| |
| |||||||
Log-Analyse und Auswertung: Kaspersky meldet TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.11.2014, 20:13
| #1 |
 |  Kaspersky meldet Trojaner Liebes Trojaner-Board-Team, nach einer vollständigen Untersuchung vor 5 Tagen meldete Kaspersky, dass 4 mit einem Trojaner infzierte Programme gefunden worden sind, welche natürlich sofort in die Quarantäne verschoben wurden. Kurz darauf hatte ich mir Malwarebytes heruntergeladen, welches jedoch keine Bedrohungen feststellen konnte, genauso wie Kaspersky seitdem. Was mich wieder misstrauisch werden ließ, war, dass Malwarebytes nun jeden Tag 1 mal die Meldung "malicious website blocked" aufploppen ließ. Ich kenne mich leider nicht sehr gut mit PCs aus und hoffe, dass ihr mir da weiterhelfen könnt. Vielen Dank im voraus! P.S. Kaspersky Log ist zu lang, soll ich den splitten? Hier die Log files: Addition: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 03 Ran by Admin (administrator) on ADMIN-PC on 17-11-2014 19:05:03 Running from C:\Users\Admin\Downloads Loaded Profile: Admin (Available profiles: Admin) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Program Files (x86)\puush\puush.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKU\S-1-5-21-1328996307-1902604124-994258828-1000\...\Run: [THPanel] => C:\Program Files (x86)\Thunder Master\THPanel.exe [2175784 2013-11-08] (Palit Microsystems Ltd.) HKU\S-1-5-21-1328996307-1902604124-994258828-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-05-07] () HKU\S-1-5-21-1328996307-1902604124-994258828-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1328996307-1902604124-994258828-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com HKU\S-1-5-21-1328996307-1902604124-994258828-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d3emd1wl.default FF Homepage: google.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Admin\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d3emd1wl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-13] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-04-27] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-04-27] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-04-27] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-04-27] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-04-27] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-03-30] (BitRaider, LLC) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-04-27] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-04-27] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-04-27] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-04-27] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-04-27] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-17] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation) R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation) R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation) R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation) S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-17 19:05 - 2014-11-17 19:05 - 00016537 _____ () C:\Users\Admin\Downloads\FRST.txt 2014-11-17 19:04 - 2014-11-17 19:05 - 00000000 ____D () C:\FRST 2014-11-17 19:03 - 2014-11-17 19:03 - 02117120 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe 2014-11-17 19:01 - 2014-11-17 19:01 - 00000472 _____ () C:\Users\Admin\Downloads\defogger_disable.log 2014-11-17 19:01 - 2014-11-17 19:01 - 00000000 _____ () C:\Users\Admin\defogger_reenable 2014-11-17 18:58 - 2014-11-17 18:58 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger(1).exe 2014-11-17 18:55 - 2014-11-17 18:55 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe 2014-11-16 15:42 - 2014-11-16 15:42 - 00397132 _____ () C:\Users\Admin\Desktop\K2 HA Dokumentation.odt 2014-11-16 08:57 - 2014-11-16 08:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\006A452C.sys 2014-11-15 17:44 - 2014-11-15 17:44 - 00034506 _____ () C:\Users\Admin\Desktop\K2 HA Werte.ods 2014-11-14 14:57 - 2014-11-14 14:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5EDD3C77.sys 2014-11-13 21:51 - 2014-11-17 19:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-13 21:51 - 2014-11-13 21:51 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-13 21:51 - 2014-11-13 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-13 21:51 - 2014-11-13 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-13 21:51 - 2014-11-13 21:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-13 21:51 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-13 21:51 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-13 21:51 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-13 21:50 - 2014-11-13 21:50 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-12 21:53 - 2014-11-12 21:53 - 02140160 _____ () C:\Users\Admin\Downloads\adwcleaner_4.101.exe 2014-11-12 09:10 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-12 09:10 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-12 09:10 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-12 09:10 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-12 09:10 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-12 09:10 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-12 09:10 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-12 09:10 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-12 09:10 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-12 09:10 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-12 09:10 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 09:10 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-12 09:10 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-12 09:10 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-12 09:10 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-12 09:10 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-12 09:10 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-12 09:10 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-12 09:10 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-12 09:10 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 09:10 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-12 09:10 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-12 09:10 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-12 09:10 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-12 09:10 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-12 09:10 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-12 09:10 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-12 09:10 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-12 09:10 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-12 09:10 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-12 09:10 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-12 09:10 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-12 09:10 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-12 09:10 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-12 09:10 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-12 09:10 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-12 09:10 