 - 2013-10-21 13:43 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Overwolf => C:\Program Files\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Spotify => "C:\Users\vlad\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 29%
Total physical RAM: 3198.12 MB
Available physical RAM: 2251.95 MB
Total Pagefile: 6394.53 MB
Available Pagefile: 5169.96 MB
Total Virtual: 3071.88 MB
Available Virtual: 2959.68 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:514.11 GB) NTFS
Drive d: (WALL-E) (CDROM) (Total:3.49 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 61C89B35)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
20.05.2014, 22:31
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adds und Pop-Ups in Browsern und Steam Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.05.2014, 12:49
| #11 |
| | Adds und Pop-Ups in Browsern und SteamCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:17-05-2014
Ran by vlad at 2014-05-21 13:47:43 Run:1
Running from C:\Users\vlad\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
==== End of Fixlog ====
|
|
21.05.2014, 22:26
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adds und Pop-Ups in Browsern und Steam Okay, dann bitte Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.05.2014, 21:42
| #13 |
| | Adds und Pop-Ups in Browsern und SteamCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 22.05.2014 Suchlauf-Zeit: 22:29:17 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.05.22.10 Rootkit Datenbank: v2014.05.21.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: vlad Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 248142 Verstrichene Zeit: 7 Min, 9 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 1 PUP.Optional.V9.A, C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "https://www.google.de/", "hxxp://www.v9.com/?type=hppp&ts=1400067628&from=irs&uid=HitachiXHDS721010DLE630_MSE523RP09LKLH09LKLHX&i=psd&t=342815dbc", "hxxp://www.msn.com/?pc=AV01" ],), Ersetzt,[a4ce7fd5413aa4928c71d2aff90b9f61] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=769f41f36249694aba45ac46bc8f7b01
# engine=18300
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-17 12:08:32
# local_time=2014-05-17 02:08:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 76 169642 18556051 0 0
# compatibility_mode=5893 16776573 100 94 7949 151959703 0 0
# scanned=440132
# found=2
# cleaned=2
# scan_time=6362
sh=91A36ECC07C1A2FDFC46A22BE61580DB05B9A07B ft=1 fh=3949443ec6f71fd1 vn="Win32/OutBrowse.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-4018679884-465560905-3469409432-1000\$RBLUKMS.exe"
sh=91A36ECC07C1A2FDFC46A22BE61580DB05B9A07B ft=1 fh=3949443ec6f71fd1 vn="Win32/OutBrowse.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-4018679884-465560905-3469409432-1000\$RPYBXW7.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=769f41f36249694aba45ac46bc8f7b01
# engine=18372
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2014-05-22 11:17:40
# local_time=2014-05-23 01:17:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 76 641790 19028199 0 0
# compatibility_mode=5893 16776573 100 94 11606 152431851 0 0
# scanned=445638
# found=2
# cleaned=0
# scan_time=9574
sh=90FD6993499CD49D1F0BD507CB9189D85550E1BA ft=1 fh=ee056a68ff3ffc29 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\vlad\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe"
sh=C2C4EF4212BD52C0E1A37CB10B0568D1871C79D5 ft=0 fh=0000000000000000 vn="Variante von Win64/Toolbar.Widgi.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\1416d29.msi"
|
|
24.05.2014, 14:06
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adds und Pop-Ups in Browsern und Steam Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\vlad\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
C:\Windows\Installer\1416d29.msi
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.05.2014, 23:11
| #15 |
| | Adds und Pop-Ups in Browsern und SteamCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:24-05-2014 1
Ran by vlad at 2014-05-25 00:10:46 Run:2
Running from C:\Users\vlad\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\vlad\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
C:\Windows\Installer\1416d29.msi
*****************
C:\Users\vlad\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe => Moved successfully.
C:\Windows\Installer\1416d29.msi => Moved successfully.
==== End of Fixlog ====
|
|
| Themen zu Adds und Pop-Ups in Browsern und Steam |
| .com, ahnung, anwendungen, computer, internet, internet explorer, manager, nicht mehr, pop-up virus, pop-ups, pop-ups in steam, posadi17, posadi17 entfernen, probleme, pup.optional.v9.a, startseite, task manager, v9.com, win32/downloadsponsor.a, win32/outbrowse.r, win64/toolbar.widgi.a, wirklich |
Linear-Darstellung