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-12 09:10 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-12 09:10 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-12 09:10 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-12 09:10 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-12 09:10 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-12 09:10 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-12 09:10 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-12 09:10 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-12 09:10 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-12 09:10 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-12 09:10 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-12 09:10 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-12 09:10 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-12 09:10 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-12 09:10 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-12 09:10 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-12 09:10 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-12 09:10 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-12 09:10 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-12 09:10 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-12 09:10 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-12 09:10 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-12 09:10 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-12 09:10 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 09:10 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 09:10 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 09:10 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 09:10 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-12 09:10 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-12 09:10 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-12 09:10 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-12 09:09 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 09:09 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-12 09:09 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 09:09 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-12 09:09 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-12 09:09 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-12 09:09 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-12 09:09 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 09:09 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 09:09 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 09:09 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-12 09:09 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 09:09 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-12 09:09 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-12 09:09 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 09:09 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-12 09:09 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 09:09 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-12 09:09 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-12 09:09 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-12 09:09 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-12 09:09 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-12 09:09 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-12 09:09 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-12 09:09 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-12 09:09 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-12 09:09 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-12 09:09 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-12 09:09 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-12 09:09 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 09:09 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 09:09 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-12 09:09 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-12 09:09 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 09:09 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-10 17:08 - 2014-11-10 17:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-05 08:35 - 2014-11-05 08:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-11-05 08:35 - 2014-11-05 08:34 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-11-05 08:35 - 2014-11-05 08:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-11-05 08:35 - 2014-11-05 08:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-11-05 08:35 - 2014-11-05 08:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-11-05 08:34 - 2014-11-05 08:34 - 00000000 ____D () C:\Program Files (x86)\Java 2014-11-04 17:36 - 2014-09-04 20:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-11-04 17:36 - 2014-09-04 20:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-17 19:04 - 2014-03-13 20:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype 2014-11-17 19:01 - 2014-02-11 15:24 - 00000000 ____D () C:\Users\Admin 2014-11-17 18:38 - 2014-03-13 20:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-17 18:28 - 2014-04-27 15:38 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-11-17 14:16 - 2009-07-14 05:45 - 00035008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-17 14:16 - 2009-07-14 05:45 - 00035008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-17 14:14 - 2014-02-11 15:24 - 01927492 _____ () C:\Windows\WindowsUpdate.log 2014-11-17 14:08 - 2014-02-12 08:28 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-11-17 14:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-17 14:08 - 2009-07-14 05:51 - 00103085 _____ () C:\Windows\setupact.log 2014-11-16 23:28 - 2014-03-13 18:26 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-11-16 23:27 - 2014-03-15 22:55 - 00000000 ____D () C:\Users\Admin\AppData\Local\Battle.net 2014-11-15 19:55 - 2014-02-12 00:11 - 00699868 _____ () C:\Windows\system32\perfh007.dat 2014-11-15 19:55 - 2014-02-12 00:11 - 00149750 _____ () C:\Windows\system32\perfc007.dat 2014-11-15 19:55 - 2009-07-14 06:13 - 01622228 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-15 11:35 - 2014-03-13 20:11 - 00000000 ____D () C:\Users\Admin\Documents\TU - Berlin 2014-11-14 13:59 - 2010-11-21 04:47 - 00293370 _____ () C:\Windows\PFRO.log 2014-11-12 19:38 - 2014-03-13 20:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-12 19:38 - 2014-03-13 20:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-12 19:38 - 2014-03-13 20:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-12 17:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-12 14:09 - 2009-07-14 05:45 - 00376752 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-12 14:07 - 2014-05-06 23:11 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-12 11:34 - 2014-02-12 10:30 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-12 11:32 - 2014-02-12 10:30 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-11 10:12 - 2014-03-13 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-05 08:35 - 2014-05-11 21:45 - 00000000 ____D () C:\ProgramData\Oracle 2014-11-04 17:37 - 2014-02-12 08:26 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-11-02 20:24 - 2014-03-13 20:11 - 00000000 ____D () C:\Users\Admin\Documents\Bewerbungen 2014-11-01 19:50 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-29 19:50 - 2014-03-15 22:57 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-10-28 06:34 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-25 19:09 - 2014-03-15 22:55 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-10-23 15:45 - 2014-03-14 14:33 - 00000000 ____D () C:\Users\Admin\Desktop\StarCraft II 2014-10-21 08:47 - 2014-07-06 13:12 - 00000000 ____D () C:\Program Files\Microsoft Office 15 Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\avgnt.exe C:\Users\Admin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Admin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\Admin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Admin\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\Admin\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Admin\AppData\Local\Temp\nvStereoApiI.dll C:\Users\Admin\AppData\Local\Temp\nvStInst.exe C:\Users\Admin\AppData\Local\Temp\Quarantine.exe C:\Users\Admin\AppData\Local\Temp\SkypeSetup.exe C:\Users\Admin\AppData\Local\Temp\sqlite3.dll C:\Users\Admin\AppData\Local\Temp\swt-win32-3349.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-16 14:17 ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-11-17 19:31:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4 TOSHIBA_DT01ACA100 rev.MS2OA750 931,51GB Running: Gmer-19357.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglorpod.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031f0000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031f002f 18 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075991465 2 bytes [99, 75] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759914bb 2 bytes [99, 75] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075991465 2 bytes [99, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759914bb 2 bytes [99, 75] .text ... * 2 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075991465 2 bytes [99, 75] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759914bb 2 bytes [99, 75] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [2640] entry point in ".rdata" section 00000000679271e6 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000777ff9e0 5 bytes JMP 000000016f79e92f .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 00000000777ffa28 5 bytes JMP 000000016f79ef91 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 00000000777ffa40 5 bytes JMP 000000016f79d6cb .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 00000000777ffa90 5 bytes JMP 000000016f79d227 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000777ffaa8 5 bytes JMP 000000016f79d518 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 00000000777ffb40 5 bytes JMP 000000016f79f1d1 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 00000000777ffc38 5 bytes JMP 000000016f7aa5ff .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 00000000777ffd4c 5 bytes JMP 000000016f79d06f .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000777ffd64 5 bytes JMP 000000016f7a9c21 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 00000000777ffd98 5 bytes JMP 000000016f7a9f1c .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000777ffe44 5 bytes JMP 000000016f79e504 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 00000000777ffe5c 5 bytes JMP 000000016f7a9d4a .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778000b4 5 bytes JMP 000000016f7a9a66 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000778001c4 5 bytes JMP 000000016f79d873 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtCreateKeyTransacted 0000000077800754 5 bytes JMP 000000016f79f273 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 00000000778009e4 5 bytes JMP 000000016f7a9c5e .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 00000000778009fc 5 bytes JMP 000000016f79ce43 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077800a44 5 bytes JMP 000000016f79da29 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077800b80 5 bytes JMP 000000016f79cf59 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077800f70 5 bytes JMP 000000016f79deb7 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077800f88 5 bytes JMP 000000016f79e053 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077801018 5 bytes JMP 000000016f79f01e .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransacted 0000000077801030 5 bytes JMP 000000016f79f141 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransactedEx 0000000077801048 5 bytes JMP 000000016f79f0ae .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 000000007780133c 5 bytes JMP 000000016f7a9e33 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 000000007780147c 5 bytes JMP 000000016f79dd29 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077801528 5 bytes JMP 000000016f79e217 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 0000000077801718 5 bytes JMP 000000016f79dba1 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077801a58 5 bytes JMP 000000016f79d3d0 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077801b9c 5 bytes JMP 000000016f79e399 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075af103d 5 bytes JMP 000000016f78387d .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075af1072 5 bytes JMP 000000016f783ce1 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b1c9b5 5 bytes JMP 000000016f783997 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075b72ff1 5 bytes JMP 000000016f783bdb .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075fc2642 5 bytes JMP 000000016f783eee .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7 00000000753fea09 7 bytes JMP 000000016f7be3f9 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\ole32.dll!OleRun 00000000754007de 5 bytes JMP 000000016f7bdf5c .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject 00000000754021e1 5 bytes JMP 000000016f7c1868 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\ole32.dll!OleUninitialize 000000007540eba1 6 bytes JMP 000000016f7bded3 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\ole32.dll!OleInitialize 000000007540efd7 5 bytes JMP 000000016f7bde8b .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000754254ad 5 bytes JMP 000000016f7bfede .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\ole32.dll!CoInitializeEx 00000000754309ad 5 bytes JMP 000000016f7bde2b .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\ole32.dll!CoUninitialize 00000000754386d3 5 bytes JMP 000000016f7c08f2 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075439d0b 1 byte JMP 000000016f7c160f .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 2 0000000075439d0d 3 bytes {JMP 0xfffffffffa387904} .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075439d4e 5 bytes JMP 000000016f7bf4ed .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 000000007545bb09 7 bytes JMP 000000016f7bdfa4 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject 000000007547eacf 5 bytes JMP 000000016f7bfba2 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile 00000000754b340b 5 bytes JMP 000000016f7c09f2 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc 00000000754fcfd9 5 bytes JMP 000000016f7bdf14 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\OLEAUT32.dll!RegisterActiveObject 0000000075d927ce 5 bytes JMP 000000016f7c04fe .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\OLEAUT32.dll!RevokeActiveObject 0000000075d932c4 5 bytes JMP 000000016f7bdde3 .text C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe[2772] C:\Windows\syswow64\OLEAUT32.dll!GetActiveObject 0000000075da8f80 5 bytes JMP 000000016f7c0692 ? C:\Windows\system32\mssprxy.dll [3416] entry point in ".rdata" section 00000000679271e6 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075991465 2 bytes [99, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759914bb 2 bytes [99, 75] .text ... * 2 .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776011f5 8 bytes {JMP 0xd} .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077601390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007760143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007760158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007760191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077601b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077601bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077601d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077601eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077601edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077601f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077601fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077601fd7 8 bytes {JMP 0xb} .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077602272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077602301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077602792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776027b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776027d2 8 bytes {JMP 0x10} .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007760282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077602890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077602d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077602d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077603023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007760323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776033c0 16 bytes {JMP 0x4e} .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077603a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077603ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077603b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077603d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077604190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077651380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077651500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077651530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077651700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077651f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000750b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000750b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000750b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000750b16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000750b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000750b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000750b1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000750b1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000750b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Admin\Downloads\Gmer-19357.exe[2724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000750b1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ???i?u???z??????PCI\VEN_1022&DEV_1601&SUBSYS_00000000&REV_00?PCI\VEN_1022&DEV_1601&SUBSYS_00000000?PCI\VEN_1022&DEV_1601&REV_00?PCI\VEN_1022&DEV_1601?PCI\VEN_1022&DEV_1601&CC_060000?PCI\VEN_1022&DEV_1601&CC_0600?????PCI\VEN_1022&CC_060000?PCI\VEN_1022&CC_0600?PCI\VEN_1022?PCI\CC_060000?PCI\CC_0600???/???????? ??????????????????????????????????????????o???;???h?h?h???????h??????????{00000000-0000-0000-ffff-ffffffffffff}??????????????????????? ???h??????????s???????????????????????? ???????b??????s???{00000000-0000-0000-ffff-ffffffffffff}??55???????? ???????????r06????????????0?????????n??????V??t?????????e?????i?i?????????_???????e????X??i???????????????????h?????h??????`??????g???????????????;???;??? ???????h???????????f?,??????2??????????0??? ???????3?????????????????????????????????? ???????????????????????????????????????????? ???????h???????????T?,??????"??????????f??????????????????????????????????????????????????????????????????????????? P??h???????????????????????e??0???????????{00000000-0000-0000-fff Reg HKLM\SYSTEM\ControlSet002\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ????????? j?????????????????$UserProfile$\AppData\Local\Microsoft\Outlook\*.ost????????????????E?'??pciide?.?.???????????|???????|???????-???????????0??0????U?U?????????h???????????????.???.??? "?????????????????????????????????????????? ???????????????????=????????L??????????????????&L?????????????????????????????CurrentControlSet\Control\MSDTC\ASR\????MountedDevices\???????????????????????????s?????CurrentControlSet\Control\Session Manager\PendingFileRenameOperations???????????????????????????????????CurrentControlSet\Control\Session Manager\PendingFileRenameOperations2???????????????????????r??CurrentControlSet\Control\Session Manager\AllowProtectedRenames?????????????????????????? ????????A??? ???????????L?????????????s???? ???????????????????=??????????T???&????????????????????????????=??????s?????T???????????c?????@%SystemRoot%\System32\SysClass.Dll,-3026???Mobile devices?ystem32\SysClass.Dll,-3026?????P?????????????%systemroot%\system32\imageres.dll,-93??????????1???????????????? ????????????????????? ---- EOF - GMER 2.1 ---- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 03 Ran by Admin (administrator) on ADMIN-PC on 17-11-2014 19:05:03 Running from C:\Users\Admin\Downloads Loaded Profile: Admin (Available profiles: Admin) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Program Files (x86)\puush\puush.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKU\S-1-5-21-1328996307-1902604124-994258828-1000\...\Run: [THPanel] => C:\Program Files (x86)\Thunder Master\THPanel.exe [2175784 2013-11-08] (Palit Microsystems Ltd.) HKU\S-1-5-21-1328996307-1902604124-994258828-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-05-07] () HKU\S-1-5-21-1328996307-1902604124-994258828-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1328996307-1902604124-994258828-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com HKU\S-1-5-21-1328996307-1902604124-994258828-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d3emd1wl.default FF Homepage: google.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Admin\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d3emd1wl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-13] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-04-27] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-04-27] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-04-27] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-04-27] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-04-27] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-03-30] (BitRaider, LLC) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-04-27] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-04-27] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-04-27] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-04-27] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-04-27] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-17] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation) R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation) R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation) R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation) S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-17 19:05 - 2014-11-17 19:05 - 00016537 _____ () C:\Users\Admin\Downloads\FRST.txt 2014-11-17 19:04 - 2014-11-17 19:05 - 00000000 ____D () C:\FRST 2014-11-17 19:03 - 2014-11-17 19:03 - 02117120 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe 2014-11-17 19:01 - 2014-11-17 19:01 - 00000472 _____ () C:\Users\Admin\Downloads\defogger_disable.log 2014-11-17 19:01 - 2014-11-17 19:01 - 00000000 _____ () C:\Users\Admin\defogger_reenable 2014-11-17 18:58 - 2014-11-17 18:58 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger(1).exe 2014-11-17 18:55 - 2014-11-17 18:55 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe 2014-11-16 15:42 - 2014-11-16 15:42 - 00397132 _____ () C:\Users\Admin\Desktop\K2 HA Dokumentation.odt 2014-11-16 08:57 - 2014-11-16 08:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\006A452C.sys 2014-11-15 17:44 - 2014-11-15 17:44 - 00034506 _____ () C:\Users\Admin\Desktop\K2 HA Werte.ods 2014-11-14 14:57 - 2014-11-14 14:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5EDD3C77.sys 2014-11-13 21:51 - 2014-11-17 19:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-13 21:51 - 2014-11-13 21:51 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-13 21:51 - 2014-11-13 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-13 21:51 - 2014-11-13 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-13 21:51 - 2014-11-13 21:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-13 21:51 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-13 21:51 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-13 21:51 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-13 21:50 - 2014-11-13 21:50 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-12 21:53 - 2014-11-12 21:53 - 02140160 _____ () C:\Users\Admin\Downloads\adwcleaner_4.101.exe 2014-11-12 09:10 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-12 09:10 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-12 09:10 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-12 09:10 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-12 09:10 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-12 09:10 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-12 09:10 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-12 09:10 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-12 09:10 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-12 09:10 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-12 09:10 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 09:10 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-12 09:10 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-12 09:10 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-12 09:10 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-12 09:10 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-12 09:10 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-12 09:10 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-12 09:10 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-12 09:10 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 09:10 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-12 09:10 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-12 09:10 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-12 09:10 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-12 09:10 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-12 09:10 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-12 09:10 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-12 09:10 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-12 09:10 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-12 09:10 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-12 09:10 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-12 09:10 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-12 09:10 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-12 09:10 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-12 09:10 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-12 09:10 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-12 09:10 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-12 09:10 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-12 09:10 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-12 09:10 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-12 09:10 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-12 09:10 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-12 09:10 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-12 09:10 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-12 09:10 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-12 09:10 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-12 09:10 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-12 09:10 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-12 09:10 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-12 09:10 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-12 09:10 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-12 09:10 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-12 09:10 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-12 09:10 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-12 09:10 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-12 09:10 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-12 09:10 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-12 09:10 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-12 09:10 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-12 09:10 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-12 09:10 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 09:10 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 09:10 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 09:10 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 09:10 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-12 09:10 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-12 09:10 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-12 09:10 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-12 09:09 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 09:09 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-12 09:09 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 09:09 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-12 09:09 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-12 09:09 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-12 09:09 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-12 09:09 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 09:09 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 09:09 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 09:09 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-12 09:09 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 09:09 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-12 09:09 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-12 09:09 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 09:09 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-12 09:09 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 09:09 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-12 09:09 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-12 09:09 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-12 09:09 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-12 09:09 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-12 09:09 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-12 09:09 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-12 09:09 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-12 09:09 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-12 09:09 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-12 09:09 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-12 09:09 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-12 09:09 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 09:09 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 09:09 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-12 09:09 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-12 09:09 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 09:09 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-10 17:08 - 2014-11-10 17:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-05 08:35 - 2014-11-05 08:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-11-05 08:35 - 2014-11-05 08:34 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-11-05 08:35 - 2014-11-05 08:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-11-05 08:35 - 2014-11-05 08:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-11-05 08:35 - 2014-11-05 08:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-11-05 08:34 - 2014-11-05 08:34 - 00000000 ____D () C:\Program Files (x86)\Java 2014-11-04 17:36 - 2014-09-04 20:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-11-04 17:36 - 2014-09-04 20:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-17 19:04 - 2014-03-13 20:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype 2014-11-17 19:01 - 2014-02-11 15:24 - 00000000 ____D () C:\Users\Admin 2014-11-17 18:38 - 2014-03-13 20:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-17 18:28 - 2014-04-27 15:38 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-11-17 14:16 - 2009-07-14 05:45 - 00035008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-17 14:16 - 2009-07-14 05:45 - 00035008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-17 14:14 - 2014-02-11 15:24 - 01927492 _____ () C:\Windows\WindowsUpdate.log 2014-11-17 14:08 - 2014-02-12 08:28 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-11-17 14:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-17 14:08 - 2009-07-14 05:51 - 00103085 _____ () C:\Windows\setupact.log 2014-11-16 23:28 - 2014-03-13 18:26 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-11-16 23:27 - 2014-03-15 22:55 - 00000000 ____D () C:\Users\Admin\AppData\Local\Battle.net 2014-11-15 19:55 - 2014-02-12 00:11 - 00699868 _____ () C:\Windows\system32\perfh007.dat 2014-11-15 19:55 - 2014-02-12 00:11 - 00149750 _____ () C:\Windows\system32\perfc007.dat 2014-11-15 19:55 - 2009-07-14 06:13 - 01622228 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-15 11:35 - 2014-03-13 20:11 - 00000000 ____D () C:\Users\Admin\Documents\TU - Berlin 2014-11-14 13:59 - 2010-11-21 04:47 - 00293370 _____ () C:\Windows\PFRO.log 2014-11-12 19:38 - 2014-03-13 20:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-12 19:38 - 2014-03-13 20:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-12 19:38 - 2014-03-13 20:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-12 17:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-12 14:09 - 2009-07-14 05:45 - 00376752 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-12 14:07 - 2014-05-06 23:11 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-12 11:34 - 2014-02-12 10:30 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-12 11:32 - 2014-02-12 10:30 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-11 10:12 - 2014-03-13 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-05 08:35 - 2014-05-11 21:45 - 00000000 ____D () C:\ProgramData\Oracle 2014-11-04 17:37 - 2014-02-12 08:26 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-11-02 20:24 - 2014-03-13 20:11 - 00000000 ____D () C:\Users\Admin\Documents\Bewerbungen 2014-11-01 19:50 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-29 19:50 - 2014-03-15 22:57 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-10-28 06:34 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-25 19:09 - 2014-03-15 22:55 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-10-23 15:45 - 2014-03-14 14:33 - 00000000 ____D () C:\Users\Admin\Desktop\StarCraft II 2014-10-21 08:47 - 2014-07-06 13:12 - 00000000 ____D () C:\Program Files\Microsoft Office 15 Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\avgnt.exe C:\Users\Admin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Admin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\Admin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Admin\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\Admin\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Admin\AppData\Local\Temp\nvStereoApiI.dll C:\Users\Admin\AppData\Local\Temp\nvStInst.exe C:\Users\Admin\AppData\Local\Temp\Quarantine.exe C:\Users\Admin\AppData\Local\Temp\SkypeSetup.exe C:\Users\Admin\AppData\Local\Temp\sqlite3.dll C:\Users\Admin\AppData\Local\Temp\swt-win32-3349.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-16 14:17 ==================== End Of Log ============================ Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:01 on 17/11/2014 (Admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
| Themen zu Kaspersky meldet Trojaner |
| administrator, adobe, browser, desktop, ebanking, explorer, firefox, flash player, homepage, kaspersky, malwarebytes, mozilla, realtek, registry, security, services.exe, software, svchost.exe, system, trojan.win32.staser.gl, trojaner, windows, winlogon.exe |
Baum-Darstellung